Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report Original Doc Ref SN02853801324189923.exe

Overview

General Information

Sample Name:Original Doc Ref SN02853801324189923.exe
Analysis ID:542742
MD5:2b40b86c870ab6b0e9b08f26bd231e1a
SHA1:78a6fc51761c25fe571fec37ca4beaa13d7b5d48
SHA256:6c9c9bd77d704ca8c48a0125289e0e15e75f62f09d40ffad58a24bd96c3a57c0
Tags:exeguloaderxloader
Infos:

Most interesting Screenshot:

Detection

GuLoader FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Yara detected Generic Dropper
Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
GuLoader behavior detected
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Yara detected GuLoader
Hides threads from debuggers
Maps a DLL or memory area into another process
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
Tries to detect virtualization through RDTSC time measurements
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Yara signature match
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
PE file contains executable resources (Code or Archives)
Contains functionality for execution timing, often used to detect debuggers
Abnormal high CPU Usage
Enables debug privileges
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • Original Doc Ref SN02853801324189923.exe (PID: 6352 cmdline: "C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exe" MD5: 2B40B86C870AB6B0E9B08F26BD231E1A)
    • Semiha.exe (PID: 6404 cmdline: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\Semiha.exe MD5: AE871D1957030344D4CEFC7295A1E964)
      • Semiha.exe (PID: 5580 cmdline: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\Semiha.exe MD5: AE871D1957030344D4CEFC7295A1E964)
        • explorer.exe (PID: 3292 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
  • rundll32.exe (PID: 6612 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.thesocialmediacreator.com/i638/"], "decoy": ["serenitynailandspanj.com", "health-dodo.com", "agjordan.net", "retro-kids.com", "bobbygoldsports.com", "seitai-kuuto369.com", "sooga.club", "ezsweswrwy68.biz", "1006e.com", "libinyu.com", "prolinkdm.com", "pilysc.com", "blim.xyz", "eshop-dekorax.com", "timestretchmusic.com", "bs6351.com", "diamondmoodle.com", "antioxida.com", "sakugastudios.com", "metaverse-coaching.com", "motometics.com", "illumination-garage.com", "thelocalsproject.com", "erealestater.com", "frankenamazing.com", "arab-enterprises.com", "e15datadev.com", "bet365star.online", "bttextiles.com", "originaltradebot.icu", "test-testjisdnsec.net", "cloudwerx.digital", "gsjbd10.club", "joshuaearp.xyz", "tvaluehelp.com", "quietplaceintheforest.com", "refinanceforblue.com", "voiceoftour.com", "civicinfluence.com", "taxation-resources.com", "regeneration.land", "gogit.net", "spicynipples.com", "goldingravel.com", "selingoo.com", "aaryantech.com", "insight-j.com", "drivenbylight.net", "meipassion.com", "scuolapadelroma.store", "929671.com", "parkerdazzle.com", "yehudi-meshutaf.com", "johnsonforsheriff2022.com", "pointhunteracademy.com", "kyliiejenner.com", "tenlog066.xyz", "dobylife.com", "josemanueldelbusto.com", "vspfrme.com", "256571.com", "crossovertest.net", "fullcurlcnc.com", "theworldisheroyster.com"]}

Threatname: GuLoader

{"Payload URL": "https://drive.google.com/uc?export=download&id=1vqWz"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000019.00000000.481436441.0000000000560000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    00000002.00000002.482011607.00000000029E0000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
      00000019.00000002.782433249.000000001E460000.00000040.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
        00000019.00000002.782433249.000000001E460000.00000040.00020000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x19b97:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1ac3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        00000019.00000002.782433249.000000001E460000.00000040.00020000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x16ac9:$sqlite3step: 68 34 1C 7B E1
        • 0x16bdc:$sqlite3step: 68 34 1C 7B E1
        • 0x16af8:$sqlite3text: 68 38 2A 90 C5
        • 0x16c1d:$sqlite3text: 68 38 2A 90 C5
        • 0x16b0b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x16c33:$sqlite3blob: 68 53 D8 7F 8C
        Click to see the 2 entries

        Sigma Overview

        No Sigma rule has matched

        Jbx Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Found malware configurationShow sources
        Source: 00000002.00000002.482011607.00000000029E0000.00000040.00000001.sdmpMalware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=download&id=1vqWz"}
        Source: 00000019.00000002.782433249.000000001E460000.00000040.00020000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.thesocialmediacreator.com/i638/"], "decoy": ["serenitynailandspanj.com", "health-dodo.com", "agjordan.net", "retro-kids.com", "bobbygoldsports.com", "seitai-kuuto369.com", "sooga.club", "ezsweswrwy68.biz", "1006e.com", "libinyu.com", "prolinkdm.com", "pilysc.com", "blim.xyz", "eshop-dekorax.com", "timestretchmusic.com", "bs6351.com", "diamondmoodle.com", "antioxida.com", "sakugastudios.com", "metaverse-coaching.com", "motometics.com", "illumination-garage.com", "thelocalsproject.com", "erealestater.com", "frankenamazing.com", "arab-enterprises.com", "e15datadev.com", "bet365star.online", "bttextiles.com", "originaltradebot.icu", "test-testjisdnsec.net", "cloudwerx.digital", "gsjbd10.club", "joshuaearp.xyz", "tvaluehelp.com", "quietplaceintheforest.com", "refinanceforblue.com", "voiceoftour.com", "civicinfluence.com", "taxation-resources.com", "regeneration.land", "gogit.net", "spicynipples.com", "goldingravel.com", "selingoo.com", "aaryantech.com", "insight-j.com", "drivenbylight.net", "meipassion.com", "scuolapadelroma.store", "929671.com", "parkerdazzle.com", "yehudi-meshutaf.com", "johnsonforsheriff2022.com", "pointhunteracademy.com", "kyliiejenner.com", "tenlog066.xyz", "dobylife.com", "josemanueldelbusto.com", "vspfrme.com", "256571.com", "crossovertest.net", "fullcurlcnc.com", "theworldisheroyster.com"]}
        Multi AV Scanner detection for submitted fileShow sources
        Source: Original Doc Ref SN02853801324189923.exeVirustotal: Detection: 29%Perma Link
        Yara detected FormBookShow sources
        Source: Yara matchFile source: 00000019.00000002.782433249.000000001E460000.00000040.00020000.sdmp, type: MEMORY
        Multi AV Scanner detection for domain / URLShow sources
        Source: www.thesocialmediacreator.com/i638/Virustotal: Detection: 5%Perma Link
        Multi AV Scanner detection for dropped fileShow sources
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeVirustotal: Detection: 32%Perma Link
        Machine Learning detection for sampleShow sources
        Source: Original Doc Ref SN02853801324189923.exeJoe Sandbox ML: detected
        Machine Learning detection for dropped fileShow sources
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeJoe Sandbox ML: detected
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeCode function: 0_2_00FC2DAE GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,
        Source: Original Doc Ref SN02853801324189923.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
        Source: unknownHTTPS traffic detected: 172.217.168.46:443 -> 192.168.2.7:49830 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 172.217.168.1:443 -> 192.168.2.7:49831 version: TLS 1.2
        Source: Original Doc Ref SN02853801324189923.exeStatic PE information: GUARD_CF, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
        Source: Binary string: wextract.pdb source: Original Doc Ref SN02853801324189923.exe
        Source: Binary string: wntdll.pdbUGP source: Semiha.exe, 00000019.00000002.782575822.000000001E7A0000.00000040.00000001.sdmp, Semiha.exe, 00000019.00000002.782754601.000000001E8BF000.00000040.00000001.sdmp
        Source: Binary string: wntdll.pdb source: Semiha.exe, Semiha.exe, 00000019.00000002.782575822.000000001E7A0000.00000040.00000001.sdmp, Semiha.exe, 00000019.00000002.782754601.000000001E8BF000.00000040.00000001.sdmp
        Source: Binary string: wextract.pdbPp source: Original Doc Ref SN02853801324189923.exe
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeCode function: 0_2_00FC21E7 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeFile opened: C:\Users\user~1\
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeFile opened: C:\Users\user~1\AppData\Local\Temp\
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeFile opened: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeFile opened: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\Semiha.exe
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeFile opened: C:\Users\user~1\AppData\Local\
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeFile opened: C:\Users\user~1\AppData\

        Networking:

        barindex
        C2 URLs / IPs found in malware configurationShow sources
        Source: Malware configuration extractorURLs: www.thesocialmediacreator.com/i638/
        Source: Malware configuration extractorURLs: https://drive.google.com/uc?export=download&id=1vqWz
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1vqWz_R4BQMLYr0EwMvVJ53NsyRGjMpKl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/v1hb64q8i4krmmckqtjah3e0j55ac599/1640006700000/05208698352720309252/*/1vqWz_R4BQMLYr0EwMvVJ53NsyRGjMpKl?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-10-80-docs.googleusercontent.comConnection: Keep-Alive
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
        Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
        Source: Semiha.exe, 00000019.00000003.741035770.000000000093F000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.742494256.000000000093B000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.740971825.000000000093F000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000002.779249493.0000000000940000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.742345696.000000000093B000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.742566992.000000000093E000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.740899622.0000000000942000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.742408013.000000000093E000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.742063444.000000000093B000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
        Source: explorer.exe, 0000001C.00000000.747255053.0000000006870000.00000004.00000001.sdmp, explorer.exe, 0000001C.00000002.767904819.0000000006870000.00000004.00000001.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
        Source: Semiha.exe, 00000019.00000003.741011877.0000000000981000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.740899622.0000000000942000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.742044395.0000000000980000.00000004.00000001.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/
        Source: Semiha.exe, 00000019.00000003.741011877.0000000000981000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.740899622.0000000000942000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.742044395.0000000000980000.00000004.00000001.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gse_l9ocaq
        Source: Semiha.exe, 00000019.00000003.742063444.000000000093B000.00000004.00000001.sdmpString found in binary or memory: https://doc-10-80-docs.googleusercontent.com/
        Source: Semiha.exe, 00000019.00000003.742044395.0000000000980000.00000004.00000001.sdmpString found in binary or memory: https://doc-10-80-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/v1hb64q8
        Source: Semiha.exe, 00000019.00000003.741035770.000000000093F000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.742494256.000000000093B000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.740971825.000000000093F000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000002.779249493.0000000000940000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.742345696.000000000093B000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.742566992.000000000093E000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.742408013.000000000093E000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.742063444.000000000093B000.00000004.00000001.sdmpString found in binary or memory: https://doc-10-80-docs.googleusercontent.com/g
        Source: Semiha.exe, 00000019.00000003.741035770.000000000093F000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.742494256.000000000093B000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.740971825.000000000093F000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000002.779249493.0000000000940000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.742345696.000000000093B000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.742566992.000000000093E000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.742408013.000000000093E000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.742063444.000000000093B000.00000004.00000001.sdmpString found in binary or memory: https://doc-10-80-docs.googleusercontent.com/z
        Source: Semiha.exe, 00000019.00000003.740959193.000000000093C000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1vqWz_R4BQMLYr0Ew
        Source: Semiha.exe, 00000019.00000002.779387050.00000000021D0000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.742377343.0000000000916000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1vqWz_R4BQMLYr0EwMvVJ53NsyRGjMpKl
        Source: Semiha.exe, 00000019.00000003.742532708.0000000000916000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000002.779196860.0000000000917000.00000004.00000020.sdmp, Semiha.exe, 00000019.00000003.742377343.0000000000916000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1vqWz_R4BQMLYr0EwMvVJ53NsyRGjMpKlNE-%&
        Source: Semiha.exe, 00000019.00000003.742532708.0000000000916000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000002.779196860.0000000000917000.00000004.00000020.sdmp, Semiha.exe, 00000019.00000003.742377343.0000000000916000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1vqWz_R4BQMLYr0EwMvVJ53NsyRGjMpKljD
        Source: unknownDNS traffic detected: queries for: drive.google.com
        Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1vqWz_R4BQMLYr0EwMvVJ53NsyRGjMpKl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/v1hb64q8i4krmmckqtjah3e0j55ac599/1640006700000/05208698352720309252/*/1vqWz_R4BQMLYr0EwMvVJ53NsyRGjMpKl?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-10-80-docs.googleusercontent.comConnection: Keep-Alive
        Source: unknownHTTPS traffic detected: 172.217.168.46:443 -> 192.168.2.7:49830 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 172.217.168.1:443 -> 192.168.2.7:49831 version: TLS 1.2

        E-Banking Fraud:

        barindex
        Yara detected FormBookShow sources
        Source: Yara matchFile source: 00000019.00000002.782433249.000000001E460000.00000040.00020000.sdmp, type: MEMORY

        System Summary:

        barindex
        Malicious sample detected (through community Yara rule)Show sources
        Source: 00000019.00000002.782433249.000000001E460000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 00000019.00000002.782433249.000000001E460000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: Original Doc Ref SN02853801324189923.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
        Source: 00000019.00000002.782433249.000000001E460000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 00000019.00000002.782433249.000000001E460000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeCode function: 0_2_00FC1DC7 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeCode function: 0_2_00FC5B88
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 2_2_029EE085
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 2_2_029EA432
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7E6E30
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7FEBB0
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E881002
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7DB090
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7C0D20
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7E4120
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7CF900
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E891D55
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_0056E085
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_0056A432
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 2_2_029EE085 NtResumeThread,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E8096E0 NtFreeVirtualMemory,LdrInitializeThunk,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E809660 NtAllocateVirtualMemory,LdrInitializeThunk,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E809780 NtMapViewOfSection,LdrInitializeThunk,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E809FE0 NtCreateMutant,LdrInitializeThunk,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E809860 NtQuerySystemInformation,LdrInitializeThunk,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E8099A0 NtCreateSection,LdrInitializeThunk,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E809910 NtAdjustPrivilegesToken,LdrInitializeThunk,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E809A80 NtOpenDirectoryObject,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E8096D0 NtCreateKey,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E809A00 NtProtectVirtualMemory,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E809610 NtEnumerateValueKey,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E809A10 NtQuerySection,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E809A20 NtResumeThread,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E809650 NtQueryValueKey,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E809A50 NtCreateFile,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E809670 NtQueryInformationProcess,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E8097A0 NtUnmapViewOfSection,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E80A3B0 NtGetContextThread,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E809B00 NtSetValueKey,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E80A710 NtOpenProcessToken,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E809710 NtQueryInformationToken,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E809730 NtQueryVirtualMemory,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E809760 NtOpenProcess,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E809770 NtSetInformationFile,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E80A770 NtOpenThread,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E8098A0 NtWriteVirtualMemory,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E8098F0 NtReadVirtualMemory,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E809820 NtEnumerateKey,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E809840 NtDelayExecution,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E80B040 NtSuspendThread,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E8099D0 NtCreateProcessEx,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E8095D0 NtClose,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E8095F0 NtQueryInformationFile,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E809520 NtWaitForSingleObject,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E80AD30 NtSetContextThread,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E809540 NtReadFile,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E809950 NtQueueApcThread,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E809560 NtWriteFile,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_00563133 NtProtectVirtualMemory,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_0056E7CC NtProtectVirtualMemory,
        Source: Original Doc Ref SN02853801324189923.exeStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 66519 bytes, 1 file
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeProcess Stats: CPU usage > 98%
        Source: Original Doc Ref SN02853801324189923.exeBinary or memory string: OriginalFilename vs Original Doc Ref SN02853801324189923.exe
        Source: Original Doc Ref SN02853801324189923.exe, 00000000.00000002.485465711.0000000000FCA000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs Original Doc Ref SN02853801324189923.exe
        Source: Original Doc Ref SN02853801324189923.exe, 00000000.00000000.233147704.0000000000FCA000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs Original Doc Ref SN02853801324189923.exe
        Source: Original Doc Ref SN02853801324189923.exeBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs Original Doc Ref SN02853801324189923.exe
        Source: Original Doc Ref SN02853801324189923.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: Original Doc Ref SN02853801324189923.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: Original Doc Ref SN02853801324189923.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: Semiha.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: Original Doc Ref SN02853801324189923.exeVirustotal: Detection: 29%
        Source: Original Doc Ref SN02853801324189923.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dll
        Source: unknownProcess created: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exe "C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exe"
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exe C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\Semiha.exe
        Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exe C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\Semiha.exe
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exe C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\Semiha.exe
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exe C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\Semiha.exe
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\InprocServer32
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeCode function: 0_2_00FC1DC7 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeFile created: C:\Users\user~1\AppData\Local\Temp\IXP000.TMPJump to behavior
        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@6/1@2/2
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeCode function: 0_2_00FC5849 GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeCode function: 0_2_00FC5849 GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,
        Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeCode function: 0_2_00FC4E80 FindResourceA,LoadResource,LockResource,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,#20,#22,#23,FreeResource,SendMessageA,
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeCommand line argument: Kernel32.dll
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: Original Doc Ref SN02853801324189923.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
        Source: Original Doc Ref SN02853801324189923.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
        Source: Original Doc Ref SN02853801324189923.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
        Source: Original Doc Ref SN02853801324189923.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
        Source: Original Doc Ref SN02853801324189923.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
        Source: Original Doc Ref SN02853801324189923.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
        Source: Original Doc Ref SN02853801324189923.exeStatic PE information: GUARD_CF, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
        Source: Original Doc Ref SN02853801324189923.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
        Source: Binary string: wextract.pdb source: Original Doc Ref SN02853801324189923.exe
        Source: Binary string: wntdll.pdbUGP source: Semiha.exe, 00000019.00000002.782575822.000000001E7A0000.00000040.00000001.sdmp, Semiha.exe, 00000019.00000002.782754601.000000001E8BF000.00000040.00000001.sdmp
        Source: Binary string: wntdll.pdb source: Semiha.exe, Semiha.exe, 00000019.00000002.782575822.000000001E7A0000.00000040.00000001.sdmp, Semiha.exe, 00000019.00000002.782754601.000000001E8BF000.00000040.00000001.sdmp
        Source: Binary string: wextract.pdbPp source: Original Doc Ref SN02853801324189923.exe

        Data Obfuscation:

        barindex
        Yara detected GuLoaderShow sources
        Source: Yara matchFile source: 00000019.00000000.481436441.0000000000560000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.482011607.00000000029E0000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000019.00000002.779078252.0000000000560000.00000040.00000001.sdmp, type: MEMORY
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeCode function: 0_2_00FC78A1 push ecx; ret
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 2_2_00404C39 pushfd ; ret
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 2_2_00406D5F push ebp; iretd
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 2_2_00406B0D push ss; ret
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 2_2_029E4E50 push B1CC20AFh; ret
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 2_2_029E5276 push esp; ret
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 2_2_029E4316 push ds; iretd
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 2_2_029E1328 push esp; ret
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 2_2_029E1321 push eax; iretd
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 2_2_029E0005 push cs; retf
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 2_2_029E0078 push cs; retf
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 2_2_029E3DDD push ss; retf
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 2_2_029E3DD5 push ss; retf
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 2_2_029E5560 push esp; iretd
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E81D0D1 push ecx; ret
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_00560078 push cs; retf
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_00560005 push cs; retf
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_00565560 push esp; iretd
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_00563DD5 push ss; retf
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_00563DDD push ss; retf
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_00564E50 push B1CC20AFh; ret
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_00565276 push esp; ret
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_00564316 push ds; iretd
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_00561321 push eax; iretd
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_00561328 push esp; ret
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeCode function: 0_2_00FC2DAE GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,
        Source: initial sampleStatic PE information: section name: .text entropy: 7.1128813164
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeJump to dropped file
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeCode function: 0_2_00FC1910 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeProcess information set: NOOPENFILEERRORBOX

        Malware Analysis System Evasion:

        barindex
        Tries to detect Any.runShow sources
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exe
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeFile opened: C:\Program Files\qga\qga.exe
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exe
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeFile opened: C:\Program Files\qga\qga.exe
        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
        Source: Semiha.exe, 00000019.00000002.779387050.00000000021D0000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=HTTPS://DRIVE.GOOGLE.COM/UC?EXPORT=DOWNLOAD&ID=1VQWZ_R4BQMLYR0EWMVVJ53NSYRGJMPKL
        Source: Semiha.exe, 00000002.00000002.482151039.0000000002B20000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000002.779387050.00000000021D0000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
        Source: Semiha.exe, 00000002.00000002.482151039.0000000002B20000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSVBVM60.DLL
        Tries to detect virtualization through RDTSC time measurementsShow sources
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeRDTSC instruction interceptor: First address: 0000000000408604 second address: 000000000040860A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeRDTSC instruction interceptor: First address: 000000000040898E second address: 0000000000408994 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7F6A60 rdtscp
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeProcess information queried: ProcessInformation
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeCode function: 0_2_00FC532F GetSystemInfo,CreateDirectoryA,RemoveDirectoryA,
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeCode function: 0_2_00FC21E7 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeSystem information queried: ModuleInformation
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeFile opened: C:\Users\user~1\
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeFile opened: C:\Users\user~1\AppData\Local\Temp\
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeFile opened: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeFile opened: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\Semiha.exe
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeFile opened: C:\Users\user~1\AppData\Local\
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeFile opened: C:\Users\user~1\AppData\
        Source: explorer.exe, 0000001C.00000002.771094420.0000000008A32000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00dRom0
        Source: explorer.exe, 0000001C.00000002.771094420.0000000008A32000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
        Source: Semiha.exe, 00000002.00000002.482205968.0000000002C3A000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000002.779414736.000000000229A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
        Source: Semiha.exe, 00000002.00000002.482205968.0000000002C3A000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000002.779414736.000000000229A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
        Source: Semiha.exe, 00000019.00000003.742387045.000000000091D000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000002.779208842.000000000091D000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW-
        Source: explorer.exe, 0000001C.00000002.771382701.0000000008B88000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}e
        Source: Semiha.exe, 00000002.00000002.482205968.0000000002C3A000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000002.779414736.000000000229A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Time Synchronization Service
        Source: Semiha.exe, 00000019.00000003.742387045.000000000091D000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000002.779208842.000000000091D000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
        Source: explorer.exe, 0000001C.00000000.752050950.0000000008ACF000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
        Source: Semiha.exe, 00000002.00000002.482151039.0000000002B20000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000002.779387050.00000000021D0000.00000004.00000001.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
        Source: Semiha.exe, 00000002.00000002.482205968.0000000002C3A000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000002.779414736.000000000229A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Heartbeat Service
        Source: Semiha.exe, 00000002.00000002.482205968.0000000002C3A000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000002.779414736.000000000229A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
        Source: Semiha.exe, 00000002.00000002.482151039.0000000002B20000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=windir=\syswow64\msvbvm60.dll
        Source: explorer.exe, 0000001C.00000002.771382701.0000000008B88000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
        Source: Semiha.exe, 00000019.00000002.779414736.000000000229A000.00000004.00000001.sdmpBinary or memory string: vmicshutdown
        Source: explorer.exe, 0000001C.00000002.766113713.00000000048E0000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
        Source: Semiha.exe, 00000002.00000002.482205968.0000000002C3A000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000002.779414736.000000000229A000.00000004.00000001.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
        Source: explorer.exe, 0000001C.00000000.752050950.0000000008ACF000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000Datc
        Source: explorer.exe, 0000001C.00000002.771382701.0000000008B88000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}C
        Source: Semiha.exe, 00000019.00000002.779414736.000000000229A000.00000004.00000001.sdmpBinary or memory string: vmicvss
        Source: Semiha.exe, 00000019.00000002.779387050.00000000021D0000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=https://drive.google.com/uc?export=download&id=1vqWz_R4BQMLYr0EwMvVJ53NsyRGjMpKl
        Source: explorer.exe, 0000001C.00000002.768967562.00000000069DA000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD002
        Source: Semiha.exe, 00000002.00000002.482205968.0000000002C3A000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000002.779414736.000000000229A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Data Exchange Service
        Source: Semiha.exe, 00000002.00000002.482205968.0000000002C3A000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000002.779414736.000000000229A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Guest Service Interface
        Source: Semiha.exe, 00000019.00000002.779414736.000000000229A000.00000004.00000001.sdmpBinary or memory string: vmicheartbeat

        Anti Debugging:

        barindex
        Hides threads from debuggersShow sources
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeThread information set: HideFromDebugger
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeThread information set: HideFromDebugger
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeCode function: 0_2_00FC2DAE GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7F6A60 rdtscp
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeProcess token adjusted: Debug
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 2_2_029EBA69 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 2_2_029EC093 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 2_2_029E9CA7 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E85FE87 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7D766D mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E8446A7 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E890EA5 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E890EA5 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E890EA5 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7C9240 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7C9240 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7C9240 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7C9240 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E87FEC0 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7CE620 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E898ED6 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7CC600 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7CC600 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7CC600 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7F16E0 mov ecx, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7D76E2 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7F36CC mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E87FE3F mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7C52A5 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7C52A5 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7C52A5 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7C52A5 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7C52A5 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E87B260 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E87B260 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7FD294 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7FD294 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E80927A mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E88138A mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7CDB60 mov ecx, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7CF358 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E895BA5 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7CDB40 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7DEF40 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7FE730 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7C4F2E mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7C4F2E mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E89070D mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E89070D mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E88131B mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E85FF10 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E85FF10 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E898B58 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E898F6A mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7D1B8F mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7D1B8F mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E843884 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E843884 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7E746D mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E8090AF mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7FBC2C mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E85B8D0 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E85B8D0 mov ecx, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E85B8D0 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E85B8D0 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E85B8D0 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E85B8D0 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7DB02A mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7DB02A mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7DB02A mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7DB02A mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E898CD6 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E8814FB mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E89740D mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E89740D mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E89740D mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E881C06 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E881C06 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E881C06 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E881C06 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E881C06 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E881C06 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E881C06 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E881C06 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E881C06 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E881C06 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E881C06 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E881C06 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E881C06 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E881C06 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E847016 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E847016 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E847016 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E894015 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E894015 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7FF0BF mov ecx, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7FF0BF mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7FF0BF mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E85C450 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E85C450 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E882073 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7C9080 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E891074 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7EC577 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7EC577 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7CB171 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7CB171 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7E7D50 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7EB944 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7EB944 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7F4D3B mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7F4D3B mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7F4D3B mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7F513A mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7F513A mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7D3D34 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7D3D34 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7D3D34 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7D3D34 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7D3D34 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7D3D34 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7D3D34 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7D3D34 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7D3D34 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7D3D34 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7D3D34 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7D3D34 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7D3D34 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7CAD30 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7E4120 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7E4120 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7E4120 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7E4120 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7E4120 mov ecx, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E878DF1 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7C9100 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7C9100 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7C9100 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7CB1E1 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7CB1E1 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7CB1E1 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E898D34 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E803D43 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E843540 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7F35A1 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7C2D8A mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7C2D8A mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7C2D8A mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7C2D8A mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7C2D8A mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7FA185 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E7EC182 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_0056C093 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_00569CA7 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_0056BA69 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeCode function: 25_2_1E8096E0 NtFreeVirtualMemory,LdrInitializeThunk,
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeCode function: 0_2_00FC7360 SetUnhandledExceptionFilter,
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeCode function: 0_2_00FC6C35 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

        HIPS / PFW / Operating System Protection Evasion:

        barindex
        Maps a DLL or memory area into another processShow sources
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write
        Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exe C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\Semiha.exe
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeCode function: 0_2_00FC15FC LoadLibraryA,GetProcAddress,AllocateAndInitializeSid,FreeSid,FreeLibrary,
        Source: Semiha.exe, 00000019.00000002.779341239.0000000000DC0000.00000002.00020000.sdmp, explorer.exe, 0000001C.00000000.745039076.0000000001400000.00000002.00020000.sdmp, explorer.exe, 0000001C.00000002.764873429.0000000001400000.00000002.00020000.sdmpBinary or memory string: uProgram Manager
        Source: Semiha.exe, 00000019.00000002.779341239.0000000000DC0000.00000002.00020000.sdmp, explorer.exe, 0000001C.00000000.745039076.0000000001400000.00000002.00020000.sdmp, explorer.exe, 0000001C.00000002.764873429.0000000001400000.00000002.00020000.sdmp, explorer.exe, 0000001C.00000002.767671980.0000000005F40000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWnd
        Source: Semiha.exe, 00000019.00000002.779341239.0000000000DC0000.00000002.00020000.sdmp, explorer.exe, 0000001C.00000000.745039076.0000000001400000.00000002.00020000.sdmp, explorer.exe, 0000001C.00000002.764873429.0000000001400000.00000002.00020000.sdmpBinary or memory string: Progman
        Source: Semiha.exe, 00000019.00000002.779341239.0000000000DC0000.00000002.00020000.sdmp, explorer.exe, 0000001C.00000000.745039076.0000000001400000.00000002.00020000.sdmp, explorer.exe, 0000001C.00000002.764873429.0000000001400000.00000002.00020000.sdmpBinary or memory string: Progmanlock
        Source: explorer.exe, 0000001C.00000002.764378557.0000000000EB8000.00000004.00000020.sdmp, explorer.exe, 0000001C.00000000.744799503.0000000000EB8000.00000004.00000020.sdmpBinary or memory string: ProgmanX
        Source: explorer.exe, 0000001C.00000002.771240055.0000000008ACF000.00000004.00000001.sdmp, explorer.exe, 0000001C.00000000.752050950.0000000008ACF000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWndAj
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeCode function: 0_2_00FC75A8 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,
        Source: C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exeCode function: 0_2_00FC2A7E GetVersion,GetModuleHandleW,GetProcAddress,CloseHandle,

        Stealing of Sensitive Information:

        barindex
        Yara detected Generic DropperShow sources
        Source: Yara matchFile source: Process Memory Space: Semiha.exe PID: 5580, type: MEMORYSTR
        Yara detected FormBookShow sources
        Source: Yara matchFile source: 00000019.00000002.782433249.000000001E460000.00000040.00020000.sdmp, type: MEMORY
        GuLoader behavior detectedShow sources
        Source: Initial fileSignature Results: GuLoader behavior

        Remote Access Functionality:

        barindex
        Yara detected FormBookShow sources
        Source: Yara matchFile source: 00000019.00000002.782433249.000000001E460000.00000040.00020000.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid AccountsCommand and Scripting Interpreter2Path InterceptionAccess Token Manipulation1Virtualization/Sandbox Evasion2OS Credential DumpingSystem Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel21Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
        Default AccountsNative API1Boot or Logon Initialization ScriptsProcess Injection112Access Token Manipulation1LSASS MemorySecurity Software Discovery511Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection112Security Account ManagerVirtualization/Sandbox Evasion2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information2NTDSProcess Discovery2Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol113SIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptRundll321LSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonRc.commonSoftware Packing1Cached Domain CredentialsFile and Directory Discovery2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
        External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncSystem Information Discovery16Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.

        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        Original Doc Ref SN02853801324189923.exe30%VirustotalBrowse
        Original Doc Ref SN02853801324189923.exe9%ReversingLabs
        Original Doc Ref SN02853801324189923.exe100%Joe Sandbox ML

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exe100%Joe Sandbox ML
        C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exe32%VirustotalBrowse

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        www.thesocialmediacreator.com/i638/5%VirustotalBrowse
        www.thesocialmediacreator.com/i638/0%Avira URL Cloudsafe
        https://csp.withgoogle.com/csp/report-to/gse_l9ocaq0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        drive.google.com
        		172.217.168.46
        		truefalse
          		high
          googlehosted.l.googleusercontent.com
          		172.217.168.1
          		truefalse
            		high
            doc-10-80-docs.googleusercontent.com
            		unknown
            		unknownfalse
              		high

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://doc-10-80-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/v1hb64q8i4krmmckqtjah3e0j55ac599/1640006700000/05208698352720309252/*/1vqWz_R4BQMLYr0EwMvVJ53NsyRGjMpKl?e=downloadfalse
                		high
                www.thesocialmediacreator.com/i638/true
                • 5%, Virustotal, Browse
                • Avira URL Cloud: safe
                		low

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://www.autoitscript.com/autoit3/Jexplorer.exe, 0000001C.00000000.747255053.0000000006870000.00000004.00000001.sdmp, explorer.exe, 0000001C.00000002.767904819.0000000006870000.00000004.00000001.sdmpfalse
                  		high
                  https://doc-10-80-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/v1hb64q8Semiha.exe, 00000019.00000003.742044395.0000000000980000.00000004.00000001.sdmpfalse
                    		high
                    https://doc-10-80-docs.googleusercontent.com/Semiha.exe, 00000019.00000003.742063444.000000000093B000.00000004.00000001.sdmpfalse
                      		high
                      https://doc-10-80-docs.googleusercontent.com/gSemiha.exe, 00000019.00000003.741035770.000000000093F000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.742494256.000000000093B000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.740971825.000000000093F000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000002.779249493.0000000000940000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.742345696.000000000093B000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.742566992.000000000093E000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.742408013.000000000093E000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.742063444.000000000093B000.00000004.00000001.sdmpfalse
                        		high
                        https://doc-10-80-docs.googleusercontent.com/zSemiha.exe, 00000019.00000003.741035770.000000000093F000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.742494256.000000000093B000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.740971825.000000000093F000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000002.779249493.0000000000940000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.742345696.000000000093B000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.742566992.000000000093E000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.742408013.000000000093E000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.742063444.000000000093B000.00000004.00000001.sdmpfalse
                          		high
                          https://csp.withgoogle.com/csp/report-to/gse_l9ocaqSemiha.exe, 00000019.00000003.741011877.0000000000981000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.740899622.0000000000942000.00000004.00000001.sdmp, Semiha.exe, 00000019.00000003.742044395.0000000000980000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown

                          Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public

                          IPDomainCountryFlagASNASN NameMalicious
                          172.217.168.46
                          		drive.google.comUnited States
                          		15169GOOGLEUSfalse
                          172.217.168.1
                          		googlehosted.l.googleusercontent.comUnited States
                          		15169GOOGLEUSfalse

                          General Information

                          Joe Sandbox Version:34.0.0 Boulder Opal
                          Analysis ID:542742
                          Start date:20.12.2021
                          Start time:14:21:10
                          Joe Sandbox Product:CloudBasic
                          Overall analysis duration:0h 10m 40s
                          Hypervisor based Inspection enabled:false
                          Report type:light
                          Sample file name:Original Doc Ref SN02853801324189923.exe
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                          Number of analysed new started processes analysed:28
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:1
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • HDC enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Detection:MAL
                          Classification:mal100.troj.spyw.evad.winEXE@6/1@2/2
                          EGA Information:Failed
                          HDC Information:
                          • Successful, ratio: 54.6% (good quality ratio 41.3%)
                          • Quality average: 60%
                          • Quality standard deviation: 39.3%
                          HCA Information:Failed
                          Cookbook Comments:
                          • Adjust boot time
                          • Enable AMSI
                          • Found application associated with file extension: .exe
                          • Override analysis time to 240s for rundll32
                          Warnings:
                          Show All
                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                          • TCP Packets have been reduced to 100
                          • Excluded IPs from analysis (whitelisted): 23.54.113.53
                          • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, client.wns.windows.com, fs.microsoft.com, store-images.s-microsoft.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                          • Not all processes where analyzed, report is missing behavior information
                          • Report size getting too big, too many NtOpenKeyEx calls found.
                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.

                          Simulations

                          Behavior and APIs

                          No simulations

                          Joe Sandbox View / Context

                          IPs

                          No context

                          Domains

                          No context

                          ASN

                          No context

                          JA3 Fingerprints

                          No context

                          Dropped Files

                          No context

                          Created / dropped Files

                          C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exe
                          Process:C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exe
                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                          Category:modified
                          Size (bytes):114688
                          Entropy (8bit):6.668317897407225
                          Encrypted:false
                          SSDEEP:1536:07p6t8RjmiqnYaH0+4wA0zGU31Uv2VXu0zyADDTr8srw6zbagP:5tGmpc18GYrewXD4sr/bFP
                          MD5:AE871D1957030344D4CEFC7295A1E964
                          SHA1:73E0D642D14CA3DCFCA3D22FA2312968D1BA5CD6
                          SHA-256:6F8A836D10EADA55BB1D3901CEB5B97711AFC9F7018E3BD0F0A8E77521F18E5B
                          SHA-512:BC5A39F9A86BC6D461C32A947A61D7BBD0DD8AE93700BC9E3E984B33DF6B9A0FAC0E8DD71CA50E8DCFEE9314BD00824FD4EC507C66E22E4BD20C1EDF0DAD4679
                          Malicious:true
                          Antivirus:
                          • Antivirus: Joe Sandbox ML, Detection: 100%
                          • Antivirus: Virustotal, Detection: 32%, Browse
                          Reputation:low
                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7b..s...s...s.......r...<!..v...E%..r...Richs...........................PE..L...R|zV.....................0......l.............@.............................................................................(...........................................................................8... ....................................text.............................. ..`.data...............................@....rsrc...............................@..@...I............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................................................................

                          Static File Info

                          General

                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                          Entropy (8bit):7.373376085032679
                          TrID:
                          • Win32 Executable (generic) a (10002005/4) 97.02%
                          • Win32 MS Cabinet Self-Extractor (WExtract stub) (303627/2) 2.95%
                          • Generic Win/DOS Executable (2004/3) 0.02%
                          • DOS Executable Generic (2002/1) 0.02%
                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                          File name:Original Doc Ref SN02853801324189923.exe
                          File size:214528
                          MD5:2b40b86c870ab6b0e9b08f26bd231e1a
                          SHA1:78a6fc51761c25fe571fec37ca4beaa13d7b5d48
                          SHA256:6c9c9bd77d704ca8c48a0125289e0e15e75f62f09d40ffad58a24bd96c3a57c0
                          SHA512:ee585115ff7a99ff169915199cbc904529e53bf139d0423f28df5fd41714c01928150442fef33ae364ac6209c2bb62e285c1cf88b9202272cc0eec11780eb4d1
                          SSDEEP:3072:UwdK6g8IT9xE5GWp1icKAArDZz4N9GhbkrNEk1ACBynjTy9d41bd0XF:VK6g8ITep0yN90QE44joX
                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*...n.k.n.k.n.k..^..i.k..^..`.k..^..(.k..^....k.n.j...k..^..g.k.Ig..o.k..^..o.k..^..o.k.Richn.k.................PE..L.....ST...

                          File Icon

                          Icon Hash:f8e0e4e8ecccc870

                          Static PE Info

                          General

                          Entrypoint:0x4069d0
                          Entrypoint Section:.text
                          Digitally signed:false
                          Imagebase:0x400000
                          Subsystem:windows gui
                          Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                          DLL Characteristics:GUARD_CF, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                          Time Stamp:0x545301EF [Fri Oct 31 03:28:47 2014 UTC]
                          TLS Callbacks:
                          CLR (.Net) Version:
                          OS Version Major:6
                          OS Version Minor:3
                          File Version Major:6
                          File Version Minor:3
                          Subsystem Version Major:6
                          Subsystem Version Minor:3
                          Import Hash:bc70c4fa605f17c85050b7c7b6d42e44

                          Entrypoint Preview

                          Instruction
                          call 00007FC2B8BB7C18h
                          jmp 00007FC2B8BB704Ah
                          int3
                          int3
                          int3
                          int3
                          int3
                          push 0000005Ch
                          push 00407900h
                          call 00007FC2B8BB7CCEh
                          and dword ptr [ebp-24h], 00000000h
                          and dword ptr [ebp-04h], 00000000h
                          lea eax, dword ptr [ebp-6Ch]
                          push eax
                          call dword ptr [0040A170h]
                          mov dword ptr [ebp-04h], FFFFFFFEh
                          xor ebx, ebx
                          inc ebx
                          mov dword ptr [ebp-04h], ebx
                          mov eax, dword ptr fs:[00000018h]
                          mov edi, dword ptr [eax+04h]
                          xor esi, esi
                          mov edx, 004088ECh
                          mov ecx, edi
                          xor eax, eax
                          lock cmpxchg dword ptr [edx], ecx
                          test eax, eax
                          je 00007FC2B8BB7048h
                          cmp eax, edi
                          jne 00007FC2B8BB7056h
                          mov esi, ebx
                          cmp dword ptr [004088F0h], ebx
                          jne 00007FC2B8BB7059h
                          push 0000001Fh
                          call 00007FC2B8BB7A34h
                          pop ecx
                          jmp 00007FC2B8BB707Eh
                          push 000003E8h
                          call dword ptr [0040A16Ch]
                          jmp 00007FC2B8BB700Ch
                          cmp dword ptr [004088F0h], 00000000h
                          jne 00007FC2B8BB7062h
                          mov dword ptr [004088F0h], ebx
                          push 00401018h
                          push 0040100Ch
                          call 00007FC2B8BB71A6h
                          pop ecx
                          pop ecx
                          test eax, eax
                          je 00007FC2B8BB704Dh
                          jmp 00007FC2B8BB7184h
                          mov dword ptr [00408224h], ebx
                          cmp dword ptr [004088F0h], ebx
                          jne 00007FC2B8BB705Dh
                          push 00401008h
                          push 00401000h
                          call 00007FC2B8BB7C1Ch
                          pop ecx
                          pop ecx
                          mov dword ptr [004088F0h], 00000000h

                          Data Directories

                          NameVirtual AddressVirtual Size Is in Section
                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_IMPORT0xa2940xb4.idata
                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000x2b778.rsrc
                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x380000x8c0.reloc
                          IMAGE_DIRECTORY_ENTRY_DEBUG0x10a00x1c.text
                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x13d80x40.text
                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_IAT0xa0000x290.idata
                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                          Sections

                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                          .text0x10000x69640x6a00False0.572044516509data6.35037999484IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                          .data0x80000x1a8c0x400False0.3232421875data3.17592784688IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                          .idata0xa0000x107c0x1200False0.418402777778data5.04714087963IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                          .rsrc0xc0000x2c0000x2b800False0.830454157687data7.46724692582IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                          .reloc0x380000x8c00xa00False0.771875data6.37328857441IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                          Resources

                          NameRVASizeTypeLanguageCountry
                          AVI0xc9f80x2e1aRIFF (little-endian) data, AVI, 272 x 60, 10.00 fps, video: RLE 8bppEnglishUnited States
                          RT_ICON0xf8140x668dataEnglishUnited States
                          RT_ICON0xfe7c0x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 2291109880, next used block 28872EnglishUnited States
                          RT_ICON0x101640x1e8dataEnglishUnited States
                          RT_ICON0x1034c0x128GLS_BINARY_LSB_FIRSTEnglishUnited States
                          RT_ICON0x104740xea8dataEnglishUnited States
                          RT_ICON0x1131c0x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 15066613, next used block 15000828EnglishUnited States
                          RT_ICON0x11bc40x6c8dataEnglishUnited States
                          RT_ICON0x1228c0x568GLS_BINARY_LSB_FIRSTEnglishUnited States
                          RT_ICON0x127f40xd9d2PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                          RT_ICON0x201c80x25a8dataEnglishUnited States
                          RT_ICON0x227700x10a8dataEnglishUnited States
                          RT_ICON0x238180x988dataEnglishUnited States
                          RT_ICON0x241a00x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                          RT_DIALOG0x246080x2f2dataEnglishUnited States
                          RT_DIALOG0x248fc0x1b0dataEnglishUnited States
                          RT_DIALOG0x24aac0x166dataEnglishUnited States
                          RT_DIALOG0x24c140x1c0dataEnglishUnited States
                          RT_DIALOG0x24dd40x130dataEnglishUnited States
                          RT_DIALOG0x24f040x120dataEnglishUnited States
                          RT_STRING0x250240x8cdataEnglishUnited States
                          RT_STRING0x250b00x520dataEnglishUnited States
                          RT_STRING0x255d00x5ccdataEnglishUnited States
                          RT_STRING0x25b9c0x4b0dataEnglishUnited States
                          RT_STRING0x2604c0x44adataEnglishUnited States
                          RT_STRING0x264980x3cedataEnglishUnited States
                          RT_RCDATA0x268680x7ASCII text, with no line terminatorsEnglishUnited States
                          RT_RCDATA0x268700x103d7Microsoft Cabinet archive data, 66519 bytes, 1 fileEnglishUnited States
                          RT_RCDATA0x36c480x4dataEnglishUnited States
                          RT_RCDATA0x36c4c0x24dataEnglishUnited States
                          RT_RCDATA0x36c700x7ASCII text, with no line terminatorsEnglishUnited States
                          RT_RCDATA0x36c780x7ASCII text, with no line terminatorsEnglishUnited States
                          RT_RCDATA0x36c800x4dataEnglishUnited States
                          RT_RCDATA0x36c840x7ASCII text, with no line terminatorsEnglishUnited States
                          RT_RCDATA0x36c8c0x4dataEnglishUnited States
                          RT_RCDATA0x36c900xbASCII text, with no line terminatorsEnglishUnited States
                          RT_RCDATA0x36c9c0x4dataEnglishUnited States
                          RT_RCDATA0x36ca00x5ASCII text, with no line terminatorsEnglishUnited States
                          RT_RCDATA0x36ca80x7ASCII text, with no line terminatorsEnglishUnited States
                          RT_RCDATA0x36cb00x7ASCII text, with no line terminatorsEnglishUnited States
                          RT_GROUP_ICON0x36cb80xbcdataEnglishUnited States
                          RT_VERSION0x36d740x41cdataEnglishUnited States
                          RT_MANIFEST0x371900x5e7XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States

                          Imports

                          DLLImport
                          ADVAPI32.dllOpenProcessToken, GetTokenInformation, RegSetValueExA, EqualSid, RegQueryValueExA, LookupPrivilegeValueA, RegCreateKeyExA, RegOpenKeyExA, RegQueryInfoKeyA, RegDeleteValueA, AllocateAndInitializeSid, FreeSid, AdjustTokenPrivileges, RegCloseKey
                          KERNEL32.dllGetPrivateProfileIntA, GetFileAttributesA, IsDBCSLeadByte, GetSystemDirectoryA, GlobalUnlock, GetShortPathNameA, CreateDirectoryA, FindFirstFileA, GetLastError, GetProcAddress, RemoveDirectoryA, SetFileAttributesA, GlobalFree, FindClose, GetPrivateProfileStringA, LoadLibraryA, LocalAlloc, WritePrivateProfileStringA, GetModuleFileNameA, FindNextFileA, CompareStringA, _lopen, CloseHandle, LocalFree, DeleteFileA, ExitProcess, DosDateTimeToFileTime, CreateFileA, FindResourceA, GlobalAlloc, ExpandEnvironmentStringsA, LoadResource, WaitForSingleObject, SetEvent, GetModuleHandleW, FormatMessageA, SetFileTime, WriteFile, GetDriveTypeA, GetVolumeInformationA, TerminateThread, SizeofResource, CreateEventA, GetExitCodeProcess, CreateProcessA, _llseek, SetCurrentDirectoryA, GetTempFileNameA, ResetEvent, LockResource, GetSystemInfo, LoadLibraryExA, CreateMutexA, GetCurrentDirectoryA, GetVersionExA, GetVersion, GetTempPathA, CreateThread, LocalFileTimeToFileTime, SetFilePointer, GetWindowsDirectoryA, lstrcmpA, _lclose, GlobalLock, GetCurrentProcess, FreeResource, FreeLibrary, Sleep, GetStartupInfoA, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, OutputDebugStringA, RtlUnwind, GetModuleHandleA, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, GetTickCount, EnumResourceLanguagesA, MulDiv, GetDiskFreeSpaceA, ReadFile
                          GDI32.dllGetDeviceCaps
                          USER32.dllGetDC, SendMessageA, SetForegroundWindow, MsgWaitForMultipleObjects, SendDlgItemMessageA, GetWindowRect, MessageBoxA, GetWindowLongA, PeekMessageA, ReleaseDC, GetDlgItem, SetWindowPos, ShowWindow, DispatchMessageA, SetWindowTextA, EnableWindow, CallWindowProcA, DialogBoxIndirectParamA, GetDlgItemTextA, LoadStringA, MessageBeep, CharUpperA, CharNextA, ExitWindowsEx, CharPrevA, EndDialog, GetDesktopWindow, SetDlgItemTextA, SetWindowLongA, GetSystemMetrics
                          msvcrt.dllmemset, ?terminate@@YAXXZ, _controlfp, memcpy, _ismbblead, __p__fmode, _cexit, _exit, exit, __set_app_type, __getmainargs, _acmdln, _initterm, _amsg_exit, __p__commode, _XcptFilter, _errno, _vsnprintf, __setusermatherr
                          COMCTL32.dll
                          Cabinet.dll
                          VERSION.dllGetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA

                          Version Infos

                          DescriptionData
                          LegalCopyright Microsoft Corporation. All rights reserved.
                          InternalNameWextract
                          FileVersion11.00.9600.16384 (winblue_rtm.130821-1623)
                          CompanyNameMicrosoft Corporation
                          ProductNameInternet Explorer
                          ProductVersion11.00.9600.16384
                          FileDescriptionWin32 Cabinet Self-Extractor
                          OriginalFilenameWEXTRACT.EXE .MUI
                          Translation0x0409 0x04b0

                          Possible Origin

                          Language of compilation systemCountry where language is spokenMap
                          EnglishUnited States

                          Network Behavior

                          Network Port Distribution

                          TCP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Dec 20, 2021 14:25:59.448805094 CET49830443192.168.2.7172.217.168.46
                          Dec 20, 2021 14:25:59.448865891 CET44349830172.217.168.46192.168.2.7
                          Dec 20, 2021 14:25:59.448978901 CET49830443192.168.2.7172.217.168.46
                          Dec 20, 2021 14:25:59.475584984 CET49830443192.168.2.7172.217.168.46
                          Dec 20, 2021 14:25:59.475647926 CET44349830172.217.168.46192.168.2.7
                          Dec 20, 2021 14:25:59.538207054 CET44349830172.217.168.46192.168.2.7
                          Dec 20, 2021 14:25:59.538408995 CET49830443192.168.2.7172.217.168.46
                          Dec 20, 2021 14:25:59.539151907 CET44349830172.217.168.46192.168.2.7
                          Dec 20, 2021 14:25:59.539266109 CET49830443192.168.2.7172.217.168.46
                          Dec 20, 2021 14:25:59.971906900 CET49830443192.168.2.7172.217.168.46
                          Dec 20, 2021 14:25:59.971955061 CET44349830172.217.168.46192.168.2.7
                          Dec 20, 2021 14:25:59.972515106 CET44349830172.217.168.46192.168.2.7
                          Dec 20, 2021 14:25:59.972599030 CET49830443192.168.2.7172.217.168.46
                          Dec 20, 2021 14:25:59.992872000 CET49830443192.168.2.7172.217.168.46
                          Dec 20, 2021 14:26:00.036875010 CET44349830172.217.168.46192.168.2.7
                          Dec 20, 2021 14:26:00.395023108 CET44349830172.217.168.46192.168.2.7
                          Dec 20, 2021 14:26:00.395222902 CET44349830172.217.168.46192.168.2.7
                          Dec 20, 2021 14:26:00.395345926 CET49830443192.168.2.7172.217.168.46
                          Dec 20, 2021 14:26:00.395416021 CET49830443192.168.2.7172.217.168.46
                          Dec 20, 2021 14:26:00.429305077 CET49830443192.168.2.7172.217.168.46
                          Dec 20, 2021 14:26:00.429357052 CET44349830172.217.168.46192.168.2.7
                          Dec 20, 2021 14:26:00.526817083 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.526880980 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.526979923 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.527601957 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.527631998 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.589710951 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.589884043 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.591145039 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.591299057 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.598860979 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.598896980 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.599297047 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.599375010 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.600008011 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.640896082 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.876980066 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.877176046 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.878079891 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.878218889 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.879223108 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.879394054 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.881372929 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.881508112 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.881537914 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.881604910 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.882467031 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.882579088 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.882599115 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.882668972 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.893105030 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.893280029 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.893353939 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.893472910 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.893477917 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.893502951 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.893629074 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.893656969 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.894701004 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.894839048 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.894864082 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.894943953 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.895705938 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.895838976 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.895862103 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.895945072 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.896805048 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.896904945 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.896925926 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.896991968 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.897927046 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.898087025 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.898108959 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.898188114 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.899028063 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.899238110 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.899260998 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.899414062 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.900403023 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.900530100 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.900580883 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.900661945 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.901164055 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.901253939 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.901268005 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.901333094 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.902148962 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.902261972 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.902280092 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.902344942 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.903156042 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.903256893 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.903270960 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.903333902 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.904112101 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.904202938 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.904211998 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.904230118 CET44349831172.217.168.1192.168.2.7
                          Dec 20, 2021 14:26:00.904266119 CET49831443192.168.2.7172.217.168.1
                          Dec 20, 2021 14:26:00.904298067 CET49831443192.168.2.7172.217.168.1

                          UDP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Dec 20, 2021 14:25:59.384783030 CET5668053192.168.2.78.8.8.8
                          Dec 20, 2021 14:25:59.413098097 CET53566808.8.8.8192.168.2.7
                          Dec 20, 2021 14:26:00.488233089 CET5882053192.168.2.78.8.8.8
                          Dec 20, 2021 14:26:00.514616966 CET53588208.8.8.8192.168.2.7

                          DNS Queries

                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                          Dec 20, 2021 14:25:59.384783030 CET192.168.2.78.8.8.80xd9ddStandard query (0)drive.google.comA (IP address)IN (0x0001)
                          Dec 20, 2021 14:26:00.488233089 CET192.168.2.78.8.8.80xebb5Standard query (0)doc-10-80-docs.googleusercontent.comA (IP address)IN (0x0001)

                          DNS Answers

                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                          Dec 20, 2021 14:25:59.413098097 CET8.8.8.8192.168.2.70xd9ddNo error (0)drive.google.com172.217.168.46A (IP address)IN (0x0001)
                          Dec 20, 2021 14:26:00.514616966 CET8.8.8.8192.168.2.70xebb5No error (0)doc-10-80-docs.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)
                          Dec 20, 2021 14:26:00.514616966 CET8.8.8.8192.168.2.70xebb5No error (0)googlehosted.l.googleusercontent.com172.217.168.1A (IP address)IN (0x0001)

                          HTTP Request Dependency Graph

                          • drive.google.com
                          • doc-10-80-docs.googleusercontent.com

                          HTTPS Proxied Packets

                          Session IDSource IPSource PortDestination IPDestination PortProcess
                          0192.168.2.749830172.217.168.46443C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exe
                          TimestampkBytes transferredDirectionData
                          2021-12-20 13:25:59 UTC0OUTGET /uc?export=download&id=1vqWz_R4BQMLYr0EwMvVJ53NsyRGjMpKl HTTP/1.1
                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                          Host: drive.google.com
                          Cache-Control: no-cache
                          2021-12-20 13:26:00 UTC0INHTTP/1.1 302 Moved Temporarily
                          Content-Type: text/html; charset=UTF-8
                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                          Pragma: no-cache
                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                          Date: Mon, 20 Dec 2021 13:26:00 GMT
                          Location: https://doc-10-80-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/v1hb64q8i4krmmckqtjah3e0j55ac599/1640006700000/05208698352720309252/*/1vqWz_R4BQMLYr0EwMvVJ53NsyRGjMpKl?e=download
                          P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                          Report-To: {"group":"coop_gse_l9ocaq","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_l9ocaq"}]}
                          Content-Security-Policy: script-src 'nonce-bXZw5RE8YXeMsyZpz3iV4g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/drive-explorer/
                          Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_l9ocaq"
                          X-Content-Type-Options: nosniff
                          X-Frame-Options: SAMEORIGIN
                          X-XSS-Protection: 1; mode=block
                          Server: GSE
                          Set-Cookie: NID=511=qSQSrMytFmju2yso72mVjfu3f_DCBwDC_ILZ2D86HGGcuty0kOUu-I1qMLCnouUIuSnlTN7NzvziHMBZYeGlO1pRyRE3WXDNrEzalmVtP1dznd2FNf1HzRYIIRUltI96e5Uzu26PGhka7ZVYW963NJz5grnWUznyofFWOdmJevQ; expires=Tue, 21-Jun-2022 13:26:00 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                          Accept-Ranges: none
                          Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site,Accept-Encoding
                          Connection: close
                          Transfer-Encoding: chunked
                          2021-12-20 13:26:00 UTC1INData Raw: 31 38 34 0d 0a 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 63 2d 31 30 2d 38 30 2d 64 6f 63 73 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 64 6f 63 73 2f 73 65 63 75 72 65 73 63 2f 68 61 30 72 6f 39 33 37 67 63 75 63 37 6c 37 64 65 66 66 6b 73 75 6c 68 67 35 68 37 6d 62 70 31 2f 76 31 68 62
                          Data Ascii: 184<HTML><HEAD><TITLE>Moved Temporarily</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"><H1>Moved Temporarily</H1>The document has moved <A HREF="https://doc-10-80-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/v1hb
                          2021-12-20 13:26:00 UTC2INData Raw: 30 0d 0a 0d 0a
                          Data Ascii: 0


                          Session IDSource IPSource PortDestination IPDestination PortProcess
                          1192.168.2.749831172.217.168.1443C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exe
                          TimestampkBytes transferredDirectionData
                          2021-12-20 13:26:00 UTC2OUTGET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/v1hb64q8i4krmmckqtjah3e0j55ac599/1640006700000/05208698352720309252/*/1vqWz_R4BQMLYr0EwMvVJ53NsyRGjMpKl?e=download HTTP/1.1
                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                          Cache-Control: no-cache
                          Host: doc-10-80-docs.googleusercontent.com
                          Connection: Keep-Alive
                          2021-12-20 13:26:00 UTC2INHTTP/1.1 200 OK
                          X-GUploader-UploadID: ADPycdsvb5CletL_jkqKYf5XdBuaCB3_SZTMplFQb20_I6iuOwWF-JI0bc6Noy_Di-xV-SpDLC7K26JryPo7LIJf3AE
                          Access-Control-Allow-Origin: *
                          Access-Control-Allow-Credentials: false
                          Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment
                          Access-Control-Allow-Methods: GET,OPTIONS
                          Content-Type: application/octet-stream
                          Content-Disposition: attachment;filename="XL bin_kNlustnM242.bin";filename*=UTF-8''XL%20bin_kNlustnM242.bin
                          Content-Length: 167488
                          Date: Mon, 20 Dec 2021 13:26:00 GMT
                          Expires: Mon, 20 Dec 2021 13:26:00 GMT
                          Cache-Control: private, max-age=0
                          X-Goog-Hash: crc32c=+vFLoA==
                          Server: UploadServer
                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                          Connection: close
                          2021-12-20 13:26:00 UTC6INData Raw: a4 5c e0 47 bb 64 2d be fe c8 2e 91 92 1d 15 22 b9 28 8f 9d b8 c9 9d 77 ce 99 78 7c 92 cf de 61 8c da 4c a8 b9 24 2b 7f 23 d8 76 18 14 48 6c 37 07 1c ba 96 29 02 21 2b 48 f2 24 2a ab f5 c0 25 de a6 66 df 2d 42 20 36 f0 3e dd 80 cb b0 f0 cf 8f c1 8b 4f d3 47 b9 b6 3f 68 23 7b 48 e1 2a 2f 40 85 c7 6a 42 ba 61 d0 16 c9 e1 18 53 34 48 ba ee 49 62 7f ce 34 1c b7 0d b8 4e 87 6e e5 9a a3 72 1f e9 f2 dc 0c 37 90 42 b8 25 7e e9 4f c2 39 ee bb c0 0b 41 35 f4 64 39 9c a3 44 63 3c 83 c9 5b 6a bc 18 78 9d 8e 42 a6 9e 02 2c 32 3c fc ee f8 2f ae f0 85 f8 05 6b 62 cb 3f 7e f7 a9 0c a6 ed df b5 2d b1 92 b5 00 0d aa ad 81 32 ae f8 dd fc 7e 68 69 7e d6 b3 7b b0 eb 37 1f 99 02 f0 d2 d0 90 30 d0 0e 06 91 d7 63 4a b5 cc 74 36 6b 05 24 aa 56 d1 a9 31 59 52 c5 aa f2 bf 40 48 43
                          Data Ascii: \Gd-."(wx|aL$+#vHl7)!+H$*%f-B 6>OG?h#{H*/@jBaS4HIb4Nnr7B%~O9A5d9Dc<[jxB,2</kb?~-2~hi~{70cJt6k$V1YR@HC
                          2021-12-20 13:26:00 UTC9INData Raw: f8 2e 97 95 c4 e1 80 15 d0 0d c2 6b f3 3a 6d 9f 8d f0 8c e2 23 8c 32 5a 44 94 3d b3 bf 9e 0d 0a a4 41 17 ae 81 37 f3 f8 89 77 b2 2f 3a a4 68 2f 05 ff 7b 6e b7 01 5e b3 a2 07 83 2d b0 09 3f 22 6a 1f 62 1b 94 21 4d 15 9c 06 f2 56 e4 8e 03 80 dc 50 a0 58 db 38 0c b7 6c a4 98 23 d3 b0 b0 88 4b 79 e4 a0 73 67 3c 8a 04 cf 6b c6 78 3a 06 4a d2 3a c4 61 46 ce c5 51 c8 d5 7d 8b c0 90 cc 2d 16 7b d6 50 da 27 ea d1 34 40 32 66 ca eb 7d 84 76 89 ba b5 1e e8 28 62 95 04 a6 93 e0 66 c8 b3 5f 60 2e 0e d7 ce 88 9c 3a 8e 4a 12 ff 20 22 17 f9 65 c7 94 a6 a4 99 3e e6 83 0d 26 ec 9b c1 4c 3e 62 8e f2 77 10 4b da 9a 29 7f ab 65 ea 56 73 42 9b bd e8 38 e4 e0 d6 31 d1 ee 62 a2 a0 e3 74 9d 41 58 75 e5 88 96 8b 02 9e 37 37 1c 44 fc f4 b2 74 c5 4f b7 c6 d1 ab 96 11 30 66 b1 a3 0a
                          Data Ascii: .k:m#2ZD=A7w/:h/{n^-?"jb!MVPX8l#Kysg<kx:J:aFQ}-{P'4@2f}v(bf_`.:J "e>&L>bwK)eVsB81btAXu77DtO0f
                          2021-12-20 13:26:00 UTC13INData Raw: ca 74 7b c5 89 b3 fe be b5 6e f4 82 d2 bf 7a f0 8e a6 69 a6 55 ba 34 1e e7 d8 4d 31 48 29 cc d2 82 31 cb 2e 50 ea 6d 89 02 62 18 65 5c 3f c8 9b 77 1b 3d 86 a0 9c ff 7d 05 13 00 51 d4 3b 35 1f 84 84 37 fe cc 9f 74 43 da fd ad 61 2b a2 4b 19 f8 9c 12 04 d3 e2 22 b9 bd b1 f6 67 33 6a bf 18 db e5 69 cf e4 8a 36 c0 81 17 00 a5 ef 57 3c 5a cb 77 6a 50 24 58 75 3b 4c df 54 56 6a 24 b2 c4 8d cc 54 3a ce 6d 8e ff a3 57 f6 66 1f 2e f7 03 67 13 eb 2a 50 f6 a6 36 59 b2 ce 95 28 41 60 91 54 4d cc a6 ad 1b 95 88 4b cb cc aa b0 73 95 6b e7 b3 14 b8 88 2f 91 15 bd 7f 72 89 7e 1e 7d e3 21 00 fa a8 bb 71 29 f8 6f fe 53 a4 74 cc 5d be eb ee 7f f9 ca ae 6d 82 63 f4 7c bc 9c 0e bd 62 69 ce fb 63 6c 01 d6 90 1e ee 37 32 bd a6 cf 0f 39 28 ca 4a 7f 39 11 f3 dc 9f d8 55 5c bb 57
                          Data Ascii: t{nziU4M1H)1.Pmbe\?w=}Q;57tCa+K"g3ji6W<ZwjP$Xu;LTVj$T:mWf.g*P6Y(A`TMKsk/r~}!q)oSt]mc|bicl729(J9U\W
                          2021-12-20 13:26:00 UTC17INData Raw: 13 1c 7d b8 71 be dd b8 e4 96 08 2a 53 8b 87 23 e5 cf 1f f1 d0 f0 08 2e 06 67 e7 ae 79 15 7f 00 e9 41 09 f4 96 8d 1d cc 99 d0 c9 0b 68 da 5c 56 bc 85 e0 af 01 54 11 4d cf 41 96 75 3d 72 89 ba b5 4f 80 28 52 95 04 95 53 88 66 e8 b3 5f 30 79 c9 92 1a 91 29 70 83 8d 57 27 0d c7 6d 66 a2 82 48 35 6d 05 d1 21 c6 ed 86 0c a0 8c 8b 7b 86 20 d8 82 a0 8c 9f 72 e1 94 10 59 2d 13 9f c1 c8 24 89 ff a1 10 c1 1a d5 90 a5 e7 54 59 03 4b 67 9f 30 1d 69 ff 9f 61 59 72 cb 49 65 f0 89 75 f1 35 b1 48 39 d0 a9 92 19 f7 e3 45 5d f5 12 7b e9 94 0a a1 db 56 77 8f 9e d7 3a 21 2d e7 bc a2 9a ad 08 11 eb 70 82 22 2d ac 03 14 06 b3 87 5b 54 d9 2d 34 ed a4 4e 0b 59 0e 1c 9d bf 0c 74 a5 61 78 4e c9 aa 93 de 1a db 14 4d 26 a7 fc 84 81 1b cf 24 ee cc d7 de 22 b9 9c 96 6d 17 8c 0d 01 a5
                          Data Ascii: }q*S#.gyAh\VTMAu=rO(RSf_0y)pW'mfH5m!{ rY-$TYKg0iaYrIeu5H9E]{Vw:!-p"-[T-4NYtaxNM&$"m
                          2021-12-20 13:26:00 UTC18INData Raw: 65 2a 00 ae 8f 86 35 b2 10 0d e9 12 03 d9 82 4e 2e d4 99 c0 e5 82 54 00 91 8d c4 7e 54 39 44 8e b7 a2 26 9a 79 9c c8 a7 70 14 a0 d1 8d 0a 71 3e 31 e0 6e b9 c8 45 22 ac a4 bb 5a df e3 54 a6 c0 a6 47 ea 8e e0 2f a6 09 47 aa af fd 1e be 5b 00 6d 43 4c 77 5e 71 44 a5 df 36 f0 66 d5 14 7a 3f f9 8b 47 ce df c4 ad 6a fb 89 0f ea cc 7b a9 71 2a 1c 1c 3d c3 e1 3f 46 52 89 0e 08 1e 10 da 69 bc 31 b3 b9 a3 84 de b5 fb 48 0d b8 4e 0c aa 5d 9e 22 9f ff 53 fc dc 33 62 c5 67 c1 eb 22 e5 a5 9e 62 7c 43 bd 97 b2 b9 6c 16 58 f1 08 7b 9a 56 2c 65 27 79 25 f6 05 17 3a d7 9e 76 8f f3 76 73 af fd e9 d8 ce 16 6a d5 3b 18 ba 42 42 86 7c d4 04 77 6f f6 03 4b 80 9a 60 30 36 ad fc 22 0d 24 32 95 de e4 92 aa 76 25 23 cc 9a f0 1f a8 a3 05 a1 11 8e b2 f8 59 f9 11 4b 41 f0 d8 c6 25 ae
                          Data Ascii: e*5N.T~T9D&ypq>1nE"ZTG/G[mCLw^qD6fz?Gj{q*=?FRi1HN]"S3bg"b|ClX{V,e'y%:vvsj;BB|woK`06"$2v%#YKA%
                          2021-12-20 13:26:00 UTC19INData Raw: 2c 06 c0 9b 3e eb 9a 1f f8 25 58 ca 9a 68 cb 19 8b 86 27 36 30 40 e6 70 e6 5a 44 f0 94 d9 b9 b6 cf d1 35 e5 32 2e 29 03 a4 41 92 58 f4 32 c0 38 d7 2a 71 a4 77 b4 e5 3b c8 ff 7b 6e b7 8a 13 bf f0 56 d5 7d 58 9d c8 dd 95 9c a6 0b 11 e1 35 cb 15 80 02 56 e4 8e 88 46 82 0d 63 94 17 6d 87 5b e7 e1 8c a8 9e bc 3b 19 bb 79 e4 a0 23 ec 79 82 56 44 3e d6 90 be ff b5 2d b9 00 69 1b 0d 29 9e 1b e5 f1 86 3d d7 05 3a c9 a4 50 c0 7a 72 61 3d bf 05 3e 0e 3e eb 7d 84 1c 89 ea 5d b3 31 d7 9d 16 c0 aa ce 23 35 8a fd 8c db 64 b6 9c 9b 03 70 6c 05 3f 1e a8 76 11 e8 11 55 aa 95 a6 27 5d 3a 63 43 79 2c 8a 18 fd 0a 62 16 8d ba 02 e6 03 ae 91 4f fc 97 23 b6 22 77 05 d3 c8 1d bd 24 94 cf b4 2e 9a 77 2f ac dc 25 10 15 1e 77 6e cd 9e d9 52 76 30 5d 1d 44 7f 30 be 2b 9b 12 74 93 5a
                          Data Ascii: ,>%Xh'60@pZD52.)AX28*qw;{nV}X5VFcm[;y#yVD>-i)=:Pzra=>>}]1#5dpl?vU']:cCy,bO#"w$.w/%wnRv0]D0+tZ
                          2021-12-20 13:26:00 UTC21INData Raw: 3e 3e 76 17 6b 70 0f 4c 2c e9 ac b9 b4 b3 65 c1 43 53 a4 1c 4a 18 2c 27 31 cb 43 d7 3c 78 f2 98 ca 2f 77 88 6a 3a 96 57 d9 a2 fb 30 4e 14 89 df 31 7b a1 23 3b e6 40 cb ed 6f 65 f2 d0 6b 3e cf d1 de 1e 08 a6 d2 cf f8 5a ed a6 ac 8e d2 22 06 b4 70 c9 db 34 e7 79 8a f6 59 bb 9a c3 33 ac df ff 57 ec 00 cf 61 25 7c 4c 51 65 13 40 bb 43 9d 1e b1 40 62 fa ae 21 d1 ba a9 95 5d 20 9e 7e 55 8a 69 d6 cf b2 7b ae 91 70 8b 17 b7 ee ab c8 de 80 a2 9e 31 a0 12 ac c8 f1 35 c9 dc 56 a9 2e 22 7c 51 04 c2 be 1a 14 02 49 42 ce 48 66 dd 17 46 d8 9a 50 00 ef 13 7b 68 ff 5b 92 26 07 98 89 f7 53 2a 53 23 8b 33 ea 0a 2d 9f 87 1b 7b 9d 90 cc a7 c2 04 91 c9 66 a3 8c f5 28 08 76 58 22 87 49 7e dc 0a 22 b5 c5 6b fd 99 40 f6 31 8a c0 37 9b ec b2 80 c8 3c d3 9f 78 5d 5d 21 bc aa 77 00
                          Data Ascii: >>vkpL,eCSJ,'1C<x/wj:W0N1{#;@oek>Z"p4yY3Wa%|LQe@C@b!] ~Ui{p15V."|QIBHfFP{h[&S*S#3-{f(vX"I~"k@17<x]]!w
                          2021-12-20 13:26:00 UTC22INData Raw: eb 4a 79 67 64 77 ea b0 cf 74 3a 94 39 29 6c ee c3 8c 3a c4 ec 13 7a 97 b9 68 b6 7c 8b 43 54 d8 2e d6 2b 5b 15 6e 77 67 5c 44 b5 cd 99 9b 03 f7 e7 77 89 37 21 5b ba dd 9d 6a 87 62 97 b2 8e 42 d3 5e 60 a3 83 2f 30 77 63 b1 5f f2 52 ff 20 22 45 9f ec 82 0a 2f e9 39 d6 86 e0 0c 26 ef 5b a7 c5 7b fe e6 eb 75 12 4b 57 1f 59 8a 54 9a ba db 3e da ca eb 00 ac 97 e0 d6 b2 15 ce e7 62 d4 8b f9 c8 ad 0a fe b0 10 fe 8b 03 9e 37 ba 99 34 07 0b 4d 24 af 4e 3a 8b 4d fa c4 47 d8 6b f2 a2 0a 6e af d5 51 4a b2 5d 58 0a 09 9a d7 de 9a 28 67 36 a7 9a ad 3f cb 86 6c 1e dc d2 c9 68 5e a3 37 0c ab 54 d9 3d e3 f3 73 2e 55 07 0e 7c b8 87 9b 8b 2c ed 7d b3 b7 a5 96 70 68 1e e1 fe dd 09 27 52 e1 04 bd 25 6d 60 c7 57 a7 c1 ec fc 62 b1 24 1a 8b dd c1 81 f0 69 6e 58 19 67 08 82 bc 37
                          Data Ascii: Jygdwt:9)l:zh|CT.+[nwg\Dw7![jbB^`/0wc_R "E/9&[{uKWYT>b74M$N:MGknQJ]X(g6?lh^7T=s.U|,}ph'R%m`Wb$inXg7
                          2021-12-20 13:26:00 UTC23INData Raw: 7a de 10 f0 78 95 dc 36 88 fd cc 96 e0 d8 96 c9 61 a9 f9 c3 36 c8 6b 21 0b 5a 12 b0 56 41 7d a1 d7 13 cb d8 a5 e2 c7 12 36 01 4b da 3d a0 12 ac 25 30 3a 49 a4 fa a9 07 f6 02 99 0c 1e 0a af 7c 13 18 ac 61 91 3f 09 a5 9c bf 1f 09 c3 6c b9 15 ec 07 8d 5d 02 c3 e8 d3 7b bd 7d 01 cb 20 06 f5 05 2a f4 8b 44 25 90 71 16 77 44 96 02 c2 65 1b 71 de c4 42 f3 40 10 db 1c bf 4a 61 2e c7 f7 e1 11 43 63 a9 37 a2 68 ee af f2 a9 d6 20 13 00 8b 58 35 32 e0 ad 77 50 56 2d ed 16 71 98 c8 f5 ab 48 5e 40 c4 72 38 d5 fa 16 5d 17 8c 40 e7 f2 13 37 9d 43 37 47 ab de e0 94 12 d0 ed 88 b4 17 c9 ee 18 0f 8a 33 2b 5b 54 03 dd f0 67 ba 2d 0c f6 c9 c0 89 5f ef 7d e6 f9 82 17 56 d8 6d c8 cb 8a f1 00 06 e1 69 9a 00 fa 4a f1 91 27 a1 38 6b 11 55 62 7e 81 93 5b a3 91 d8 56 4e b2 92 01 bc
                          Data Ascii: zx6a6k!ZVA}6K=%0:I|a?l]{} *D%qwDeqB@Ja.Cc7h X52wPV-qH^@r8]@7C7G3+[Tg-_}VmiJ'8kUb~[VN
                          2021-12-20 13:26:00 UTC24INData Raw: 8f d2 c5 77 c7 aa 65 ea 56 28 1f 58 71 bd b3 08 61 3a 59 d0 ee 62 21 dd ef 74 92 c5 8f 74 e5 88 15 f6 12 9e 38 b3 d1 45 fc f4 e1 22 92 7c 77 ae 2f ab 96 11 60 eb 3c 39 f4 12 94 98 b2 03 42 84 2d 70 8e 89 fd 77 16 a4 e9 33 54 ee d4 b6 9f 6e 8e 4f 0f 80 83 b9 9a 5b b3 0c ab 10 58 c9 9f 1b b4 48 93 42 71 81 c0 19 64 12 28 34 80 04 cc f2 c0 21 e5 8a 99 03 22 31 f5 ae 49 62 bc 27 ee a4 d7 b0 26 34 94 9b 63 1e 8c a2 05 c0 e3 2d 73 ad 0c db ea 36 f4 5a b7 26 2a 84 0f c0 ed 58 2f f6 d4 2e ab 68 f5 42 16 68 64 fe 62 c2 34 fa fe 8a 1e 84 9f 11 e5 78 6a 3c c8 56 f8 ad 08 c5 08 e1 ea bb 3b 9a 86 1f 0c 90 56 64 db 87 fd 1e 90 63 44 64 65 f9 84 37 b2 d3 b8 bb 0b 37 fe 85 fb 58 c8 c6 67 70 6d 91 8a 88 3b 12 fc 6a 3d 8a 75 cf 7d 1a 93 96 36 da 93 c9 f8 de df 89 5e 68 94
                          Data Ascii: weV(Xqa:Yb!tt8E"|w/`<9B-pw3TnO[XHBqd(4!"1Ib'&4c-s6Z&*X/.hBhdb4xj<V;VdcDde77Xgpm;j=u}6^h
                          2021-12-20 13:26:00 UTC26INData Raw: 46 25 ad 84 ec 5e 16 cb 47 d1 36 f0 64 e2 c5 62 99 38 ce 4c 30 c6 39 ef 6d 94 f9 eb 5e 45 9d c8 ec ea b1 85 7d 37 48 55 63 80 0c 5c a2 77 61 6b fb 7d bb fe 86 ed 5d c7 de 47 22 d6 92 c0 46 91 68 81 5c fc 31 11 6b 7f db b3 ef 39 b5 7a 07 70 ec 1d c7 b6 93 c7 b6 00 44 b5 f1 a9 8c da f7 35 9c 69 e8 61 69 2b fb 63 cd 8f cc d5 28 d0 2d ac 29 9e c2 a9 42 3a 5d 66 98 d3 01 63 62 cb 1f c0 6b 42 03 45 86 5a f4 5d c2 77 37 f3 d4 47 80 39 f4 63 ec 55 4e bc 01 d8 3a 52 23 76 b4 46 57 f6 8b 48 85 9e 31 48 cb e1 f8 a3 d3 ae 3b 62 44 29 50 35 f3 1e 9b fc 6d 9f 34 f1 8c e2 23 0c 0a 74 30 d3 7c fb 3c 67 03 78 50 17 7d a6 0c 72 4f a8 04 fa ce d0 c5 5b 39 c7 bc ac 7a 6e 34 c5 52 3a e7 fb 06 ed c4 71 87 23 6a 1f 62 96 e0 3e b2 98 07 06 f2 56 e4 04 0d 04 15 24 e1 d8 22 02 78
                          Data Ascii: F%^G6db8L09m^E}7HUc\wak}]G"Fh\1k9zpD5iai+c(-)B:]fcbkBEZ]w7G9cUN:R#vFWH1H;bD)P5m4#t0|<gxP}rO[9zn4R:q#jb>V$"x
                          2021-12-20 13:26:00 UTC27INData Raw: 7c 35 9c 37 2d 79 c3 26 5b e4 b4 8d 70 66 fc 70 a0 9d 7d c5 62 bc a8 6b cc 2c 25 dd 3a d5 4b cd 09 4b bd 52 28 bd ba 77 2e 9e cb 11 2e 5f 38 f3 e2 3f c6 b5 6d 44 4f 8b 21 80 c2 93 ed 1a 2f 05 45 dc ae 04 44 8d d2 ff 1e 2f d4 9f 11 15 7d 6a 3c c8 e8 df 50 f9 3a 7a 46 7d 71 48 e0 11 63 37 6b 54 01 29 8a 07 e1 05 32 af a8 82 41 55 ea 2b 2d ca d1 32 24 1c 20 a8 0e 4a b9 fd 8e 1f ac 62 aa 64 9f 2e 54 2e 49 65 a7 81 73 93 fc 73 65 cf 0e 21 36 7b e0 02 63 c2 3b bb 88 47 78 c0 3b f5 e0 b9 4e 17 1f 34 d4 41 c0 64 2e 40 0e 49 36 49 ba 61 d3 d6 99 b0 95 c6 5c b3 45 11 1b 8a d4 85 35 1c 34 c9 a8 24 87 5b a0 76 f3 f1 8d 3b 07 23 47 6f b5 95 4f 25 32 4e 6e 1b 04 57 9a 6d fe 5b a1 6c e9 08 19 67 68 03 52 60 2b 47 b1 21 82 09 b9 13 2b 76 08 93 5a 9e b2 5e 31 6a c3 0e b1
                          Data Ascii: |57-y&[pfp}bk,%:KKR(w.._8?mDO!/ED/}j<P:zF}qHc7kT)2AU+-2$ Jbd.T.Iesse!6{c;Gx;N4Ad.@I6Ia\E54$[v;#GoO%2NnWm[lghR`+G!+vZ^1j
                          2021-12-20 13:26:00 UTC28INData Raw: 67 5d a2 c6 8b 28 d0 7d e6 e1 d8 11 56 d8 6b fc aa dd 53 fc f9 9d 45 2c ca ae aa f7 61 8b d7 79 b8 22 41 66 29 69 da 98 ff 71 1c d3 fa 3c 07 f9 41 c5 6a 31 a4 30 5d 7c f7 ed 4c 4d e2 24 eb 65 b0 10 d1 de 94 c4 58 dc 15 d0 0d 4f d5 1f b6 6d 9f da 96 05 6e 66 74 cf a5 bb 7c db fa be 9e 8e ce 80 42 d7 fe 0c a2 0b 05 76 88 e5 7d d2 77 21 2e 05 72 ff 2b 4f fc a1 4c 21 c3 87 7d 58 da 79 23 6a 94 f1 1f 99 21 4d 96 58 0a 98 56 69 03 fb 7d 23 af f1 a7 09 52 0c dd 76 25 5e cf 59 b0 b0 de 18 91 da 40 73 67 bf 4e 14 38 b3 dd b8 65 f1 92 8c 61 4f 84 1b 0d e7 41 4b b7 2c da 5a 46 c2 3d ac e6 a8 fe 8f ac 06 50 d8 5c 36 66 ca bd f6 f1 7e 0a 04 b5 13 e8 28 62 c2 0b 22 9d e3 66 c8 30 e1 64 23 0e d7 ce 87 18 3b 8d 4a 12 7c 9e de 1b f9 65 c7 9b 22 50 9b 3e e6 00 b3 2e e1 9b
                          Data Ascii: g](}VkSE,ay"Af)iq<Aj10]|LM$eXOmnft|Bv}w!.r+OL!}Xy#j!MXVi}#Rv%^Y@sgN8eaOAK,ZF=P\6f~(b"f0d#;J|e"P>.
                          2021-12-20 13:26:00 UTC29INData Raw: 71 2e c1 aa 14 71 0e ba 2a a8 87 30 48 5c 5b bb da 58 a2 c6 79 78 b1 c7 67 74 c4 ed 28 f8 d1 eb 59 85 b5 2b a3 0a 25 92 6c 38 c8 46 ff 33 d5 84 43 d7 98 4e 4f fd 8b 0a dc 0d 72 7e 44 58 f0 d2 c1 8f 2b 2f 40 08 42 08 bf 45 9e e3 c4 9a b1 91 0e e4 c1 f7 22 8e 27 db d6 34 1c b7 84 e5 e6 0e 8b 55 13 fe d0 89 0e 48 55 e5 86 3b ea 95 44 cf db 91 7e 17 c5 c9 e0 f0 46 52 1e 5b 94 a0 0e 72 a6 00 85 a7 2b 4a de f0 1d e3 ab 7a 6e 8b 4c 0d 76 f0 6b ee 10 80 c5 1d 53 f5 08 61 cd 4d 9f 75 f7 a9 5b ce 67 e7 9e fa db c6 b4 c5 4a b1 ab 0e 4e 7d f5 95 bb e4 55 64 d3 a9 e2 43 92 b6 bd 8b cf 05 ce 9a 35 4f 1c ea 36 64 c0 58 74 c7 a4 a4 63 31 fd 08 cc cf 56 a9 a9 f6 1c be f0 ef f2 bf e4 a1 9c 4d 8c e9 46 5d 26 90 0b 0a 48 21 e6 11 36 85 51 04 99 75 86 b8 00 fa 82 52 99 ae 84
                          Data Ascii: q.q*0H\[Xyxgt(Y+%l8F3CNOr~DX+/@BE"'4UHU;D~FR[r+JznLvkSaMu[gJN}UdC5O6dXtc1VMF]&H!6QuR
                          2021-12-20 13:26:00 UTC31INData Raw: 1b f8 60 77 b2 a2 6f 3c 3a c7 92 d7 7b 6e df e8 57 b3 a2 8a 06 81 45 f6 c0 72 e7 52 fa 4a 7c 23 7b 15 9c 8b a7 ce b6 66 ca b5 dc 50 2b 15 d3 b5 49 2f 3c cc 91 22 d3 b0 e1 60 2c 4f e4 a0 f0 a3 10 01 e1 92 a8 93 f3 d6 87 a6 de 38 c4 61 15 98 f6 8a a0 d6 7c 8b c0 1d 49 d4 e8 84 29 03 8a af 77 29 ca bf cd 8e f1 d6 7c 84 1e 8a bb b5 1e 65 a5 97 68 fb 59 c0 b1 ee 55 47 a2 9f d1 e6 f4 f3 89 9c d2 c0 78 13 ff 70 71 ff 9e 57 c6 94 2d f4 a9 6c 6b 06 f9 db 13 64 91 a4 19 21 8f f2 fa 9d bf 27 65 d6 2e 43 2e d5 57 73 12 16 28 1c c5 1b 1f 5f 74 2d bc ef 27 58 1d 8b 62 11 b0 41 a3 89 96 00 5f 96 b4 f3 24 c9 71 0c 4c 8b 3a 1e dd be 82 43 89 c8 30 66 32 67 02 bd 83 bf 0d 8a c7 9f 17 87 f4 a1 5c 0b 9c d1 6e 2c 48 a2 14 76 99 6e 8e 7c 35 04 2c fd 66 84 73 0e fb 56 db 91 b5
                          Data Ascii: `wo<:{nWErRJ|#{fP+I/<"`,O8a|I)w)|ehYUGxpqW-lkd!'e.C.Ws(_t-'XbA_$qL:C0f2g\n,Hvn|5,fsV
                          2021-12-20 13:26:00 UTC32INData Raw: 21 11 ca 23 3e b5 ac ac d4 c5 aa 07 6e 3d 73 21 29 3d 20 9d bc 18 3b 0e 3d 25 9f c9 ce 85 f1 f1 1c 36 ec 08 bb a8 59 3e 3f 92 fe 1b 6f 1a b4 8f 49 75 5a 81 a6 1e 6f 09 e3 5a 21 dd 8b 8d a5 a9 83 96 0f 6e d3 08 42 f5 4e f8 ba 78 ec e3 47 ca 99 6a 0e e8 ab f3 d6 e2 6e 9b ba b0 2b e9 c9 6e 95 c4 f4 0e 14 7b 2d 9b 4c 34 70 7c 00 9d 2b 95 dc 65 fb 07 9d 75 64 12 e9 f3 c2 2c 06 e8 aa e4 a2 c7 e6 4b 3f cc 26 cb a0 7c fe 27 94 5a b5 0a f4 1e 1b 37 c3 01 b2 62 ce 29 7a d5 49 0e b1 1a e9 a7 3c ab 79 f1 29 6c e0 0d 60 81 42 f7 03 fd 53 ed c7 fb a3 e8 15 bb 23 1d ad f9 4c a3 2c 2d 48 31 1e bf 21 a7 58 24 06 13 88 aa a5 0c 56 1b 8d f7 ba 38 f6 d7 20 94 2b 82 04 8a 46 2d 3f 2e 66 7b 78 e1 ca b1 2d 1c 14 48 42 aa 67 a4 3b cf bb a0 47 53 8e 25 0a a0 07 45 8f 41 ae 83 bb
                          Data Ascii: !#>n=s!)= ;=%6Y>?oIuZoZ!nBNxGjn+n{-L4p|+eud,K?&|'Z7b)zI<y)l`BS#L,-H1!X$V8 +F-?.f{x-HBg;GS%EA
                          2021-12-20 13:26:00 UTC33INData Raw: 6e 82 f0 21 de 52 de 2f e9 28 ef 00 5c 5b 6c 1f 34 9e 38 87 88 a2 cb d7 ce 0b 58 36 0b 8a 66 c4 77 74 ff 77 56 c6 94 25 60 91 bb 26 f7 20 ad a9 03 4a 02 3a 32 df a1 9f a9 79 db 9a aa bb a7 8d cb 7a 72 42 12 fe fc d0 68 86 d7 31 fa b0 66 2f f4 fb 76 14 14 50 fe a0 80 69 5b 5d c0 04 f7 47 cf 19 a9 71 b8 90 c4 5b 90 5a de 9a 94 c6 13 b4 90 ca b3 36 0a 83 01 ba 14 b9 8b 19 61 38 21 17 cc 62 46 5d 65 38 6e cf a9 88 7c dd d2 44 3b 23 0b b3 0c aa d7 f5 82 80 1a d1 cb 90 13 0c ff 45 bc 10 2e 2a 9e f3 86 40 d1 67 4b e5 db c8 69 27 a1 9d 05 7b 63 bc a6 2a b0 ea de 22 b9 d1 76 de 6a 74 9a 53 a8 3e 7e fe f8 6a 89 31 2b 5f e3 98 aa b3 7a 7b 7a b3 da 70 a9 d5 2e c0 60 f7 47 ee ba 23 ae 08 cd d5 fd 7b 4e 2e d4 12 15 38 8a 7d a2 a8 bf 37 76 cd ed 0c 73 2a e3 b0 cd 26 af
                          Data Ascii: n!R/(\[l48X6fwtwV%`& J:2yzrBh1f/vPi[]Gq[Z6a8!bF]e8n|D;#E.*@gKi'{c*"vjtS>~j1+_z{zp.`G#{N.8}7vs*&
                          2021-12-20 13:26:00 UTC34INData Raw: bb cb 77 30 81 7a 8e 13 2d e5 c2 0d db 45 d6 2f 08 60 b8 8c f6 56 4b 94 33 17 1f 60 45 2e de 02 81 40 b3 de 8e f8 dd 06 f2 d1 a2 30 e4 b3 93 5b 67 a0 17 bc ef d6 16 ba d7 60 2d 3a ff ea cd 5e b6 38 c3 af 84 1f 59 d6 4f 24 4e 45 cd 07 43 a0 71 dc a8 90 4c 2d 16 f6 a8 54 8d 71 bb 81 dc 72 25 67 ca 68 b9 90 b1 8e ba b5 1e e8 77 a5 93 04 a6 93 e0 38 95 70 63 d9 80 33 ec b8 1e ed 27 1d 7f e7 4e 97 44 42 72 89 46 78 ae a6 99 3e b5 08 50 2a 69 40 ce c8 d4 62 8e f2 11 93 70 da 95 ad 9f ab 65 ea d5 0e 52 9b b2 6c ee e4 e0 d6 67 86 dd a2 ca a6 e1 74 9d 11 d5 f8 1f 75 69 74 53 ad c1 51 95 c1 04 09 4d 8b 2d 87 98 c7 d1 f8 7e 23 02 67 b1 20 ce fd ee 09 a0 95 4a a1 2b 72 8e 9e a3 ea 3c 5f f2 49 eb 74 d1 94 c4 1a 82 1a 54 c6 4b ba e5 c6 b1 37 5b a5 f1 53 b1 71 d4 1b df
                          Data Ascii: w0z-E/`VK3`E.@0[g`-:^8YO$NECqL-Tqr%ghw8pc3'NDBrFx>P*i@bpeRlgtuitSQM-~#g J+r<_ItTK7[Sq
                          2021-12-20 13:26:00 UTC35INData Raw: 95 63 0f a0 0d 25 6e 96 da 11 10 e2 7b 33 d3 83 9d de 25 81 27 02 d9 a0 6e a4 1f c6 f4 59 64 b9 24 0d ba b4 85 77 f8 39 ce 96 40 ca 1e ee 21 81 71 c7 4d eb 7c f7 a9 0c 26 92 b9 62 fb ab 94 e4 c3 8a 75 fe c9 0b 10 a9 65 21 1b b9 e9 0a 5f 36 31 92 71 92 26 f0 84 66 9a f0 0f fc 70 3a 15 c0 9f 61 49 d6 4c 29 11 3b 4d ad ef ae 5a 2f e9 5b 52 95 6c 36 af 09 49 46 48 8c 02 a0 4b 1d 53 f6 48 3f 84 e9 11 66 7a 0a 3b 25 7b d3 de af 57 95 48 1d 46 3f 61 4f 56 d0 c3 6c 72 97 48 c1 31 fb c8 ae 11 29 5e b7 b5 44 19 fd c4 05 96 bc d5 a5 78 99 52 90 63 d1 ca 9f e4 42 7c 8d 44 d3 e4 3e fd d8 3c 00 87 32 39 0b f5 16 fb eb 88 81 44 01 5c a8 fb 35 a3 7c c9 0d b9 45 42 e4 76 f7 e6 f0 05 05 82 f6 f4 20 eb f9 f4 0e bd 7b bd d5 e3 3e 9d e0 6b fd bb b5 49 65 c5 56 ba e6 04 53 8c
                          Data Ascii: c%n{3%'nYd$w9@!qM|&bue!_61q&fp:aIL);MZ/[Rl6IFHKSH?fz;%{WHF?aOVlrH1)^DxRcB|D><29D\5|EBv {>kIeVS
                          2021-12-20 13:26:00 UTC37INData Raw: b1 e6 85 1c 9d 2e 5a c9 34 a5 e7 e5 20 f3 42 2d 84 a5 43 df 4f 49 38 3d 8e 4a 43 a9 70 ca 54 e6 65 c7 1f e3 50 12 73 1e 00 c9 2a ef 65 4a 39 c2 e2 b2 cc 36 65 01 5b a2 b9 ef 3b 2c 9f 14 fe 06 a5 b8 db ce 74 d8 ca 01 a4 fc 5a fe 90 e2 01 91 79 04 45 e7 fd 90 b3 5e ae 34 43 19 02 c7 05 c0 90 4e 02 bf 47 10 0f 91 11 30 37 e7 f3 e2 1e 75 c9 d4 01 82 e8 58 c2 89 e2 ec 2d 14 5a e9 33 a0 e5 6e 50 da 1b c4 fd e5 42 d4 6c 2c 72 f1 81 ef e9 18 0a 47 8b e9 54 64 72 97 c1 9c 4c 65 01 ad 59 24 f3 4e 2f 6f 19 b9 bb 9a 77 27 b0 4e 4b 1b 86 37 68 e6 25 16 7e 25 b9 11 52 cb b1 9b 51 4d 28 3e f5 36 59 ed 96 9f f8 cc 07 39 4d 39 0f 0c bf 83 8e 37 d9 9f af f9 f0 0f d7 b5 cf 61 73 26 f3 87 09 8b de 16 c8 22 e9 6f be c9 f3 98 cb 3b cd 55 f5 87 00 a9 1b 99 55 7a e8 cd d2 3f 7d
                          Data Ascii: .Z4 B-COI8=JCpTePs*eJ96e[;,tZyE^4CNG07uX-Z3nPBl,rGTdrLeY$N/ow'NK7h%~%RQM(>6Y9M97as&"o;UUz?}
                          2021-12-20 13:26:00 UTC38INData Raw: c5 ce e0 ae 09 8f f2 ba bc 0f 56 23 3e ea 87 a5 14 c6 f9 62 d4 a1 4e be 80 f2 40 a8 ee c7 a7 75 05 6e d8 f8 13 8a 17 37 9b fe 34 c5 fb ee 8f 6e 54 0f ab 25 c6 1b 7f 12 c0 7f 51 92 6e 82 d5 b3 bb 16 77 9e 9d 96 bc 5e cb 9c ca 53 90 b7 92 30 17 d5 d7 74 30 be 58 5c 36 78 cb c3 36 08 a0 59 29 fc c7 50 06 70 24 ed 16 47 b6 37 0a 76 50 c7 ba f4 49 40 1f 4e 79 a3 14 0f 84 62 fa 4e b8 53 54 9c 92 f9 8f bd 9a ab 50 16 77 3e db 3a 72 bd a7 dd db 77 39 55 77 c7 67 67 b8 21 67 e2 61 da 89 28 ba 6d 3c 84 71 cc a8 27 b9 5e 33 07 f5 5c c5 34 45 c0 a8 af aa 2a fc 77 8f 38 6b 2b 85 6e fd 3f 19 d5 fe 71 1f 66 b8 e7 7a bf 81 3a 95 e5 32 dc c5 85 2e ea c1 c8 1a ad 5d 72 dd ed 2f 97 10 04 95 c0 9e 6e d5 c5 6b f3 d2 43 8a 8c f0 b7 65 63 ac 32 5a 31 b9 b6 34 f7 be 0d 0a f4 17
                          Data Ascii: V#>bN@un74nT%Qnw^S0t0X\6x6Y)Pp$G7vPI@NybNSTPw>:rw9Uwgg!ga(m<q'^3\4E*w8k+n?qfz:2.]r/nkCec2Z14
                          2021-12-20 13:26:00 UTC39INData Raw: fc 4d 5a 02 e7 4b 71 55 6b c9 57 4e cf 4c 3b 1d 57 60 28 a2 d3 b4 e7 86 53 e0 9d 6e 98 6e 05 2b f5 80 2e f4 0c 5b d9 69 fd 3f 4a 81 b1 1b 52 8c 5c 57 6d 97 e6 7d 64 f7 65 71 fd 03 43 df c2 21 e5 8b 12 44 0a a6 1f b3 03 3e d6 43 b8 4c e4 62 22 b9 92 c7 95 b1 9b b8 75 29 3e fd b7 bd e3 1b 68 fe 8f 0b 3a b3 39 35 d8 6e d5 b8 1e f0 bf 49 97 88 90 ff fe ba a0 3a 6a 9d 6a 1c 5b 4f 2e 57 d6 8c f8 46 e0 a4 12 e9 1f a7 63 cc ef 29 c5 4b 93 8d 96 2b c8 94 87 48 ac b2 14 18 dc 62 c9 a2 51 b9 8c 7a 5f 6a cc 03 72 8f 89 d1 90 04 c8 af 5b 99 2f 98 a6 82 b8 d6 a3 6c 3d 50 bf ce 7d f3 57 ec a6 4d b0 65 ab 09 c9 21 46 67 47 3e c7 b3 b0 7e 86 2b d4 86 3a 8e 17 35 04 0e ef 5e d4 ef 40 c3 f7 35 1c 02 60 d0 16 c9 ba 45 90 bf 06 be df c7 ea 7b ce 34 af b6 e6 66 82 4b 1a 29 56
                          Data Ascii: MZKqUkWNL;W`(Snn+.[i?JR\Wm}deqC!D>CLb"u)>h:95nI:jj[O.WFc)K+HbQz_jr[/l=P}WMe!FgG>~+:5^@5`E{4fK)V
                          2021-12-20 13:26:00 UTC40INData Raw: b1 d2 5c ac 17 a3 71 48 93 29 62 34 12 f4 1d 92 28 51 80 cb 27 77 e1 9d 8a ec b7 87 f8 df 6e b7 99 71 16 f4 8f f3 e6 76 db 70 4f b3 12 53 de ef 8d 66 6f 0b 35 66 87 b4 e8 04 6e 94 7a 3b e1 7c f0 fa cf 8c 97 22 58 22 87 a6 69 ad 96 da 22 ec 38 44 d4 b2 62 99 a9 41 ed 30 85 96 5f a8 20 4d 20 62 e2 1b 8f a8 30 95 66 1e 57 4b 3a f6 66 8f cc 99 1d 30 a9 28 a7 a7 19 8d ce e1 80 4b 8b 50 01 88 ca 09 ef cc d8 11 3d b5 f5 7d 3a 0f cf 78 6b 38 ca 96 5b cd a2 be e8 51 7e df 7e 1b 89 77 e4 a6 7c b4 80 1b e7 ff 7b ed 73 09 d7 f5 aa 82 43 58 b5 3b ff 7c 37 dc 8a 2b 6f de b2 28 9c 05 f2 56 eb 11 c3 ea af 06 28 1e ef d0 91 05 6c a4 c8 cb 24 bd b1 88 c8 bd e8 25 b3 13 31 01 4a cb 5a 48 d4 3e 06 4a 14 7c f7 60 10 26 d8 5b c9 d5 fe 4f c4 19 8a 21 93 bb a2 e9 32 c9 10 2e cb
                          Data Ascii: \qH)b4(Q'wnqvpOSfo5fnz;|"X"i"8DbA0_ M b0fWK:f0(KP=}:xk8[Q~~w|{sCX;|7+o(V(l$%1JZH>J|`&[O!2.
                          2021-12-20 13:26:00 UTC42INData Raw: f3 b5 c7 7e 70 71 27 1e 1d 8c 9c 1c 80 fb 89 e9 fd a3 ce 06 87 d1 b0 d1 2b 99 d1 85 47 5f c1 14 0a 07 54 e2 1c eb fe ea df 4c 30 85 15 bd 6c 8f 5c 97 b7 00 df 3c 66 fa f0 96 5b 0a 0e 97 9d b9 bb a5 54 b6 23 77 ec bc 67 e6 a8 8e a6 e3 76 b0 57 53 fd 1c b4 13 ba 85 f3 6c d4 2c 01 e2 bd df c9 37 23 a2 40 c2 3b 38 8d 89 f8 03 3a 24 0f 6f 82 9c 92 20 7c 8a 8b a1 f6 63 5d cc 91 c9 e7 9d d3 aa 54 55 e6 ac cb 89 72 ec c4 d6 48 12 88 07 38 86 c5 b6 0e a3 1d 5b 65 79 03 26 08 57 68 35 8a 40 d1 af ea 07 b1 9d 82 0c 95 1c 78 a7 c7 2b e8 a7 0e 42 e8 00 df 79 94 f3 f6 c5 f2 d3 18 72 61 72 7c 21 f4 7d 82 8c 3e 1c 15 32 54 69 f0 0b 34 b2 42 7a 82 7c 6e 2f 67 9b 49 89 82 15 29 1a b7 cb 26 b9 35 86 3d bf 49 62 ff 1d e0 c2 d3 6b 76 66 fa bd af 2a 78 5d 11 03 01 0c bb c1 88
                          Data Ascii: ~pq'+G_TL0l\<f[T#wgvWSl,7#@;8:$o |c]TUrH8[ey&Wh5@x+Byrar|!}>2Ti4Bz|n/gI)&5=Ibkvf*x]
                          2021-12-20 13:26:00 UTC43INData Raw: d5 a0 f6 d8 6d 7e fe b2 9f 88 41 52 f1 c7 23 a0 45 c5 79 da 5b 40 c4 f4 ca bf 46 6b 2c 38 14 61 71 60 e2 22 8c 32 d1 09 98 6b 74 3a 9e f2 f5 5b 01 57 ee c1 f0 76 fc 76 88 4d 6f 7a e4 28 e8 80 f7 84 91 48 41 1e f3 e2 c0 06 21 4f f6 c0 62 2a 5f 22 dc 11 31 b2 ea 63 46 b2 16 a4 49 86 94 23 af 5f 18 9b 78 4c 70 e9 bc 67 dc 2c f0 f0 c8 0b be 61 bc 8c 98 c3 ca 44 8f 2b 01 fd 1a f9 b5 2d 7a 84 21 06 09 40 75 37 2a 82 cb 80 d0 8c ea 93 53 29 af 25 67 aa 91 0a f2 0d a1 4f c7 82 7b 89 c9 fa f5 21 2f ad 52 6a fb 59 a7 d5 50 ff 74 da 54 d1 f1 28 f6 b1 a6 01 49 cf 2a 00 df dd 2b c4 25 87 53 23 98 66 c1 19 c3 4d 66 ac 5c 44 0c c1 9d 71 b2 77 11 49 1d 1f 6d 80 54 9a e9 52 76 44 5c 38 a0 c7 1b 1f d1 39 d8 e4 a5 27 ec 1c 8b 62 4a 54 78 eb 4f 13 db fd 61 c8 38 0c 55 ee 33
                          Data Ascii: m~AR#Ey[@Fk,8aq`"2kt:[WvvMoz(HA!Ob*_"1cFI#_xLpg,aD+-z!@u7*S)%gO{!/RjYPtT(I*+%S#fMf\DqwImTRvD\89'bJTxOa8U3
                          2021-12-20 13:26:00 UTC44INData Raw: 37 fa 84 77 8c 42 2a 78 c5 89 25 a1 a3 c8 91 8e 11 6a 4c f7 57 31 1d e4 ea 35 4b 0a 31 1c 7e 63 5f 2a 47 f4 f4 2a 45 d8 4a 3c 78 b0 cd f9 b2 e5 ee a6 4f c0 0d a1 1f 3b 40 3d 63 75 34 64 cc 4c 6e ae 78 4b 24 7f f4 1c f3 17 58 f1 83 9f 03 52 ed a6 71 17 1d 28 d3 03 78 51 96 f7 18 55 20 f8 da c6 16 3e aa 95 de a4 8b 1f 22 cb 4a 35 a4 fe 87 db 9c 02 8b 36 88 95 cd 15 24 2e 82 ad 0b dc 9a 1e 98 b8 18 2e 83 9d d2 2f 93 2f a4 d4 e5 11 a9 11 b4 56 89 90 37 5f d8 ea 32 aa 88 c0 ce c9 7a 38 2d fc be bd 5b ce a6 d1 51 eb f1 44 8f 34 52 4d f9 ae dd 12 43 0e bc ca 85 08 eb 42 67 7a df 33 1a 34 df 89 74 e9 20 e8 ec b8 c0 15 31 df 0a d7 ef 3b 53 4e a2 16 57 bc 24 9e ba cd ac 3e f8 e7 f3 36 b4 1b f8 e2 b3 bd 88 ac 1a b0 10 e0 06 e9 f3 82 3f 3f d2 35 c3 94 43 70 d8 c5 a7
                          Data Ascii: 7wB*x%jLW15K1~c_*G*EJ<xO;@=cu4dLnxK$XRq(xQU >"J56$..//V7_2z8-[QD4RMCBgz34t 1;SNW$>6??5Cp
                          2021-12-20 13:26:00 UTC45INData Raw: 6c 27 5c 3f 8d 3b 55 d5 88 e5 60 02 47 32 b7 66 85 23 67 c8 78 3a 6e a0 db 3a c4 ec c3 3b 34 ae 37 bf 7d db 06 15 38 dc e9 84 d6 b8 57 25 eb d1 07 89 5a 60 c8 eb 7d d5 fb 1c 50 48 e1 17 7a 04 1c 89 4e 6e 1f 99 20 c1 5d 61 2e 8d 13 d6 e0 75 33 8e 4a fa 1e 39 23 17 7a a5 c5 c4 2b 21 6d cf 19 7c 5d ce 59 36 c1 4c b5 2f 9e 71 b3 1c c6 5f 6e d8 80 54 e0 23 22 7c a9 98 30 a1 38 ad ef 60 21 5c aa 72 a3 d5 15 7b 2b 51 0b fe b8 80 c0 dc 8f 15 8f 30 1c 44 ad 79 c2 75 97 19 5f da 2a 54 69 9a 4d 72 32 67 06 bb e8 36 d0 ff dc f4 88 8b 70 61 68 71 9c e1 6e 10 0c 8d 2d 6f 99 6e 0d b8 cd 8d 1a a7 ed e2 ee cf 26 5a f5 c4 4e e4 80 a0 0d 0f 84 f9 43 b8 6c f1 5e 6e fd 43 4c 5a 69 12 37 e3 9f 01 22 f6 27 37 ec 80 47 da 11 f4 b1 53 b7 59 ea fc 62 09 b0 f3 52 28 56 7a 72 ad 66
                          Data Ascii: l'\?;U`G2f#gx:n:;47}8W%Z`}PHzNn ]a.u3J9#z+!m|]Y6L/q_nT#"|08`!\r{+Q0Dyu_*TiMr2g6pahqn-on&ZNCl^nCLZi7"'7GSYbR(Vzrf
                          2021-12-20 13:26:00 UTC47INData Raw: 7c 4d ed cf 8e af f7 b2 3d 85 e3 08 30 cf aa 01 d0 44 1f b9 28 80 36 f4 56 f9 c4 57 b9 6e a8 56 25 6b 6e 76 f8 a5 bf 2a 58 4d 13 6f 76 03 67 c9 e9 60 eb 31 23 55 60 45 b4 fa 42 a0 8c 57 d1 a9 62 a6 07 0d 62 bf 47 5d c4 17 e9 de 00 83 1a 90 16 cb b3 bb ae ea 42 37 bd c4 da f9 6e 63 cf 38 40 c5 78 09 88 2e 2d 4f 12 ff 15 00 60 01 5e e9 a9 55 37 51 55 a8 e2 11 23 8b c1 94 c9 e8 3e 7b 90 e7 fe d7 f7 0e 27 54 66 52 e4 e9 a3 ae 35 71 86 4a d5 68 32 95 84 dd 97 5d a2 44 23 56 fd f6 89 73 92 9c 98 4c 28 b8 dd 84 92 c0 86 65 1d 03 67 9f c1 4c e9 93 a1 47 a6 35 3c 0c 85 47 0f 65 93 f9 5e 7f c0 b2 6b e7 92 59 f9 52 bf 0a aa d1 e7 6d 18 71 b9 b3 0a ca c0 02 7d 28 a6 26 7c a9 de 11 2f 3a 9a 23 3e 22 44 c2 e9 d0 52 00 ea 5e 2c 97 6b 4a 4c 50 21 79 ed 03 49 48 aa fa f8
                          Data Ascii: |M=0D(6VWnV%knv*XMovg`1#U`EBWbbG]B7nc8@x.-O`^U7QU#>{'TfR5qJh2]D#VsL(egLG5<Ge^kYRmq}(&|/:#>"DR^,kJLP!yIH
                          2021-12-20 13:26:00 UTC48INData Raw: 4d b3 2f 0e a3 fc 9d 07 27 65 d6 2c f8 36 67 c3 27 bf 64 42 ba 68 b5 b6 3e f1 08 ee 62 21 64 af f1 5d 39 77 fe 70 50 6a 74 fd 15 b2 9f e6 bb 03 7f ff 98 97 1f e6 2e 03 5c 96 11 bb f3 d5 5c f5 12 38 9b 82 62 63 cb d3 8f 22 37 c0 0c f7 a4 62 c5 98 45 0c 35 13 8b d3 bf 38 76 db c5 33 8c 5f 8f 47 cf 4e b2 ec 03 87 7b a2 50 0e 84 d0 f7 e3 34 a3 61 78 4a 39 a6 e0 54 1d 02 ec eb ab 83 99 33 2c 92 3f de ec d0 d2 59 d9 bf 64 35 f5 e1 73 e2 53 40 3e 5e 73 ad 8e 5a 8e 84 f7 80 ca 30 76 72 07 f9 40 bf 74 ac a1 23 4c 04 bb 47 b8 4d e5 01 6d cd 82 4f 8a c5 63 24 9f 08 4c 86 95 cb 99 37 62 05 82 42 c5 77 af 23 96 ee 24 94 cb 52 89 c1 58 b3 77 15 77 36 21 73 1c ec e1 37 6f d9 17 15 09 37 85 f7 fa 58 21 02 15 f4 20 5b e3 09 76 1e c1 7c bf b6 f0 ce f0 25 63 ae a8 9c af 42
                          Data Ascii: M/'e,6g'dBh>b!d]9wpPjt.\\8bc"7bE58v3_GN{P4axJ9T3,?Yd5sS@>^sZ0vr@t#LGMmOc$L7bBw#$RXww6!s7o7X! [v|%cB
                          2021-12-20 13:26:00 UTC49INData Raw: 4b 53 a4 74 c7 e1 ca 9e e9 8e d6 bc 2c 8a d4 d8 05 31 7b 19 86 50 f7 a4 31 80 45 62 91 05 78 42 ed 37 e9 22 7e e7 43 f1 d0 b9 30 44 34 48 aa db 09 0b b5 ac 96 a8 03 8e 2a bf 38 d5 08 43 b2 28 33 50 f8 09 b6 34 28 9e f5 b4 9f c9 54 00 7d e3 9c ef f1 0c d6 ae 67 6c e7 68 8f 95 b3 6b 76 3e c9 e4 f0 22 e0 34 72 16 88 9b cc 69 eb f9 cd f5 35 92 d9 7e 38 d1 ba 6c 22 67 ec 3b b9 5e 2f 63 68 75 0c e1 55 95 f9 aa 29 84 10 f2 44 4c 11 d4 bc 99 81 02 01 d7 c5 b2 6b 02 21 fc 6e 52 ef 69 c5 37 a0 30 1b e9 f6 ed 42 0c 02 52 41 66 b3 aa 78 7f 8a 16 e1 80 9e 95 05 92 3d 1b bf b5 9f 8d 7b c1 1e 72 da da 21 9c 94 3d 38 c0 92 8e ce b8 7a ec da 87 f0 f4 70 01 ff 3a ac 47 b8 6c 5a 15 74 ed 4a bd 01 5e e1 f4 ef 5b ee 4f f6 bc e6 62 40 3c 40 1f c4 10 d6 b0 1b 3e 3b 14 6c 8f bc
                          Data Ascii: KSt,1{P1EbxB7"~C0D4H*8C(3P4(T}glhkv>"4ri5~8l"g;^/chuU)DLk!nRi70BRAfx={r!=8zp:GlZtJ^[Ob@<@>;l
                          2021-12-20 13:26:00 UTC50INData Raw: be 1e 14 b7 c3 27 4e 7a 58 75 c9 87 23 24 22 35 fd 71 44 e5 57 56 6a 8f b2 7a e6 e6 2e 1d b0 56 69 13 4b c9 0d cb 99 1a c3 1d 67 c9 0e 76 4f 63 ae 53 4a b3 ce c5 1d cc 23 a9 d1 a9 b2 9d 42 ff e7 98 bc e4 e4 a3 b2 73 65 34 81 9e 97 77 5c 4e f9 06 bc 98 85 d3 86 73 0a 13 dc 72 81 38 ed 35 b9 c0 69 ce aa 0b 63 1e da c6 1b a4 77 ed c9 ae 6d bc ae 5f c4 7b 19 98 41 16 6e d6 f0 c0 a4 bb bf 6e 1f ee 9a 40 49 e0 1a 37 43 1f fd df e6 99 3a 00 0d 6b 9d 0f c4 cd 2c 7e f1 83 44 01 10 e5 a4 0a df 47 8d 84 86 49 0c 24 e6 81 5c eb e3 40 0d 7f 76 49 16 43 fb 78 8a 8f e7 1d 50 f5 6e 88 b4 00 d6 b5 5f 0f 1a 5e 8b f9 aa fc b7 30 88 7e fa 74 8a af c0 fa 28 b6 a4 26 e8 ca 59 46 27 3a 17 a6 bc 57 fe f9 32 20 1b e1 50 55 83 45 d1 b2 06 7f 57 be eb eb 65 3d 2d 01 23 f7 16 58 b1
                          Data Ascii: 'NzXu#$"5qDWVjz.ViKgvOcSJ#Bse4w\Nsr85icwm_{Ann@I7C:k,~DGI$\@vICxPn_^0~t(&YF':W2 PUEWe=-#X
                          2021-12-20 13:26:00 UTC51INData Raw: f0 77 41 78 1a 13 6c 85 26 f0 1e af 8c bd cc db 61 7d 1a b6 5f 64 2d 29 27 5a a0 e3 74 9c a9 42 8b 1a 77 15 4f 2a 1b f7 38 98 de fc f4 b2 ff ca c2 e2 32 83 c3 96 13 30 66 3c 26 fe 16 94 36 84 e0 c6 4f 82 d9 99 72 e6 21 17 27 a6 5a d9 a5 27 05 73 64 03 d8 f9 d2 44 fc 66 8a fa 0c 28 6a e5 c2 4e e4 d0 c3 d1 fb 7e 06 3f f1 e0 71 55 9a 87 3c 39 4e e4 b7 c9 81 99 03 70 a6 9d 47 90 62 bc a6 2a ac 52 1a 57 f3 9c 86 69 1a 8c 0d 3b d6 3f 7e 73 fd 25 33 f3 91 08 0b b1 b4 3f 37 04 6e d7 b0 76 ac d5 a3 54 94 64 b8 01 e8 49 ff 31 9d d4 d2 d5 83 2e d4 91 58 59 03 55 b7 38 35 30 a5 5f 2d 0d a5 af 23 46 a1 71 c3 96 a7 c4 d7 2f 07 a1 dd 71 6c 98 77 7d da d9 ba 2a ae 83 4c d9 a2 f7 df 8e 2e 29 93 1d 19 fb 2d a4 82 69 45 fd d4 9f 4b 65 30 fe b4 83 79 e3 f9 9a 24 ab b3 f4 9a
                          Data Ascii: wAxl&a}_d-)'ZtBwO*820f<&6Or!'Z'sdDf(jN~?qU<9NpGb*RWi;?~s%3?7nvTdI1.XYU850_-#Fq/qlw}*L.)-iEKe0y$
                          2021-12-20 13:26:00 UTC53INData Raw: 72 2c 96 f3 ea af 8a db d0 7e ed 42 d1 36 2d 2a 32 28 63 95 bc d5 1d bd 4b 51 6c 1f ee 99 70 28 3f f7 34 43 d3 dc 8e 66 c8 b7 de fe 50 de 99 ae c7 d6 3b 05 17 ba f1 53 c0 c8 f5 20 d2 d3 09 61 49 37 5e 69 2c f5 fc e6 a3 95 80 32 08 72 eb 6e 86 75 1a 86 e1 68 8f 7c 78 19 17 cd 5d 19 0f 5e 1f f3 8b d1 46 de cc 1b 81 6d 67 e2 8f 23 76 d7 5d a0 6b 90 dd 13 f8 cf 63 72 23 58 c1 00 8b de e8 96 71 50 55 16 1e d0 0c 2f b3 4b be 99 14 81 4c 47 fe 8d e0 ec f8 3c d7 09 ec 6c 7d 92 0f 27 b9 b8 32 d9 44 08 15 5d 96 9a e0 f8 a3 1a 95 38 1e 7f 44 38 10 2a 6b f3 39 ad cf 06 76 d4 e9 23 8c bf cf 44 68 c2 4c ed ce e5 1d 41 41 17 2d 45 27 ac 40 88 77 b2 2f 64 2f 8d 72 c6 95 76 e3 32 01 a2 4c 5d 57 d5 c5 7a eb c0 dd e7 92 62 e7 6b de 1c fd 42 e1 f2 56 5e d2 03 80 dc 36 29 cc
                          Data Ascii: r,~B6-*2(cKQlp(?4CfP;S aI7^i,2rnuh|x]^Fmg#v]kcr#XqPU/KLG<l}'2D]8D8*k9v#DhLAA-E'@w/d/rv2L]WzbkBV^6)
                          2021-12-20 13:26:00 UTC54INData Raw: 85 bc c0 bb 21 b4 cf 61 0c c3 8b 1f ad 44 e5 f9 99 c4 67 3e 28 ba 69 62 54 95 0e a4 d7 b0 32 34 44 cf cf 6c f5 3a 1f 28 3e 2e b4 e8 aa 80 67 47 08 cc 7f 63 9f 7a b4 3f 78 f5 a0 c9 d5 42 c1 a7 da 9f a3 ba 23 fe 8a 4f 62 3a 7d 24 3e 59 9f 30 80 79 6a 92 cf 56 34 14 f6 3a 06 b1 e7 49 c4 e8 fc 30 35 6b fb dc 29 7c 94 5e fa 63 fa f3 c6 ff 6f 33 bf 91 ba bb a5 37 b2 3d 05 a7 f1 2e 36 92 e0 2f 25 46 2f 91 53 30 da 34 42 cf 7d 70 f9 c7 75 65 c2 3f 20 36 7b e8 fa 64 c2 3b 68 26 4f 97 00 1e 87 6e 8f 0b 17 6b 41 b8 ff fa f2 c7 ab f9 c7 6a c9 2c c5 dc 16 c9 b1 72 53 5e 48 e8 b9 a1 fb 02 ce 34 76 8a 5b 31 0b 8f 3e 2b e6 a3 7c 83 97 bc 8c 33 b8 f9 6f 00 24 58 24 04 96 01 d0 20 99 06 33 5a f9 28 0e 78 c6 93 ea fc 91 a6 2f c1 50 d9 54 ef fb 7c ec f7 06 0c 27 24 47 92 e8
                          Data Ascii: !aDg>(ibT24Dl:(>.gGcz?xB#Ob:}$>Y0yjV4:I05k)|^co37=.6/%F/S04B}pue? 6{d;h&OnkAj,rS^H4v[1>+|3o$X$ 3Z(x/PT|'$G
                          2021-12-20 13:26:00 UTC55INData Raw: 64 32 3d 31 5a 47 4e 61 17 d0 2d 3a 84 86 37 a9 27 fd 1c e3 66 ab 01 03 62 ad 96 64 86 55 83 eb 04 9a 57 17 50 56 69 f9 d2 3e 2d 01 2e a7 12 aa b1 92 5f e1 f9 c0 ed 1a 53 03 37 a5 66 99 c0 4c 52 61 92 b7 f7 91 ef 9b 4f 67 34 19 d0 0d a8 7f 72 dd 92 9f 8d f0 73 32 a8 02 86 56 44 94 19 b2 49 46 17 ca ce 51 9f 28 7d 09 f3 f8 76 a6 08 2f ba a4 68 49 26 3d 1d 99 6f 1b 9e 3b 24 ff bd 2d b0 82 b9 96 66 1f 62 71 85 de 9d ac 9c 86 f2 56 82 0b c2 f4 cf d3 5b 19 a9 3d 8f 4c 36 d2 d4 e5 55 49 8e 88 4b 86 0f a7 b5 e1 c5 b4 04 cf 6b 4d ee 8e 0a 4a d2 50 d6 9e 94 45 90 41 71 d5 fd 8b c0 f6 ef ec 9d f5 66 5c da 27 80 d1 52 b7 ea 0c da f1 bd d6 fe 0f 40 8b 1e e8 a5 e4 7d 3a a6 93 b0 31 9b 4c 8e e9 a8 ce e9 ce 88 c3 64 d5 17 d1 1e d8 f8 a4 26 30 4c 78 25 48 89 bd 9b 97 0d
                          Data Ascii: d2=1ZGNa-:7'fbdUWPVi>-._S7fLRaOg4rs2VDIFQ(}v/hI&=o;$-fbqV[=L6UIKkMJPEAqf\'R@}:1Ld&0Lx%H
                          2021-12-20 13:26:00 UTC56INData Raw: 63 10 16 f8 63 c9 77 1e dc 01 ed a1 93 9f 43 5a df 66 20 f5 dc 8b c7 0d 71 63 90 02 2b 3b 12 ab 33 51 aa 9b cf 7d fb 15 d4 29 8d c5 11 70 60 18 df e2 68 c2 08 f1 24 49 ff 00 4f 81 0b af 8c ea 94 d4 d6 6e f7 02 25 40 85 c7 6a 42 ba 07 59 9b 31 1c e7 ac dc 8c 6c ee 49 e9 f9 96 3f 1c b7 67 b9 1e 0a 9b ed cb f5 94 e1 b9 03 23 d2 3e 37 60 8d b1 ca d9 91 69 03 d1 20 10 a8 cc a5 1e 93 a0 0c 7c d8 52 ba e9 7f 2f 4a 67 21 58 ef fb 46 86 7a fb e0 da 73 af a8 1c cc 8f 6d 56 0a f7 33 cb 4e c7 83 08 56 5c 4e c2 63 8a 36 05 18 1c b5 cb 52 7f 0d 4f f8 41 46 06 e4 92 9b 57 d1 e2 33 f4 f8 6c 12 5b f8 5e 65 98 0a 71 1f 9a ab c0 9f 61 ae 5b 5c b0 ce c5 1c cc 8b 8c d1 a9 bc c6 7e 3f ef f2 d7 08 48 42 4d df 82 62 9c 1d 53 15 0d a9 6f b9 14 8f 0f 52 91 26 75 86 24 02 fa 82 53
                          Data Ascii: ccwCZf qc+;3Q})p`h$IOn%@jBY1lI?g#>7`i |R/Jg!XFzsmV3NV\Nc6ROAFW3l[^eqa[\~?HBMbSoR&u$S
                          2021-12-20 13:26:00 UTC58INData Raw: 23 17 1b f9 f8 89 25 e4 c7 32 cf 68 2f 86 3b 6b e7 31 29 54 b3 a2 51 6b 34 c4 f6 c0 a1 ae 1b 3c 46 57 d0 3f b5 24 07 f2 56 e4 4d 34 f9 91 a5 65 35 01 6d c2 ad 39 2f 74 a0 3f e4 e6 bb 8b 13 da f0 fe 2a 92 db 62 46 2e 6a 90 8d d7 4a d2 b1 91 6d cd bb cd 3b c9 87 f0 ce 6c c0 9a c5 e2 b5 29 af 51 31 67 9c c8 11 58 4e 98 bd 95 31 c2 89 ba 36 da c4 ad a2 ed 4f 2b d6 10 36 45 fe f3 31 44 0e 81 26 06 26 3a 8e c9 d6 ef a5 e2 63 de ee 82 68 cc a4 f3 3e 8c 83 80 73 00 c9 ab 4c 6e 34 49 b7 9b 11 4b da 9a ee 3a 53 67 ea 56 73 aa 68 09 e8 38 67 24 ca ba 9c 12 33 f4 48 f5 c3 9d 41 db b1 ed d6 1d 6e 5f 5d f7 2a 55 22 22 09 8c 65 41 18 27 fd 33 4c c3 9a dc e5 5d af 5c 66 1e c1 5f 84 4a 59 2f df 1b 69 79 77 d0 e1 9e 46 5c 65 52 a9 dd 96 8a 7c dd d2 ac d5 d2 07 b3 8f 6f c7
                          Data Ascii: #%2h/;k1)TQk4<FW?$VM4e5m9/t?*bF.jJm;l)Q1gXN16O+6E1D&&:ch>sLn4IK:SgVsh8g$3HAn_]*U""eA'3L]\f_JY/iywF\eR|o
                          2021-12-20 13:26:00 UTC59INData Raw: bc 74 54 94 df 38 3e 5d 9c d0 17 f2 79 ad 6e 50 3e 4d 18 72 fa 7e 7e e3 bf 92 2b b9 9e 07 66 4a ae a6 ce 7f 58 ef ac 1f 46 9f 6a 0e 76 73 ff 43 18 b2 37 6a 54 a4 6e e8 c3 3b c2 81 08 41 a7 6a 90 b9 01 4b 80 ff 95 1f dc 3d 49 36 f4 f9 c3 95 36 0c 53 21 0b 5a a2 1b 1f e4 08 aa 5c fa f3 ca a5 e2 8b 04 c9 fe 43 5b 19 45 55 19 bd cc c5 b2 24 df 51 e2 69 6e d2 b7 c8 2c 7f 32 fc b4 bd b2 df 3b 45 0c e1 53 7f 0d c3 84 25 8c 67 7a 0a 33 c9 7b d7 d8 72 91 38 f1 36 b9 c0 63 5f 56 0d 74 01 d9 4c d8 a9 01 02 45 54 12 16 6f a7 3a 11 30 98 43 75 00 01 2a b2 b3 02 5b 1b ad e9 c7 a0 71 eb a5 9f 54 09 e3 b5 80 43 c2 59 08 9c 51 d8 54 30 89 8e 80 8d 46 01 28 30 20 8a ee b8 dd 09 b8 49 c9 f0 1b eb 53 e9 73 bf 38 29 59 b1 a9 bc 04 04 3c 9f 03 c6 e2 1d 2f 2a 5f 8b cf e6 73 0d
                          Data Ascii: tT8>]ynP>Mr~~+fJXFjvsC7jTn;AjK=I66S!Z\C[EU$Qin,2;ES%gz3{r86c_VtLETo:0Cu*[qTCYQT0F(0 ISs8)Y</*_s
                          2021-12-20 13:26:00 UTC60INData Raw: f6 76 4f 1d 09 4c f5 36 be bf 1e e8 28 16 2a 57 cc ac 6d eb a5 4c a0 9f 44 0e 86 08 0d f0 c5 71 b5 12 17 8e e5 17 f9 e8 52 f8 59 5b 66 54 e6 d1 e5 a6 3f 9b c1 c1 b3 0e 71 0d 88 9d 0c c6 cb 79 f2 f5 69 02 db b2 bd 64 36 fe 6a b7 b7 5f 32 39 8f f2 a2 a0 60 b0 b5 c2 26 65 e5 87 12 ad 03 9e 37 b4 62 50 fc fb 36 68 c4 4f b7 45 af b3 96 1e b4 74 b0 a3 0a 6e 15 d5 d4 85 43 14 d2 8f 71 e2 56 01 17 ab e6 b8 5c 65 52 ed e6 4a 8e 73 59 26 44 fc 66 84 cd 24 ab d8 99 d3 b1 1b d1 cb 2a 2b 85 f6 44 9c 64 74 a1 e2 06 f3 4c 55 ed f7 e5 8b 99 80 5c c2 75 b5 ed ae bc 25 ee ce e8 57 a7 94 ee fc 62 8b 73 a2 95 ad 12 81 8c 52 66 33 64 bc 08 0b b7 3e 9e 85 0f c0 d5 b6 25 44 00 fc c1 60 12 d2 d2 45 dc 01 30 40 dd 26 2e a6 cb 14 ed 63 fe 42 89 46 59 b1 b3 79 09 c5 85 1d 84 72 f5
                          Data Ascii: vOL6(*WmLDqRY[fT?qyid6j_29`&e7bP6hOEtnCqV\eRJsY&Df$*+DdtLU\u%WbsRf3d>%D`E0@&.cBFYyr
                          2021-12-20 13:26:00 UTC61INData Raw: a3 11 23 d6 4f 4b b8 b2 0d 04 aa 56 58 f4 c1 60 0c 89 e0 76 33 0c 49 42 c6 19 0e 7d b6 e2 00 15 09 4e 21 1a 13 0d 60 d3 38 31 37 b1 dc ff 86 b9 19 f2 1b cf 9f 64 25 dd f3 4f 25 c6 22 71 ea 75 7b 68 0c 39 41 d1 36 0f 0a 98 24 10 1b d8 2a b2 cf 97 03 c6 08 a5 03 e9 5e 39 33 d8 37 b9 50 4a 7f 37 e5 03 63 7c f5 5d a2 cf 2e 7b 0e 7d bb 75 59 14 c3 f5 20 d0 22 7b f4 49 9b f0 1b eb 7b ee 73 bf 38 2c e7 24 c1 2a 04 87 7b 4b a6 96 12 2c eb 88 b4 af ed 5d 9a ce dd db 74 c2 5d 5c 80 6b 6f 9b 60 f2 60 f5 4d 04 2d 2d d2 94 3f 73 64 34 23 c7 65 dc b0 af c3 06 62 26 13 e9 50 55 83 7e a7 d7 52 90 55 be 99 2c d1 97 3a b0 bd e0 ec 21 34 9e fc 43 c5 16 a2 ea e3 85 34 72 49 c0 c8 1a 50 91 c2 1d 07 d1 ae 0b 10 e6 80 15 a4 14 49 e5 8b 31 6d 9f e7 c2 01 67 47 73 cd a5 14 c5 6b
                          Data Ascii: #OKVX`v3IB}N!`817d%O%"qu{h9A6$*^937PJ7c|].{}uY "{I{s8,$*{K,]t]\ko``M--?sd4#eb&PU~RU,:!4C4rIPI1mgGsk
                          2021-12-20 13:26:00 UTC63INData Raw: f3 c5 4f b7 4d 86 8f 69 c3 bb be 34 78 7e 91 e0 8e f4 e0 c7 76 d2 dc 8e b1 ab e5 1b 21 a2 33 37 ee 1f 92 c8 e3 db 8c 54 97 b0 75 23 ff e1 81 ee 33 94 74 5d 90 9e 54 04 8e f0 11 3f ad e7 b0 ad e4 b8 b6 0b d1 3c d9 6e ce 6d 51 72 a0 9d 69 d5 62 bc ae a3 5c bd da af ec d5 51 cb 27 77 c3 53 c0 fe be 73 ad ed dc ec 36 00 5b 50 b3 d8 7a a6 6e 57 3f 6b ac d5 a5 96 74 cc b8 2c 39 e7 ce 3d 93 3a 3b 7d 4e 2e 8f 99 79 20 45 ff c3 14 fb f3 a5 5f 2d 0b b5 af 23 4e 6a f2 c9 c0 c5 6e 8c ce e2 aa 4c 12 3e d6 21 95 2a cd 9a 75 73 74 84 01 54 06 82 39 94 f7 4d e1 f0 0c bf a6 82 3b 41 fd 6b 5e cb 8a 42 fa 18 db fc 23 dd 48 f5 48 3e f0 66 08 0e 05 7e c4 41 45 3b 45 b1 d0 41 7f 82 70 1e 42 e0 6f 34 d2 2f a8 ac 04 6a 42 39 a5 d8 7c c8 8b 02 05 dc 54 05 ee 49 e9 22 c6 b7 d8 b3
                          Data Ascii: OMi4x~v!37Tu#3t]T?<nmQrib\Q'wSs6[PznW?kt,9=:;}N.y E_-#NjnL>!*ustT9M;Ak^B#HH>f~AE;EApBo4/jB9|TI"
                          2021-12-20 13:26:00 UTC64INData Raw: e6 a2 44 2b c7 09 f8 7b f1 53 b4 c8 f5 20 33 90 94 a3 21 cf a0 96 7e 2e 92 e0 09 6a 7f e1 a6 62 31 42 cf a8 de d5 f5 b5 d1 16 77 c6 79 d7 fc 19 0f 5e 1f eb 60 d6 3b f1 44 f3 f5 f5 a1 6c 49 f9 89 5c de d2 2e 90 a1 2c ab 41 b9 a2 0c d3 63 74 ea e9 f8 6a 00 2b fc 10 5d 87 5a 7e c8 a8 41 66 f7 c4 3d b4 77 79 92 95 c2 f9 92 01 eb 6a 7d 5c 48 d8 46 b0 a3 11 4a 8d e2 8b 99 16 d0 90 66 97 95 95 09 a6 ab d0 0d 49 e8 af 31 6d 9f 0e 34 9c 67 e3 f8 24 3c c7 ac 3d c6 af 13 83 62 ec 41 17 ff d1 df a5 46 89 77 31 eb 32 27 15 db 05 8b 29 e5 e1 11 d3 35 ca 4f 83 2d e0 f6 ed a1 ae 1b e7 db e1 3e c0 50 2c 56 79 13 e8 03 4e 10 8d dd f5 b4 89 6e 5c e4 84 67 62 dc 2c 3b fe 90 c8 bd fc 5f a2 ec 69 9a 56 27 79 7c 78 3a 8d 07 c2 b7 80 20 44 4d 01 55 ae 56 45 8b 49 d5 dc 22 93 90
                          Data Ascii: D+{S 3!~.jb1Bwy^`;DlI\.,Actj+]Z~Af=wyj}\HFJfI1m4g$<=bAFw12')5O->P,VyNn\gb,;_iV'y|x: DMUVEI"
                          2021-12-20 13:26:00 UTC65INData Raw: 43 6b 08 0b 6c e4 5a 90 e9 3f bf 33 b0 b4 56 50 c9 60 eb 53 73 3c 4b d6 62 cd d2 b7 30 de 7f 83 fa 3c d3 79 6a 40 5d b2 5f 81 7a c5 85 23 47 d1 77 65 79 f6 c0 19 51 1c f6 b1 3b 18 9e 63 c9 21 7d 19 bb ba 2a 7b ca 01 8a 8f b4 37 5f a3 5d 39 8e b5 c0 ac d8 8e 3b 49 df 24 bf a0 cc 98 95 e2 8a fc 23 e5 e1 52 20 36 a6 31 b6 ee db 3b 38 cf 8b e5 83 31 d8 86 4e 62 9a e5 43 ac a9 71 7b a2 15 15 95 3d aa 86 cf 2f e9 4a 25 14 05 63 a0 f8 5c 49 62 fc 0a 3c 43 0f 0c b8 4e 87 88 6e 7f fe bf 05 cc fd 21 ed b5 b1 35 8b 51 3a 72 86 a5 e4 87 c8 e3 bb 63 0c 7b 7c ea f1 83 ac 47 5e 87 a6 7f 1c 36 f3 ee ef fb 7a 6e ef d9 0c 76 f0 6b d2 f3 c3 b6 d3 55 a9 7c 73 10 23 38 cb f7 a9 b5 fa 90 b9 8a b5 4c 91 82 c1 38 eb aa 21 fe 1d a9 95 64 ce 92 21 0b 52 26 37 f4 f8 ec 11 fd 58 62
                          Data Ascii: CklZ?3VP`Ss<Kb0<yj@]_z#GweyQ;c!}*{7_]9;I$#R 61;81NbCq{=/J%c\Ib<CNn!5Q:rc{|G^6znvkU|s#8L8!d!R&7Xb
                          2021-12-20 13:26:00 UTC66INData Raw: 73 85 37 1c c7 38 f0 89 84 b7 93 32 39 de 2f 60 10 30 66 31 9c 0a e2 ef 24 d5 8a c7 4b e0 79 99 ac 9a 21 17 27 a6 42 d9 a5 26 3f 15 fb d6 83 22 2d af ff ed 52 6b 86 af e9 21 09 c3 24 ed 0e 23 3c b9 b9 cf ca a4 07 a4 e2 90 f3 a7 59 ea c9 d2 01 d5 3d 23 36 95 be e9 9b fc 56 eb 24 3e ea c9 ba 91 ea aa e3 bb 7a 59 6a 69 fd b5 af ef 8e bf 93 74 b9 3a b3 31 be f4 04 4f c2 c3 21 40 76 3e 9f 60 15 16 d3 91 fe 62 46 7a b9 b9 4a ab 2b 67 87 f6 f3 69 95 71 e9 85 f5 09 95 d2 23 47 dc 6a 65 79 1f 0c 84 5b d2 ff 69 19 43 39 09 b6 ac 10 70 f5 45 d5 47 47 14 b2 3a 4c df fa 6a 3f 9e f2 8e 1f a2 2b da c4 ed 54 6d 5d 2b 42 33 82 8f 7b e1 91 8d c5 12 ad a3 a9 99 a1 97 90 b6 bd 95 b3 02 ff 1f 38 bf 95 76 17 e6 a6 5c 57 8e d5 7e a8 78 76 6a 42 39 a5 f0 2d 31 97 33 de af 48 ba
                          Data Ascii: s7829/`0f1$Ky!'B&?"-Rk!$#<Y=#6V$>zYjit:1O!@v>`bFzJ+giq#Gjey[iC9pEGG:Lj?+Tm]+B3{8v\W~xvjB9-13H
                          2021-12-20 13:26:00 UTC67INData Raw: e3 68 bb 4e aa 74 d3 10 a1 f3 cf e5 0b 88 e8 cb 00 28 9f 43 0d 72 35 58 e8 09 b6 34 f1 c7 96 75 e8 73 bf e7 ea dd 31 9d 43 6c 83 f9 8f 86 4f 50 35 ee 77 4b ff bb 5d e7 a5 dd db 7a 83 25 fd 21 cf 8c 7a 3c 31 0a 9a 28 64 82 d0 2d e8 a8 16 07 ef 28 8c d6 14 59 fa e9 db d1 ad 96 0e 6b ae f9 d4 f3 5e ad d4 43 66 ed 2b 7d 92 80 a9 fc 9a 7f 57 4e 6d 51 ea d2 6a 9e 09 27 c5 ff e2 66 39 0f 5f 21 15 9a e0 f8 c5 98 15 ff e1 f4 1f 81 5e 2a ce 59 3a 6d 1c 49 f8 07 af d7 cb 09 a3 4b 16 9b 4d 40 61 5b 81 d1 49 41 46 bd 9d f3 f8 da 21 5a 1a 90 a4 68 ac c1 ef 24 30 ec 8a bb ee 61 a4 d2 19 07 d0 df 17 8c eb bb b4 c1 aa a1 94 70 06 f6 56 e4 bd c3 d3 8a 07 93 8a b1 46 6a 3e 29 64 11 66 11 39 f5 4e c2 3c 2e 29 36 a9 b5 cf d6 46 2e 10 f1 7f dc 2c 5b 7f 1a e8 03 2c 4c 14 2e 5c
                          Data Ascii: hNt(Cr5X4us1ClOP5wK]z%!z<1(d-(Yk^Cf+}WNmQj'f9_!^*Y:mIKM@a[IAF!Zh$0apVFj>)df9N<.)6F.,[,L.\
                          2021-12-20 13:26:00 UTC69INData Raw: bb 44 98 7e 73 26 13 d3 ec fd a8 00 3a b3 da c0 13 48 7a da 74 c6 d5 7e 4c 1e 83 10 16 da 60 fe 62 46 0c 9a 76 4e 2e bc 53 87 e9 b9 ff c3 f3 be 66 a2 82 1d 6d 3d ec 23 c5 ee ef 3c c3 94 04 0f 60 a2 94 76 b8 bb 64 4b 95 c3 09 e8 7d a4 02 4c b2 f3 a0 df fa db 66 d2 8e 0c f8 2f 2f c7 c3 66 d7 b9 0e c2 e2 4c 00 78 93 88 51 08 05 36 4e bd 8d 6a d3 ed 3a c5 c7 b3 18 ad e8 6d 23 79 c5 f5 d3 63 a6 09 01 8d d5 d0 11 08 52 92 bc 45 9e 82 e9 1a 68 5d af b7 b0 45 9a 0a e9 22 da b9 78 93 0d 4e cb 2f 2a 1a 65 b3 08 1a d8 b9 c4 33 73 4d 33 53 75 bf b1 ba 6a ae 78 9a b7 2d db ba 6e e9 a7 72 47 3f 89 1f 11 2b aa e2 22 82 a7 bf aa d3 d3 ff e9 cc 03 b8 24 9b 69 12 35 c0 53 aa 56 52 86 90 b4 9b aa 6a ab e1 21 b9 96 96 37 5b ea b9 a7 f8 77 25 8a 45 59 98 de e4 c4 12 cb bb 9c
                          Data Ascii: D~s&:Hzt~L`bFvN.Sfm=#<`vdK}Lf//fLxQ6Nj:m#ycREh]E"xN/*e3sM3Sujx-nrG?+"$i5SVRj!7[w%EY
                          2021-12-20 13:26:00 UTC70INData Raw: 99 81 d1 97 3a 5e 8b e0 ec 29 75 b2 b9 bd 3a 95 66 a8 53 a3 66 35 ad ed 4a 4f 52 f8 1b 0c ec 2a 97 95 92 b6 b3 d5 b8 f3 c1 6b f3 6a e0 12 63 0b 73 1d 72 ea bb df a8 6f c2 4c 57 84 ac 0a a4 ca 62 a6 eb 36 99 f0 04 e2 5e d4 c5 5b 3a 1c cc a9 bc 2b 4f 23 5e 93 a2 c0 c6 d1 92 09 3f 22 ad 5a 8e 39 94 01 4d d2 d9 f6 dd 56 b2 8e 65 09 91 a4 48 6c 45 c7 f3 3c 11 a8 cf cb 98 13 b0 88 c8 bd c4 a3 b3 37 b1 0f e8 34 94 39 2f 6a ee 72 71 3a c4 ec ca 8b 29 aa 37 2a fe 4f c4 c1 24 15 b6 7b d6 dd 8f df b8 39 2b e3 32 66 49 2f 6d 87 b6 d9 37 f0 e6 b8 a5 ef 79 ff 59 6c b1 8e c1 10 5f 60 a3 9a 92 22 73 63 c5 0d 8e 16 ad c8 2b b7 f9 65 4c e9 b6 f3 71 ce 44 83 0d a5 28 8b c2 8c 6e ef 0b 1e 8c ef b4 8d ca c1 a2 09 65 ea db ff 07 77 46 17 c7 67 24 d2 60 39 33 fd a2 a0 6e 21 71
                          Data Ascii: :^)u:fSf5JOR*kjcsroLWb6^[:+O#^?"Z9MVeHlE<749/jrq:)7*O${9+2fI/m7yYl_`"sc+eLqD(newFg$`93n!q
                          2021-12-20 13:26:00 UTC71INData Raw: 8f 6c ac 72 65 7d d9 20 36 7b f0 5a 62 c2 3b 52 4c 18 af e8 46 70 86 3a fb 52 f7 7b 6c 39 ef 2a 2f c3 41 db e7 0e ba 63 5b 90 cd eb 18 53 65 c5 ef 72 1b 32 97 b6 aa 1c b7 86 36 4a 8d d6 e5 17 b7 3d 83 97 f8 8e 50 48 c6 63 00 af b4 20 64 96 51 d7 20 ba e5 33 5a 18 5b a4 a0 80 e7 54 db 6b ae 25 4a de 95 f0 27 04 d3 05 33 74 53 28 cb ae ce 95 40 91 1e 4e a8 cb ea 03 c7 ba be 83 87 87 30 94 b3 8a 36 d8 c7 0c 6d 96 ad fc 42 8d ad a3 95 de b4 7a 38 95 d1 e2 b8 df 8d a9 54 63 53 28 1c fa 00 fc 98 de 66 08 60 ce a0 12 b0 12 6f 82 4c 24 aa 56 8a 22 d4 04 91 ca b1 c1 7f 57 c2 a7 10 4f 90 8a ae fd 7b 90 21 af d9 1a 2b 53 67 2e ed 8c 73 ff 5f 13 35 2e 57 40 33 33 d9 ca f9 33 8b 40 25 c6 4d 4f 3d 44 e7 5c 98 2b 03 03 36 48 c2 7b 05 4e 1f f9 02 c4 75 1d da d5 3f 98 8d
                          Data Ascii: lre} 6{Zb;RLFp:R{l9*/Ac[Ser26J=PHc dQ 3Z[Tk%J'3tS(@N06mBz8TcS(f`oL$V"WO{!+Sg.s_5.W@333@%MO=D\+6H{Nu?
                          2021-12-20 13:26:00 UTC72INData Raw: 06 f2 d3 24 81 87 1a dd 50 a0 db a5 14 0c b8 e8 34 99 23 d3 33 ce b8 4b 76 60 26 72 67 3c 09 7a fb 6b c9 fc 46 07 4a d2 b1 99 71 15 43 40 1d 36 2a 82 db aa 91 a6 2d 41 93 9a a9 25 d8 69 15 20 c5 f2 13 e0 6a 86 a0 66 89 ba c0 0f b3 ef e5 69 0d a6 93 e1 66 c8 b3 00 3e a5 eb 8a 0d d3 5b bd 8e 40 12 ff 21 22 17 f9 3a 99 1f 43 f9 5a 54 e6 e9 09 ab b2 f3 92 1b d6 9f 1d 0d 88 7a 4b 57 17 05 81 54 9a bb 05 9b 3c 01 bd e8 6b 69 75 de c8 2e 11 30 f5 48 b3 81 62 be d5 f0 ed 71 69 74 51 ce df 94 80 44 fc 7f f4 5c 48 02 4f 97 5c 3e 9e e8 cf 99 e3 5c da 6e af f1 51 4a c8 99 7d 8f 71 61 78 aa 52 5c ef 0b a0 34 d9 20 a8 04 71 f1 48 7e ba 03 99 55 e3 f3 7a 54 d9 2d 34 db de cd d8 07 85 f9 4b 29 98 ff e7 4d 2a 3c 9c d9 ad 25 66 73 fd 76 59 1d 76 37 20 62 37 68 12 2f 81 ee
                          Data Ascii: $P4#3Kv`&rg<zkFJqC@6*-A%i jfif>[@!":CZTzKWT<kiu.0HbqitQD\HO\>\nQJ}qaxR\4 qH~UzT-4K)M*<%fsvYv7 b7h/
                          2021-12-20 13:26:00 UTC74INData Raw: 72 69 70 7e 29 f6 10 fa ea 30 ff 41 47 10 d3 08 f7 9e 16 f8 ed 28 91 6e 49 66 b2 c4 4c 73 4a 95 23 0d b4 e1 fc a6 0b 6e ec 11 bd e4 f3 21 cc 94 6a 5f 92 51 f8 90 e6 89 f2 9a 86 0a 3b dd a6 60 c0 eb 31 45 5f f1 db f6 7f ad 41 c4 35 a3 6e 74 bd 2b e5 9b 97 78 49 a1 26 12 e7 0f e4 8e 58 bf 06 0d 2b 96 64 bd 98 f9 45 7e b3 f9 9e 51 87 f8 82 fe a1 65 6e 02 0d 3a 5b 8b c7 e1 c2 96 bd bf 79 ca ae 6d bf 10 39 e0 f5 e6 0d cd 18 ee 41 2a b2 60 2e b9 03 e0 11 4b d2 b5 39 0f de b3 ae 3e 4a 7f 37 e4 02 b8 91 0c d0 f7 c4 ce 8a 89 38 ef 03 28 9f 9a 78 a5 c0 20 7b 0b 19 23 90 03 7e a3 7e 8c 2a 7f f2 3c b4 9f 43 fb d6 ae 67 d6 37 97 70 7c 77 21 fe 36 20 61 f2 22 24 a5 50 de fb 36 0d ce 7e 3d ba d2 49 04 a5 ad 0b 22 ef ee 22 ec a9 a2 c5 ee 5d d5 ee e1 56 31 45 84 19 af aa
                          Data Ascii: rip~)0AG(nIfLsJ#n!j_Q;`1E_A5nt+xI&X+dE~Qen:[ym9A*`.K9>J78(x {#~~*<Cg7p|w!6 a"$P6~=I""]V1E
                          2021-12-20 13:26:00 UTC75INData Raw: 3e 20 07 ae a6 ad 99 58 6f c6 c9 af a9 5d 48 09 f4 04 07 b7 b9 d7 0e 7a ca 29 1e ab a2 af f2 00 42 e8 bd 2f 7d 4c da d6 38 d1 88 eb ef 0c 6a 31 33 c8 1d c7 83 01 d3 3d c5 18 3f 3d 1c 44 f8 f4 b2 74 2d 2d 3b c6 d1 20 18 15 3a 66 b1 c9 0c 60 2e 19 84 db 2f 3c 5f 8f 71 ea ae 25 1d a4 62 2c 5c e8 07 e6 ca 3e 66 12 4d d2 44 71 2b 8f e2 e4 5e 59 1d 39 3a 8d d5 42 54 07 ef f9 c3 bc 65 f2 a9 6b 78 c3 1b 08 81 6f 75 8b 99 54 ca 2e fb ba 69 e9 32 21 e4 a4 d7 d9 e2 b8 97 0b 97 e1 73 98 53 a5 7b ae 23 fc 8e f5 f7 7b 08 86 6f 63 31 be b0 6d 57 02 fa ac d5 2d 01 e3 5b 43 ff 3c 2b f4 62 cd 0f 7f 85 1e a5 91 06 f6 7d ec 95 a9 99 33 7a 05 58 4e cd 6d c5 23 48 30 91 ce 37 45 81 4c ab 66 af 1f fa 63 42 6c 69 22 30 31 7b 25 cc 05 5e dc 34 dc 2a 61 f7 3e 02 f3 c9 2e a6 82 b0
                          Data Ascii: > Xo]Hz)B/}L8j13=?=Dt--; :f`./<_q%b,\>fMDq+^Y9:BTekxouT.i2!sS{#{oc1mW-[C<+b}3zXNm#H07ELfcBli"01{%^4*a>.
                          2021-12-20 13:26:00 UTC76INData Raw: 7a 81 e5 9c f0 79 91 af ed 59 25 cb 46 6f 80 0a c4 5b d8 12 cd 1e 3f 29 fa 6b 08 dc 1f ac b9 2e c9 11 19 a3 c9 da 8e 7a 50 0d cf 39 ac 90 08 bf 4f 16 a1 37 62 88 43 d3 cb df 82 9a 5f d5 18 58 5d d0 27 04 57 fc fa 2d ed 16 44 e1 37 0a ab 60 5e 40 cc cc 10 ae 12 ff a3 14 8c 28 10 f6 c1 89 08 bc 6e 87 ab d9 6e 9b b3 70 16 1f ff 33 69 a4 73 0f b7 db a4 50 dc 44 c2 d8 97 5a 3d 31 62 72 42 c1 e0 ba 2d 01 6c 71 ba 20 60 1a 72 43 7c ab 01 85 a6 91 15 b2 af 23 3b 30 f3 1a 44 eb ac 41 12 44 02 be da fe 05 2b 90 d5 bd 92 75 92 b9 ea 76 f6 ac 6e b8 89 f9 c1 bc 38 5a 6b 82 e0 8c 32 14 ea d8 e1 f4 03 53 72 e2 6b 87 2a e8 5f f9 fc d3 bc 9b 8d 32 5a 44 cf b6 56 e2 5d 52 54 97 81 4c 25 64 6a 30 26 a7 b2 92 b3 97 f9 3d 6a 13 ce 90 3b 3c ed df 5f 62 09 83 2d e3 3a ff 74 59
                          Data Ascii: zyY%Fo[?)k.zP9O7bC_X]'W-D7`^@(nnp3isPDZ=1brB-lq `rC|#;0DAD+uvn8Zk2Srk*_2ZDV]RTL%dj0&=j;<_b-:tY
                          2021-12-20 13:26:00 UTC77INData Raw: 7c 83 59 a1 a1 a5 e8 6e 4c fe 5c f1 ba 5d 2b e2 88 02 8c f0 f5 06 39 94 74 28 24 89 4a 09 af e0 64 1c ed 10 46 df 7e 30 45 0f eb f9 f5 67 e1 05 53 67 6f 98 46 47 68 36 2c da 6d dc f7 36 4b ef 9e 8d 1d 81 4e d4 36 44 75 74 f4 bf b0 74 27 93 26 42 98 9d 32 c0 b5 94 a8 72 46 f7 32 f0 03 de 85 78 94 17 86 c7 4e df a2 67 1d 03 41 85 75 22 6e 35 34 f4 c9 18 c6 ec 31 2c e2 fc 95 74 67 c3 21 95 c3 09 37 6f fd 17 15 b2 c4 65 df fa d5 f7 16 5f 9a a0 ac 5e 86 4e 42 20 72 c5 3d ef c7 f0 35 63 ac 49 85 af 42 71 bb a6 7a 0c 80 0a b8 38 4c c2 b8 f0 1f 5d cb ea 27 ff 10 a3 84 a9 fa ac 2b 4a 85 c7 00 42 37 34 00 44 99 09 c1 d6 34 48 37 a3 99 33 97 ae b0 1c b7 8e 7c 62 84 16 e4 1c ab 76 00 53 a2 57 5d 63 9e e0 f8 23 47 0f e5 c0 41 d0 43 9d 73 b8 dd 97 1c 58 f1 e9 27 50 02
                          Data Ascii: |YnL\]+9t($JdF~0EgSgoFGh6,m6KN6Dutt'&B2rF2xNgAu"n541,tg!7oe_^NB r=5cIBqz8L]'+JB74D4H73|bvSW]c#GACsX'P
                          2021-12-20 13:26:00 UTC79INData Raw: 90 d2 90 46 9f 53 7f bb b5 1a cf 5e 1f df 07 d3 0b d4 30 e4 f5 78 25 8f 0a b4 8d 78 2f 78 4f 06 23 ba 41 7d 90 65 dc db 6f 09 85 a1 99 15 4a 97 55 31 ec 88 df 6f 68 57 be 39 20 da 4a 9f ee 20 e0 46 8e 3a 77 5c 7f b9 fd d6 94 84 69 9f 10 1d 94 9d 91 35 95 76 98 fa 2e 97 c6 92 b6 ea 2a 5d 48 53 01 f3 6a ab da 1d f0 64 a1 5e 8c 32 d7 09 04 57 b8 ee 76 15 83 a4 41 9c f3 89 ba a6 68 db fa c1 33 6c 4c 40 58 fa 00 f0 96 34 c5 42 36 5d 08 07 f9 b1 09 3f a1 d1 9b 69 1b 94 21 42 91 5b 07 f2 56 8c 71 db d0 fd 3a a0 32 db 6f 5a 5f 62 be 98 23 bb f1 53 32 6b 13 e4 ca 73 30 6a 03 41 3b 83 3d 61 3a 06 22 93 d9 7e 41 2c ce af 51 9f 83 f4 ce 30 78 24 34 16 7b be bf fb 20 1e bb 34 2a 32 31 9c 62 38 60 9e 5c a3 b5 1e 6b ec 32 fd f3 cd 66 10 0c c8 d9 5f 37 78 87 92 16 60 23
                          Data Ascii: FS^0x%x/xO#A}eoJU1ohW9 J F:w\i5v.*]HSjd^2WvAh3lL@X4B6]?i!B[Vq:2oZ_b#S2ks0jA;=a:"~A,Q0x$4{ 4*21b8`\k2f_7x`#
                          2021-12-20 13:26:00 UTC80INData Raw: 8c c6 37 f5 82 80 89 1f af 49 d0 35 2e 74 5f 85 04 8c 27 26 d4 9b 3a 16 df 77 c2 41 40 1f d5 d2 c4 80 52 80 bd 67 fb 58 a2 c6 56 fa 05 72 65 dd 65 21 6b 67 5e 53 c7 0c b1 25 18 10 a0 61 bd 71 e0 65 7b 3b 56 3e 49 4e 34 c7 19 f1 33 86 87 0d 44 66 9e 2e a2 0d ec fc a3 6a d1 0c 82 ff cb ff f8 59 53 54 68 5d f2 52 c1 ff 4b c1 27 d8 47 71 d0 3e 48 68 c7 c2 02 6c df 7b f5 45 8f 75 99 5e b7 18 89 89 61 dc ad 2b 64 37 0e 8d 16 f2 76 e0 1a 53 e6 78 c6 e5 64 db a8 60 a4 0c d6 1b d1 a2 1f 4a 0f ba d4 81 38 67 ac 08 c2 11 43 d8 53 7e 83 65 4c cb 3f f7 b2 55 81 e1 92 e8 4c 73 00 95 23 0d fc a4 fc c9 0b 6e ec 75 d3 e4 98 21 cc 94 4a 63 92 10 f8 90 e6 a9 d2 9a 81 0a 3b dd 86 76 c0 f0 31 e4 93 10 3f 31 5e 4d ad ff 5a 58 2a 39 53 52 95 07 d3 c8 0c 49 c9 ce 88 60 82 49 77
                          Data Ascii: 7I5.t_'&:wA@RgXVree!kg^S%aqe{;V>IN43Df.jYSTh]RK'Gq>Hhl{Eu^a+d7vSxd`J8gCS~eL?ULs#nu!Jc;v1?1^MZX*9SRI`Iw
                          2021-12-20 13:26:00 UTC81INData Raw: 60 85 8c e2 ae 19 ee a1 bb 6b 84 ef bf 9e 0d 58 c2 c8 9b eb 5d cc 0c 07 61 a3 c7 2f 3a 29 ec 6a d9 04 84 91 e7 57 b6 e5 27 f8 7c ae 74 31 ba e2 1f 19 3c 40 1f c4 10 d6 cb 6c f3 db 69 52 f8 7f 23 3a af 09 33 90 79 b7 6c 27 5c 27 5e 24 f5 54 b0 86 1b f2 25 8f 4b fa fb 30 e8 02 68 50 07 c7 57 e6 3f 9e b9 a4 d4 01 20 51 08 8b c0 13 08 29 9b f7 93 ee 21 d8 15 80 62 a8 61 16 35 14 f0 11 aa 72 45 4a 4c 00 4f 17 95 04 2d 6b 88 7f ca b1 5f ed ab d2 2c 31 77 cc b7 c3 b6 43 a9 c8 bd 92 06 9a 44 50 82 21 59 4a d8 eb 5b 24 ec 9b 4c d9 ea 9b 71 0d 25 46 a3 9c 62 d6 80 28 a1 e6 d3 b3 4d 1f 1c e9 38 e4 6b 9b cd 86 63 e7 76 59 1c 8b cd 10 d5 e0 39 73 69 74 50 c8 8c 36 1c 44 fc 1c bf 88 3a b0 34 02 c5 26 2a 6c 7e 9d 4e 5c 62 63 6b c9 d4 dd 2f 24 a1 8f 71 0b 29 4b 07 f3 34
                          Data Ascii: `kX]a/:)jW'|t1<@liR#:3yl'\'^$T%K0hPW? Q)!ba5rEJLO-k_,1wCDP!YJ[$Lq%Fb(M8kcvY9sitP6D:4&*l~N\bck/$q)K4
                          2021-12-20 13:26:00 UTC82INData Raw: 77 4b fc 70 3c 54 db 64 d3 f7 06 55 8a ab e8 82 f7 70 ed 31 1c cf 0d be d2 2d 6b 57 e4 e3 2d a9 38 9a 23 0f 20 7c 0e 33 fa 7e 0e 2e aa 7c 7e 83 0d 4e d1 50 a9 1e ff 81 c1 51 3a 61 96 56 42 88 e7 d1 ca 79 1c 13 1a 53 13 ef 7b e9 d7 98 97 94 ec cb b7 10 d7 16 95 c4 6a d5 c1 5d 09 d4 e6 be da 3c 12 d8 18 de b5 aa c9 d2 b2 36 16 3d b3 34 db e1 81 e9 b9 14 da 89 33 70 38 81 f4 76 37 b3 e1 84 14 70 2f 09 ae 3a 54 a6 e1 4a a6 02 2d b0 63 3d 75 e3 5a ba f3 82 a0 4d 15 af f9 71 92 e8 07 46 74 e5 2d 78 2e 8b 37 bb f2 b0 2f d5 db 58 4f 83 7e 70 3d 1d a4 00 5e d7 8c 89 54 6b c6 78 3a 8d 07 3a b1 d0 d8 cd 83 cd 52 18 d6 ab d9 4d d5 38 7d 47 93 de d2 da 27 e5 66 71 9c b9 2b 32 68 bb 86 fb 9d 8a 36 da e4 13 36 6c 00 d4 41 6b 3b c4 f4 64 1d f6 7c 6e 43 cd 68 6a 66 7a 93
                          Data Ascii: wKp<TdUp1-kW-8# |3~.|~NPQ:aVByS{j]<6=43p8v7p/:TJ-c=uZMqFt-x.7/XO~p=^Tkx::RM8}G'fq+2h66lAk;d|nChjfz
                          2021-12-20 13:26:00 UTC83INData Raw: 61 c5 85 26 f8 a8 35 8d a4 f6 c8 94 87 48 b4 b9 a3 95 3c 3d 42 c4 c8 6a 82 ff d6 76 18 1a d1 3a be 1c 71 0d b2 4d 70 7d 6b 28 2d df 33 78 af 56 fd 3b d7 7b 2c 22 c3 af cb e1 8a 42 20 b5 34 7e dd 96 c8 4e 3e cf 02 29 02 a4 c7 05 c4 7e 62 6d a8 c9 7d 77 c1 23 c3 7b ce 1f 45 7d 24 04 96 c9 e1 18 d8 61 58 31 e9 23 66 15 e6 b9 51 03 5c ea 1e d4 3e 97 d5 a3 7c 8b 5c ad 8f 33 ce b5 b4 50 24 32 a7 aa b6 0a b4 08 65 8d 6c 55 0a d6 06 7a 66 7a c1 9b 87 e0 48 53 ee 28 d3 03 78 c0 8a a1 e7 79 7e 24 24 b3 99 cb cd c5 c3 f5 08 61 47 a1 2f 14 f7 c3 0c cc 9f 34 c7 ca d9 c3 23 0d cc ad fc c9 0b 6e ec 61 de e4 92 21 cc 94 1e cc 6d 8e 07 bf 10 4e a1 9a 71 ce dc 1d f6 78 d4 14 26 71 80 4c 3e 61 3a 4d a7 6e 5e 8e 9a f1 07 d9 70 b2 31 34 1a 23 02 27 8c 00 83 c4 58 a7 2f 86 86
                          Data Ascii: a&5H<=Bjv:qMp}k(-3xV;{,"B 4~N>)~bm}w#{E}$aX1#fQ\>|\3P$2elUzfzHS(xy~$$aG/4#na!mNqx&qL>a:Mn^p14#'X/
                          2021-12-20 13:26:00 UTC85INData Raw: 24 37 bb 5b 56 94 d6 e7 3c 60 02 7e ee c2 e9 a5 f5 72 70 06 9f 02 b7 a6 6f 50 83 6f 86 01 73 1b b2 88 1b 47 49 36 00 d3 a9 7c 3a ab 17 eb 89 37 17 df 5d 60 95 c1 b7 ae e0 8e 03 80 37 49 23 a6 df 4d 15 3e 21 5c 5f 66 23 91 b0 88 4b c2 65 a1 63 67 d7 82 8d 82 93 7d e7 3b 14 4a 59 77 c8 36 11 43 80 8d 98 5c 00 6f 49 ed 24 a6 6b 73 87 07 32 ab a9 d1 34 c3 f6 72 4f 2b 72 00 5b 8b ba b5 2d 28 a5 37 49 c3 e3 57 f8 66 c8 b3 d6 25 e6 87 82 02 4f d9 ea ce 4a 12 ff a9 67 c3 70 20 1f 17 58 b7 ec 23 6b c6 c9 76 bb 73 a2 07 3e 62 bd 3b f4 d4 43 5f 5a 26 e6 6a ee 2b 08 28 1d 10 58 b5 fb 6f b5 26 ba 9c 16 32 f2 f2 68 21 69 10 0a 1d 65 88 96 8b 52 13 72 d3 4c c9 b1 30 e3 27 48 1a 4b 94 86 43 bf 5b 30 66 3a 7b 81 a8 8b 99 83 62 1a 78 d3 8f 42 a8 ab e5 2f 9f bb 49 d0 c9 53
                          Data Ascii: $7[V<`~rpoPosGI6|:7]`7I#M>!\_f#Kecg};JYw6C\oI$ks24rO+r[-(7IWf%OJgp X#kvs>b;C_Z&j+(Xo&2h!ieRrL0'HKC[0f:{bxB/IS
                          2021-12-20 13:26:00 UTC86INData Raw: 49 32 b9 4b e8 e2 48 f2 b8 a6 cc b7 e5 9a 28 21 0c 39 d2 8f 7f 7b bd 63 00 24 32 cc 17 f3 51 87 e3 23 74 84 a2 c4 9b d5 2d 7d d8 fd 01 bc 4e 89 2a de 7d d5 6a 27 d2 79 08 3c 81 3b 97 22 5b 41 bc 35 6a c3 f1 09 61 46 9a f9 fa ca 75 f2 59 6f b9 03 63 60 7d d4 27 34 ad 77 9c e3 fb 41 d2 ad e4 92 a2 cf e1 67 f3 e6 6b 73 12 b3 55 2c d7 16 5b 14 2b 43 01 c0 1c f5 2b 53 64 38 37 65 16 af 4f 0b 12 ff bc 0c b6 ff ec a0 57 46 12 bd b2 07 2f 6a 19 90 de a3 f3 3c 93 bb aa bd 1c 81 6e 52 bd 1b 51 6a d9 83 fe 34 14 6f 02 a0 f4 a4 74 cf 68 2e 4a a2 0a e9 d8 07 92 ed c5 15 2a f2 5c 0a c5 6b 99 38 59 4d 30 c6 de cc ff 10 9b fe 76 d8 f7 c8 3f e8 30 36 78 c9 b8 d3 93 59 5d 5d 22 7f 8b 0c 80 72 ba fe d7 eb 8d fd ad ed 3d d6 b7 1a 9b 49 f5 1c a3 14 07 0d 8a fc 75 c0 eb f1 08
                          Data Ascii: I2KH(!9{c$2Q#t-}N*}j'y<;"[A5jaFuYoc`}'4wAgksU,[+C+Sd87eOWF/j<nRQj4oth.J*\k8YM0v?06xY]]"r=Iu
                          2021-12-20 13:26:00 UTC87INData Raw: 00 bd 84 41 79 1e 79 5d 57 d9 62 e6 bb 30 12 62 8e 66 b0 7d 84 f5 8e be 36 da e4 ab 64 93 5b f8 18 05 3b 0b 8f 5b 15 05 85 a2 d6 03 92 b1 db 5a 99 82 34 af 53 e8 64 4c 9b a5 e9 95 54 e7 d3 5c ce 90 c0 c1 4c c1 65 0d 36 7b 93 4d d8 c5 77 f4 4e 38 29 6a 76 37 b7 36 9d 20 6f f6 5d 74 c1 65 1f b6 2d af 76 9c ca 4f 76 b0 84 fc 8f 53 cc df 7a 47 44 fc 77 b5 70 46 8b bb 45 d7 ae c9 4f bb 83 ec 60 87 a5 93 49 2d 89 b0 02 58 da 69 ea 6d 35 9c e9 72 14 d7 30 5e 3e c9 3c 66 fd 23 2d bb 7f a2 17 ec 52 20 32 40 fa 8d 17 a4 63 df 72 9d 72 c6 f7 29 64 2a 1c 6c 4e 18 52 68 aa e2 88 dc 0f 48 f7 27 ea 81 95 e6 25 ee 5b d0 59 e6 b5 92 05 9f be 2d 79 b6 75 fd 42 7e d8 78 50 2a 63 83 5e 2e 38 f7 6a a1 b4 f2 bc 26 fc 84 c6 a1 9e 60 b8 7d 7e 33 a1 3c 46 67 67 be 72 21 a1 1e 17
                          Data Ascii: Ayy]Wb0bf}6d[;[Z4SdLT\Le6{MwN8)jv76 o]te-vOvSzGDwpFEO`I-Xim5r0^><f#-R 2@crr)d*lNRhH'%[Y-yuB~xP*c^.8j&`}~3<Fggr!
                          2021-12-20 13:26:00 UTC88INData Raw: 97 2a a7 09 28 e0 fc 59 7f 5a aa 18 cc 04 b7 80 ba 66 ce 2f 00 25 b1 18 34 fa dd 94 a5 60 0b 02 7d 9b 08 40 f3 ca 86 5d d7 35 dc c2 f8 0e bc 80 8b 3c 6a bb 60 0d 9e e5 8c e0 98 99 eb 8e 30 11 99 cd 6a e6 5a ff 09 63 59 df 39 e4 aa 3e 11 6c 0e cc 66 a3 8c f5 f6 51 ba c0 64 91 cb ca c6 65 de d8 d5 f4 9a 85 06 f3 31 a2 c4 ec 7d 66 5d 46 31 48 aa 08 9c 4d 06 fd 1a 23 e6 58 be 87 3e a2 4d 43 80 38 33 db 0f b9 59 40 dc 82 f3 f7 1c 8e cb 6d 7c f4 c0 08 b8 56 d7 10 84 d0 1d 97 f3 11 73 c8 3b b7 36 1f 08 86 84 a9 8d b0 5e 1d 0c 25 0b 10 ba 7f d2 4b 87 a3 85 3d e0 11 36 61 ed 36 38 11 2c 5b e6 0d 6c 66 fd c7 65 75 ff 7c 14 04 5d c3 17 6c 4d e5 78 86 9a 8d a0 fa fa 4e 69 8d 50 74 91 b1 e0 7e 7d ce cd 7e e6 66 bc dc 97 95 16 9b 6b ef 2d c2 99 ae e3 d1 47 38 a4 97 6b
                          Data Ascii: *(YZf/%4`}@]5<j`0jZcY9>lfQde1}f]F1HM#X>MC83Y@m|Vs;6^%K=6a68,[lfeu|]lMxNiPt~}~fk-G8k
                          2021-12-20 13:26:00 UTC90INData Raw: 01 af 6a e3 03 13 45 8e 96 dd cd c0 e6 65 5c b7 f8 65 b5 fa e6 7c 9c b9 d8 e9 78 9b 01 9a bb c1 f7 ed df 9c b0 82 9d 37 2f 66 39 b6 6f da 81 e6 7a b2 a3 6b 90 c2 ae 66 4d 2f c7 d2 14 ad 3e 2d bc 18 29 43 8e 8d 6f d0 ae 05 97 eb d8 b7 59 8a 7b b5 59 09 a4 40 48 df e4 4e 39 4e 61 89 e3 ce b8 8f 16 c8 6b c0 5b 4a a0 5c c2 18 5d a3 17 e2 b4 b5 a5 e6 bc b7 bf ff b7 d0 3e d7 d2 d5 e1 c5 2f 32 ae 18 3f af 90 a5 3c e5 2a 46 bd 80 65 01 c0 c9 a8 7e 3b 3c d3 ce a0 e7 eb 4f 20 a1 00 e4 4e e2 f2 81 26 d5 2d 02 1f 14 13 3b 40 65 e4 73 55 a1 ce c6 24 52 49 db 2f b4 11 34 1d 13 0f 94 34 b0 a1 51 8b 73 80 93 cc a7 07 53 b2 34 6a 1c ac c7 24 f6 d1 51 e4 2f f4 ff f6 3e 02 f2 44 36 f0 39 e8 40 c9 60 07 5f 4b 1f 17 aa 2a 99 73 76 65 e1 dd bf 44 bd e3 f8 b8 17 1c 12 28 36 aa
                          Data Ascii: jEe\e|x7/f9ozkfM/>-)CoY{Y@HN9Nak[J\]>/2?<*Fe~;<O N&-;@esU$RI/44QsS4j$Q/>D69@`_K*sveD(6
                          2021-12-20 13:26:00 UTC91INData Raw: 66 e7 20 de 32 49 0d 8b e6 33 ae ad d3 d4 03 78 77 51 85 1f f0 85 33 ed 09 14 fa f2 9d ff c6 c6 56 5b 94 7b 8d 43 c1 6d 8d 45 8b 67 d6 c5 f0 72 8e 9b 6e de 85 e1 8e 92 64 2a 51 4b 49 2a d7 81 19 b8 5d c1 76 c9 43 f7 3b 9a 07 4f 66 5f 76 31 ff c9 9a 34 42 36 68 74 c0 95 5f 40 85 ad ff 21 09 8a 13 a6 3f e4 dd 44 7e c2 cf 9a 14 b1 a7 8c 6a 45 6e d1 16 42 1e aa 46 51 49 51 10 d0 71 9f a3 c9 46 c5 da ce f6 7b 38 97 63 a3 5e b0 82 a9 e4 4e 27 18 9b 41 6d 34 c2 cb cf 53 42 49 16 4c 2f 4f 02 8a 84 6b 32 56 d2 30 2d e1 31 e2 c9 03 9c 38 a5 92 2c 10 4b 70 01 cd 95 07 7f 14 0d 85 79 cd 08 da 0f 24 7d 70 45 a6 f7 00 e9 e2 ff a4 52 50 8c 46 24 8a f5 4f f5 3c d9 7e 7b db 59 79 2b fd 48 df 3d ed c4 32 11 47 d4 33 65 87 f2 9f 25 66 17 33 f4 d6 27 1f d4 b4 80 85 5e 29 ed
                          Data Ascii: f 2I3xwQ3V[{CmEgrnd*QKI*]vC;Of_v14B6ht_@!?D~jEnBFQIQqF{8c^N'Am4SBIL/Ok2V0-18,Kpy$}pERPF$O<~{Yy+H=2G3e%f3'^)
                          2021-12-20 13:26:00 UTC92INData Raw: 46 ee 69 9c 8b 36 7f de d0 c3 81 8c fc 30 50 bf 93 14 4e c5 4c 3f ef 08 c2 40 4f 26 21 53 52 d0 60 9f 17 16 63 6e fe 62 a7 83 50 35 c3 a3 2c ef 63 82 d7 c3 2b 61 fa c8 0a 8a 01 cd f8 3a db 38 9a 86 ce 45 2a 88 9d a4 e2 ab f6 48 2e c9 21 ff a8 63 f3 a7 a8 bf b9 a5 20 b3 89 12 89 e6 39 f2 f2 24 37 2b 0f c3 ef 54 c3 84 e1 72 0e 34 70 93 71 b7 bd 49 53 20 36 73 a2 5a 3a 2a ba 75 4c 4f 7e c4 47 55 5d 4e 53 9a ee df 78 56 8e 7a c7 de cc c7 6a 12 37 ec 24 ea 36 1e 49 de a2 84 ab ee 49 30 97 74 72 1c b7 8e 7c 5e 6c f1 8f 9b c9 30 8d d6 04 21 47 c1 0d 35 e8 50 76 db 91 1b dc 7f 35 1f 84 62 d7 05 da 49 f1 83 75 ea 63 a0 a6 2f c9 1a 65 32 ee 91 61 0b 72 94 f1 89 8c ff 98 7d 0d 8e 6a 54 78 85 99 bb 34 c0 2f 7a 17 c0 b5 90 b9 dd de 82 d8 e4 48 5e ac 96 87 86 3c 51 68
                          Data Ascii: Fi60PNL?@O&!SR`cnbP5,c+a:8E*H.!c 9$7+Tr4pqIS 6sZ:*uLO~GU]NSxVzj7$6II0tr|^l0!G5Pv5bIuc/e2ar}jTx4/zH^<Qh
                          2021-12-20 13:26:00 UTC93INData Raw: d7 cf 26 78 71 92 83 d6 ed 9c e9 cb 2a f6 77 cb c9 ce ad 4c 8e 72 7d 66 3c 4f 1c fd e7 2d 67 b4 d4 35 11 5c 98 74 36 1e ad fc 32 e4 79 c7 7e 8c 6e e5 ec ba 30 0d a2 1b fe 39 f1 47 ce ad bb 33 3d bd 71 85 49 da 46 1d 5b 48 b4 ca 48 e0 93 ce 89 b5 ba 73 96 3a 13 31 ab 5d a9 f4 fe 78 5e 58 07 1a f6 ec 3e 24 c5 cb 9e 66 15 de 2e 45 ae 63 29 65 0f 49 20 f6 7d da e7 43 94 80 75 b4 d3 d6 7c 93 5c f2 82 8f 40 b3 7c 77 da 16 fe 57 e5 ce c4 a3 e8 6a a8 90 5d cf 58 50 92 80 2b 0c f3 ef a4 cf e4 e2 4f f2 4d 87 93 3e 8f 02 68 52 dc b0 93 98 19 06 9f f2 7e b9 a8 46 19 df 8e e8 34 66 48 88 69 f1 a3 01 b9 81 9b 76 79 4f 79 45 86 a8 0d db 55 20 5f 17 c6 6f 62 67 d4 d3 8d a9 b6 8e a0 45 18 db 04 df 91 d2 9a 3c c6 c3 f1 aa 15 d1 05 20 12 f3 da 63 7e e2 b4 fd ff fa d3 75 2f
                          Data Ascii: &xq*wLr}f<O-g5\t62y~n09G3=qIF[HHs:1]x^X>$f.Ec)eI }Cu|\@|wWj]XP+OM>hR~F4fHivyOyEU _obgE< c~u/
                          2021-12-20 13:26:00 UTC95INData Raw: 1d ec 87 3b 1f a7 82 8f 6c ac cb 1f 83 42 20 bb 7d 0e a1 97 3d 6a d0 aa 70 fd 00 25 c0 ec 3e b0 93 6e 43 7b 56 8e 17 c7 a5 ab 38 95 4d 0c b1 53 d2 e1 b3 95 d6 5c b7 45 11 19 8a bd f1 34 1c 3a 81 bd 26 78 29 1a 19 67 78 51 bb ae 9a b8 3e d6 16 08 17 e9 a7 aa 9e d8 da 24 d3 84 d8 59 1e 5f 58 c8 1d 5f 13 52 ed a9 ab 94 dc 7d 58 62 ae 84 ec d9 3e e4 9f 4f af ce a6 80 a2 93 a9 f5 08 31 cb 46 c5 82 08 56 5d c0 19 3c 72 ca 77 6a 0c 56 09 ad fc 42 9d 05 bd 95 de e7 45 49 83 d2 e2 33 c0 99 43 6b a3 05 49 ec b0 0a fc 13 a0 ad d4 9f 31 ae 9d 5b 42 9e fb ce c4 ab df 95 93 71 d4 d7 fd 10 0d 40 5c a1 75 72 8c 6a 09 df b1 47 7f 0d 93 e1 67 2a 98 85 7e 3f 54 7c 29 5b ff 05 7d 51 23 0a 03 ea 0a c4 5f 06 09 dd 97 96 7c 52 53 df 6c ae ed 46 de 80 3f 04 02 c3 59 ae d6 d1 1d
                          Data Ascii: ;lB }=jp%>nC{V8MS\E4:&x)gxQ>$Y_X_R}Xb>O1FV]<rwjVBEI3CkI1[Bq@\urjGg*~?T|)[}Q#_|RSlF?Y
                          2021-12-20 13:26:00 UTC96INData Raw: ba ec 6b de ce d1 98 57 1a fa da 8e 03 03 18 58 f3 d5 8e 30 5e 3a e9 7c 6f dc 2c e0 59 42 4b 79 e4 2b 3d 7f 6f db 89 5a b3 31 87 c5 54 a2 35 01 c4 61 15 43 80 59 98 58 f0 53 37 6f 33 7c fe ad ed 50 da 74 67 84 c4 12 bf e3 12 1c 82 7b 26 61 7f 8e 1e e8 7b ef d8 d8 f7 1e 75 be 3f 4c a0 32 c6 ba ec ce 88 cf b7 cb 42 42 72 ad fa e0 06 9a 96 7c 05 9f 99 3e b5 0e 58 de be 16 44 94 c9 9d 71 a2 9f 82 70 da 9a a2 39 8b e6 2e 1e 48 81 ef ac bb 68 69 6d 0e c6 2e 11 33 4a da d8 74 9d c2 9c 79 b6 05 c3 83 50 13 b2 ef eb bb 03 a4 5a 12 fe 4f b7 95 5c e6 6e 40 bd f3 69 54 f5 12 39 21 81 b1 c7 1c 58 f9 55 e2 ec 39 2c 57 16 57 0f e8 d7 b6 6f 91 71 2a 8d 3a 79 c7 66 07 30 c8 a7 84 90 74 b9 4a 5c dd 8c f0 7a 06 92 94 4d 4f a1 61 f5 46 94 ad 96 de 66 4f 95 53 ca 1c 4c ba 69
                          Data Ascii: kWX0^:|o,YBKy+=oZ1T5aCYXS7o3|Ptg{&a{u?L2BBr|>XDqp9.Hhim.3JtyPZO\n@iT9!XU9,WWoq*:yf0tJ\zMOaFfOSLi
                          2021-12-20 13:26:00 UTC97INData Raw: 4e e3 61 21 82 32 fb 76 69 1e a7 ed cf d2 74 af ce c6 a8 20 a7 ab f5 5b 09 b6 c9 3f 7e a1 41 52 8a 6f 46 07 7b 10 c4 0c 1d 2a 52 03 a3 1f 24 fc 0d 89 b6 7a e8 20 2e 1d be d7 e9 7b 93 eb 55 49 17 d9 f5 03 15 7b 99 91 f7 c1 21 d6 a4 1b d9 14 61 db 55 db 84 31 63 b1 77 8b 10 0d d7 fc 4b 42 4d 01 2f 1a 1f 4d bb e9 26 3c 93 67 0f ff 2b 69 33 f2 07 ec 51 aa 9d 2f 6b df 11 d7 eb 26 51 a4 08 80 15 99 45 72 71 e4 6a 92 b5 49 57 9f 4e 70 08 a7 cb 71 c0 eb bd 6f 32 c6 53 78 0e 4b c8 16 2a cf ff 4b 7c 2e 64 38 c6 8c e7 bd ba 86 a2 a2 f4 ac 03 fd fa 82 d1 8f 81 88 7b ee df 47 8b 0f 0c a1 90 ba 69 81 c9 1e da c9 2c 7b 59 cc ad 43 fb d7 92 8f ec 1d c0 1a 16 9f f8 30 44 4a 90 49 f9 50 b1 02 d6 c7 e6 03 23 21 63 6c c9 38 29 6f 1c 85 a6 87 e7 6f e0 fa 71 6d 11 5e 50 20 de
                          Data Ascii: Na!2vit [?~ARoF{*R$z .{UI{!aU1cwKBM/M&<g+i3Q/k&QErqjIWNpqo2SxK*K|.d8{Gi,{YC0DJIP#!cl8)ooqm^P
                          2021-12-20 13:26:00 UTC98INData Raw: 11 c9 f0 25 9b ae 9a 8d 85 5d 20 1d 38 65 1b 64 93 6b 6b 1b a7 d5 1d 4f d0 05 fe 62 92 ab 5f ae 39 fa 6f 27 c5 45 b3 48 43 bc ea d6 9b 84 e9 49 e9 34 08 a5 ee 62 b2 7c 8b 38 4e e7 5e ef a6 79 ca e5 9a 20 b8 14 d6 3c a9 6f b5 08 87 8b 51 d2 e3 6c 97 51 87 c8 b3 2c db 0e 8e 16 58 a7 d4 cf 4f 4f ed a6 ac 8e ce 26 07 b1 70 c9 db 34 e7 49 7e fe 39 a2 98 78 ca 1c fe f9 85 31 2a 48 f9 16 7e fc e8 4f c7 46 75 c9 c6 48 73 2f 5a 32 d6 96 bb fc 22 79 5f 08 52 21 0b d1 d1 f3 c4 f8 bd 9b 2a 40 71 12 b7 f2 75 dd cf 67 49 da cc ab 93 5b 1a 81 55 c5 61 4a 65 11 c3 4e 09 db d0 0a 7b fa e5 c0 07 a0 ea e3 c7 b8 95 16 8c 85 46 2c 15 bd 98 f7 04 2f 26 07 ec 8c 38 40 b5 2b e4 6c 3f 2d 4f 5a 0b c4 17 71 01 5e fd ad 68 59 35 55 a8 9e be 41 08 39 35 05 41 d3 c4 a5 21 f7 83 b2 e2
                          Data Ascii: %] 8edkkOb_9o'EHCI4b|8N^y <oQlQ,XOO&p4I~9x1*H~OFuHs/Z2"y_R!*@qugI[UaJeN{F,/&8@+l?-OZq^hY5UA95A!
                          2021-12-20 13:26:00 UTC99INData Raw: c6 48 94 50 c1 96 b3 e6 83 8f d9 ad f3 9f 9e dc 0c b7 6c a4 11 66 3b 39 f5 64 c2 3c 14 29 36 93 b5 cf fc 46 2e 3a 90 d4 5b b5 2d b1 81 6d c5 0a cd d4 08 a1 70 06 8d 74 9d 7d fe c1 2c ae 25 a4 2e d9 bf 35 2a e5 b4 df 7d 8b f2 08 ba b5 1e 6b 56 52 95 70 dd 10 9e 4a c8 c7 2a eb 68 2e 52 0e fc 9a fd 8e 50 03 ee 31 a9 41 cd ee 82 88 2d d9 89 b7 e4 08 43 16 67 cc c9 c5 2f e9 c0 de fc 45 a7 53 8b 14 80 54 65 ea 23 57 c1 e5 95 e8 4c a4 63 a8 15 d1 9a 58 29 e6 cf ff d2 59 d1 7d 6e de b2 00 45 be be 35 97 0a d4 7f e5 68 4c 5e 5f 93 8e ab 96 92 f0 64 38 e6 06 66 2e c5 2b 5a 4c 5a cf 48 71 78 39 30 06 2f 2d 4e d5 ee 76 64 98 6e d1 22 86 59 a1 a1 a5 cb 7f 59 20 3b 4e 6f e6 90 ac 40 3e 06 d2 11 2f ba 9b 8b 2a 14 74 a9 4e 0d e0 27 0d 69 5f fc dd 9c 76 ed e0 24 b8 cd 39
                          Data Ascii: HPlf;9d<)6F.:[-mpt},%.5*}kVRpJ*h.RP1A-Cg/ESTe#WLcX)Y}nE5hL^_d8f.+ZLZHqx90/-Nvdn"YY ;No@>/*tN'i_v$9
                          2021-12-20 13:26:00 UTC101INData Raw: bd 5a bf 76 aa eb f6 6c 0c 26 9b 6d 1f 6a bf 49 51 a7 9f 1c 89 eb 99 3f 7e 74 69 0e f6 11 7f 0b 37 88 95 b2 a0 9c 7c 03 36 88 6d a5 cb 55 01 cf e2 5e 5a 0e b0 7e 59 ab dc fe 0d f7 cd 9a 0a dc 98 36 52 28 c6 16 23 d6 2f bd 67 69 c4 51 56 be bc 52 ce a6 d3 53 9f f0 bf 0c 1f 28 4c df 82 bc 4f e2 ac b8 48 2f 6c ea 4a 67 92 33 70 d9 f8 98 a9 ef 53 f4 44 3b c7 fc 4e 0d ae 5b 63 b4 d3 38 e4 a2 02 82 f3 71 17 12 33 c6 bd 3e e5 79 0d 95 c6 ed 3d 77 15 c6 53 13 24 19 97 48 fa 31 12 95 7f af 49 a1 86 71 b7 45 8b 58 29 5e 29 09 44 88 50 71 30 7c 97 62 c8 f5 0b fd 2d ee b4 c0 8e 59 1b fa ab 14 cc 40 6a 17 b1 fc 62 bc 54 0e bd 7f 0d 58 9f 1a 16 27 a3 89 9f b5 19 84 90 2b 7c 53 5d 69 9e 58 e4 4e 3d 31 5b a0 c0 db a1 96 35 83 31 06 ec a9 ae 7c 8e cb 1d b5 01 06 32 26 d0
                          Data Ascii: Zvl&mjIQ?~ti7|6mU^Z~Y6R(#/giQVRS(LOH/lJg3pSD;N[c8q3>y=wS$H1IqEX)^)DPq0|b-Y@jbTX'+|S]iXN=1[51|2&
                          2021-12-20 13:26:00 UTC102INData Raw: c8 d6 06 f9 65 4c c1 be 2f dc 2a 6d ce 1d a5 28 8f 93 c7 6b 6e de 79 71 41 19 25 4a 77 22 68 69 64 5e b8 1b 42 73 2e fe 59 b5 5d dd 5a ab 6a 29 e8 f3 22 f7 4e 32 75 b4 05 26 57 09 9e 37 61 4c ac 48 e5 b2 74 4e 1a a7 4d 94 a7 1d 1f b3 a2 a5 f1 5a 12 ba 97 89 49 0b d0 86 04 9d ea 6d 29 9c ec 72 10 36 75 38 6e c9 e3 3e 9c d6 d2 44 aa 36 ef 37 1d ab d7 96 6c a1 90 94 44 df 09 06 3d d4 2e 34 8b 70 3f 25 00 80 96 3c aa 09 00 dc 0b a9 be 65 ec 03 73 d6 25 bf 29 67 3e 29 b9 11 55 cd 09 27 e3 53 28 b5 2b 63 26 23 d7 ec 75 8b cf 2e e1 e2 85 21 61 e2 73 b8 60 80 a5 2d eb da 4f 75 f2 33 a8 08 df e8 3a 2c c3 9e 3c 19 9c 7d d0 c5 2b bd af 37 f5 82 90 95 fe ea 2f 4e 6b fa 58 dc c6 54 73 75 bc a1 dd 36 af 9c aa 79 22 4c b2 a1 65 57 12 30 cc 89 df ab d5 12 2a 06 71 e0 79
                          Data Ascii: eL/*m(knyqA%Jw"hid^Bs.Y]Zj)"N2u&W7aLHtNMZIm)r6u8n>D67lD=.4p?%<es%)g>)U'S(+c&#u.!as`-Ou3:,<}+7/NkXTsu6y"LeW0*qy
                          2021-12-20 13:26:00 UTC103INData Raw: 61 07 7b f1 cc 76 5a 3c 07 8e 74 50 69 51 40 03 2f bb 81 e3 57 d9 cf 33 96 4a d6 28 5f 6a 92 5e 21 13 5a da f0 5c fa cb d5 86 ea bf 68 5a c6 02 1d 50 25 c4 16 a1 ec a7 20 18 20 34 b5 0b 9d a3 de ce 48 d6 10 ae c7 6c 17 57 f6 ad ae 86 9f 1a ab 7d 7b 52 3a 38 b7 0c 5b 3d 91 2f 32 75 90 a1 78 e4 47 8e 37 41 8f 73 c7 96 4b fd 56 7c 77 1a 72 0b 8d 15 0f dd 8d a7 ee 31 0f de 30 6f 2b 21 ba 4f d2 4b c4 3c 53 e9 7f 3e a9 b9 b9 77 b1 df 2f 09 20 0f 54 32 52 47 d3 f2 69 cb bf b4 7f 65 f5 fd ca 8a f5 c4 c9 59 b6 61 49 79 8d db 92 50 31 8a a9 6a f6 d8 10 6b 1e c9 cd c8 1a 52 41 86 6b bd 36 1c d8 d0 62 44 01 82 86 97 7b a3 b1 28 93 dc 7b 82 b0 73 73 e3 04 19 57 ce ce b0 67 c8 7c f1 ca fb 25 c4 3f 78 b0 99 21 d8 07 50 a4 39 a2 b5 bf 77 6e b7 57 0e 5b 46 0c 83 2d 3b 5c
                          Data Ascii: a{vZ<tPiQ@/W3J(_j^!Z\hZP% 4HlW}{R:8[=/2uxG7AsKV|wr10o+!OK<S>w/ T2RGieYaIyP1jkRAk6bD{({ssWg|%?x!P9wnW[F-;\
                          2021-12-20 13:26:00 UTC104INData Raw: 98 38 de 94 1c d5 44 fc ed 52 93 87 ee cb 96 74 a9 98 15 5c 06 8c d0 ed 90 f7 21 64 f0 ea 35 cf 1e d1 7f 71 b4 74 4b 5d 7f 35 bb d1 72 06 0d e4 b9 94 d5 32 f5 ac 79 bb 02 b4 f8 1e d8 6d 36 f5 fb b5 6c db 67 2d 62 4d 50 b3 e3 f7 40 b3 b3 b0 74 fa 85 c6 b0 67 9f 47 75 ef 37 75 27 dd 09 77 71 cd ea c0 40 17 6b d6 c4 3c 4b e0 6a 36 5b f6 97 ea c7 cc e4 80 07 a5 28 c1 8f 60 2f a7 f4 95 72 7b c3 21 95 ff 63 fd 40 2d 16 c9 ea 4f ef df fa 0e f2 2e 3c 76 e0 2f 2d d7 2b 99 ee 30 5e b8 19 0b 69 22 c3 03 f2 d3 98 81 30 35 22 bb 56 fd 30 07 d4 6e 90 03 4c 02 6d d3 b1 9a 9c 2e 23 0f e1 7d 7c 45 42 d4 4a da 3e b3 61 d0 40 99 09 7e 54 34 48 31 bb 45 e9 79 4d f0 0c e5 f2 68 10 da 15 61 03 b0 d4 4e 8a 52 dc ed b5 b1 e8 45 2c b9 6c 62 c0 3b 84 99 6d cb b3 53 93 16 0e a1 6b
                          Data Ascii: 8DRt\!d5qtK]5r2ym6lg-bMP@tgGu7u'wq@k<Kj6[(`/r{!c@-O.<v/-+0^i"05"V0nLm.#}|EBJ>a@~T4H1EyMhaNRE,lb;mSk
                          2021-12-20 13:26:00 UTC106INData Raw: fb 49 d6 4c 7f c8 b8 88 b4 7c 7f bd 9c cf a8 ca 7c 43 59 88 8b d8 a4 f7 78 3d 31 88 d8 fb fd 3b 30 e0 29 d2 67 e4 2b 35 2d 37 10 20 44 ea e9 a1 06 00 ab 3a 7f da 0e 17 3b 1d 90 cc 7a 49 02 bc c2 f5 05 74 96 71 c5 f5 8a f9 32 16 1e ea d8 cb 43 ea 98 9a a2 11 89 fc 9f 4e 07 d1 c7 ff c4 8b 80 43 87 e5 7b c5 0c c5 e6 ca 71 79 8e 6f 60 86 b1 9e 58 a7 f4 88 67 ed 1a e1 a2 cc 8c ae 81 37 f3 79 b2 77 b1 d1 45 2f a3 5b 00 bc 40 b6 c5 f0 df 8a a2 04 7d 52 c5 1e b2 61 6e 96 73 9b ac de 39 1c 5a 06 62 16 64 b6 fc f5 2b 96 e0 59 c9 67 52 ec e7 41 c5 e0 42 c3 ad 53 11 9c 7b b1 b8 fc a0 df 8f 23 3d 4d 0d 36 51 c1 af 32 ae 6a 10 99 2d fd 36 2a 82 e1 cc c6 9b c5 b5 85 29 af b0 2a bc 86 dc da cc 99 35 81 73 d2 21 61 2b 4b e1 17 42 6d c3 53 4e 1b 1e 99 37 d9 4f 36 79 e6 a8
                          Data Ascii: IL||CYx=1;0)g+5-7 D:;zItq2CNC{qyo`Xg7ywE/[@}Rans9Zbd+YgRABS{#=M6Q2j-6*)*5s!a+KBmSN7O6y
                          2021-12-20 13:26:00 UTC107INData Raw: 80 7e cf 14 25 37 f5 09 c5 0e 38 57 a8 80 91 f2 88 70 97 51 80 f7 6f b9 fa aa 32 40 74 70 41 5f b6 2a 2d cc 01 aa 54 ae 2b fb 05 5a 4f 09 c8 e3 ec e1 01 ff 1e 22 79 25 8d e7 23 0f bc c5 14 25 22 3a bd a3 f2 f4 ef 18 74 47 fb 4c 51 19 15 e6 b3 2f 79 b9 b2 13 e2 6d a4 2c b1 5f 22 cb d3 d3 5b d4 0a 65 d0 16 0f a7 31 52 bf 0d b6 65 07 76 2f 9f dc 2e 49 f2 47 c5 d1 c2 b7 cc 4b 54 fb ac 03 57 fe 3a 6e 25 14 a9 bc 80 65 96 51 ef 38 e0 7b 33 0b 1a 50 48 19 8d 2b 02 52 87 a6 45 48 53 28 a4 bd 91 0f d0 1f 22 e0 89 8c c9 45 d0 bc 49 51 87 71 c8 15 4d 4f db 0b f0 11 0d a6 90 b9 61 34 bb 55 56 49 1e 7d 88 c7 38 69 18 6b de a8 a2 70 4b 52 1a 3e e0 87 f8 01 88 8e e7 8e a9 55 a2 13 d3 5c 03 a8 61 09 4f ae 18 ba d6 1c 77 fc dd a4 a1 66 33 23 c3 28 b7 43 0c 49 42 4d 64 8d
                          Data Ascii: ~%78WpQo2@tpA_*-T+ZO"y%#%":tGLQ/ym,_"[e1Rev/.IGKTW:n%eQ8{3PH+REHS("EIQqMOa4UVI}8ikpKR>U\aOwf3#(CIBMd
                          2021-12-20 13:26:00 UTC108INData Raw: 3a e0 0a 79 0e 73 1d 71 db da d9 e0 6b c2 30 7b 8e 88 ca d1 4e 9c 98 b8 71 eb 8d 5c 28 81 ef 64 2f 8d 72 c6 74 3d 76 e8 5f d5 56 ff c4 6b bc 5d 36 d7 22 6a 1f 62 43 57 49 c5 9d 14 8e 92 be aa 8d 03 80 bd 93 64 ed 4d 7c f6 3a 8d 88 b0 af 50 18 58 88 4b 79 e4 f8 b0 0f b4 02 8c 47 0b 2e 36 39 06 4a b3 f9 14 e1 63 44 cf 20 73 1b 08 47 d1 47 99 a6 fa 2a 11 15 26 27 ea d1 34 d0 a2 f6 72 eb 01 86 76 00 ff 49 8e 63 6d 9e 1e e1 fb 50 2c aa 9d 38 b3 31 e9 4b 2b ce 88 9c 3a 1e da 82 47 ea f7 16 f9 ec 82 68 36 2f dc c2 6d 66 50 e5 20 57 94 c7 d2 33 49 b7 8b 10 4b da 9a b9 ef 3b dd 28 e3 73 42 12 f8 14 a8 6f a5 2a ba 34 b3 a1 6e 6c b6 ff 71 10 9f 30 19 88 96 8b 02 de 76 7e 54 fc 74 7c 3a fc 4c 0a 4b 56 5a ee 6a 9a d5 3b 72 6f 5f 66 87 4a 38 e2 94 4a 84 04 0c 6d 1b fa
                          Data Ascii: :ysqk0{Nq\(d/rt=v_Vk]6"jbCWIdM|:PXKyG.69JcD sGG*&'4rvIcmP,81K+:Gh6/mfP W3IK;(sBo*4nlq0v~Tt|:LKVZj;ro_fJ8Jm
                          2021-12-20 13:26:00 UTC109INData Raw: 9c 14 d6 cb 3c ad 56 04 38 7f ce 52 25 b0 78 b5 c5 d8 ea e6 45 22 47 50 16 fc dc cc 36 02 50 c0 7f b9 c1 33 55 da d4 98 6b 3e 3b 0c d1 44 08 19 46 24 02 52 66 ed 7f c1 2e 2c 0e 07 c2 2e 86 f7 e7 5f 22 21 f8 98 7d be cb 95 ab c6 da 52 86 48 fb 62 7e fc f0 c0 ab fa 8c 45 d4 1c b1 44 df af cf 1b 80 e6 95 96 93 e8 1f a5 3a 29 e2 33 92 fa b0 47 98 cf d4 99 7b 5a e8 13 66 09 fb 55 47 2c 84 2f 1d 25 b1 0d 28 a9 81 83 aa f7 09 b9 98 64 a2 b3 5d c2 0a 59 8f a5 d3 4a cb 01 97 a5 c2 6c ea c9 22 86 8e d9 92 fe 90 99 f3 2d 3d 82 0f 4a b6 af f6 95 9a f9 ed ae 00 45 76 a1 8a d2 0c 51 a1 6d 56 c1 b7 d3 7e c8 1c c3 37 39 c6 7d ce d6 59 94 07 70 5b fb ba f7 ae 85 2d 41 b9 0b 89 8b d4 b7 50 0d 18 a2 44 dc 07 36 bd e6 3d 5c 24 c0 d9 23 79 80 47 4a f6 cd a1 c3 f5 4f 9f c9 48
                          Data Ascii: <V8R%xE"GP6P3Uk>;DF$Rf.,._"!}RHb~ED:)3G{ZfUG,/%(d]YJl"-=JEvQmV~79}Yp[-APD6=\$#yGJOH
                          2021-12-20 13:26:00 UTC111INData Raw: cc 9b 4e bd 43 98 75 b8 00 a8 cd 59 1d f6 b2 74 da 67 6a ed 3c 40 47 9f 97 28 6e 4e ed f2 ec b7 2c bd a3 8e 1e 49 ae a0 20 00 f1 b2 2b 6b a3 47 d7 8e ee 1f 06 cf 4a 67 07 7d e1 22 1d 38 94 15 9f f1 12 d2 b5 08 50 36 ba cc f2 b3 bb b9 fa bc fc 5d 43 51 ef 25 54 5a ef eb 6a 32 30 ae 81 92 4f d5 dc 8c 47 d5 d2 03 d0 89 69 60 93 7d 03 06 f4 b2 54 ff 21 91 81 f7 13 f2 2e 77 72 54 fe 8d 5c d2 eb 69 e2 03 3f d0 71 ac bc 3f e8 21 f4 b1 05 f7 d0 b5 75 6f 5d 31 50 e5 59 bd 2e df 0d 30 20 6f 8e 7c dd 89 19 3f 39 59 80 cc f0 8a de f5 7d 4e 5a a4 df 4a 8d 7c 09 08 07 ff e4 6d fd 03 38 06 3a 12 3e b3 80 77 25 b5 f5 86 62 62 c9 dc b9 97 28 5a 1a b9 65 04 da 61 4f f5 53 5d c7 28 40 5b e3 00 12 6a 56 54 09 73 e9 27 33 b2 db 94 74 27 90 22 4a 2d 97 10 ae 37 27 f0 32 25 bd
                          Data Ascii: NCuYtgj<@G(nN,I +kGJg}"8P6]CQ%TZj20OGi`}T!.wrT\i?q?!uo]1PY.0 o|?9Y}NZJ|m8:>w%bb(ZeaOS](@[jVTs'3t'"J-7'2%
                          2021-12-20 13:26:00 UTC112INData Raw: 6d df 29 6d e8 e5 47 9b e1 b8 31 20 39 e6 9a 87 f2 ff 58 b3 c8 b5 8d 57 1a dc d0 45 70 5c ce 18 e0 56 a4 51 32 90 db d8 e7 c9 77 7a 4c 71 8d d3 37 41 1a 36 92 fc cd c1 3a 61 9a d9 7a 81 6e d9 8d 1e 82 a4 36 bd 5e 96 85 b4 bf 06 25 16 83 15 77 91 f3 fb 00 fe c8 d2 56 e1 c3 11 43 76 5f 71 87 9f ad 4f a7 ae 6e 9d 0c cd 23 4f 93 ae a0 ba f7 c8 e3 71 f7 29 d3 5d 79 00 00 b4 0c de df 4c a8 50 71 1b 30 a3 db e5 13 81 7f 33 98 94 71 89 bf f9 c0 4d 55 94 b7 40 1e 6c f7 4c 5e a2 04 f2 01 b4 76 6b 9f 2e 25 b7 10 74 5e e8 da 24 1b 8c 7e 43 a9 bc de 30 e4 7e 49 2a 81 8f c8 df a5 dc 2a 38 3d ca 8d 53 d8 c5 19 e7 54 2e c1 73 6d ea ad f0 53 d8 99 4b d9 69 07 cf 23 a4 3b bd de 9f 6a ff 71 1f 13 f1 3a 77 5c 7f 09 55 3d 7d 3d 1b f8 61 7d 5a 01 db db a6 e6 b5 73 c2 f1 1e 81
                          Data Ascii: m)mG1 9XWEp\VQ2wzLq7A6:azn6^%wVCv_qOn#Oq)]yLPq03qMU@lL^vk.%t^$~C0~I**8=ST.smSKi#;jq:w\U=}=a}Zs
                          2021-12-20 13:26:00 UTC113INData Raw: 9a 5d 5f 81 3d 79 16 9f f0 e1 70 69 74 e5 96 9d 91 db c1 f4 0c 4d 8b 75 93 92 a3 16 2e 9a e9 cf 99 d1 44 02 96 ac 4c c4 72 38 e3 6d 09 c2 7f ef a4 03 5c 9d b9 43 c5 b5 66 5f eb 96 84 22 2d 67 24 c4 e8 74 89 b7 2f e2 c6 97 04 71 af 93 82 a5 01 3f 83 6d 56 5d c9 bf 46 68 a2 96 de 0b 4c 85 4c e5 73 5d 42 96 9d aa 64 e7 4b 10 5f 0e 41 ee fc 0f 72 db 7e 94 ad 0e 86 8c 52 45 78 30 3a cf 8e 0e 4b 4d 85 f9 22 30 2f b3 29 ed d6 3e 9f 5c da d8 19 e4 7b 5e 35 7d c5 2a 0f 27 a0 d5 19 3d 7e 6a 3c 5a de 4a a5 ce 40 c1 8d 50 dc 54 19 69 dd 0f 11 4c 74 5b 1d f7 47 ad 00 0e a4 d9 51 f6 45 a0 98 ad 59 9d 5a b3 27 05 a7 db 6a 05 86 27 aa f2 7a c4 ed a3 df 78 c5 5d 4a 25 88 6c 03 e5 93 a0 e3 e7 b3 ac 9e a1 97 25 3d 05 86 88 78 60 b7 2f 79 fe 50 c5 51 ec 01 cd 89 d5 d0 48 b6
                          Data Ascii: ]_=ypitMu.DLr8m\Cf_"-g$t/q?mV]FhLLs]BdK_Ar~REx0:KM"0/)>\{^5}*'=~j<ZJ@PTiLt[GQEYZ'j'zx]J%l%=x`/yPQH
                          2021-12-20 13:26:00 UTC114INData Raw: bc eb f0 c8 c1 18 89 22 45 93 f5 a6 25 d8 1c bc 3b c3 f6 62 42 6f 60 78 88 76 45 89 41 9c 34 5e b8 70 be af d0 14 29 8f 66 16 2a 32 96 bc 51 a0 60 f8 4e 2e 9e 52 f3 2b 83 12 0a d7 9d 7a eb fc d5 4a 88 d0 98 86 4b c8 33 9e 70 0d 88 2c 0a a6 97 15 25 d4 6c ee 76 fb c6 96 41 16 c7 1b a1 ed ff a3 0d e8 37 5c 1d 8b 62 ca 2d 7d 61 5a e2 91 8f 1b cb c9 e3 bb 77 3a e5 12 ca f1 8f a0 58 92 d6 92 f1 64 31 9b 0a 98 9b 96 e7 4a 43 ce a7 97 e1 21 a8 9d 12 58 9c b9 a3 65 27 9b ab a7 e8 f5 d1 94 1a a7 ed e2 ee cf 98 05 7b b0 a5 5d 8f 13 df e2 d8 3a 05 97 3e e0 62 35 4f 3a 93 0c 01 de a1 de 12 ef a3 1a 71 bb 69 62 ef 73 86 a7 d6 da 22 34 94 fe 63 1e 8c 98 53 78 f8 fb 8f 53 99 24 67 93 b3 e4 c5 4c 39 0f fc bc 7b bc 47 77 50 d8 b5 5e 12 04 ff 32 66 f1 31 25 b1 cf 82 b1 d8
                          Data Ascii: "E%;bBo`xvEA4^p)f*2Q`N.R+zJK3p,%lvA7\b-}aZw:Xd1JC!Xe'{]:>b5O:qibs"4cSxS$gL9{GwP^2f1%
                          2021-12-20 13:26:00 UTC115INData Raw: d2 2c 62 c0 99 e8 b9 5c fa 22 5e fe 8f 3c ed 25 8a 85 8b 72 a0 11 b0 76 69 3e 3f a9 f1 09 8f 22 d4 04 91 1e aa e6 32 18 d2 c9 31 1c 72 09 05 8d 47 f2 49 53 64 e9 8c ec 0f 89 39 88 ae fb 1b 15 fa 82 d0 24 c5 fb e6 39 7c 3d 02 50 5b 9d 44 77 71 e4 6a 92 9d ac ce c0 bd 2e 92 1e c1 71 86 be d5 4d 66 f5 9a f8 e6 13 c8 16 f0 37 62 3a 41 d3 cb e7 47 8d 4f 14 8b 08 5d 9a e7 b8 e1 03 28 7d dd 77 5a 90 35 0a df 50 20 6e 0b b6 40 d4 9a fd 67 18 09 b6 1e 66 e7 24 3f 51 fb 78 fb 4f d6 90 12 80 eb 88 b4 a9 eb 5d 44 e5 22 24 74 c2 45 eb 5b ef 1b 81 b6 41 32 49 fe 8f 5a d7 1e ab 32 a9 09 f4 e4 6d 11 5e 50 20 56 02 08 a5 1b c0 57 fb 2e fc c4 b7 38 6b 2b 85 6a fd bf c2 82 a8 03 0d 98 e5 b5 1f 84 4c c7 6a 99 a6 89 ae 02 08 12 3e 23 0a 52 53 9e 6d 6d de 6a 6a 3b b3 d0 fd e7
                          Data Ascii: ,b\"^<%rvi>?"21rGISd9$9|=P[Dwqj.qMf7b:AGO](}wZ5P n@gf$?QxO]D"$tE[A2IZ2m^P VW.8k+jLj>#RSmmjj;
                          2021-12-20 13:26:00 UTC117INData Raw: 37 db 3c af b7 f2 fc d3 9e 57 87 02 88 7a 8d 28 ed 87 99 48 77 d8 c9 56 70 6b ee cf 5f a4 d4 eb 9d 70 9b ff 97 7f 68 90 5e 36 4a 0d fa d4 1f bb 03 d1 50 ae 79 1b 74 c5 c1 05 d9 bc 76 2b c6 ae ff b3 5b 44 5a e2 90 dc 91 5d 23 b1 7e dd 6a 99 12 47 42 55 1f de 6e 62 a9 f0 e8 21 c5 4d ff 78 69 d0 1d f4 1f c3 0c 92 c2 29 13 99 3e 1f ed c1 68 5c a7 be 83 8c 52 0f f6 18 07 41 a3 7f ab b2 7a 77 12 b1 a0 48 55 5d 0b 11 76 1e 17 08 7b 1b f5 67 22 ff bf 14 1f a5 d9 74 92 ce f6 10 ce af 39 c4 f4 22 c0 6a ed d3 c3 d4 68 a4 ef b1 f2 18 9e 87 ff 0d 01 08 a6 ca 1c b3 2b 7d bc 7a ec 7a 26 93 83 0e 15 3b 7d 1c 1b 09 67 bc c6 80 7f c4 ed 6a 01 3c a4 43 e0 34 f0 51 c6 30 b0 1c 88 3a ca f9 7b 9c 84 89 10 32 49 89 01 73 94 11 93 39 61 fe 66 2e 8b 2b 8c d6 d0 bf 44 e2 18 f5 3a
                          Data Ascii: 7<Wz(HwVpk_ph^6JPytv+[DZ]#~jGBUnb!Mxi)>h\RAzwHU]v{g"t9"jh+}zz&;}gj<C4Q0:{2Is9af.+D:
                          2021-12-20 13:26:00 UTC118INData Raw: 18 b8 19 20 6d 0f 37 43 ab 31 c4 7d 14 d5 03 b3 4d 7d 47 16 f2 f4 fc 30 fc 6d f2 28 eb fd d4 3c f1 86 b4 c1 fb 05 b1 00 fb a6 91 22 ff d2 3b b2 c1 bb c9 67 47 79 68 a1 9e 54 2c b0 88 7e 6d 82 c8 f3 82 d8 08 2b 6f 1e 13 f3 20 0f d9 4d 29 07 7e ca 61 ae d5 ea db b7 c4 e3 28 a7 c2 65 dc 4b 86 70 5f 4d 92 19 88 32 88 0d d7 cf 06 42 81 6a 69 d3 c4 04 c4 71 10 85 9e 98 bf 5c a6 f4 3e d3 ce 9e 09 27 4d 0e 1f d5 2a 1f 46 19 39 9e 7c 17 ee b6 55 d1 c5 35 89 37 86 9d 64 72 05 95 60 72 e9 91 93 18 30 33 da ab a0 bc 75 78 6f 8d 3c bf 7c 18 d6 e2 28 32 e5 4b eb de 09 12 53 ad fa da c3 9c ea b2 29 79 f2 6b 08 09 3c 48 f6 c0 21 7f 65 5b 66 20 02 58 34 f8 e1 6c 17 dd bb d8 50 64 d5 25 5d 45 86 ff 8d ad 99 62 d1 f1 34 8b bb 56 e8 92 8d d9 e8 39 71 5f 40 f4 af 4d 53 42 ba
                          Data Ascii: m7C1}M}G0m(<";gGyhT,~m+o M)~a(eKp_M2Bjiq\>'M*F9|U57dr`r03uxo<|(2KS)yk<H!e[f X4lPd%]Eb4V9q_@MSB
                          2021-12-20 13:26:00 UTC119INData Raw: ec ef 59 a2 8b 29 5d c4 6b 31 45 da b2 17 56 c7 9e c6 2b 17 27 0b 3a 92 97 b8 02 90 ee 31 86 54 54 5e c0 e6 b2 f5 40 47 98 f4 47 e9 41 3c 6f 1d 35 d1 17 5a 93 cd d0 02 8c 9b a2 35 34 ac 94 50 b1 cf 4d ec 52 a9 10 84 1b 65 95 ef f1 8b b6 76 08 34 9e f4 0c e0 c6 7e 02 77 4f e6 0a 72 33 a7 97 c9 7d 01 8c 20 23 de c8 ed 54 b5 c0 c3 c2 9a 4e f0 6d f8 a7 98 fd b3 1e cd e2 73 6e 18 e8 34 f8 51 ed 2c 96 b2 82 82 de 37 92 66 d1 f0 0f 64 1a 02 a2 49 2d 35 58 bf 4b ca af ad 61 d7 77 bc 6d b8 09 97 ba fe 1a ba a7 05 3e 39 a7 4c ad 85 27 80 41 67 2f 77 62 38 cb 71 5a 35 e9 a4 2d 53 3d 90 aa 49 f5 0f 69 18 9c 93 a1 03 7c d8 87 4f 98 3a c0 27 92 57 45 09 f4 53 35 9e 69 65 f5 95 b8 8c 86 40 ca 54 8e 61 16 71 85 ec 1d 63 e7 57 46 b6 11 60 e2 08 41 3f d7 6d 2b e6 de 01 8e
                          Data Ascii: Y)]k1EV+':1TT^@GGA<o5Z54PMRev4~wOr3} #TNmsn4Q,7fdI-5XKawm>9L'Ag/wb8qZ5-S=Ii|O:'WES5ie@TaqcWF`A?m+
                          2021-12-20 13:26:00 UTC120INData Raw: 96 a7 f1 cc c2 b5 06 a9 be 68 a2 ff 50 cb f7 c4 66 4d 53 fa 92 8f 8c 64 7f 7a a7 d3 ce 5b 81 6a 89 99 78 ae 56 11 95 3d 55 a3 10 b0 1c a4 6f 03 7e cc e7 b0 74 2a 5c fa d8 30 81 05 82 15 0f 7c 01 a7 20 5c a9 70 3f 8d 91 bc 18 1a 9c 14 f6 7b bb bb 52 af c0 0c ed 2a ea e9 50 03 77 2c 42 b8 1c e8 8e a8 b5 c8 0d ee 8a 1b ca 92 a9 ce 5b 9f b3 05 d7 a9 f3 30 de 01 1d ef 92 94 3b 8d a4 76 61 4b 8e dc 40 fa bf 08 ff 87 1b 5f f4 6a 4c a1 c2 38 aa fb bd 08 ca aa 5f 10 c1 c9 a9 d8 37 91 ed e1 87 8f 70 1e 33 18 cf c2 e4 9c c2 12 0a 79 db 56 bf 43 eb 2d ce e3 6d 9c 54 b4 c8 28 77 49 90 3d ef 41 f6 e9 cd 44 fd 16 be a4 17 cb 6a 12 b8 d1 89 b3 c6 69 f0 01 db 60 71 a2 ad b0 16 3b 5e 68 c1 14 cf 8e 0d ac 96 8d 05 ff 61 b8 a9 56 5b 2c f2 36 ab 44 6e 4b 7f a9 71 08 90 df c5
                          Data Ascii: hPfMSdz[jxV=Uo~t*\0| \p?{R*Pw,B[0;vaK@_jL8_7p3yVC-mT(wI=ADji`q;^haV[,6DnKq
                          2021-12-20 13:26:00 UTC122INData Raw: 82 3b 19 9e 15 8e f7 c5 0e 78 12 f3 4c f9 72 05 57 c3 6f 50 9b 27 5a f7 21 8e 8e 44 df 3d c5 4f 2f 94 75 1a b8 b1 b9 c3 fc 1f 06 44 57 88 5a 5f 0d 76 4a 65 85 ca 3d 97 d4 2d e3 be 88 7f 59 84 50 d9 28 16 9d 77 0b 65 6f b1 ae f2 0f b4 7e 1d 9d b9 e3 3e a8 76 5a a7 eb 01 1b 88 4f 84 85 cc a5 82 1b 2f f6 df 2d c0 36 67 65 c7 4a de 7d 58 b7 38 79 0d 1b ad 01 8c 7d 06 49 0d 80 e7 85 3c af 63 a7 45 fe 11 0c 18 a1 3c 8b 26 b2 8c 64 d2 bc f1 a3 39 8e de d2 36 22 e1 f2 76 65 70 9f 83 14 98 b3 73 53 70 7a 69 f9 7b f6 72 d5 1a 1d 23 37 1b 38 9f 6d ff 89 2b 09 93 e9 0e 97 e4 53 62 c3 6a 77 bb 4d ec bd 8d 82 23 0a f5 c0 06 7c d4 0b f2 18 d0 51 3c fc d7 78 c9 33 9a 91 3e b6 1a 54 9a ae 82 46 3f 6f 07 7a 62 4b 70 1e e3 2d fb 26 fa 2c 54 f7 51 65 43 8f 48 d6 62 7a 8d b3
                          Data Ascii: ;xLrWoP'Z!D=O/uDWZ_vJe=-YP(weo~>vZO/-6geJ}X8y}I<cE<&d96"vepsSpzi{r#78m+SbjwM#|Q<x3>TF?ozbKp-&,TQeCHbz
                          2021-12-20 13:26:00 UTC123INData Raw: 8d 68 1a a8 86 2d b6 5d 00 7c c8 26 c0 5b 5a a1 2a fa 91 85 af f1 98 ba ed 39 65 9d 25 1a 44 c9 4e 17 f8 1d 61 d7 87 43 86 46 0c 46 0b ee 8b b6 f8 08 71 36 9c 4f 04 4f 64 9d 5e 91 08 2c f4 24 48 d1 84 29 db 3f 7a 29 39 34 40 32 66 92 28 95 84 76 89 ba ed dd 00 f6 a5 6a fb 65 7b e0 66 c8 b3 07 a3 c7 4f 1f 31 77 5f d2 8e 4a 12 ff 78 e1 7f 71 ed 4f 1c 4f bb 7b c1 19 40 e5 26 ec 9b c1 14 fd 0a 06 7a ff 98 a2 f8 78 d6 80 68 8d ea 56 73 42 c3 7e 80 b0 6c 68 5e d8 f4 0c 9d 5d 63 0b 74 9d 41 58 2d 26 e0 1e 03 8a 16 de 1f fe bb 03 37 5a 74 c5 4f b7 9e 12 c3 1e 99 b8 ee 58 88 e8 12 94 0a 3c 8a c7 1c d3 d7 b2 09 a0 a9 9f 2c 8b 68 be 9a ad ad 70 6e 8e 7c dd 8a 87 94 ee 8f 3b 84 42 e6 ff c6 4e d8 39 48 54 07 85 a1 03 14 ec fc 29 e9 91 f7 ae a5 96 e2 0d 8b 99 03 22 ae
                          Data Ascii: h-]|&[Z*9e%DNaCFFq6OOd^,$H)?z)94@2f(vje{fO1w_JxqOO{@&zxhVsB~lh^]ctAX-&7ZtOX<,hpn|;BN9HT)"
                          2021-12-20 13:26:00 UTC124INData Raw: b8 58 3c ac eb 8a 44 47 1d d6 8e 3c 81 9a d1 60 98 37 2c cb 87 23 bd b9 79 53 a2 98 d3 80 65 4d a0 f1 6d a6 58 a0 0c 73 33 4e a8 cb e7 c3 0b 78 66 9a bd ed 10 9d 3d 95 4e 12 c5 78 7b a2 c4 61 30 91 0c f9 43 55 a3 6e 78 0a bf ea 45 35 de b4 08 c5 49 c8 3e a5 0b ee 49 0c 44 b0 47 7a f2 ee cb e0 59 6f dc cd ba ae 98 41 63 63 1e f0 37 1c 63 3f a1 79 e9 29 41 6b d9 d8 5f 62 66 69 5f 0a b7 cb e1 77 32 5b 62 94 b0 9c f9 c9 f1 13 68 07 31 86 4e 5a 3a 18 cd 45 cd 36 9c 59 30 68 fb 96 7c f7 2f 46 1e 88 5d 2f 91 13 a8 d7 0b 2c 09 55 f4 98 e5 66 7c cf 18 04 6f 98 bd ce ad 1f d9 f9 12 69 bb 97 d0 01 09 db 2b 2c 81 3c ec 5e 2e 82 36 0c e5 a9 5c 16 c4 fd 07 02 e0 82 ba d6 a1 66 96 10 ad 4d ab 28 61 f6 b4 81 e4 e9 df f2 24 c3 65 75 5d 51 70 43 bd 2e 3f c5 af 09 ff a0 91
                          Data Ascii: X<DG<`7,#ySeMmXs3Nxf=Nx{a0CUnxE5I>IDGzYoAcc7c?y)Ak_bfi_w2[bh1NZ:E6Y0h|/F]/,Uf|oi+,<^.6\fM(a$eu]QpC.?
                          2021-12-20 13:26:00 UTC125INData Raw: 41 f0 c4 f0 1f dc f3 fa 28 58 9b 53 77 b7 fc 0a 37 18 ec 26 3f 97 cf 17 e0 1d fa ee 6a d0 6a b9 f1 eb c9 30 18 0b 9e dc 17 b5 fc d1 9b f4 8b a2 8f 75 4e b5 fb 09 61 fa a3 b3 00 d5 b1 de 86 6e 6e a7 25 63 98 aa ed c8 51 0c 66 83 fe ac 65 86 ad 43 21 6f 94 4a 35 5d be a3 4c f5 cb c7 ad 1f c9 da 4b 04 29 17 8a f2 9b b2 b9 fd 32 09 87 aa 74 1f 24 dd b7 71 9d ce 8f 4d c0 31 10 a1 37 82 40 c9 d8 cb 80 9a 64 86 2a 26 96 d1 a4 ba 06 ad c9 6b 94 86 3a 27 e0 1e 0c ca b5 97 45 83 30 0a 1d 38 fc c5 0f a0 9f 64 87 4c ac 30 22 43 7e 2e 30 1a 01 0d 1a 75 f0 4b 73 3e 9e 58 89 8b fb 97 cd bc 4f f7 59 e2 8c 40 f6 5e d1 a1 49 b1 b4 35 5e 64 93 6d d8 28 09 26 08 ee 6a 21 24 fa d4 1f 17 53 a5 55 6a be 11 58 9c a2 6d af b7 8e 2c 4e c3 82 60 39 20 df ab a4 4f b7 5a e1 54 3c 03
                          Data Ascii: A(XSw7&?jj0uNann%cQfeC!oJ5]LK)2t$qM17@d*&k:'E08dL0"C~.0uKs>XOY@^I5^dm(&j!$SUjXm,N`9 OZT<
                          2021-12-20 13:26:00 UTC127INData Raw: 76 fb dc e9 fa 15 c2 f6 54 d3 eb 7c c9 e8 bd 24 46 74 4f 83 66 dd f9 29 a5 c1 e5 b1 51 b0 33 f5 de ac 61 09 a8 56 4d 1b b7 ad d6 b7 f0 0d d8 f0 94 02 66 39 92 b9 a0 97 bb ef de 13 a2 9e f7 08 24 e3 1d ba 59 8b a0 d2 9b d3 90 c2 d1 b0 f8 00 c5 ba de 9c 66 b3 30 4f 7b f8 cd 9f 6f bb 47 9b 1d 1b 19 97 28 04 d3 3a df 8d ef 1a e8 db f4 19 e3 19 07 38 e8 50 50 94 2e 4e 39 50 a1 74 01 67 4e e8 b8 06 fb bf 1a 99 e2 32 3c 3f 85 61 8f 1e 04 6f 7f a5 58 1f e5 df 20 0b d2 05 c5 d2 a4 04 14 14 cf 2f e0 c8 f8 cb 7e c3 9c 35 6d 18 d3 29 6d 0f 12 bb 01 0e a3 34 1b af 37 a3 91 73 2e 37 99 10 8b b0 1e ca 30 22 e3 6f a0 87 d7 b7 7f 29 1c 4f a5 4d 98 19 db 44 03 d9 2d 8e 80 75 79 bc 23 8e 8f 15 44 8c 72 62 11 39 bf 95 92 03 c3 20 59 1d 1a dd cc 2c 15 98 ad 03 d0 5f a4 2f 73
                          Data Ascii: vT|$FtOf)Q3aVMf9$Yf0O{oG(:8PP.N9PtgN2<?aoX /~5m)m47s.70"o)OMD-uy#Drb9 Y,_/s
                          2021-12-20 13:26:00 UTC128INData Raw: 63 2c f6 7a aa 50 d8 95 bd ac a2 b3 d1 62 c7 91 d6 82 09 1d 24 af 0d 22 43 67 8a a2 26 73 df c9 b3 0b 71 c2 4d 95 f3 a9 b8 68 fe 07 4b f9 dd c0 1c 4f e3 62 b7 f7 7b 97 9c 54 d1 f7 aa a9 20 7f 31 5b 1b 10 f3 3f b5 d7 be 26 77 da ea cd b2 ad 79 53 53 82 8b e2 15 8f 9a 17 84 78 be bf e0 b6 ea a5 fb cd 80 66 98 8f b6 ee c2 c9 00 06 b0 f6 68 b3 70 34 07 97 f4 05 57 b5 87 68 d9 2a b1 66 55 7d 16 13 f6 59 95 1b cb 16 be e0 b2 8f 15 ac 3f ae b4 87 0d d2 6f 50 4e ae d3 78 39 1e 85 34 ce 87 65 24 66 9f 8b 0a 2d 10 e0 0d 8a 90 dd 71 4d 07 c7 db 74 de f8 c3 59 7d a7 ed 01 ee 27 11 75 3a ef c2 21 b8 f1 6d a0 57 eb 0d 99 73 33 44 78 ae 8c 86 84 28 f5 e9 79 b9 52 d5 07 93 f3 d9 2d 47 f0 26 8e c3 fb a7 69 7a 76 b9 91 54 08 7e a0 91 d1 cd a6 b8 d1 60 55 45 5d 0d d7 4f 3c
                          Data Ascii: c,zPb$"Cg&sqMhKOb{T 1[?&wySSxfhp4Wh*fU}Y?oPNx94e$f-qMtY}'u:!mWs3Dx(yR-G&izvT~`UE]O<
                          2021-12-20 13:26:00 UTC129INData Raw: 87 04 9a 88 07 5b 9d e4 a2 c9 fd fb e5 da 98 30 08 cb dc 99 96 70 20 3f b0 83 88 9b d2 ec d1 b8 47 33 d7 c8 b8 d9 93 1d 0c ce 0f ba 5d a5 cd b4 26 fc bb 81 a5 20 31 b5 73 c1 98 31 fa e4 81 c0 62 d7 22 0d 69 c4 7f 4b bb 12 7d 13 6e 73 2e 5e bc a6 76 5e b2 e5 eb c7 20 91 8c 8f b4 f4 de 5b 79 62 98 69 97 94 97 8b 66 54 d6 dc ab 58 5d f7 93 41 10 1f 6c e1 43 cd 6f 91 de a0 30 35 2e 13 f7 fb f0 f0 75 97 bc 6c e5 ca 6b 3c 09 e7 0c 0e 28 03 b2 15 62 dc da 7e b0 2b 50 fc 3e 73 73 72 1d fe 6a ee a2 f0 bc 1f eb 38 27 8e e4 fb d3 87 26 15 6f 78 ab c5 59 95 db 56 d6 1f e4 78 da 9d ef 09 d0 61 7b 55 af 5b ac ef 78 d4 ba aa 47 e2 57 49 b4 fa 24 2b af 7e 55 df 71 24 6d fe c7 1d 0e 68 53 70 36 d0 4f 4d f2 dd 2a e3 20 29 65 50 54 c6 e3 62 36 e7 b1 64 b4 ad 11 2f 13 5e 6c
                          Data Ascii: [0p ?G3]& 1s1b"iK}ns.^v^ [ybifTX]AlCo05.ulk<(b~+P>ssrj8'&oxYVxa{U[xGWI$+~Uq$mhSp6OM* )ePTb6d/^l
                          2021-12-20 13:26:00 UTC131INData Raw: bc 07 50 e7 a8 55 1e a1 62 51 d1 f6 63 38 0a ce 5c 85 fe 06 1b f5 00 8f c2 23 28 79 7d a5 74 cd d7 3f 2f 80 9f 4a 54 05 0d 6d df 18 d6 d1 7c 0e ed b4 a2 46 da c4 f7 46 63 b8 03 7e 1b c6 83 6d 1b 8f f3 17 d2 4f ef 2d c8 e8 26 18 e9 00 af f4 2d d6 84 f8 9d 56 7b 4f 96 4f b9 15 86 82 b6 17 0e ea 44 3b 58 ff 1f 8b a4 fb 08 c8 7d 78 61 d5 1b f0 91 d0 05 5f 58 29 92 fd 67 cc 8c c4 14 a1 9c 1d 77 de 2b f7 8e 96 7c 34 2d 5b f5 c0 a6 44 48 e6 72 9f 37 73 f9 04 9e d7 d4 fd b6 51 10 1e 2b 36 1e f6 84 87 73 26 50 a8 7d f3 62 b6 c1 71 6e cf f1 91 b5 77 3a 1c 17 41 9a 3f 27 e6 ac b1 b6 4d fd 79 a1 5a 4e b8 52 0e 01 b4 98 ca 0b 2f 3f e3 d6 3e 73 6d 9c 68 5d e2 8e 4e 20 70 83 95 a6 8c 34 52 2f 10 73 2d b8 ba b6 00 06 c2 6b ad ac b0 e8 4b af 06 f0 07 ed 86 e9 b6 b7 2a f7
                          Data Ascii: PUbQc8\#(y}t?/JTm|FFc~mO-&-V{OOD;X}xa_X)gw+|4-[DHr7sQ+6s&P}bqnw:A?'MyZNR/?>smh]N p4R/s-kK*
                          2021-12-20 13:26:00 UTC132INData Raw: f2 45 c5 f7 22 6d 92 37 23 f6 f0 28 df 59 82 54 69 5e 17 5c 25 fa 33 41 fe d6 87 90 7b cd 73 70 38 a7 5d 64 36 95 01 83 1c e5 da 0e 1d fc a8 81 6f da 54 fc 72 cd cb ee 80 94 82 33 8e fe 97 32 35 f5 e1 bb 96 65 bc bf 9b 87 4f 8a e3 79 0a fc 8e 14 28 99 11 9e 46 a0 da 6d 0b 2e 44 a4 af 51 5b 43 7d f8 4d 96 de 99 77 d8 c8 87 95 50 bf 60 47 8c a2 03 13 69 1d 9d a9 40 eb 18 a9 ac b0 77 d0 4a 8c a3 0a 50 0f 8c 5d 53 0b 2e 91 fd 95 bc 1b f1 b9 1d bf 0b 09 a6 44 8e 87 dd 8c b9 18 8c f9 05 04 b5 57 96 aa b4 0d 3f 26 c3 c7 96 74 f4 d5 79 0a 1b 5a 0b db be 1c 9c aa d4 2a 35 db 9e 8c 0b 43 e5 cf 93 ad 33 12 56 cf 6d 8f a4 51 af 8d 2c 1c b5 d6 1e f9 54 6a 61 ce 6d 5b ca 55 31 d4 3d 33 e9 ea 12 73 7f 2a 41 b6 f1 f3 73 72 35 33 c8 fd c0 cc 4c 58 3d 14 50 2f 7f 74 b3 6c
                          Data Ascii: E"m7#(YTi^\%3A{sp8]d6oTr325eOy(Fm.DQ[C}MwP`Gi@wJP]S.DW?&tyZ*5C3VmQ,Tjam[U1=3s*Asr53LX=P/tl
                          2021-12-20 13:26:00 UTC133INData Raw: 87 13 20 9a 97 be 1c ae 64 b5 96 69 16 48 24 53 6d 34 60 9c 5a 0e e8 98 8d 0d 03 f9 a7 89 18 a2 75 5f 7f eb df f1 84 25 f0 ee eb a4 d0 37 ec d6 0b 1d 71 af ab 1f fa 8d f1 60 57 54 47 5a 71 72 a0 90 36 7b 4e dd 50 04 68 f9 29 ac de bc 8b ce 13 08 39 3c 3c e5 14 81 1f f2 e9 a2 1a f6 45 c4 07 74 b6 3d 93 78 b8 94 ff a8 4a 07 a4 7f 0e e3 d4 68 91 eb 94 60 2b 52 16 f3 c2 e8 70 3e 02 b5 e3 01 5b d1 49 25 52 21 60 d5 7a ca de db 5e 02 d9 f0 91 49 b1 92 c3 62 d2 3e be 18 4d 70 90 52 3e 18 09 81 62 01 44 d9 b7 86 0e a0 63 19 81 ac 8a 38 a2 cf 38 7b 5b 80 b0 e0 a9 9f 33 df 69 70 de e5 67 7b 93 2a e3 eb cb 8a 05 81 ad 97 16 27 3f 71 75 b4 e6 25 0c a1 50 83 28 b8 9f 49 ca 1d db b1 7c 57 26 14 77 b6 3a 68 ca 88 36 47 3e de 05 26 36 76 a0 d7 c7 b2 bd ba 61 80 de 33 76
                          Data Ascii: diH$Sm4`Zu_%7q`WTGZqr6{NPh)9<<Et=xJh`+Rp>[I%R!`z^Ib>MpR>bDc88{[3ipg{*'?qu%P(I|W&w:h6G>&6va3v
                          2021-12-20 13:26:00 UTC134INData Raw: a6 c3 b5 25 dc a8 10 6d 20 7b 28 d6 b5 b7 80 98 f0 a5 2f aa 19 e5 29 de eb ec dd be 97 26 0d 9a 29 63 33 66 f9 c5 19 89 08 63 a0 48 34 c1 1e c3 bf 8a 4a cd 63 ba 02 b6 b7 26 d3 76 b9 52 44 98 5e 31 c5 4c 20 d6 a7 18 ce ca dc a3 33 c2 8b c6 35 63 8a a7 2e 90 22 7c b9 ae 7f 23 71 63 68 fc bb 16 53 30 ce a3 87 5a 4d 7a 0b b8 cb 37 b1 6b 0c 6f 98 e1 23 77 f0 f1 12 ab d2 d4 99 9c d7 63 67 da e3 0b a7 70 8f ec 12 90 7f f6 6a da f3 3d 2f 6b c1 c0 5f 63 97 aa e3 df 14 da 07 18 54 15 b0 6d b9 0a 8b 71 a7 f8 96 63 20 32 5e b2 81 b6 00 d9 80 52 17 0a 78 20 a1 88 8c 3a 39 86 b9 53 c9 5b bd 20 90 ec 7f c8 f2 70 b0 ec fa 5d 4d 90 64 ee 77 d9 0f bc ab 93 87 76 c8 af fd dd 23 00 42 90 fa 4c 04 73 99 b1 ed 52 3d b5 ca 0d fb 87 71 0b ef 51 b1 cc e1 3d cb 04 be 55 28 b5 a8
                          Data Ascii: %m {(/)&)c3fcH4Jc&vRD^1L 35c."|#qchS0ZMz7ko#wcgpj=/k_cTmqc 2^Rx :9S[ p]Mdwv#BLsR=qQ=U(
                          2021-12-20 13:26:00 UTC136INData Raw: ee d4 4b ea c7 7d a2 0b 2a 0e bd c3 1c 17 ac 81 47 2f fc 19 37 9c 12 d9 bf 3d 9e 6e 02 95 e7 a3 72 fc 68 5d 22 72 8a d0 d0 6e c5 5f 52 04 2c 63 b5 1c 3d ae 14 da 90 21 58 b1 48 cb 51 bb 2d f4 a7 52 78 1f 7d d5 3c 16 8f e0 21 8e 66 d6 ed ce 57 3f e7 98 6c 00 cc 3f e2 bf c1 95 c7 de c6 9d d8 ee 37 dc 47 b7 ef 34 a7 8b d0 8e da 7a 57 ac 1a b6 f8 3b b9 dd ca 5e f1 c1 d8 cf 83 4e 0f d6 d8 a3 1f 26 05 80 79 71 47 ed 71 43 07 c9 ca d4 28 4a 2f 2d 34 d7 7c ab 8b 51 d9 1a 54 ef e2 a3 f4 c1 79 27 06 d6 c1 a7 ff c3 ef 85 d7 77 7f eb 9c b9 8c e1 04 19 8b c4 9b 9e 3e ff 2a 72 5a fb c1 96 7b d4 f8 3c a5 97 37 c0 b3 08 2b ad a6 53 e2 9f ea f8 6e 71 fd c5 b7 9e a9 70 7e 11 4e 12 99 a9 75 ef e4 83 3c 21 93 fe 02 89 ad 23 22 5a ea b3 6f 73 43 61 27 0d 3d 8f 6e b2 3f 0f 37
                          Data Ascii: K}*G/7=nrh]"rn_R,c=!XHQ-Rx}<!fW?l?7G4zW;^N&yqGqC(J/-4|QTy'w>*rZ{<7+Snqp~Nu<!#"ZosCa'=n?7
                          2021-12-20 13:26:00 UTC137INData Raw: 14 34 4a 6d 00 0d f0 e6 27 3d 6e ed 81 51 ee 67 7e 3b 37 cc 20 6a 51 cb ea 11 98 b9 17 d1 ef b3 53 73 f3 f1 86 ac 14 97 10 b1 65 c4 ac 39 d5 0a 38 35 66 25 d7 a2 5a 50 ae 1a 04 d8 ac 16 4a 46 0a c4 84 dc 37 16 23 2f 4a 31 62 ad e0 32 9a af 39 26 5a 9b 78 36 40 ef 90 4b f6 c1 99 f9 2a 20 d7 0e 21 fb 7d 6d 9b 86 42 c5 d0 3d 28 b1 e9 1b 8c 20 86 4f 1b 9e e5 e0 d7 b3 3b 6b 2d 88 4e 3f 2b 88 51 fc 2e 23 48 61 08 7b cf ca 83 98 b8 f3 a9 5c a3 56 f7 84 3e 21 4c b1 6a db 97 a5 9a 70 7a f4 5a 4b dd 72 55 1c 99 41 72 2e cb 44 dc 1c 17 b1 6e a1 5c 38 a0 b5 9d 88 25 69 0a 1f b9 ad 27 fb d8 4a 79 6f 59 a4 32 ed 0c c7 86 20 23 4c 8c b5 1c 5a 20 67 64 38 ed f6 d0 07 e1 ec 23 d5 2a 87 f8 c3 df 8d a1 4b 5a 74 a5 9c bd 01 73 16 36 b8 53 b3 12 0f c6 23 8e 53 3c 0d ba 3c 8c
                          Data Ascii: 4Jm'=nQg~;7 jQSse985f%ZPJF7#/J1b29&Zx6@K* !}mB=( O;k-N?+Q.#Ha{\V>!LjpzZKrUAr.Dn\8%i'JyoY2 #LZ gd8#*KZts6S#S<<
                          2021-12-20 13:26:00 UTC138INData Raw: 7f 81 31 b7 ea 67 1c 08 b7 06 5f f6 17 d8 73 70 23 5c 2d 41 25 f8 68 4a 0b 23 d7 e2 6a 3f 24 28 34 98 17 5c 3a 8e 0c b9 7f ee 18 59 b9 78 3a d0 06 47 90 92 4e 82 e9 51 10 15 17 b5 f2 7b 46 cd b8 7f f2 61 9b 42 be c3 90 c3 39 ec b1 ce 76 d3 64 aa 5c c9 45 21 af ba 95 d0 63 42 f3 47 24 ef 4a b2 8e 47 b4 cd 5f 30 05 37 18 8f 84 3e cc 0b db cd 37 53 8a 09 32 43 36 71 c8 21 12 40 98 a1 1b a8 d8 ad f8 e6 6e dd 56 f3 2e c4 9a d7 32 45 b5 59 7e 8e 77 6b 74 e3 d6 ea 1f aa d5 32 aa d0 72 dc 15 61 4d 87 63 9d 82 67 af 74 a3 ed b2 59 3d 8f 3c 58 f2 bd 9f dd ad 49 fe 1e 33 6a 3b 37 e3 bc e3 62 62 82 21 3d 1e bc 22 f3 53 11 71 6f 46 75 6e 0a b9 91 3e 97 af 2e 89 cc b8 34 48 c2 40 21 73 77 6f e9 23 f6 a6 45 13 c1 2c 4e 1a 78 ec c0 4e 6e b4 7a 3d d3 d5 b1 35 90 9b f8 e7
                          Data Ascii: 1g_sp#\-A%hJ#j?$(4\:Yx:GNQ{FaB9vd\E!cBG$JG_07>7S2C6q!@nV.2EY~wkt2raMcgtY=<XI3j;7bb!="SqoFun>.4H@!swo#E,NxNnz=5
                          2021-12-20 13:26:00 UTC139INData Raw: 6a 99 d5 4c 17 fc c3 c7 a9 f1 ca 5d 9c fc 12 a4 85 23 26 c1 e1 04 e8 60 f3 1e 45 37 65 05 28 4b f9 c0 7f 40 08 34 19 ab b8 49 2c 5b 6c 16 84 65 39 db 0e 26 09 fc 56 de 80 3d c4 87 47 d2 e6 a4 ec e8 a5 11 ed b7 9b ae 86 a1 c8 21 4f 2d c2 cd 03 25 3b a7 9e 80 80 18 67 36 36 74 fb fc e8 b1 5a 09 44 66 0e fe 1a cc 3f 47 9e 0f c3 22 38 8d 4b 3c bc af 52 75 70 1a cc 64 49 b1 6f ea 2f 44 64 55 27 b1 1a 5f 3a 56 2e c4 f4 41 11 a1 22 57 f7 5c 7b 98 5e 4d 85 5f fc c6 81 ce 38 35 43 91 f0 c4 da 13 1f fd e8 43 e5 4c 5b 7b 21 7e 93 5a bf 77 86 51 6c bb 70 72 ec 37 15 94 87 94 23 75 80 26 71 86 08 f1 f8 99 e5 7e de 01 f5 07 ba 80 e2 31 db 7a 9a 09 72 22 79 7b 2c 17 c0 37 94 ee 75 08 fc ee 48 cd d1 c2 7a fe c2 ee 20 fd d6 41 7a 26 83 2e 71 e5 6a 13 ca 64 b8 57 8f d1 be
                          Data Ascii: jL]#&`E7e(K@4I,[le9&V=G!O-%;g66tZDf?G"8K<RupdIo/DdU'_:V.A"W\{^M_85CCL[{!~ZwQlpr7#u&q~1zr"y{,7uHz Az&.qjdW
                          2021-12-20 13:26:00 UTC141INData Raw: fb eb b1 84 56 12 b1 08 df 14 eb 9a ff 4f 8b 36 c6 e8 b2 42 d8 07 2f 90 d9 9c ce 58 9a 37 1b d9 97 53 48 f4 73 db 7a c1 0f e4 05 10 16 c0 c0 04 c5 2a 83 2d 59 0c a4 29 ce fa 6b d0 22 ad ce f9 f7 af 3a bf 54 dd 55 7a f2 3d c3 f5 35 5e ca aa 13 20 a3 1a 69 93 45 2a 1d 92 b9 ef 62 f7 03 e8 ae b9 7e ea 90 ef ff f6 d2 ff eb 7e b1 63 47 29 eb 4c 62 4d bf 24 d7 9c a7 fa a3 f3 c8 0c fa 90 7e c8 25 5b 57 36 c7 19 f6 8b 27 41 80 94 2d 74 c4 d5 e6 49 d7 86 59 2b 29 32 74 aa 1d c1 99 5f d7 cb 59 a4 70 0e 93 e7 79 ae 45 92 01 39 38 9a 03 f9 d2 f2 91 16 5d 4f 03 e2 82 f9 39 f6 97 f2 b4 ea b3 fe f9 69 c1 9a 3b a0 e2 19 fd 22 5d 24 eb 13 ed 5d 6f b9 96 46 89 0c 30 54 84 b8 c3 00 7f 77 c3 b1 ec e9 02 e0 14 9b 9d 3c d2 3c 9c 55 b1 b6 93 22 f1 34 cd e2 57 67 aa 86 b4 1e 17
                          Data Ascii: VO6B/X7SHsz*-Y)k":TUz=5^ iE*b~~cG)LbM$~%[W6'A-tIY+)2t_YpyE98]O9i;"]$]oF0Tw<<U"4Wg
                          2021-12-20 13:26:00 UTC142INData Raw: 37 37 bf 41 6f 9f 1e 85 a2 ef 44 b4 5e e2 92 26 87 71 bc bc 86 20 16 9d 40 27 b6 9b 54 ca 63 ee 6f 7f ea d8 ff 5b 7a c8 c0 91 3e 0f b9 2e 20 4c de 3d 7a 38 00 41 38 ff 24 d7 15 8e 70 7a e2 ca 84 52 be 17 43 9c 59 ea 30 e1 1f e9 6b d1 b1 9a f0 4c 7e d5 af 5e 38 a1 01 6e af d7 ba 51 15 74 fa e8 c8 2f 73 33 76 b5 55 0e b3 99 4a 8f 56 88 fa 74 a9 0e dc d3 56 2b 90 0e eb 3b 31 a4 df c7 87 95 d1 82 bd ec 78 3c 74 46 75 c9 69 9f 3b 7a 5e c2 80 22 76 7c ed e1 8e fe 77 2e 35 e8 4a 94 bf 38 d1 0e 83 76 49 39 13 df 22 7d 73 95 14 b8 23 80 5d fc a9 d4 8f 64 1a f4 e1 0b 0f 93 21 a7 32 2d b5 69 76 70 22 8e 6d c5 15 b2 3f 08 1e c7 70 6c d7 e9 37 0c 55 21 25 f2 be d5 64 67 04 41 bb ce 24 76 60 a2 39 6d 22 e4 5e 64 59 8f fc fc 2f 6e 0e cd 58 4c bf 66 e6 d5 64 7f dd ad 42
                          Data Ascii: 77AoD^&q @'Tco[z>. L=z8A8$pzRCY0kL~^8nQt/s3vUJVtV+;1x<tFui;z^"v|w.5J8vI9"}s#]d!2-ivp"m?pl7U!%dgA$v`9m"^dY/nXLfdB
                          2021-12-20 13:26:00 UTC143INData Raw: c6 c3 59 30 67 37 b3 14 7a 27 d2 44 21 1c 03 96 f3 8a c4 99 e8 d4 6a 22 21 fd 95 89 7f 91 b0 59 a2 ee 8e 2c 8c 50 a8 5e 55 5b d5 34 c9 f0 c3 e5 8c dc 37 1e 8c 7f ad 76 9c 2e 0d 6b 29 a0 ad 3e a2 cf 67 e6 20 a1 bd a7 ab 32 93 d3 78 b6 8d 0a 63 76 76 9f 59 c0 cd c8 cd a8 c0 82 24 c7 dd 1c be d8 61 01 68 20 d4 07 87 94 bd 22 d3 8d 9e 03 78 b3 3a bf 67 97 9b 8d cc 72 12 ac 25 dc ea 5d 14 95 97 2d 41 ff 6d c2 e0 a6 5e 8d 4e 1f 7a f3 fe 8f 8f 0f 66 f8 61 d5 b2 4a 92 fd e3 89 5f 5a ce 12 39 22 46 72 43 40 79 2b ae c7 68 c3 d5 63 55 8f 69 8f 65 8d 71 ea 98 34 57 a4 31 e0 ff e0 bf 9c a7 1c f0 f9 52 b3 ee 5e a1 21 cd 21 7a e4 28 e0 ac 76 64 08 82 eb d6 49 57 ff e4 5a 50 f4 1b c9 f6 e2 a5 fa b2 1e 3e ad ab 89 93 bb 8a 5f ba a2 28 e7 fe 53 47 65 f2 a3 8f 1e e1 5c 32
                          Data Ascii: Y0g7z'D!j"!Y,P^U[47v.k)>g 2xcvvY$ah "x:gr%]-Am^NzfaJ_Z9"FrC@y+hcUieq4W1R^!!z(vdIWZP>_(SGe\2
                          2021-12-20 13:26:00 UTC145INData Raw: 63 cb 02 7c 5a 9c 9a 37 6f c3 e5 da b2 71 be 97 c3 b5 3f 28 2f 0d c0 ec 60 59 d6 08 89 c0 f5 0f 65 28 06 9a 5a 08 6c 34 55 6e 6f 7d e8 ac 91 f6 cb 77 ed b0 d6 b5 fe 77 19 e5 b6 4f 2b 11 3a a7 ed 11 8c d7 56 00 8f a8 10 6d 7a 65 d5 ab 6a 44 e8 0f f6 7b cf f3 f9 2e 74 c1 12 94 da 18 22 2c fa 9d d1 5a bc 55 e7 f8 e9 b4 9e 09 8e 65 8c 1c da bd 92 01 33 10 1b 6f 88 c5 6e 2f 52 c5 54 31 a2 09 78 89 ab 90 ec 9f 3e aa fc ea 6e 6c 81 ad f0 39 9f 84 2f 15 12 5a cf 00 b0 76 12 05 30 6e b8 a1 eb cb fa fa 74 73 5e 63 e4 7e 25 45 19 37 54 e1 ed a2 83 37 be 51 ac fd 46 76 78 ba be de e5 6f 24 40 cc 4b 8a c5 f6 17 4f 60 90 8c 0f f3 8b 7f e8 39 b4 ac d6 30 c9 be fd 17 1d 0b da 61 c9 9d 6f e5 3e 60 2d d7 37 b2 c6 33 c5 88 ef 2a fd 6a 0d cb 87 71 85 6b 89 5e eb 02 e7 a4 ed
                          Data Ascii: c|Z7oq?(/`Ye(Zl4Uno}wwO+:VmzejD{.t",ZUe3on/RT1x>nl9/Zv0nts^c~%E7T7QFvxo$@KO`90ao>`-73*jqk^
                          2021-12-20 13:26:00 UTC146INData Raw: 40 57 d3 ed 92 80 66 90 f7 d8 f7 f6 7f e7 78 33 79 00 c6 8d 11 69 8c 6a e1 1c 09 ba 15 07 b3 1d dc ff 6e 0d b2 d4 d0 32 00 84 c6 33 3e 5d e2 b2 ff 58 54 e5 46 b0 23 4d 8f 6d fd c7 b8 df b9 cb 7a 12 1a 5c ef 8f 31 6f 1e ba 38 5e 3b 34 8e 14 c3 26 39 5e 57 c5 ae ee a2 fa e5 c7 cc d6 f4 93 c9 93 d1 d3 65 91 4c fa cc 81 b4 dd c3 45 c6 b0 52 62 69 57 66 f5 95 06 d7 4f 7e 27 7f ad d2 eb 1c 20 0a 23 3b 75 0a ba 09 df 0d a0 86 da 12 f6 f9 5b c5 83 d8 fb f9 c0 34 ea fe b5 cc e2 e4 43 a5 7c 15 8a b6 60 e2 f8
                          Data Ascii: @Wfx3yijn23>]XTF#Mmz\1o8^;4&9^WeLERbiWfO~' #;u[4C|`
                          2021-12-20 13:26:00 UTC146INData Raw: 52 d5 59 68 1d 39 46 a2 82 71 ac af 8b b2 80 86 c4 f8 ff 18 8f 61 fa 71 ed 23 af e5 96 ea 81 66 25 56 99 07 29 9f b9 f0 0d 9c 77 2c cb a4 10 18 4b b0 1c 8e 48 a1 08 33 82 62 8a e0 1d 23 6c 2a 2b 36 98 db 74 1b 44 6b 05 c6 f8 a8 e7 e8 b1 98 38 34 cd 8c 50 7e 71 c3 d6 71 b8 1b 1f db f2 d9 85 f0 71 40 3b bc 77 f8 33 de b6 be 68 b0 32 5e 62 21 e4 b9 29 bf 11 8e 1e cf db cf 5e df f1 b7 73 46 58 a3 da 57 4f 27 e8 ca 97 10 39 c1 dd 8a 8c da ba 31 e6 8a c1 71 f5 a0 7b e0 d8 94 96 88 68 c0 3c b8 9b 1a 63 c4 53 72 75 fe ac 05 49 92 31 7d 53 e9 ed 7e b6 0d 3f 95 a4 ab 86 7b 5d f3 fb fc 3a 8d 05 55 65 fe 58 0f e3 8e d3 f1 12 eb 90 03 07 81 d0 9e ef 8e 3e 76 41 72 19 a3 2d 71 d2 21 76 99 b2 31 4a 59 c8 9c 8a 0f c1 33 91 5b ad 82 66 c1 35 e7 d3 7d bd 41 cd 83 5d e0 98
                          Data Ascii: RYh9Fqaq#f%V)w,KH3b#l*+6tDk84P~qqq@;w3h2^b!)^sFXWO'91q{h<cSruI1}S~?{]:UeX>vAr-q!v1JY3[f5}A]
                          2021-12-20 13:26:00 UTC147INData Raw: 2d 80 3a 7d 45 e0 78 17 91 01 20 8a e7 f5 26 84 a6 58 21 35 4e 49 4d 3e 20 bf 0d cc 7f cc 1e 7a ce 38 e9 53 65 b8 fc 92 c7 e3 6a da c4 59 a6 7e 0f 0e e6 27 ee 02 c0 a2 5b 76 b8 8b 60 79 02 c2 06 b6 62 e5 b4 7b 17 d7 ee d2 84 75 22 ec a6 8b 63 e1 58 73 ea 71 63 0a 29 1b 1e 0e 64 48 1e 76 18 ed f1 7e e1 f3 13 f3 f3 92 12 2e 1c 97 6c f3 61 33 75 f2 b9 6c dc b4 a6 a9 de 2b 82 f3 2c f1 c0 1d bd 7f c7 d5 10 88 82 7e e7 31 0c 68 a3 cd 44 ab 20 79 d6 2a 0c 03 4f a9 84 41 f5 4c ce c7 b1 a0 24 d5 46 56 47 ca 79 e8 6d 3d 4c 20 20 85 de 47 b7 3f 53 96 c0 ee ab c1 24 1f 83 23 ed 20 16 45 9a 73 7a b7 9d e2 71 7b 4d d2 4d 77 42 6f 5f 6d 53 0d d2 23 b0 80 59 05 e8 ed c6 c8 26 c8 63 31 fc a5 0c cc 6c 3e 91 7e 8e de ae bf 9f 6e 76 ed 4e 4d a9 c0 a7 29 75 cc ec 15 cf 10 74
                          Data Ascii: -:}Ex &X!5NIM> z8SejY~'[v`yb{u"cXsqc)dHv~.la3ul+,~1hD y*OAL$FVGym=L G?S$# Eszq{MMwBo_mS#Y&c1l>~nvNM)ut
                          2021-12-20 13:26:00 UTC149INData Raw: b8 9a 4a 43 3e 0f 5c fc 65 98 e4 8c c5 fd 48 86 7a f4 36 87 a0 76 d3 01 e6 e6 ea b8 8f 91 db 49 d2 9b 0d 32 7d 31 c3 7e 3f 21 28 bc cc be 7a 56 e6 9c 1b f0 61 a2 63 9d ed 00 c0 61 cf dc e7 a3 6e 40 ad fe 7d 00 23 1b e8 da f7 27 ac f1 b0 b5 ac c4 a0 03 a1 06 8c b7 39 9b ac 8d b6 c3 a0 c7 eb 0c 90 88 0c 26 e8 dd 15 07 72 41 ef ca ad a5 03 62 cb 1f fb ec 05 60 1b f4 fc e3 96 4f 81 05 58 bc fe ad 75 bb 5a e6 d0 07 7d 47 18 5a 5f 22 ec b2 72 4e 3e 6f 24 68 b6 fc ce 9e f9 cd af ef c8 f2 f5 17 ee 68 81 d1 d9 e3 df 95 f2 63 16 e0 78 e6 8d 49 a9 04 39 d0 e8 c6 53 5b 9a c6 98 47 43 f5 8e 34 6f f2 cb 8c f3 1d ea 3b 73 a1 b0 c0 b1 c8 09 7c 98 42 29 91 ba 2b 81 cd e7 e8 a4 36 cf 50 6e c4 a5 11 08 10 fe 95 db ac ab 9d e1 fe ee 2d 31 75 ae 26 b8 ca a4 1e ab cc f2 53 e9
                          Data Ascii: JC>\eHz6vI2}1~?!(zVacan@}#'9&rAb`OXuZ}GZ_"rN>o$hhcxI9S[GC4o;s|B)+6Pn-1u&S
                          2021-12-20 13:26:00 UTC150INData Raw: 69 c3 2d 80 d8 e8 94 12 07 d5 1f 61 55 98 e8 e3 fc 2d 05 18 1d f9 c4 e6 89 e0 89 0f 79 a2 92 45 36 91 11 63 34 2a 69 18 1f 33 75 5f 7d 3e 81 f5 a1 72 7d f3 68 10 77 86 a3 92 42 86 bc 1c 16 11 79 88 72 25 b1 35 7f 28 0c 59 c4 3b 81 87 0d 0b 62 72 33 15 6b f3 75 fb 81 70 4a d1 f2 36 91 a2 5f 98 c1 8a 0a a7 d9 53 ff 4a f5 35 d3 4a 75 df bd a8 ce 79 79 cc 49 d5 17 bc 6e 2a 42 a8 af 1f b5 7a 68 56 ba ae 2e 35 96 f3 22 03 b6 32 ab e0 68 d7 0c cc ba 93 e1 62 92 f9 9e 10 9f 7e f7 2f 32 44 b3 81 dc 78 56 cd a8 a8 e8 b7 91 e2 e0 8a 18 e1 2a f1 c3 aa 83 c4 15 83 8f 5d de a6 c7 12 8b 56 df e8 a0 4e 35 7b c4 e2 5a 36 6f 99 73 7d b5 6c fb 73 94 56 66 f6 cd e1 58 5a ae 07 7b 1b 5b 9f 6e cf b7 91 b0 72 ca 76 f9 32 6b 3b 69 92 89 3f a1 67 21 1c d0 67 83 d4 34 a0 4e 9a 53
                          Data Ascii: i-aU-yE6c4*i3u_}>r}hwByr%5(Y;br3kupJ6_SJ5JuyyIn*BzhV.5"2hb~/2DxV*]VN5{Z6os}lsVfXZ{[nrv2k;i?g!g4NS
                          2021-12-20 13:26:00 UTC151INData Raw: 82 8e ed 22 80 b0 9d 0a 7c f6 77 c4 01 33 33 77 0f a8 0d 58 5a 92 70 89 ae 59 0f 1d 87 19 b2 a9 25 e9 68 d7 e7 1b ed 28 54 73 99 6e 92 40 d4 45 cb 04 be 60 8d 13 45 e4 7c 31 1c d0 75 f8 83 bc ad b7 64 d0 34 40 6c a3 f2 f4 fc 83 99 bc 7c 45 e3 42 62 c4 89 03 72 82 24 0b 80 f2 ab e1 9f 67 96 c8 6e 06 ed 0e 99 57 15 6a b2 4f 9f 30 04 92 05 79 ac 0e 08 c4 d1 80 57 f8 98 b4 58 ca 0d 91 82 ae d8 41 1c 62 d2 bf a6 ff 25 6e 31 d7 9b 02 e8 3f 09 74 3d 3f ae 4e bc 90 4d 06 7d 0b 80 3c ad 7e d2 2d 72 aa d9 3e 8a c6 28 bb b8 c0 9e 5a a3 36 f2 05 e8 98 31 80 fd b5 ab 3c 77 ed 44 03 c8 fe b1 1e 42 fb 3f 81 34 95 b9 ba fe 46 b3 d1 f1 d7 d9 b8 08 7d 61 48 64 83 f9 6b fa 01 42 a8 17 bf a8 e4 d2 95 89 db 85 a4 a2 d0 11 0a 88 4c 7b 51 51 e9 ba bc fc 99 7d a0 9d cf 71 b2 93
                          Data Ascii: "|w33wXZpY%h(Tsn@E`E|1ud4@l|EBbr$gnWjO0yWXAb%n1?t=?NM}<~-r>(Z61<wDB?4F}aHdkBL{QQ}q
                          2021-12-20 13:26:00 UTC152INData Raw: cc 6e c4 5f 39 20 67 d9 df 4b 2d 8a 9d 2f f8 1e 35 b5 f9 28 c1 7b 6e 3e cb 27 79 a3 1d c9 0e 9e ee 0c 91 7a 3a 53 0e 64 31 b5 64 ff f9 a7 63 f1 5c ca 4f 56 ad c8 f6 42 da 12 a8 f4 ea db 7a 39 18 97 86 0b 0f 14 0b 7e 11 66 04 48 71 44 ec 4f 74 7f ec c1 91 58 7b 18 72 42 d6 8a 04 9a 8e ae 80 5f 0b 1b e3 2c 21 0d 31 58 26 09 aa bc 3e 1b 6a 05 3d 60 a6 e1 24 1b ed 8f 42 80 9b a2 18 f7 73 de 94 92 2c 7b 01 f8 b4 70 00 98 ce 54 e0 e6 61 6c 37 84 3a 2a a0 d9 08 a4 7d 38 9b 9f 1e 80 fd 2f 92 6e 99 0e fc 0b 9e ba 98 82 1f 95 56 1f e3 7f db b0 43 c5 fb bf 30 19 a2 5f 31 8a d7 f4 a6 56 ce 1e ed 3c da d5 8d ee b5 0c a7 f5 87 f6 90 56 c6 7e 35 07 48 37 5b 26 6c f6 f7 05 d6 73 5d 66 38 6a 72 17 af 66 65 e8 e4 98 7e 0e 2b 9f cb a1 8b 68 e8 8c f1 4b 4a 9d fb 79 d0 90 ee
                          Data Ascii: n_9 gK-/5({n>'yz:Sd1dc\OVBz9~fHqDOtX{rB_,!1X&>j=`$Bs,{pTal7:*}8/nVC0_1V<V~5H7[&ls]f8jrfe~+hKJy
                          2021-12-20 13:26:00 UTC154INData Raw: f0 d8 c2 8a 9f e1 4d e7 51 1b 68 87 f3 f8 78 ee 86 c0 7d 28 bc a3 c3 91 c1 41 2b 53 26 5c 8c a2 26 f1 69 2c 26 bd 99 56 45 f5 0c 7d 02 df 6c 90 c5 9a 11 ae cc 65 f5 e4 67 90 1a f6 4e 7b 31 23 7f fd cb 9d b7 a1 26 35 03 52 66 ba c2 95 77 17 f5 10 cf d3 87 4c 30 b7 5c ed 03 cc 1c 12 ae 8d c8 f1 8e d0 ab e4 31 5d 04 7e 9e 20 66 52 e2 d9 ad 23 8f 3d 0a 1c 1e 21 0d 79 b7 18 3b d7 be 87 13 ad 56 69 96 45 16 60 0a 79 1c 65 1b e2 60 ec ef c2 db 36 24 fe c6 44 96 3c 41 da 7e 32 62 3c 76 2c 8b 34 6b f8 f4 2e 1a 5b 8a 78 99 19 15 3b 36 d5 c7 71 8d a9 fb f9 52 ce 1a 39 34 02 2d 88 f6 ac 26 81 35 c3 bf 9f 79 88 1e 33 b3 bb d2 14 7b c2 24 5e 18 74 36 54 a0 66 9b bc b5 4f c9 ad cc 8c 1f 6c 31 e7 85 7c 1a e3 ff 4a c6 b2 fd 04 ee 17 51 44 72 83 d4 1f 57 29 15 31 ec 10 0a
                          Data Ascii: MQhx}(A+S&\&i,&VE}legN{1#&5RfwL0\1]~ fR#=!y;ViE`ye`6$D<A~2b<v,4k.[x;6qR94-&5y3{$^t6TfOl1|JQDrW)1
                          2021-12-20 13:26:00 UTC155INData Raw: 4b 79 0a b3 e4 f7 f4 d7 ba d5 db cd 3b 22 e0 4f de 84 0b cd a0 03 80 0a 2f 79 f0 47 14 3c 07 cc e1 01 8e c6 50 eb 44 7e 5a f3 4b 0e 62 e4 c1 49 28 b8 73 b1 dc 73 1c d0 87 b1 07 cb b4 ae ce 40 0d 78 90 d0 c6 22 e8 6d 9a f7 f7 35 d0 f2 9a 0e b6 8a 19 a9 f3 d4 6d 9c 0c 4f 66 e6 7b 0d 9f bb 4d 8f 7e de 1d 69 9b 02 bf 5d 1d 67 1b 50 0c 2b 98 d8 16 8a ad 36 bf c0 09 a3 d8 0e 35 5b 97 98 bd 54 a7 0f df df 33 7e 20 8f 8a 9a 31 b2 ac 9b 2e 86 4f 18 4d aa ab 0a 72 ea db a6 81 ef 49 9c 10 5e a0 7e 19 79 c3 5e 7c 60 a1 b3 cd a0 85 ed 83 f2 31 72 f1 d7 28 21 8b b3 31 de 1e 6f 88 09 81 32 b5 30 52 c3 82 ca f9 3f d0 f4 49 93 ba e5 a2 04 04 1a aa 32 71 d7 d3 5c 19 21 f9 59 a4 5f 48 48 25 3d d3 05 34 9f dc 2b b8 bd 48 6a b4 2a c9 a1 43 56 14 ba 8b 7a 43 0f 5c 36 fa 5c a2
                          Data Ascii: Ky;"O/yG<PD~ZKbI(ss@x"m5mOf{M~i]gP+65[T3~ 1.OMrI^~y^|`1r(!1o20R?I2q\!Y_HH%=4+Hj*CVzC\6\
                          2021-12-20 13:26:00 UTC156INData Raw: 89 fe 76 5a 17 dd 53 bf ec ae a3 b7 04 a2 e7 0c b1 6c 23 07 cb 62 26 d4 34 52 5c 1f 8c ef 4f 26 b6 55 4f ac 28 0b 18 41 92 80 99 bf a5 07 8c de d4 0c 7e 88 f9 3c d1 38 5d 09 7a 86 a0 9b 50 3e c9 dc f5 90 3f 2b 51 2d bd bb 96 cf 9b c1 b1 ea 93 7a fd 52 15 f5 35 11 e3 d5 56 c5 13 ab 65 6c 8e 8b 0f d3 df f6 77 bd c0 e6 89 fe ad af 34 ea fe 1b 87 ea 03 5b b6 18 95 ee 94 46 ad f2 39 12 1e bc c1 f1 86 ff 2e be 9e 70 80 2a 2b 3c c4 2d fb a2 c4 29 02 ca f5 43 bb 2a ef 42 6e ce eb 79 00 55 d7 30 71 8d 42 9a 93 3b be 5d d4 81 c3 c0 2a 1f 69 61 48 83 3a 5e 95 be 3c 74 0a a1 3b 69 7d 9f ee a5 f2 b1 22 3e f9 52 06 ad 76 85 1d 08 97 df b2 e3 9b 61 c9 38 57 63 0d 52 48 0d d9 d2 44 4c e5 38 29 11 78 eb 2d 3c df 51 5f 57 c3 53 aa 22 07 22 4d f8 e7 0d 73 bc e8 c3 ba 32 79
                          Data Ascii: vZSl#b&4R\O&UO(A~<8]zP>?+Q-zR5Velw4[F9.p*+<-)C*BnyU0qB;]*iaH:^<t;i}">Rva8WcRHDL8)x-<Q_WS""Ms2y
                          2021-12-20 13:26:00 UTC157INData Raw: 64 4f 59 39 5a e4 7f d2 91 19 94 61 80 22 36 ce 45 03 3e 07 b0 68 8e 6a 6c ee 64 16 24 74 d0 22 84 c0 d1 04 5c 67 96 70 b9 4c 85 8b 80 52 30 e8 57 b1 46 48 ff 13 e9 12 55 cf 5e 7b 60 34 31 8d 5c 5d 07 2c 25 65 49 50 ad d7 2c eb c6 a2 e6 e9 f9 b9 25 03 29 d6 77 e4 01 bb 25 e4 f2 c8 0e 51 0f d8 52 76 98 c5 8e ff 8a 1a ec cd e7 91 46 dc a1 a2 bc e2 99 b8 24 93 29 36 9f d2 a2 8f b8 98 35 b9 9c 7c a4 7a 56 3f f5 e0 f1 1b 76 17 ff 06 e6 42 9f c3 1d 63 4a 5e fd b7 c7 8c d9 a7 08 99 f2 f4 b0 50 a4 1a 9f e9 7f 40 c2 fb 2c c3 06 24 07 3f bf 95 dc d9 ae 52 1b be aa e4 c1 fc 3a d6 5b 47 a9 a5 b7 43 98 24 21 db 39 50 8c e8 bf fc 89 1c 61 f8 14 9d 5c 34 e5 63 6a f3 50 38 38 74 9f a9 6b 91 f7 8c 30 24 c8 e1 5f 4d 25 cc 2d 50 d0 e9 9b 06 09 ae 2c fd f2 02 eb 69 f6 ed 99
                          Data Ascii: dOY9Za"6E>hjld$t"\gpLR0WFHU^{`41\],%eIP,%)w%QRvF$)65|zV?vBcJ^P@,$?R:[GC$!9Pa\4cjP88tk0$_M%-P,i
                          2021-12-20 13:26:00 UTC159INData Raw: 8b e3 28 79 22 b0 f3 b8 72 5f 38 1f 7f 19 a0 75 7a 27 4c 34 93 22 ab 88 e2 5a 00 79 bc 1e 77 eb 23 c0 6b 35 fb 0a 58 20 15 64 9c 88 7c f1 ba b9 14 c9 28 ac da f2 93 b8 92 c6 61 e4 1d 5b 7f f0 e9 34 60 48 a1 3d 29 a4 12 cd 4d b3 0b be e7 26 22 61 e2 0c f6 23 4c ed 69 32 0d 6f fb e6 c5 fc 7b f7 d8 f3 ef 56 b9 3e f3 0a ac 76 ca da 8b 68 43 b3 70 52 b1 7e a7 0c b5 d6 cc 27 86 a1 cc 27 df c3 8c 66 7e 12 7f 09 49 d4 17 53 b4 e6 24 b9 80 a9 41 5b 54 6c ab 54 6e f0 a3 92 31 35 e7 14 99 9f df 21 77 f5 ac f2 e4 b9 b2 98 4a cb 98 ce 10 22 55 34 48 86 65 4b de 28 ac fa 94 9a 92 b6 51 d4 32 0f 4b 01 ce 69 0b 2a 7f 2f 17 1f 2c 71 68 64 17 28 35 e5 1e 26 1d b0 ec d3 0f 48 71 ff 3b 59 b1 d9 00 d7 53 bb c5 10 c1 9d 4e c7 97 d5 39 b6 e8 eb b7 dd 3c 5a 48 f2 0c 3f c7 b5 91
                          Data Ascii: (y"r_8uz'L4"Zyw#k5X d|(a[4`H=)M&"a#Li2o{V>vhCpR~''f~IS$A[TlTn15!wJ"U4HeK(Q2Ki*/,qhd(5&Hq;YSN9<ZH?
                          2021-12-20 13:26:00 UTC160INData Raw: 94 2a 1a ef d4 ba 4e a4 f3 7d 81 e2 8f 40 e1 f3 b4 ef f1 32 e1 e4 5b a1 fa 1f 35 f9 9a e9 ac 6c 5f 41 ba 29 e9 ec 7d 46 8e d5 c4 a5 d4 55 96 55 e1 16 a3 bb 22 dd e0 6c 18 3e a6 8b 21 61 83 7a 63 a4 52 46 49 89 75 a1 5b 25 fa bf ec 2d 78 69 74 0b 05 d0 f6 d8 0e 79 21 dc 29 c8 77 35 11 dd 89 cf dd 35 2e 58 3a a0 be 43 56 c3 a1 43 4f 41 89 7f 68 e4 a1 58 a0 da ea 58 88 7c 2b 1a 84 40 b1 58 26 7d 2e 73 53 ea 5a 2e b7 bf d5 cb f3 72 e7 cf 23 99 18 6d b9 c1 d9 8a d6 17 03 ec 39 38 89 e8 49 5e 10 07 73 f1 e9 df 5b fa 12 06 52 0b 98 19 d9 19 28 2f e2 df 72 61 fd b8 14 65 d9 94 b1 fb 87 95 cd b9 aa 1e c6 5c 8c e5 2f 5f b7 81 2f a9 e8 db ea a7 02 54 b1 f5 c4 05 68 7b c8 5f 66 a8 c0 35 b1 b1 69 f1 46 bd 6b ee a5 78 e8 8a 94 36 cf f7 8a 99 5d a2 ac b0 b7 44 26 76 7c
                          Data Ascii: *N}@2[5l_A)}FUU"l>!azcRFIu[%-xity!)w55.X:CVCOAhXX|+@X&}.sSZ.r#m98I^s[R(/rae\/_/Th{_f5iFkx6]D&v|
                          2021-12-20 13:26:00 UTC161INData Raw: e5 80 ae 13 cb ad 5e 2c 90 b8 0a 8a 47 6a 3a a5 f4 ca d9 0b f9 ac a3 97 cc b6 51 a5 a2 72 9f f1 2d 61 fd f1 6b 5e 5f c3 7c c9 1e 23 cb 5c a0 ea 7d c9 58 ed 74 03 08 0e 17 68 79 56 42 08 12 7f b3 4a cd 13 59 73 ca ec 2f c3 9e 90 b2 29 ed 0a 15 ea ec 27 31 ad d5 60 37 c1 d7 70 0c 5a fb ad 2d 4e 68 23 71 70 0b 2c d0 5c 5c 70 32 9f cc 78 af 15 41 f2 1c 61 fb a9 00 e2 51 76 4b 03 53 e2 18 be a7 5c 6b 76 8d 15 b0 86 eb 8d 15 7f b3 8a 0d b9 85 0e 89 c0 0b cb e5 eb 83 f2 eb 19 7a f3 48 00 90 77 67 fa 53 e7 d6 e1 04 a8 f3 f2 26 ad 4e de 46 99 4d e0 94 7f 79 48 7f ef 3b 7e 16 9a 26 f0 71 ad fb 90 41 6b 06 78 ab 3a 8a 19 18 d1 51 a9 9a 09 c9 f8 53 8b 54 a8 81 b7 8b bd 19 4b ec ac 56 6d 57 7a 85 46 4d 9a ad 66 0e 3f 1e 74 93 55 a3 f9 c4 ec ff b8 9a 09 f1 43 8e ec 90
                          Data Ascii: ^,Gj:Qr-ak^_|#\}XthyVBJYs/)'1`7pZ-Nh#qp,\\p2xAaQvKS\kvzHwgS&NFMyH;~&qAkx:QSTKVmWzFMf?tUC
                          2021-12-20 13:26:00 UTC162INData Raw: a1 ce 21 3b ea 33 e4 58 d4 14 f9 ef 3b 8f 3d 28 75 5d 07 e4 cb cd 10 c8 51 f4 fa c4 e4 bd 65 05 8f 5c b4 d4 78 4f d4 56 29 85 06 7f 1a af dd 77 6e 07 b9 5d be 34 1c 34 ba ec 7f c4 19 21 46 95 48 1d 1a 38 8f e0 f8 74 80 a8 1b 18 6b ba cb 5e 2c 69 c7 50 4a ca 29 a8 b6 cc 38 a7 e9 6f 36 1f db 97 95 f5 f1 7c f0 57 db af af c2 7c 18 52 18 ed 29 7b 93 88 e5 70 3b 76 aa e9 3d 72 de c3 7f 88 dc 89 ce d8 de ac 51 70 26 ec 70 b5 79 33 91 ca 82 ff 96 18 e8 08 5f 71 fc 05 df 2e cd 8e 7e 4f 07 6c 74 0c f2 3c b8 71 d8 9d 36 0a 67 08 10 fb b8 b2 3c dc 45 45 de ff b3 60 8c b9 b6 4c 24 4a 24 02 af 7c 76 5d 0e 8c 6f c8 b7 06 13 91 87 4f fc bb 65 31 92 e9 4f 8d 2e ba c7 13 a4 67 0f 92 dc 34 3a 22 72 e2 8a 92 2f 70 1f a3 9c d7 dc 6f 6b 41 89 96 49 a6 63 50 4e 7a 4b 18 be 70
                          Data Ascii: !;3X;=(u]Qe\xOV)wn]44!FH8tk^,iPJ)8o6|W|R){p;v=rQp&py3_q.~Olt<q6g<EE`L$J$|v]oOe1O.g4:"r/pokAIcPNzKp
                          2021-12-20 13:26:00 UTC163INData Raw: 2e d8 f4 10 35 28 4f 6a b5 44 cc 1b 94 60 48 36 85 61 1f 5e 1c 24 f2 51 0e a9 a2 76 03 e3 13 56 6f 64 8e af 27 74 3e b6 75 b3 90 e6 df a1 ba 7b 52 f1 15 86 d4 aa 00 b6 8a 68 d7 99 c8 8e 32 89 5b 47 86 e3 4b 24 31 a5 50 11 43 59 bf 17 0a ca 9d 34 2c e2 fe 6b 9b 9a ce bb 6b 1d c4 4e 2e c3 b9 5c 14 2b 6a 29 0a be a9 ed 1d b2 86 93 ec 1e e8 92 bb ad ae 84 6c c4 2e 82 29 b8 60 7f 09 06 91 9d 95 45 1d 9c bf 2a d1 0a 39 10 35 65 d1 b6 6a bd 7d 83 a0 0d 34 c5 4b 7e e8 b5 ca 43 b4 72 4d 17 96 de 6b 85 5c 95 f5 ea a3 86 3a 66 a0 be b5 ce 25 c0 ef bc 7c 62 71 d7 da 39 be 48 07 0e 1a 53 9a c7 bf a1 a2 62 39 b5 af cb 37 5f 46 e7 59 f9 40 92 2c 8e 7f 27 6a 7f 8f 0d 77 1a 07 e7 f5 c9 2e 7a 0d 3a f3 b4 b8 85 ba fd 51 22 29 d5 71 f9 94 ba be b3 26 74 d4 57 b7 e5 60 1f ff
                          Data Ascii: .5(OjD`H6a^$QvVod't>u{Rh2[GK$1PCY4,kkN.\+j)l.)`E*95ej}4K~CrMk\:f%|bq9HSb97_FY@,'jw.z:Q")q&tW`
                          2021-12-20 13:26:00 UTC165INData Raw: 92 f5 f8 30 c7 6a 93 ba aa a1 03 4c 28 c7 55 bc 32 d4 0b ca e6 2d 8d eb d3 32 a0 65 e9 27 68 eb 49 00 23 ba 74 e6 a6 1b 09 15 4b 74 7d f9 a6 b4 e8 ef 45 a4 b0 30 a9 ca 39 79 ee 22 33 8e 98 6d ae a6 3d d4 89 d9 f2 a6 31 18 fc 4d 85 7e 87 05 3c 59 f3 7c 34 5f ad 99 1e 8b 64 80 60 9e cf 15 23 01 82 69 92 81 1d 7c 3f 09 bc 64 bb 94 bc b7 1f e1 f8 11 40 4a f4 6c 4e bf 30 3a d3 2b d2 ba 35 a9 34 de ba 28 b0 3e af bc 20 66 c6 f1 b6 0b ff da fe 36 ef b7 f8 be f6 09 e6 d5 2b 76 c4 0d c4 0f 72 2d 0f 15 8e b8 03 21 50 0e af 09 8b e2 16 49 3b 13 60 cc 1f c0 ae 38 09 c8 c7 c8 2d c4 f1 74 ed 78 f7 60 5f da 5a d1 ea 11 c8 f1 22 2a b2 f7 0b 4b 81 b4 c6 3e 71 e2 b2 38 36 c3 6f e3 3c 68 a0 72 1a 59 cd 69 5e 87 d3 65 31 da 0c ff 4f 4e 2f db 1a 73 87 cc 00 31 0d 18 fb 6c 21
                          Data Ascii: 0jL(U2-2e'hI#tKt}E09y"3m=1M~<Y|4_d`#i|?d@JlN0:+54(> f6+vr-!PI;`8-tx`_Z"*K>q86o<hrYi^e1ON/s1l!
                          2021-12-20 13:26:00 UTC166INData Raw: 57 ce 26 14 2a 03 89 16 ee 07 11 e5 fd fe e9 7c 8a 06 41 85 fd 80 80 bc c9 4d 54 ae 41 e9 1e bb 59 1c 66 f3 0e d6 6d 8f be ce 2d 46 89 6c 71 95 97 82 3a 83 cb 92 63 51 58 eb 45 75 9d ed dc 0c 15 f6 60 b6 b8 e9 7a 54 77 d2 0b 9d 91 5c c4 81 57 0a be bf 07 b7 f4 5b 82 1a 70 ec dd 11 6d d8 16 6f 9c 75 db 66 6f cd a5 83 28 91 e6 d5 85 88 fc 1c 2e 29 d7 b7 35 43 e2 ba cb ba 80 a0 da 19 ec 4b df ce fd 21 de f3 9d b8 b3 e1 0f 30 17 95 39 13 fa 73 49 b5 93 e0 ee d0 3f b5 4e 84 a6 58 92 79 95 5d c9 1d bd 25 74 53 99 4e e0 cb f4 42 36 7e 75 86 86 fd f9 1e b1 76 a9 50 5e fc 11 25 6c f9 57 ff 43 e5 fe 62 72 8d ce c9 b1 ca 58 f6 44 b7 50 88 24 06 57 48 61 28 f0 8d 84 14 97 df d6 23 e0 ad bf 97 75 f2 82 d7 2f a2 87 22 6c d9 60 46 81 80 92 be bc 95 a7 61 18 12 2d 1b 3e
                          Data Ascii: W&*|AMTAYfm-Flq:cQXEu`zTw\W[pmoufo(.)5CK!09sI?NXy]%tSNB6~uvP^%lWCbrXDP$WHa(#u/"l`Fa->
                          2021-12-20 13:26:00 UTC167INData Raw: 1a 6c 22 5b 6c 85 e4 6e 5d b5 13 95 03 97 bf 07 99 9c 87 ee a8 a0 4c d3 93 3b 07 60 8b b9 db ee 74 81 b7 a1 55 69 1f e9 f7 99 55 71 a9 f1 57 6b 67 cb 99 1c 3e dc c7 b8 c9 72 9e be b3 b5 36 30 eb 50 30 bf cd e1 b7 2b b8 68 5c 0e a8 ea ad 9b 87 e9 6a e7 7d 17 cc 70 ea b8 2d f1 23 bf ce 7a c3 84 92 6c d3 18 48 09 6e f1 2c 25 23 43 98 44 78 fb 52 20 8e 5f 24 8f 2f 6c df 9f 79 b1 cd 4f 7b 68 1b 52 f6 f7 ae 1d 85 f1 31 66 69 90 06 74 fb 3e 69 02 ae 7b 50 df dc d4 00 6c d0 44 43 49 21 56 9a cc 6d b0 eb cc 51 82 38 ca a9 97 63 22 4c 96 49 12 e4 63 44 ae ef a0 23 b3 dc 5e 84 9e 6a 0a 16 00 ec 0a b6 8e 5c c5 67 b0 5d d8 aa fa 8f 08 58 f4 df 69 a1 c0 84 53 7e 3a 6e 4e f3 ac 95 a4 c7 e7 21 89 ef 57 e1 a2 fd a9 f0 ff 1b d7 2f c4 09 41 6d e5 50 02 b4 44 ee cb cc 7b bf
                          Data Ascii: l"[ln]L;`tUiUqWkg>r60P0+h\j}p-#zlHn,%#CDxR _$/lyO{hR1fit>i{PlDCI!VmQ8c"LIcD#^j\g]XiS~:nN!W/AmPD{
                          2021-12-20 13:26:00 UTC168INData Raw: 41 57 d6 1d e1 e0 0d 47 30 a2 98 a4 a2 0e 3a e4 af 5e c8 55 98 e6 09 b7 33 8a 47 27 8e 8c 78 e3 48 05 3e 3f fc 7e 01 bd 76 3a 7e de e7 a2 c8 bb e8 c1 39 3d 70 2d 40 33 3a c0 56 74 a8 de 67 29 a6 81 60 01 4d 66 0b 19 7f f4 5b 53 f7 83 16 61 a5 68 e6 d7 68 25 4d 85 a1 76 b7 1b 53 f9 be a4 21 20 66 44 21 d9 54 a5 ae 97 c8 58 af 47 c0 b1 fc 5c b1 e5 dd 1f f3 b2 21 c4 68 66 42 c3 bf a8 4b d7 68 5d f9 5e 97 4b cc 93 31 b6 02 4b 04 a0 c9 c8 93 7c 9d f5 21 e1 6e 8c eb 67 c6 ab 59 02 9b 88 d8 df 96 72 a9 9e 02 49 5b 01 7b 62 b4 51 1f 5a b2 c7 74 61 04 9b 19 fc 55 0b 5c bd f1 34 94 75 9d 92 e7 c2 2e 71 11 e1 97 85 31 9d 12 91 d5 cc d8 0a 4a df bd dc 13 c5 62 1d 85 bb f2 7f 33 27 a2 e4 31 c9 08 37 ad e9 3b c5 98 2d 24 97 95 99 f3 bf 9a 00 fe 0c d0 78 42 7e 0a bc f4
                          Data Ascii: AWG0:^U3G'xH>?~v:~9=p-@3:Vtg)`Mf[Sahh%MvS! fD!TXG\!hfBKh]^K1K|!ngYrI[{bQZtaU\4u.q1Jb3'17;-$xB~


                          Code Manipulations

                          Statistics

                          Behavior

                          Click to jump to process

                          System Behavior

                          Analysis Process: Original Doc Ref SN02853801324189923.exe PID: 6352 Parent PID: 6132

                          General

                          Start time:14:22:02
                          Start date:20/12/2021
                          Path:C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\Desktop\Original Doc Ref SN02853801324189923.exe"
                          Imagebase:0xfc0000
                          File size:214528 bytes
                          MD5 hash:2B40B86C870AB6B0E9B08F26BD231E1A
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:low

                          Analysis Process: Semiha.exe PID: 6404 Parent PID: 6352

                          General

                          Start time:14:22:03
                          Start date:20/12/2021
                          Path:C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exe
                          Wow64 process (32bit):true
                          Commandline:C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\Semiha.exe
                          Imagebase:0x400000
                          File size:114688 bytes
                          MD5 hash:AE871D1957030344D4CEFC7295A1E964
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:Visual Basic
                          Yara matches:
                          • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000002.00000002.482011607.00000000029E0000.00000040.00000001.sdmp, Author: Joe Security
                          Antivirus matches:
                          • Detection: 100%, Joe Sandbox ML
                          • Detection: 32%, Virustotal, Browse
                          Reputation:low

                          Analysis Process: rundll32.exe PID: 6612 Parent PID: 3292

                          General

                          Start time:14:22:14
                          Start date:20/12/2021
                          Path:C:\Windows\System32\rundll32.exe
                          Wow64 process (32bit):false
                          Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\
                          Imagebase:0x7ff60c4c0000
                          File size:69632 bytes
                          MD5 hash:73C519F050C20580F8A62C849D49215A
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high

                          Analysis Process: Semiha.exe PID: 5580 Parent PID: 6404

                          General

                          Start time:14:23:56
                          Start date:20/12/2021
                          Path:C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exe
                          Wow64 process (32bit):true
                          Commandline:C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\Semiha.exe
                          Imagebase:0x7ff724940000
                          File size:114688 bytes
                          MD5 hash:AE871D1957030344D4CEFC7295A1E964
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000019.00000000.481436441.0000000000560000.00000040.00000001.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000019.00000002.782433249.000000001E460000.00000040.00020000.sdmp, Author: Joe Security
                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000019.00000002.782433249.000000001E460000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000019.00000002.782433249.000000001E460000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                          • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000019.00000002.779078252.0000000000560000.00000040.00000001.sdmp, Author: Joe Security
                          Reputation:low

                          Analysis Process: explorer.exe PID: 3292 Parent PID: 5580

                          General

                          Start time:14:26:01
                          Start date:20/12/2021
                          Path:C:\Windows\explorer.exe
                          Wow64 process (32bit):false
                          Commandline:C:\Windows\Explorer.EXE
                          Imagebase:0x7ff662bf0000
                          File size:3933184 bytes
                          MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high

                          Disassembly

                          Code Analysis

                          Reset < >